Cisco Nexus 7700 18-Slot Switch Configuration Guide
Advertisement
Advertisement
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
First Published: 2016-12-23
Last Modified: 2021-02-22
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version.
Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html
. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
© 2016–2021 Cisco Systems, Inc. All rights reserved.
C O N T E N T S
P R E F A C E
C H A P T E R 1
C H A P T E R 2
Related Documentation for Cisco Nexus 7000 Series NX-OS Software xxx
Communications, Services, and Additional Information xxxiii
Information About Layer 3 Unicast Routing 3
Load Balancing and Equal Cost Multipath 8
Static Routes and Dynamic Routing Protocols 10
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide iii
Contents
P A R T I
C H A P T E R 3
Interior and Exterior Gateway Protocols 10
Cisco NX-OS Forwarding Architecture 12
Unicast Forwarding Distribution Module 13
Layer 3 Interoperation with the N7K-F132-15 Module 14
Summary of Layer 3 Routing Features 15
First Hop Redundancy Protocols 16
Related Documents for Layer 3 Unicast Routing 17
Finding Feature Information 21
iv
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
Address Resolution Protocol 22
Static and Dynamic Entries in the ARP Cache 23
Devices That Do Not Use ARP 23
Virtualization Support for IPv4 26
Guidelines and Limitations for IPv4 28
Default Settings for IPv4 Parameters 28
Configuring IPv4 Addressing 28
Configuring Multiple IPv4 Addresses 29
Configuring a Static ARP Entry 30
Configuring Local Proxy ARP 31
Configuring the IP ARP Cache Limit 33
Configuring Glean Optimization 33
Configuring Bloom Filter Support for Glean Adjacencies 34
Configuring Path MTU Discovery 35
Configuring IP Packet Verification 35
Enabling Forwarding of IP Directed Broadcasts 37
Disabling Forwarding of IP Directed Broadcasts 39
Configuring IP Glean Throttling 41
Configuring the Hardware IP Glean Throttle Maximum 42
Configuring the Hardware IP Glean Throttle Timeout 43
Configuring the Hardware IP Glean Throttle Syslog 43
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide v
Contents
C H A P T E R 4
Verifying the IPv4 Configuration 44
Configuration Examples for IPv4 45
Example: Reserving All Ports on a Module for Proxy Routing 45
Example: Reserving Ports for Proxy Routing 47
Example: Excluding Ports From Proxy Routing 47
Finding Feature Information 51
Aggregatable Global Addresses 53
IPv4-Compatible IPv6 Addresses 55
Simplified IPv6 Packet Header 58
Path MTU Discovery for IPv6 61
IPv6 Neighbor Solicitation Message 63
IPv6 Router Advertisement Message 65
IPv6 Router Advertisement Options for DNS Configuration 66
IPv6 Neighbor Redirect Message 66
Virtualization Support for IPv6 68
vi
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
C H A P T E R 5
Guidelines and Limitations for Configuring IPv6 68
Configuring IPv6 Addressing 69
Configuring IPv6 Neighbor Discovery 70
Configuring Optional IPv6 Neighbor Discovery 73
Configuring Recursive DNS Server (RDNSS) 74
Configuring DNS Search List (DNSSL) 75
Configuring IPv6 Packet Verification 76
Verifying the IPv6 Configuration 77
Configuration Example for IPv6 78
Finding Feature Information 81
Information About DNS Clients 81
High Availability for DNS Clients 82
Virtualization Support for DNS Clients 82
Prerequisites for DNS Clients 82
Guidelines and Limitations for DNS Clients 83
Default Settings for DNS Client Parameters 83
Verifying the DNS Client Configuration 84
Configuration Examples for DNS Clients 85
Related Documents for DNS Clients 85
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide vii
Contents
C H A P T E R 6
P A R T I I
C H A P T E R 7
Finding Feature Information 87
WCCPv2 Designated Cache Engine 90
WCCPv2 Packet Return Method 93
High Availability for WCCPv2 93
Virtualization Support for WCCPv2 93
WCCPv2 Error Handling for SPM Operations 94
Guidelines and Limitations for WCCPv2 94
Enabling and Disabling WCCPv2 96
Configuring a WCCPv2 Service Group 97
Applying WCCPv2 Redirection to an Interface 98
Configuring WCCPv2 in a VRF 100
Verifying the WCCPv2 Configuration 101
Configuration Examples for WCCPv2 102
Related Documents for WCCPv2 103
Feature History for WCCPv2 103
Finding Feature Information 107
viii
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
Link-State Advertisements Types 111
OSPFv2 and the Unicast RIB 113
Simple Password Authentication 113
Advanced Features for OSPFv2 114
High Availability and Graceful Restart 116
OSPFv2 Stub Router Advertisements 117
Virtualization Support for OSPFv2 118
Guidelines and Limitations for OSPFv2 118
Default Settings for OSPFv2 120
Creating an OSPFv2 Instance 121
Configuring OSPF Packet Size 122
Configuring Optional Parameters on an OSPFv2 Instance 124
Configuring Networks in OSPFv2 125
Configuring Authentication for an Area 126
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide ix
Contents
C H A P T E R 8
Configuring Authentication for an Interface 127
Configuring Advanced OSPFv2 129
Configuring Filter Lists for Border Routers 129
Configuring a Totally Stubby Area 131
Configuring Redistribution 135
Limiting the Number of Redistributed Routes 137
Configuring Route Summarization 138
Configuring Stub Route Advertisements 140
Configuring the Administrative Distance of Routes 141
Modifying the Default Timers 143
Configuring Graceful Restart 145
Restarting an OSPFv2 Instance 146
Configuring OSPFv2 with Virtualization 147
Verifying the OSPFv2 Configuration 148
Configuration Examples for OSPFv2 150
Related Documents for OSPFv2 150
Feature History for OSPFv2 150
Finding Feature Information 153
Comparison of OSPFv3 and OSPFv2 154
Link-State Advertisement Types 157
Flooding and LSA Group Pacing 159
x
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
OSPFv3 and the IPv6 Unicast RIB 160
Guidelines and Limitations for configuring ESP on OSPFv3 161
High Availability and Graceful Restart 164
Guidelines and Limitations for OSPFv3 166
Default Settings for OSPFv3 168
Creating an OSPFv3 Instance 169
Configuring OSPFv3 Packet Size 171
Configuring Networks in OSPFv3 173
Configuring Advanced OSPFv3 175
Configuring Filter Lists for Border Routers 175
Configuring a Totally Stubby Area 177
Configuring Multi-Area Adjacency 179
Configuring Redistribution 182
Limiting the Number of Redistributed Routes 184
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xi
Contents
C H A P T E R 9
Configuring Route Summarization 185
Configuring the Administrative Distance of Routes 186
Modifying the Default Timers 189
Configuring the OSPFv3 Max-Metric Router LSA 191
Configuring Graceful Restart 192
Restarting an OSPFv3 Instance 193
Configuring OSPFv3 with Virtualization 193
Configuring OSPFv3 Authentication at Router Level 195
Configuring OSPFv3 Authentication at Area Level 195
Configuring OSPFv3 Authentication at Interface Level 196
Configuring OSPFv3 Encryption at Router Level 197
Configuring OSPFv3 Encryption at Area Level 198
Configuring OSPFv3 Encryption at Interface Level 199
Configuring OSPFv3 Encryption for Virtual Links 200
Configuration Examples for OSPFv3 202
Related Documents for OSPFv3 202
Feature History for OSPFv3 202
Finding Feature Information 205
Reliable Transport Protocol 206
Neighbor Discovery and Recovery 206
Diffusing Update Algorithm 206
xii
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
Virtualization Support for EIGRP 211
Graceful Restart and High Availability 212
Guidelines and Limitations for EIGRP 213
Default Settings for EIGRP Parameters 214
Enabling or Disabling the EIGRP Feature 215
Creating an EIGRP Instance 215
Restarting an EIGRP Instance 217
Shutting Down an EIGRP Instance 217
Configuring a Passive Interface for EIGRP 218
Shutting Down EIGRP on an Interface 218
Configuring Advanced EIGRP 219
Configuring Authentication in EIGRP 219
Configuring EIGRP Stub Routing 220
Configuring a Summary Address for EIGRP 221
Redistributing Routes into EIGRP 222
Limiting the Number of Redistributed Routes 223
Configuring the Administrative Distance of Routes 224
Configuring Route-Map Filtering 225
Configuring Load Balancing in EIGRP 227
Configuring Graceful Restart for EIGRP 227
Adjusting the Interval Between Hello Packets and the Hold Time 229
Configuring Virtualization for EIGRP 234
Verifying the EIGRP Configuration 235
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xiii
Contents
C H A P T E R 1 0
Displaying EIGRP Statistics 236
Configuration Example for EIGRP 236
Related Documents for EIGRP 237
Finding Feature Information 239
Designated Intermediate System 241
High Availability and Graceful Restart 243
Guidelines and Limitations for IS-IS 244
Default Settings for IS-IS 244
Router Configuration Mode Example 245
Router Address Family Configuration Mode Example 245
Enabling the IS-IS Feature 246
Creating an IS-IS Instance 246
Restarting an IS-IS Instance 247
xiv
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
C H A P T E R 1 1
Configuring IS-IS on an Interface 248
Configuring IS-IS Authentication in an Area 249
Configuring IS-IS Authentication on an Interface 250
Configuring a Designated Intermediate System 251
Configuring Dynamic Host Exchange 251
Configuring the Attached Bit 252
Configuring the Transient Mode for Hello Padding 252
Configuring a Summary Address 252
Configuring Redistribution 253
Limiting the Number of Redistributed Routes 254
Configuring the Administrative Distance of Routes 255
Disabling Strict Adjacency Mode 256
Configuring a Graceful Restart 257
Configuring Virtualization 258
Configuration Examples for IS-IS 261
Related Documents for IS-IS 262
Finding Feature Information 265
Information About Basic BGP 265
Dynamic AS Numbers for Prefix Peers 267
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xv
Contents
BGP Path Selection - Comparing Pairs of Paths 268
BGP Path Selection - Determining the Order of Comparisons 270
BGP Path Selection - Determining the Best-Path Change Suppression 270
BGP Prefix Independent Convergence 271
BGP PIC Feature Support Matrix 271
BGP PIC Edge with Multipaths 274
Guidelines and Limitations for BGP 275
Address Family Configuration Mode 277
Neighbor Configuration Mode 277
Neighbor Address Family Configuration Mode 278
Configuring AS-4 Dot Notation 283
Configuring Dynamic AS Numbers for Prefix Peers 283
Verifying the Basic BGP Configuration 290
Configuration Examples for Basic BGP 292
Related Documents for Basic BGP 292
xvi
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
C H A P T E R 1 2
Finding Feature Information 295
Information About Advanced BGP 295
Route Policies and Resetting BGP Sessions 296
BGP Next Hop Unchanged 297 iBGP 297
Load Sharing and Multipath 300
BGP Conditional Advertisement 301
BGP Next-Hop Address Tracking 302
BGP Support for Importing Routes from Default VRF 303
BGP Support for Exporting Routes to Default VRF 304
Tuning the Best-Path Algorithm 304
Graceful Restart and High Availability 305
Prerequisites for Advanced BGP 307
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xvii
Contents
Guidelines and Limitations for Advanced BGP 307
Configuring BGP Session Templates 309
Configuring BGP Peer-Policy Templates 311
Configuring BGP Peer Templates 312
Configuring Prefix Peering 314
Configuring BGP Authentication 316
Modifying the Next-Hop Address 316
Configuring BGP Next-Hop Address Tracking 317
Configuring Next-Hop Filtering 318
Disabling Capabilities Negotiation 318
Configuring BGP Additional Paths 318
Advertising the Capability of Sending and Receiving Additional Paths 318
Configuring the Sending and Receiving of Additional Paths 319
Configuring Advertised Paths 320
Configuring Additional Path Selection 321
Disabling eBGP Single-Hop Checking 322
Disabling a Fast External Fallover 323
Limiting the AS-path Attribute 323
Configuring Local AS Support 323
Configuring AS Confederations 324
Configuring Route Reflector 325
Configuring Next-Hops on Reflected Routes Using an Outbound Route-Map 326
Configuring Route Dampening 328
Configuring Load Sharing and ECMP 329
Configuring Maximum Prefixes 329
Configuring Dynamic Capability 330
Configuring Aggregate Addresses 330
Unsuppressing the Advertisement of Aggregated Routes 331
Configuring BGP Conditional Route Injection 331
xviii
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
C H A P T E R 1 3
Configuring BGP Conditional Advertisement 333
Configuring Route Redistribution 335
Advertising the Default Route 336
Configuring Route Import from Default VRF to any other VRF 337
Configuring Route Export from BGP VRF to Default VRF 337
Configuring Multiprotocol BGP 339
Configuring Policy-Based Administrative Distance 340
Configuring a Graceful Restart 344
Configuring Virtualization 346
Verifying the Advanced BGP Configuration 347
Displaying Advanced BGP Statistics 349
Feature History for Advanced BGP 350
Finding Feature Information 353
Guidelines and Limitations for RIP 356
Default Settings for RIP Parameters 356
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xix
Contents
C H A P T E R 1 4
Configuring RIP on an Interface 359
Configuring RIP Authentication 360
Configuring a Passive Interface 361
Configuring Split Horizon with Poison Reverse 361
Configuring Route Summarization 362
Configuring Route Redistribution 363
Configuring Cisco NX-OS RIP for Compatibility with Cisco IOS RIP 364
Configuring Virtualization 365
Verifying the RIP Configuration 369
Configuration Examples for RIP 369
Configuring Static Routing 371
Finding Feature Information 371
Information About Static Routing 371
Directly Connected Static Routes 372
Fully Specified Static Routes 372
Remote Next-Hops for Static Routes 372
Reliable Static Routing Backup Using Object Tracking Deployment 373
IP Service Level Agreements 373
Prerequisites for Static Routing 374
Guidelines and Limitations for Static Routing 374
Default Settings for Static Routing Parameters 374
Configuring Static Routing 374
Configuring a Static Route for IPv4 374
xx
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R 1 5
C H A P T E R 1 6
Configuring a Static Route for IPv6 375
Configuring a Static Route over a VLAN 376
Configuring Reliable Static Routing Backup Using Object Tracking 378
Configuring Virtualization for IPv4 379
Configuring Virtualization for IPv6 380
Verifying the Static Routing Configuration 381
Related Documents for Static Routing 381
Feature History for Static Routing 381
Configuring the Interoperability of Modules for Unicast Routing 383
Finding Feature Information 383
Configuring the Interoperability of Modules for Unicast Routing 383
Information About the Interoperability of Modules for Unicast Routing 384
Guidelines and Limitations for the Interoperability of Modules for Unicast Routing 384
Configuring the Interoperability of Modules for Unicast Routing 384
Verifying the Configuration for the Interoperability of Modules for Unicast Routing 385
Configuration Examples for the Interoperability of Modules for Unicast Routing 385
Related Documents for the Interoperability of Modules for Unicast Routing 386
Feature History for the Interoperability of Modules for Unicast Routing 386
Configuring Layer 3 Virtualization 387
Finding Feature Information 387
Information About Layer 3 Virtualization 387
Combining Reachability and Filtering 391
Guidelines and Limitations for VRF 391
Assigning VRF Membership to an Interface 393
Configuring VRF Parameters for a Routing Protocol 393
Contents
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xxi
Contents
C H A P T E R 1 7
C H A P T E R 1 8
Configuring VRF Aware Service 394
Verifying the VRF Configuration 396
Configuration Examples for VRF 396
Managing the Unicast RIB and FIB 399
Finding Feature Information 399
Information About the Unicast RIB and FIB 399
Layer 3 Consistency Checker 400
Maximum TCAM Entries and FIB Scale Limits 400
Default Settings for the Unicast RIB and FIB 402
Managing the Unicast RIB and FIB 402
Displaying Module FIB Information 402
Configuring Load Sharing in the Unicast FIB 402
Configuring Per-Packet Load Sharing 405
Displaying Routing and Adjacency Information 406
Triggering the Layer 3 Consistency Checker 407
Clearing Forwarding Information in the FIB 408
Configuring Maximum Routes for the Unicast RIB 408
Estimating Memory Requirements for Routes 409
Clearing Routes in the Unicast RIB 410
Verifying the Unicast RIB and FIB 410
Related Documents for the Unicast RIB and FIB 411
Feature History for the Unicast RIB and FIB 411
Configuring Route Policy Manager 413
Finding Feature Information 413
Information About Route Policy Manager 413
xxii
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
C H A P T E R 1 9
Extended Community Lists for BGP 416
Route Redistribution and Route Maps 417
Route Map Support Matrix for Routing Protocols 417
Prerequisites for Route Policy Manager 421
Guidelines and Limitations 421
Default Settings for Route Policy Manager Parameters 421
Configuring Route Policy Manager 422
Configuring IP Prefix Lists 422
Configuring Community Lists 424
Configuring Extended Community Lists 425
Optional Match Parameters for Route Maps 426
Optional Set Parameters for Route Maps 428
Verifying the Route Policy Manager Configuration 431
Configuration Examples for Route Policy Manager 432
Related Documents for Route Policy Manager 432
Standards for Route Policy Manager 432
Feature History for Route Policy Manager 432
Configuring Policy-Based Routing 435
Finding Feature Information 435
Information About Policy Based Routing 435
Set Criteria for Policy-Based Routing 436
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xxiii
Contents
P A R T I I I
C H A P T E R 2 0
Route Map Support Matrix for Policy-Based Routing 437
Prerequisites for Policy-Based Routing 438
Guidelines and Limitations for Policy-Based Routing 438
Default Settings for Policy-Based Routing 440
Configuring Policy-Based Routing 440
Enabling the Policy-Based Routing 440
Configuring a Route Policy 440
Configuring Local Policy Routing 444
Verifying the Policy-Based Routing Configuration 446
Configuration Examples for Policy Based-Routing 446
Configuration Example for Local Policy Routing 447
Related Documents for Policy-Based Routing 447
Standards for Policy-Based Routing 447
Feature History for Policy-Based Routing 447
First-Hop Redundancy Protocols 449
Finding Feature Information 451
GLBP Active Virtual Gateway 452
GLBP Virtual MAC Address Assignment 452
GLBP Virtual Gateway Redundancy 452
GLBP Virtual Forwarder Redundancy 453
GLBP Load Balancing and Tracking 454
High Availability and Extended Nonstop Forwarding 455
Guidelines and Limitations for GLBP 456
xxiv
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
C H A P T E R 2 1
Configuring GLBP Authentication 458
Configuring GLBP Load Balancing 459
Configuring GLBP Weighting and Tracking 460
Configuring Extended Hold Timers for GLBP 463
Verifying the GLBP Configuration 465
Configuration Examples for GLBP 466
Related Documents for GLBP 466
Finding Feature Information 467
Multiple Group Optimization for HSRP 470
Object Tracking and HSRP 472 vPC and HSRP 472
High Availability and Extended Nonstop Forwarding 473
Guidelines and Limitations for HSRP 475
Default Settings for HSRP Parameters 477
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xxv
Contents
C H A P T E R 2 2
Configuring the HSRP Version 478
Configuring an HSRP Group for IPv4 479
Configuring an HSRP Group for IPv6 480
Configuring an HSRP Master Group Task 482
Configuring an HSRP Slave Group 483
Configuring the HSRP Virtual MAC Address Manually 486
Configuring the HSRP Virtual MAC Address Using Burned-in MAC Address 487
Configuring HSRP Object Tracking 489
Configuring the HSRP Priority 490
Customizing HSRP in HSRP Configuration Mode 492
Customizing HSRP in Interface Configuration Mode 493
Configuring Extended Hold Timers for HSRP 494
Verifying the HSRP Configuration 495
Configuration Examples for HSRP 495
Related Documents for HSRP 496
Finding Feature Information 499
VRRP Router Priority and Preemption 502
xxvi
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Contents
C H A P T E R 2 3
Guidelines and Limitations for VRRP 505
Default Settings for VRRP Parameters 506
Configuring VRRP Authentication 510
Configuring Time Intervals for Advertisement Packets 511
Configuring VRRP Interface State Tracking 513
Enabling the VRRPv3 Feature 515
Configuring the Delay Period for FHRP Client Initialization 518
Configuring VRRPv3 Control Groups 518
Verifying the VRRP Configuration 521
Monitoring VRRP Statistics 522
Configuration Example for VRRP 522
Related Documents for VRRP 524
Configuring Object Tracking 525
Finding Feature Information 525
Information About Object Tracking 525
Prerequisites for Object Tracking 527
Guidelines and Limitations for Object Tracking 527
Default Settings for Object Tracking Parameters 527
Configuring Object Tracking 528
Configuring Object Tracking for an Interface 528
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xxvii
Contents
A P P E N D I X A
A P P E N D I X B
Deleting a Tracking Object 529
Configuring Object Tracking for Route Reachability 529
Configuring an Object Track List with a Boolean Expression 530
Configuring an Object Track List with a Percentage Threshold 532
Configuring an Object Track List with a Weight Threshold 533
Configuring an Object Tracking Delay 534
Configuring Object Tracking for a Nondefault VRF 536
Verifying the Object Tracking Configuration 537
Configuration Example for Object Tracking 537
Related Documents for Object Tracking 538
Standards for Object Tracking 538
Feature History for Object Tracking 538
IETF RFCs Supported by Cisco NX-OS Unicast Features Release 6.x
First-Hop Redundancy Protocols RFCs 540
Configuration Limits for Cisco NX-OS Layer 3 Unicast Features 545
xxviii
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Preface
This preface describes the audience, organization and conventions of the Cisco Nexus 7000 Series NX-OS
Unicast Routing Configuration Guide . It also provides information on how to obtain related documentation.
•
•
•
Document Conventions, on page xxix
•
Related Documentation for Cisco Nexus 7000 Series NX-OS Software, on page xxx
•
Documentation Feedback, on page xxxii
•
Communications, Services, and Additional Information, on page xxxiii
Audience
This publication is for network administrators who configure and maintain Cisco Nexus devices.
Document Conventions
Note As part of our constant endeavor to remodel our documents to meet our customers' requirements, we have modified the manner in which we document configuration tasks. As a result of this, you may find a deviation in the style used to describe these tasks, with the newly included sections of the document following the new format.
Command descriptions use the following conventions:
Convention bold
Description
Bold text indicates the commands and keywords that you enter literally as shown.
Italic
[x]
[x | y]
Italic text indicates arguments for which the user supplies the values.
Square brackets enclose an optional element (keyword or argument).
Square brackets enclosing keywords or arguments separated by a vertical bar indicate an optional choice.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xxix
Preface
Related Documentation for Cisco Nexus 7000 Series NX-OS Software
Convention
{x | y}
[x {y | z}] variable string
Description
Braces enclosing keywords or arguments separated by a vertical bar indicate a required choice.
Nested set of square brackets or braces indicate optional or required choices within optional or required elements. Braces and a vertical bar within square brackets indicate a required choice within an optional element.
Indicates a variable for which you supply values, in context where italics cannot be used.
A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.
Examples use the following conventions:
Convention screen font
Description
Terminal sessions and information the switch displays are in screen font.
boldface screen font italic screen font
< >
[ ]
!, #
Information you must enter is in boldface screen font.
Arguments for which you supply values are in italic screen font.
Nonprinting characters, such as passwords, are in angle brackets.
Default responses to system prompts are in square brackets.
An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.
This document uses the following conventions:
Note Means reader take note . Notes contain helpful suggestions or references to material not covered in the manual.
Caution Means reader be careful . In this situation, you might do something that could result in equipment damage or loss of data.
Related Documentation for Cisco Nexus 7000 Series NX-OS
Software
The entire Cisco Nexus 7000 Series NX-OS documentation set is available at the following URL: https://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/series.html#~tab-documents xxx
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Preface
Preface
Release Notes
The release notes are available at the following URL: http://www.cisco.com/en/US/products/ps9402/prod_release_notes_list.html
Configuration Guides
These guides are available at the following URL: http://www.cisco.com/en/US/products/ps9402/products_installation_and_configuration_guides_list.html
The documents in this category include:
• Cisco Nexus 7000 Series NX-OS Configuration Examples
• Cisco Nexus 7000 Series NX-OS FabricPath Configuration Guide
• Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide
• Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide
• Cisco Nexus 7000 Series NX-OS IP SLAs Configuration Guide
• Cisco Nexus 7000 Series NX-OS Layer 2 Switching Configuration Guide
• Cisco Nexus 7000 Series NX-OS LISP Configuration Guide
• Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide
• Cisco Nexus 7000 Series NX-OS Multicast Routing Configuration Guide
• Cisco Nexus 7000 Series NX-OS OTV Configuration Guide
• Cisco Nexus 7000 Series NX-OS Quality of Service Configuration Guide
• Cisco Nexus 7000 Series NX-OS SAN Switching Guide
• Cisco Nexus 7000 Series NX-OS Security Configuration Guide
• Cisco Nexus 7000 Series NX-OS System Management Configuration Guide
• Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
• Cisco Nexus 7000 Series NX-OS Verified Scalability Guide
• Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide
• Cisco Nexus 7000 Series NX-OS Virtual Device Context Quick Start
• Cisco Nexus 7000 Series NX-OS OTV Quick Start Guide
• Cisco NX-OS FCoE Configuration Guide for Cisco Nexus 7000 and Cisco MDS 9500
• Cisco Nexus 2000 Series Fabric Extender Software Configuration Guide
Command References
These guides are available at the following URL: http://www.cisco.com/en/US/products/ps9402/prod_command_reference_list.html
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xxxi
Preface
Documentation Feedback
The documents in this category include:
• Cisco Nexus 7000 Series NX-OS Command Reference Master Index
• Cisco Nexus 7000 Series NX-OS FabricPath Command Reference
• Cisco Nexus 7000 Series NX-OS Fundamentals Command Reference
• Cisco Nexus 7000 Series NX-OS High Availability Command Reference
• Cisco Nexus 7000 Series NX-OS Interfaces Command Reference
• Cisco Nexus 7000 Series NX-OS Layer 2 Switching Command Reference
• Cisco Nexus 7000 Series NX-OS LISP Command Reference
• Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide
• Cisco Nexus 7000 Series NX-OS Multicast Routing Command Reference
• Cisco Nexus 7000 Series NX-OS OTV Command Reference
• Cisco Nexus 7000 Series NX-OS Quality of Service Command Reference
• Cisco Nexus 7000 Series NX-OS SAN Switching Command Reference
• Cisco Nexus 7000 Series NX-OS Security Command Reference
• Cisco Nexus 7000 Series NX-OS System Management Command Reference
• Cisco Nexus 7000 Series NX-OS Unicast Routing Command Reference
• Cisco Nexus 7000 Series NX-OS Virtual Device Context Command Reference
• Cisco NX-OS FCoE Command Reference for Cisco Nexus 7000 and Cisco MDS 9500
Other Software Documents
You can locate these documents starting at the following landing page: https://www.cisco.com/c/en/us/support/switches/nexus-7000-series-switches/series.html#~tab-documents
• Cisco Nexus 7000 Series NX-OS MIB Quick Reference
• Cisco Nexus 7000 Series NX-OS Software Upgrade and Downgrade Guide
• Cisco Nexus 7000 Series NX-OS Troubleshooting Guide
• Cisco NX-OS Licensing Guide
• Cisco NX-OS System Messages Reference
• Cisco NX-OS Interface User Guide
Documentation Feedback
To provide technical feedback on this document, or to report an error or omission, please send your comments to: .
xxxii
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Preface
Communications, Services, and Additional Information
We appreciate your feedback.
Communications, Services, and Additional Information
• To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager .
• To get the business impact you’re looking for with the technologies that matter, visit Cisco Services .
• To submit a service request, visit Cisco Support .
• To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit
Cisco Marketplace .
• To obtain general networking, training, and certification titles, visit Cisco Press .
• To find warranty information for a specific product or product family, access Cisco Warranty Finder .
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide xxxiii
Communications, Services, and Additional Information
Preface xxxiv
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
1
New and Changed Information
•
New and Changed Information, on page 1
New and Changed Information
Your software release might not support all the features in this document. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release.
Table 1: New and Changed Unicast Routing Features
Feature Description Changed in Release
Encryption configuration for OSPFv3
This feature is introduced to support on OSPFv3.
8.4(4)
Bloom Filter Support for
Glean Adjacencies
This feature was introduced. This feature is supported on M3 and
F4-Series I/O modules.
8.4(2)
ECMP Added support for up to
64 paths to a destination.
Supported on F4-Series
I/O modules.
8.4(2)
Where Documented
Load Balancing and Equal
Cost Multipath
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
1
New and Changed Information
New and Changed Information
Feature
ECMP
IPv6 static routes
Description Changed in Release
Added support for up to
64 paths to a destination.
Supported on M3- and
F3-Series I/O modules.
8.4(1)
IPv6 static routes with next-hops that are learnt over a VXLAN tunnel can be added to the Unicast
Routing Information Base
(URIB).
8.4(1)
Support WCCP with BDI Beginning from Release
8.2(1), Cisco Nexus 7000
Series Switches WCCPv2 feature is supported on
BDI interfaces as an ingress feature.
8.2(1)
Hardware Forwarding of
IP Directed Broadcasts
This feature enables hardware forwarding of
IP directed broadcasts.
This feature is limited to the VDC on which it is applied.
8.2(1)
Where Documented
Load Balancing and Equal
Cost Multipath
Static Routing
IP Directed Broadcasts, on page 26
2
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
2
Overview
This chapter contains the following sections:
•
Overview
This chapter introduces the underlying concepts for the Layer 3 unicast routing protocols in Cisco NX-OS.
Licensing Requirements
For a complete explanation of Cisco NX-OS licensing recommendations and how to obtain and apply licenses, see the Cisco NX-OS Licensing Guide .
Information About Layer 3 Unicast Routing
Layer 3 unicast routing involves two basic activities: determining optimal routing paths and packet switching.
You can use routing algorithms to calculate the optimal path from the router to a destination. This calculation depends on the algorithm selected, route metrics, and other considerations such as load balancing and alternate path discovery.
Routing Fundamentals
Routing protocols use a metric to evaluate the best path to the destination. A metric is a standard of measurement, such as a path bandwidth, that routing algorithms use to determine the optimal path to a destination. To aid path determination, routing algorithms initialize and maintain routing tables that contain route information such as the IP destination address, the address of the next router, or the next hop. Destination and next-hop associations tell a router that an IP destination can be reached optimally by sending the packet to a particular router that represents the next hop on the way to the final destination. When a router receives an incoming packet, it checks the destination address and attempts to associate this address with the next hop.
Routing tables can contain other information, such as the data about the desirability of a path. Routers compare metrics to determine optimal routes, and these metrics differ depending on the design of the routing algorithm used.
Routers communicate with one another and maintain their routing tables by transmitting a variety of messages.
The routing update message is one such message that consists of all or a portion of a routing table. By analyzing routing updates from all other routers, a router can build a detailed picture of the network topology. A link-state
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
3
Overview
Packet Switching advertisement, which is another example of a message sent between routers, informs other routers of the link state of the sending router. You can also use link information to enable routers to determine optimal routes to network destinations.
Packet Switching
In packet switching, a host determines that it must send a packet to another host. Having acquired a router address by some means, the source host sends a packet that is addressed specifically to the router physical
(Media Access Control [MAC]-layer) address but with the IP (network layer) address of the destination host.
The router examines the destination IP address and tries to find the IP address in the routing table. If the router does not know how to forward the packet, it typically drops the packet. If the router knows how to forward the packet, it changes the destination MAC address to the MAC address of the next-hop router and transmits the packet.
The next hop might be the ultimate destination host or another router that executes the same switching decision process. As the packet moves through the internetwork, its physical address changes, but its protocol address remains constant (see the following figure).
4
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Overview
Figure 1: Packet Header Updates Through a Network
Routing Metrics
Routing Metrics
Routing algorithms use many different metrics to determine the best route. Sophisticated routing algorithms can base route selection on multiple metrics.
Path Length
The path length is the most common routing metric. Some routing protocols allow you to assign arbitrary costs to each network link. In this case, the path length is the sum of the costs associated with each link traversed. Other routing protocols define the hop count, which is a metric that specifies the number of passes through internetworking products, such as routers, that a packet must take from a source to a destination.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
5
Overview
Reliability
Reliability
The reliability, in the context of routing algorithms, is the dependability (in terms of the bit-error rate) of each network link. Some network links might go down more often than others. After a network fails, certain network links might be repaired more easily or more quickly than other links. The reliability factors that you can take into account when assigning the reliability rating are arbitrary numeric values that you usually assign to network links.
Routing Delay
The routing delay is the length of time required to move a packet from a source to a destination through the internetwork. The delay depends on many factors, including the bandwidth of intermediate network links, the port queues at each router along the way, the network congestion on all intermediate network links, and the physical distance that the packet must travel. Because the routing delay is a combination of several important variables, it is a common and useful metric.
Bandwidth
The bandwidth is the available traffic capacity of a link. For example, a 10-Gigabit Ethernet link is preferable to a 1-Gigabit Ethernet link. Although the bandwidth is the maximum attainable throughput on a link, routes through links with greater bandwidth do not necessarily provide better routes than routes through slower links.
For example, if a faster link is busier, the actual time required to send apacket to the destination could be greater.
Load
The load is the degree to which a network resource, such as a router, is busy. You can calculate the load in a variety of ways, including CPU usage and packets processed per second. Monitoring these parameters on a continual basis can be resource intensive.
Communication Cost
The communication cost is a measure of the operating cost to route over a link. The communication cost is another important metric, especially if you do not care about performance as much as operating expenditures.
For example, the line delay for a private line might be longer than a public line, but you can send packets over your private line rather than through the public lines that cost money for usage time.
Router IDs
Each routing process has an associated router ID. You can configure the router ID to any interface in the system. If you do not configure the router ID, Cisco NX-OS selects the router ID based on the following criteria:
• Cisco NX-OS prefers loopback0 over any other interface. If loopback0 does not exist, then Cisco NX-OS prefers the first loopback interface over any other interface type.
• If you have not configured a loopback interface, Cisco NX-OS uses the first interface in the configuration file as the router ID. If you configure any loopback interface after Cisco NX-OS selects the router ID, the loopback interface becomes the router ID. If the loopback interface is not loopback0 and you configure loopback0 with an IP address, the router ID changes to the IP address of loopback0.
• If the interface that the router ID is based on changes, that new IP address becomes the router ID. If any other interface changes its IP address, there is no router ID change.
6
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Overview
Autonomous Systems
Autonomous Systems
An autonomous system (AS) is a network controlled by a single technical administration entity. Autonomous systems divide global external networks into individual routing domains, where local routing policies are applied. This organization simplifies routing domain administration and simplifies consistent policy configuration.
Each autonomous system can support multiple interior routing protocols that dynamically exchange routing information through route redistribution. The Regional Internet Registries assign a unique number to each public autonomous system that directly connects to the Internet. This autonomous system number (AS number) identifies both the routing process and the autonomous system.
The Border Gateway Protocol (BGP) supports 4-byte AS numbers that can be represented in asplain and asdot notations:
• asplain—A decimal value notation where both 2-byte and 4-byte AS numbers are represented by their decimal value. For example, 65526 is a 2-byte AS number, and 234567 is a 4-byte AS number.
• asdot—An AS dot notation where 2-byte AS numbers are represented by their decimal value and 4-byte
AS numbers are represented by a dot notation. For example, 2-byte AS number 65526 is represented as
65526, and 4-byte AS number 65546 is represented as 1.10.
The BGP 4-byte AS number capability is used to propagate 4-byte-based AS path information across BGP speakers that do not support 4-byte AS numbers. Beginning with Cisco NX-OS Release 6.2(2), you can configure 4-byte AS numbers in asdot notation. The default value is asplain.
The following table lists the AS number ranges.
Table 2: AS Numbers
2-Byte Numbers
1 to 64511
4-Byte Numbers in AS.dot
Notation
4-Byte Numbers in plaintext Notation
N/A 1 to 64511
Purpose
64512 to 65534
65535
N/A
N/A
N/A
1.0 to 65535.65535
64512 to 65534
65535
65536 to 4294967295
Public AS (assigned by
RIR)
Private AS (assigned by local administrator)
Reserved
Public AS (assigned by
RIR)
1
RIR=Regional Internet Registries
Note RFC 5396 is partially supported. The asplain and asdot notations are supported, but the asdot+ notation is not.
Private autonomous system numbers are used for internal routing domains but must be translated by the router for traffic that is routed out to the Internet. You should not configure routing protocols to advertise private
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
7
Overview
Convergence autonomous system numbers to external networks. By default, Cisco NX-OS does not remove private autonomous system numbers from routing updates.
Note The autonomous system number assignment for public and private networks is governed by the Internet
Assigned Number Authority (IANA). For information about autonomous system numbers, including the reserved number assignment, or to apply to register an autonomous system number, refer to the following
URL: http://www.iana.org/
Convergence
A key aspect to measure for any routing algorithm is how much time a router takes to react to network topology changes. When a part of the network changes for any reason, such as a link failure, the routing information in different routers might not match. Some routers will have updated information about the changed topology, while other routers will still have the old information. The convergence is the amount of time before all routers in the network have updated, matching routing information. The convergence time varies depending on the routing algorithm. Fast convergence minimizes the chance of lost packets caused by inaccurate routing information.
Load Balancing and Equal Cost Multipath
Routing protocols can use load balancing or equal cost multipath (ECMP) to share traffic across multiple paths.When a router learns multiple routes to a specific network, it installs the route with the lowest administrative distance in the routing table. If the router receives and installs multiple paths with the same administrative distance and cost to a destination, load balancing can occur. Load balancing distributes the traffic across all the paths, sharing the load. The number of paths used is limited by the number of entries that the routing protocol puts in the routing table. Cisco NX-OS supports up to 16 paths to a destination. Starting from Cisco NX-OS Release 8.4(1), the BGP feature supports up to 64 paths to a destination on M3- and
F3-Series I/O modules. Starting from Cisco NX-OS Release 8.4(2), the BGP feature supports up to 64 paths to a destination on F4-Series I/O modules.
The Enhanced Interior Gateway Routing Protocol (EIGRP) also supports unequal cost load balancing.
Route Redistribution
If you have multiple routing protocols configured in your network, you can configure these protocols to share routing information by configuring route redistribution in each protocol. For example, you can configure the
Open Shortest Path First (OSPF) protocol to advertise routes learned from the Border Gateway Protocol
(BGP). You can also redistribute static routes into any dynamic routing protocol. The router that is redistributing routes from another protocol sets a fixed route metric for those redistributed routes, which prevents incompatible route metrics between the different routing protocols. For example, routes redistributed from EIGRP into
OSPF are assigned a fixed link cost metric that OSPF understands.
Note You are required to use route maps when you configure redistribution of routing information.
Route redistribution also uses an administrative distance to distinguish between routes learned from two different routing protocols. The preferred routing protocol is given a lower administrative distance so that its routes are picked over routes from another protocol with a higher administrative distance assigned.
8
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Overview
Administrative Distance
Administrative Distance
An administrative distance is a rating of the trustworthiness of a routing information source. A higher value indicates a lower trust rating. Typically, a route can be learned through more than one protocol. Administrative distance is used to discriminate between routes learned from more than one protocol. The route with the lowest administrative distance is installed in the IP routing table.
Stub Routing
You can use stub routing in a hub-and-spoke network topology, where one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only route for IP traffic to follow into the remote router is through a distribution router. This type of configuration is commonly used in WAN topologies in which the distribution router is directly connected to a WAN. The distribution router can be connected to many more remote routers. Often, the distribution router is connected to 100 or more remote routers. In a hub-and-spoke topology, the remote router must forward all nonlocal traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing table. Generally, the distribution router sends only a default route to the remote router.
Only specified routes are propagated from the remote (stub) router. The stub router responds to all queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A router that is configured as a stub sends a special peer information packet to all neighboring routers to report its status as a stub router.
Any neighbor that receives a packet that informs it of the stub status does not query the stub router for any routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution router to send the proper updates to all peers. The following figure shows a simple hub-and-spoke network.
Figure 2: Simple Hub-and-Spoke Network
Stub routing does not prevent routes from being advertised to the remote router. This figure shows that the remote router can access the corporate network and the Internet through the distribution router only. A full route table on the remote router, in this example, serves no functional purpose because the path to the corporate network and the Internet is always through the distribution router. A larger route table only increases the amount of memory consumed by the remote router. The bandwidth and memory used can be lessened by summarizing and filtering routes in the distribution router. In this network topology, the remote router does not need to receive routes that have been learned from other networks because the remote router must send all non-local traffic, regardless of its destination, to the distribution router. To configure a true stub network, you should configure the distribution router to send only a default route to the remote router.
OSPF supports stub areas and EIGRP supports stub routers.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
9
Overview
Routing Algorithms
Routing Algorithms
Routing algorithms determine how a router gathers and reports reachability information, how it deals with topology changes, and how it determines the optimal route to a destination. Various types of routing algorithms exist, and each algorithm has a different impact on network and router resources. Routing algorithms use a variety of metrics that affect calculation of optimal routes. You can classify routing algorithms by type, such as static or dynamic, and interior or exterior.
Static Routes and Dynamic Routing Protocols
Static routes are route table entries that you manually configure. These static routes do not change unless you reconfigure them. Static routes are simple to design and work well in environments where network traffic is relatively predictable and where network design is relatively simple.
Because static routing systems cannot react to network changes, you should not use them for large, constantly changing networks. Most routing protocols today use dynamic routing algorithms that adjust to changing network circumstances by analyzing incoming routing update messages. If the message indicates that a network change has occurred, the routing software recalculates routes and sends out new routing update messages.
These messages permeate the network, triggering routers to rerun their algorithms and change their routing tables accordingly.
You can supplement dynamic routing algorithms with static routes where appropriate. For example, you should configure each subnetwork with a static route to the IP default gateway or router of last resort (a router to which all unrouteable packets are sent).
Interior and Exterior Gateway Protocols
You can separate networks into unique routing domains or autonomous systems. An autonomous system is a portion of an internetwork under common administrative authority that is regulated by a particular set of administrative guidelines. Routing protocols that route between autonomous systems are called exterior gateway protocols or interdomain protocols. The Border Gateway Protocol (BGP) is an example of an exterior gateway protocol. Routing protocols used within an autonomous system are called interior gateway protocols or intradomain protocols. EIGRP and OSPF are examples of interior gateway protocols.
Distance Vector Protocols
Distance vector protocols use distance vector algorithms (also known as Bellman-Ford algorithms) that call for each router to send all or some portion of its routing table to its neighbors. Distance vector algorithms define routes by distance (for example, the number of hops to the destination) and direction (for example, the next-hop router). These routes are then broadcast to the directly connected neighbor routers. Each router uses these updates to verify and update the routing tables.
To prevent routing loops, most distance vector algorithms use split horizon with poison reverse which means that the routes learned from an interface are set as unreachable and advertised back along the interface that they were learned on during the next periodic update. This process prevents the router from seeing its own route updates coming back.
Distance vector algorithms send updates at fixed intervals but can also send updates in response to changes in route metric values. These triggered updates can speed up the route convergence time. The Routing
Information Protocol (RIP) is a distance vector protocol.
10
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Overview
Link-State Protocols
Link-State Protocols
The link-state protocols, also known as shortest path first (SPF), share information with neighboring routers.
Each router builds a link-state advertisement (LSA) that contains information about each link and directly connected neighbor router.
Each LSA has a sequence number. When a router receives an LSA and updates its link-state database, the
LSA is flooded to all adjacent neighbors. If a router receives two LSAs with the same sequence number (from the same router), the router does not flood the last LSA that it received to its neighbors because it wants to prevent an LSA update loop. Because the router floods the LSAs immediately after it receives them, the convergence time for link-state protocols is minimized.
Discovering neighbors and establishing adjacency is an important part of a link state protocol. Neighbors are discovered using special Hello packets that also serve as keepalive notifications to each neighbor router.
Adjacency is the establishment of a common set of operating parameters for the link-state protocol between neighbor routers.
The LSAs received by a router are added to the router's link-state database. Each entry consists of the following parameters:
• Router ID (for the router that originated the LSA)
• Neighbor ID
• Link cost
• Sequence number of the LSA
• Age of the LSA entry
The router runs the SPF algorithm on the link-state database, building the shortest path tree for that router.
This SPF tree is used to populate the routing table.
In link-state algorithms, each router builds a picture of the entire network in its routing tables. The link-state algorithms send small updates everywhere, while distance vector algorithms send larger updates only to neighboring routers.
Because they converge more quickly, link-state algorithms are less likely to cause routing loops than distance vector algorithms. However, link-state algorithms require more CPU power and memory than distance vector algorithms and they can be more expensive to implement and support. Link-state protocols are generally more scalable than distance vector protocols.
OSPF is an example of a link-state protocol.
Layer 3 Virtualization
Cisco NX-OS uses a virtual device context (VDC) to provide separate management domains per VDC and software fault isolation. Each VDC supports multiple virtual routing and forwarding instances and multiple routing information bases (RIBs) to support multiple address domains. Each VRF is associated with a RIB and this information is collected by the Forwarding Information Base (FIB). The following figure shows the relationship between a VDC, a VRF, and a Cisco NX-OS device.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
11
Overview
Cisco NX-OS Forwarding Architecture
Figure 3: Layer 3 Virtualization Example
A VRF represents a Layer 3 addressing domain. Each Layer 3 interface (logical or physical) belongs to one
VRF. A VRF belongs to one VDC. Each VDC can support multiple VRFs.
See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide for information about
VDCs.
Cisco NX-OS Forwarding Architecture
The Cisco NX-OS forwarding architecture is responsible for processing all routing updates and populating the forwarding information to all modules in the chassis.
Unicast RIB
The Cisco NX-OS forwarding architecture consists of multiple components, as shown in the following figure.
Figure 4: Cisco NX-OS Forwarding Architecture
The unicast RIB exists on the active supervisor. It maintains the routing table with directly connected routes, static routes, and routes learned from dynamic unicast routing protocols. The unicast RIB also collects adjacency information from sources such as the Address Resolution Protocol (ARP). The unicast RIB determines the
12
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Overview
Adjacency Manager best next hop for a given route and populates the unicast forwarding information base (FIB) by using the services of the unicast FIB distribution module (FDM).
Each dynamic routing protocol must update the unicast RIB for any route that has timed out. The unicast RIB then deletes that route and recalculates the best next hop for that route (if an alternate path is available).
Adjacency Manager
The adjacency manager exists on the active supervisor and maintains adjacency information for different protocols including ARP, Neighbor Discovery Protocol (NDP), and static configuration. The most basic adjacency information is the Layer 3 to Layer 2 address mapping discovered by these protocols. Outgoing
Layer 2 packets use the adjacency information to complete the Layer 2 header.
The adjacency manager can trigger ARP requests to find a particular Layer 3 to Layer 2 mapping. The new mapping becomes available when the corresponding ARP reply is received and processed. For IPv6, the adjacency manager finds the Layer 3 to Layer 2 mapping information from NDP.
Unicast Forwarding Distribution Module
The unicast Forwarding Distribution Module (FDM) exists on the active supervisor and distributes the forwarding path information from the unicast RIB and other sources. The unicast RIB generates forwarding information that the unicast FIB programs into the hardware forwarding tables on the standby supervisor and the modules. The unicast FDM also downloads the FIB information to newly inserted modules.
The unicast FDM gathers adjacency information, rewrite information, and other platform-dependent information when updating routes in the unicast FIB. The adjacency and rewrite information consists of interface, next hop, and Layer 3 to Layer 2 mapping information. The interface and next-hop information is received in route updates from the unicast RIB. The Layer 3 to Layer 2 mapping is received from the adjacency manager.
FIB
The unicast FIB exists on supervisors and switching modules and builds the information used for the hardware forwarding engine. The unicast FIB receives route updates from the unicast FDM and sends the information to be programmed in the hardware forwarding engine. The unicast FIB controls the addition, deletion, and modification of routes, paths, and adjacencies.
The unicast FIBs are maintained on a per-VRF and per-address-family basis, that is, one for IPv4 and one for
IPv6 for each configured VRF. Based on route update messages, the unicast FIB maintains a per-VRF prefix and next-hop adjacency information database. The next-hop adjacency data structure contains the next-hop
IP address and the Layer 2 rewrite information. Multiple prefixes could share a next-hop adjacency information structure.
Hardware Forwarding
Cisco NX-OS supports distributed packet forwarding. The ingress port takes relevant information from the packet header and passes the information to the local switching engine. The local switching engine does the
Layer 3 lookup and uses this information to rewrite the packet header. The ingress module forwards the packet to the egress port. If the egress port is on a different module, the packet is forwarded using the switch fabric to the egress module. The egress module does not participate in the Layer 3 forwarding decision.
The forwarding tables are identical on the supervisor and all the modules.
You also use the show platform fib or show platform forwarding commands to display details on hardware forwarding.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
13
Overview
Software Forwarding
Software Forwarding
The software forwarding path in Cisco NX-OS is used mainly to handle features that are not supported in the hardware or to handle errors encountered during the hardware processing. Typically, packets with IP options or packets that need fragmentation are passed to the CPU on the active supervisor. All packets that should be switched in the software or terminated go to the supervisor. The supervisor uses the information provided by the unicast RIB and the adjacency manager to make the forwarding decisions. The module is not involved in the software forwarding path.
Software forwarding is controlled by control plane policies and rate limiters. For more information, see the
Cisco Nexus 7000 Series NX-OS Security Configuration Guide .
Layer 3 Interoperation with the N7K-F132-15 Module
Note You must install one of the N7K-M Series modules in the Cisco Nexus 7000 Series chassis to run Layer 3 routing with the N7K-F132-15 module. You must have interfaces from both the M Series and the N7K-F132-15 modules in the same VDC. (See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration
Guide for more information about VDCs.
Note You cannot use F2 Series modules in the Cisco Nexus 7000 Series chassis to run Layer 3 routing with the
N7K-F132-15 module
Layer 3 routing functionality comes up automatically when you have one of the N7K-M Series modules installed in the chassis with the N7K-F132-15 module. You would usually position a chassis with both the
N7K-F132-15 and M Series modules, or a mixed chassis, at the boundary between the Layer 2 and Layer 3 networks.
You must configure a VLAN interface for each VLAN on the N7K-F132-15 module that you want to use the proxy-routing functionality in a mixed chassis. (See the Cisco Nexus 7000 Series NX-OS Interfaces
Configuration Guide for information about configuring VLAN interfaces.)
By default, all of the physical interfaces on the N7K-M series modules in the VDC become proxy routing ports for the VLANs that are configured with VLAN interfaces on the Layer 2-only N7K-F132-15 module in the same VDC. The physical interfaces on the M Series module can be administratively down and still pass traffic as proxy forwarding.
Packets that enter an interface on the N7K-F132-15 module are automatically forwarded to one of the interfaces on the M Series modules in the same VDC to be routed. The interface on the M Series module also performs egress replication for Layer 3 multicast packets that enter an interface on the N7K-F132-15 module in the same VDC.
Because the Layer 3 (proxy routing) traffic from the N7K-F132-15 modules adds to the traffic that the M
Series modules are already processing, the device automatically provides load balancing for the total traffic load among the front panel ports of the available M Series modules in the VDC. If you add or remove interfaces to the M Series modules in the VDC, the device automatically rebalances the traffic. Note that proxy routing is sharing the forwarding capacity of the M Series modules. Removing interfaces reduces the amount of capacity available.
14
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Overview
Summary of Layer 3 Routing Features
Instead of using the automatically configured proxy-routing interfaces on the M Series modules, you can optionally configure which interfaces on the M Series modules in the VDC performs proxy routing.
Summary of Layer 3 Routing Features
This section provides a brief introduction to the Layer 3 unicast features and protocols supported in Cisco
NX-OS.
IPv4 and IPv6
Layer 3 uses either the IPv4 or IPv6 protocol. IPv6 is a new IP protocol designed to replace IPv4, the Internet protocol that is predominantly deployed and used throughout the world. IPv6 increases the number of network address bits from 32 bits (in IPv4) to 128 bits.
IP Services
IP Services includes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS Client) clients.
OSPF
The Open Shortest Path First (OSPF) protocol is a link-state routing protocol used to exchange network reachability information within an autonomous system. Each OSPF router advertises information about its active links to its neighbor routers. Link information consists of the link type, the link metric, and the neighbor router that is connected to the link. The advertisements that contain this link information are called link-state advertisements.
EIGRP
The Enhanced Interior Gateway Routing Protocol (EIGRP) is a unicast routing protocol that has the characteristics of both distance vector and link-state routing protocols. It is an improved version of IGRP, which is a Cisco proprietary routing protocol. EIGRP relies on its neighbors to provide the routes. It constructs the network topology from the routes advertised by its neighbors, similar to a lin-state protocol, and uses this information to select loop-free paths to destinations.
IS-IS
The Intermediate System-to-Intermediate System (IS-IS) protocol is an intradomain Open System
Interconnection (OSI) dynamic routing protocol specified in the International Organization for Standardization
(ISO) 10589. The IS-IS routing protocol is a link-state protocol. IS-IS features are as follows:
• Hierarchical routing
• Classless behavior
• Rapid flooding of new information
• Fast Convergence
• Very scalable
BGP
The Border Gateway Protocol (BGP) is an inter-autonomous system routing protocol. A BGP router advertises network reachability information to other BGP routers using Transmission Control Protocol (TCP) as its reliable transport mechanism. The network reachability information includes the destination network prefix,
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
15
Overview
RIP a list of autonomous systems that needs to be traversed to reach the destination, and the next-hop router.
Reachability information contains additional path attributes such as preference to a route, origin of the route, community and others..
RIP
The Routing Information Protocol (RIP) is a distance-vector protocol that uses a hop count as its metric. RIP is widely used for routing traffic in the global Internet and is an Interior Gateway Protocol (IGP), which means that it performs routing within a single autonomous system.
Static Routing
Static routing allows you to enter a fixed route to a destination. This feature is useful for small networks where the topology is simple. Static routing is also used with other routing protocols to control default routes and route distribution.
Layer 3 Virtualization
Virtualization allows you to share physical resources across separate management domains. Cisco NX-OS supports Virtual Device Contexts (VDCs) that allow you to create separate virtual systems within a Cisco
NX-OS system. Each VDC is isolated from the others, which means that a problem in one VDC does not affect any other VDCs. VDCs are also secure from each other. You can assign separate network operators to each VDC and these network operators cannot control or view the configuration of a different VDC.
Cisco NX-OS also supports Layer 3 virtualization with virtual routing and forwarding (VRF). VRF provides a separate address domain for configuring Layer 3 routing protocols.
Route Policy Manager
The Route Policy Manager provides a route filtering capability in Cisco NX-OS. It uses route maps to filter routes distributed across various routing protocols and between different entities within a given routing protocol. Filtering is based on specific match criteria, which is similar to packet filtering by access control lists.
Policy-Based Routing
Policy-based routing uses the Route Policy Manager to create policy route filters. These policy route filters can forward a packet to a specified next hop based on the source of the packet or other fields in the packet header. Policy routes can be linked to extended IP access lists so that routing might be based on protocol types and port numbers.
First Hop Redundancy Protocols
First hop redundancy protocols (FHRP), such as Gateway Load Balancing Protocol (GLBP), Hot Standby
Router Protocol (HSRP), and Virtual Router Redundancy Protocol (VRRP), allow you to provide redundant connections to your hosts. If an active first-hop router fails, the FHRP automatically selects a standby router to take over. You do not need to update the hosts with new IP addresses since the address is virtual and shared between each router in the FHRP group.
16
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Overview
Object Tracking
Object Tracking
Object tracking allows you to track specific objects on the network, such as the interface line protocol state,
IP routing, and route reachability, and take action when the tracked object's state changes. This feature allows you to increase the availability of the network and shorten the recovery time if an object state goes down.
Related Documents for Layer 3 Unicast Routing
Feature Name
Layer 3 features
Feature Information
Cisco NEXUS 7000 Series NX-OS Multicast Routing Configuration
Guide
Cisco NEXUS 7000 Series NX-OS High Availability and Redundancy
Guide
Cisco NEXUS 7000 Series NX-OS Virtual Device Context
Exploring Autonomous System Numbers: http://www.cisco.com/ web/about/ac123/ac147/archived_issues/ipj_9-1/autonomous_ system_numbers.html
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
17
Related Documents for Layer 3 Unicast Routing
Overview
18
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
P A R T
I
IP
•
•
•
•
Configuring WCCPv2, on page 87
C H A P T E R
3
Configuring IPv4
This chapter contains the following sections:
•
Finding Feature Information, on page 21
•
Information About IPv4, on page 21
•
Virtualization Support for IPv4, on page 26
•
IP Directed Broadcasts, on page 26
•
Prerequisites for IPv4, on page 28
•
Guidelines and Limitations for IPv4, on page 28
•
Default Settings for IPv4 Parameters, on page 28
•
•
Verifying the IPv4 Configuration, on page 44
•
Configuration Examples for IPv4, on page 45
•
Related Documents for IPv4, on page 48
•
Standards for IPv4, on page 48
•
Feature History for IPv4, on page 48
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About IPv4
You can configure IP on the device to assign IP addresses to network interfaces. When you assign IP addresses, you enable the interfaces and allow communication with the hosts on those interfaces.
You can configure an IP address as primary or secondary on a device. An interface can have one primary IP address and multiple secondary addresses. All networking device on an interface should share the same primary
IP address because the packets that are generated by the device always use the primary IPv4 address. Each
IPv4 packet is based on the information from a source or destination IP address.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
21
IP
Multiple IPv4 Addresses
You can use a subnet to mask the IP addresses. A mask is used to determine what subnet an IP address belongs to. An IP address contains the network address and the host address. A mask identifies the bits that denote the network number in an IP address. When you use the mask to subnet a network, the mask is then referred to as a subnet mask. Subnet masks are 32-bit values that allow the recipient of IP packets to distinguish the network ID portion of the IP address from the host ID portion of the IP address.
The IP feature is responsible for handling IPv4 packets that terminate in the supervisor module, as well as forwarding of IPv4 packets, which includes IPv4 unicast/multicast route lookup, reverse path forwarding
(RPF) checks, and software access control list/policy-based routing (ACL/PBR) forwarding. The IP feature also manages the network interface IP address configuration, duplicate address checks, static routes, and packet send/receive interface for IP clients.
Multiple IPv4 Addresses
Cisco NX-OS supports multiple IP addresses per interface. You can specify an unlimited number of secondary addresses for a variety of situations.
The most common situations are as follows:
• When there are not enough host IP addresses for a particular network interface. For example, if your subnetting allows up to 254 hosts per logical subnet, but on one physical subnet you must have 300 host addresses, then you can use secondary IP addresses on the routers or access servers to allow you to have two logical subnets that use one physical subnet.
• Two subnets of a single network might otherwise be separated by another network. You can create a single network from subnets that are physically separated by another network by using a secondary address. In these instances, the first network is extended, or layered on top of the second network. A subnet cannot appear on more than one active interface of the router at a time.
Note If any device on a network segment uses a secondary IPv4 address, other devices on that same network segment that require a secondary address must use a secondary address from the same network or subnet. The inconsistent use of secondary addresses on a network segment can quickly cause routing loops.
Address Resolution Protocol
Networking devices and Layer 3 switches use Address Resolution Protocol (ARP) to map IP (network layer) addresses to (Media Access Control [MAC]-layer) addresses to enable IP packets to be sent across networks.
Before a device sends a packet to another device, it looks in its own ARP cache to see if there is a MAC address and corresponding IP address for the destination device. If there is no entry, the source device sends a broadcast message to every device on the network.
Each device compares the IP address to its own. Only the device with the matching IP address replies to the device that sends the data with a packet that contains the MAC address for the device. The source device adds the destination device MAC address to its ARP table for future reference, creates a data-link header and trailer that encapsulates the packet, and proceeds to transfer the data.
22
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
ARP Caching
Figure 5: ARP Process
When the destination device lies on a remote network that is beyond another device, the process is the same except that the device that sends the data sends an ARP request for the MAC address of the default gateway.
After the address is resolved and the default gateway receives the packet, the default gateway broadcasts the destination IP address over the networks connected to it. The device on the destination device network uses
ARP to obtain the MAC address of the destination device and delivers the packet. ARP is enabled by default.
The default system-defined CoPP policy rate limits ARP broadcast packets bound for the supervisor module.
The default system-defined CoPP policy prevents an ARP broadcast storm from affecting the control plane traffic but does not affect bridged packets.
ARP Caching
ARP caching minimizes broadcasts and limits wasteful use of network resources. The mapping of IP addresses to MAC addresses occurs at each hop (device) on the network for every packet sent over an internetwork, which may affect network performance.
ARP caching stores network addresses and the associated data-link addresses in the memory for a period of time, which minimizes the use of valuable network resources to broadcast for the same address each time that a packet is sent. You must maintain the cache entries that are set to expire periodically because the information might become outdated. Every device on a network updates its tables as addresses are broadcast.
To maintain the ARP entry, active MAC address-table entries and host routing adjacencies, Cisco NX-OS sends up to 3 unicast ARP request messages to devices that are present in the ARP cache. The first message is sent at 75% of the configured ARP timeout value, followed by two retries 30 and 60 seconds later if the cached entry has not already been refreshed.
Static and Dynamic Entries in the ARP Cache
Static routing requires that you manually configure the IP addresses, subnet masks, gateways, and corresponding
MAC addresses for each interface of each device. Static routing requires more work to maintain the route table. You must update the table each time you add or change routes.
Dynamic routing uses protocols that enable the devices in a network to exchange routing table information with each other. Dynamic routing is more efficient than static routing because the route table is automatically updated unless you add a time limit to the cache. The default time limit is 25 minutes but you can modify the time limit if the network has many routes that are added and deleted from the cache.
Devices That Do Not Use ARP
When a network is divided into two segments, a bridge joins the segments and filters traffic to each segment based on MAC addresses. The bridge builds its own address table, which uses MAC addresses only. A device has an ARP cache that contains both IP addresses and the corresponding MAC addresses.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
23
IP
Reverse ARP
Passive hubs are central-connection devices that physically connect other devices in a network. They send messages out on all their ports to the devices and operate at Layer 1 but do not maintain an address table.
Layer 2 switches determine which port is connected to a device to which the message is addressed and sent only to that port. However, Layer 3 switches are devices that build an ARP cache (table).
Reverse ARP
Reverse ARP (RARP) as defined by RFC 903 works the same way as ARP, except that the RARP request packet requests an IP address instead of a MAC address. RARP often is used by diskless workstations because this type of device has no way to store IP addresses to use when they boot. The only address that is known is the MAC address because it is burned into the hardware.
Use of RARP requires an RARP server on the same network segment as the router interface.
Figure 6: Reverse ARP
RARP has several limitations. Because of these limitations, most businesses use DHCP to assign IP addresses dynamically. DHCP is cost effective and requires less maintenance than RARP. The following are the most important limitations:
• Since RARP uses hardware addresses, if the internetwork is large with many physical networks, a RARP server must be on every segment with an additional server for redundancy. maintaining two servers for every segment is costly.
• Each server must be configured with a table of static mappings between the hardware addresses and IP addresses. Maintenance of the IP addresses is difficult.
• RARP only provides IP addresses of the hosts and not subnet masks or default gateways.
Proxy ARP
Proxy ARP enables a device that is physically located on one network appear to be logically part of a different physical network connected to the same device or firewall. Proxy ARP allows you to hide a device with a public IP address on a private network behind a router and still have the device appear to be on the public network in front of the router. By hiding its identity, the router accepts responsibility for routing packets to the real destination. Proxy ARP can help devices on a subnet reach remote subnets without configuring routing or a default gateway.
When devices are not in the same data link layer network but in the same IP network, they try to transmit data to each other as if they are on the local network. However, the router that separates the devices does not send a broadcast message because routers do not pass hardware-layer broadcasts and the addresses cannot be resolved.
24
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Local Proxy ARP
When you enable Proxy ARP on the device and it receives an ARP request, it identifies the request as a request for a system that is not on the local LAN. The device responds as if it is the remote destination for which the broadcast is addressed, with an ARP response that associates the device’s MAC address with the remote destination's IP address. The local device believes that it is directly connected to the destination, while in reality its packets are being forwarded from the local subnetwork toward the destination subnetwork by their local device. By default, Proxy ARP is disabled.
Local Proxy ARP
You can use local Proxy ARP to enable a device to respond to ARP requests for IP addresses within a subnet where normally no routing is required. When you enable local Proxy ARP, ARP responds to all ARP requests for IP addresses within the subnet and forwards all traffic between hosts in the subnet. Use this feature only on subnets where hosts are intentionally prevented from communicating directly by the configuration on the device to which they are connected.
Gratuitous ARP
Gratuitous ARP sends a request with an identical source IP address and a destination IP address to detect duplicate IP addresses. Cisco NX-OS supports enabling or disabling gratuitous ARP requests or ARP cache updates.
Glean Throttling
When forwarding an incoming IP packet in a line card, if the Address Resolution Protocol (ARP) request for the next hop is not resolved, the line card forwards the packets to the supervisor (glean throttling). The supervisor resolves the MAC address for the next hop and programs the hardware.
The Cisco Nexus 7000 Series device hardware has glean rate limiters to protect the supervisor from the glean traffic. If the maximum number of entries is exceeded, the packets for which the ARP request is not resolved continues to be processed in the software instead of getting dropped in the hardware.
When an ARP request is sent, the software adds a /32 drop adjacency in the hardware to prevent the packets to the same next-hop IP address to be forwarded to the supervisor. When the ARP is resolved, the hardware entry is updated with the correct MAC address. If the ARP entry is not resolved before a timeout period, the entry is removed from the hardware.
Path MTU Discovery
Path maximum transmission unit (MTU) discovery is a method for maximizing the use of available bandwidth in the network between the endpoints of a TCP connection. It is described in RFC 1191. Existing connections are not affected when this feature is turned on or off.
Note Please ensure you enable ip unreachables command between TCP endpoints for the Path MTU discovery feature to work correctly.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
25
IP
ICMP
ICMP
You can use the Internet Control Message Protocol (ICMP) to provide message packets that report errors and other information that is relevant to IP processing. ICMP generates error messages, such as ICMP destination unreachable messages, ICMP Echo Requests (which send a packet on a round trip between two hosts) and
Echo Reply messages. ICMP also provides many diagnostic functions and can send and redirect error packets to the host. By default, ICMP is enabled.
Some of the ICMP message types are as follows:
• Network error messages
• Network congestion messages
• Troubleshooting information
• Timeout announcements
Note ICMP redirects are disabled on interfaces where the local proxy ARP feature is enabled.
Virtualization Support for IPv4
IPv4 supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts
(VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. For more information, see the Cisco NX-OS Virtual Device Context
Configuration Guide .
IP Directed Broadcasts
An IP directed broadcast is an IP packet whose destination address is a valid broadcast address for an IP subnet, but which originates from a node that is not itself a part of that destination subnet.
A device that is not directly connected to its destination subnet forwards an IP directed broadcast in the same way that it forwards unicast IP packets destined for a host on that subnet. When a directed broadcast packet reaches a device that is directly connected to its destination subnet, that packet is broadcast on the destination subnet.
The destination address in the IP header of the packet is rewritten to the configured IP broadcast address for the subnet, and the packet is sent as a link-layer broadcast.
If directed broadcast is enabled for an interface, incoming IP packets whose addresses identify the packets as directed broadcasts that are intended for the subnet to which that interface is attached, are broadcasted on that subnet.
Use the ip directed-broadcast command on an interface to enable software forwarding of all IP directed broadcasts on that interface. Optionally, you can also use the ip directed-broadcast acl-name command to filter these broadcasts through an IP access list such that only those packets that pass through the access list are broadcast on the subnet. By default, IP directed broadcasts that are intended for the subnet to which a
26
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
IP Directed Broadcasts specific interface is attached are not forwarded at that interface if the IP Directed Broadcasts feature has not been enabled on that interface.
Hardware Forwarding of IP Directed Broadcasts
From Cisco NX-OS Release 8.2(1), all Cisco Nexus 7000 Series I/O modules support hardware forwarding of IP directed broadcasts. This feature is limited to the VDC on which it is applied. Use the ip directed-broadcast hw-assist command on an interface to enable hardware forwarding of all IP directed broadcasts on that interface. This command prevents the IP directed broadcasts from being sent to the supervisor.
Use the ip directed-broadcast hw-assist drop command on an interface to drop all IP directed broadcasts on that interface in the hardware.
Note • You cannot configure both software and hardware forwarding of IP directed broadcasts on the same interface.
• Hardware forwarding of IP directed broadcasts is limited to the VDC on which it is applied.
• A switch will not respond if you ping an IP directed broadcast address when hardware forwarding of IP directed broadcasts is enabled.
You can use the ip directed-broadcast hw-assist command on an interface on which you have already used the ip directed-broadcast command. This will enable IP directed broadcasts with hardware-assist on that interface, and prevent the IP directed broadcasts from being sent to the supervisor.
If you have to configure hardware forwarding of IP directed broadcasts on an interface along with an ACL to filter the IP directed broadcast packets through an IP access list such that only those packets that pass through the access list are broadcast on the subnet, you have to manually configure an ACL on the egress of the interface on which the ip directed-broadcast hw-assist command has been used, and modify the ACL configuration to match the directed broadcast packets.
When you configure ip directed-broadcast acl-name command with the acl-name as hw-assist , you cannot delete this configuration after the ISSU. This is applicable to releases prior to Cisco NX-OS Release 8.2(1).
The following example shows an ACL sample configuration when you have configured hardware forwarding of IP directed broadcasts: ip access-list DirectedBroadcasts
10 remark IOC Softchannels
20 permit udp any any eq 5064
30 permit udp any any eq 5065
40 permit udp any any eq 5066
50 permit udp any any eq 5067
70 permit udp 198.51.100.10/24 any eq 7777
90 permit udp 198.51.100.11/24 any eq 7777
100 permit udp 198.51.100.248/24 any eq 7777
The following example shows how the above ACL sample configuration should be modified when hardware forwarding of IP directed broadcasts is enabled: ip access-list DirectedBroadcasts
10 remark IOC Softchannels
20 permit udp any 172.26.40.255/24 eq 5064
30 permit udp any 172.26.40.255/24 eq 5065
40 permit udp any 172.26.40.255/24 eq 5066
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
27
IP
Prerequisites for IPv4
50 permit udp any 172.26.40.255/24 eq 5067
70 permit udp 198.51.100.10/24 172.26.40.255/24 eq 7777
90 permit udp 198.51.100.11/24 172.26.40.255/24 eq 7777
100 permit udp 198.51.100.248/24 172.26.40.255/24 eq 7777
110 deny any 172.26.40.255/24
Prerequisites for IPv4
IPv4 has the following prerequisites:
• IPv4 can only be configured on Layer 3 interfaces.
Guidelines and Limitations for IPv4
IPv4 has the following configuration guidelines and limitations:
• You can configure a secondary IP address only after you configure the primary IP address.
• F2 Series modules do not support IPv4 tunnels.
• If any device on a network segment uses a secondary IPv4 address, other devices on that same network segment that require a secondary address must use a secondary address from the same network or subnet.
The inconsistent use of secondary addresses on a network segment can quickly cause routing loops.
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings for IPv4 Parameters
Table 3: Default IPv4 Parameters
Parameters
ARP timeout proxy ARP
Maximum number of IPv4 ARP entries in the neighbor adjacency table
Default
1500 seconds
Disabled
131,072
Configuring IPv4
Configuring IPv4 Addressing
You can assign a primary IP address for a network interface.
28
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring Multiple IPv4 Addresses
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# interface ethernet number switch(config-if)# no switchport
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
switch(config-if)# ip address ip-address/length [ secondary ] Specifies a primary or secondary IPv4 address for an interface.
• The network mask can be a four-part dotted decimal address. For example, 255.0.0.0 indicates that each bit equal to 1 means the corresponding address bit belongs to the network address.
• The network mask can be indicated as a slash (/) and a number—a prefix length. The prefix length is a decimal value that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash must precede the decimal value and there is no space between the IP address and the slash.
(Optional) switch(config-if)# show ip interface
(Optional) switch(config)# copy running-config startup-config
Displays interfaces configured for IPv4.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to assign an IPv4 address: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip address 192.2.1.1.255.0.0.0
switch(config-if)# copy running-config startup-config switch(config-if)#
Configuring Multiple IPv4 Addresses
You can only add secondary IP addresses after you configure primary IP addresses.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
29
IP
Configuring a Static ARP Entry
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
switch#
Procedure
Command or Action configure terminal switch(config)# interface ethernet number
Purpose
Enters global configuration mode.
Enters interface configuration mode.
switch(config-if)# no switchport Configures the interface as a Layer 3 routed interface.
switch(config-if)# ip address ip-address/length [ secondary ] Specifies a the configured address as a secondary IPv4 address.
(Optional) switch(config-if)# show ip interface
(Optional) switch(config)# copy running-config startup-config
Displays interfaces configured for IPv4.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring a Static ARP Entry
Configure a static ARP entry on the device to map IP addresses to MAC hardware addresses, including static multicast MAC addresses.
Step 1
Step 2
Step 3
Step 4
Step 5
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
switch#
Procedure
Command or Action configure terminal switch(config)# interface ethernet number
Purpose
Enters global configuration mode.
Enters interface configuration mode.
switch(config)# no switchport Configures the interface as a Layer 3 routed interface.
switch(config-if)# ip arp address ip-address mac-address Associates an IP address with a MAC address as a static entry.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to assign a static ARP entry:
30
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring Proxy ARP switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip arp 192.2.1.1.0019.076c.1a78
switch(config-if)# copy running-config startup-config switch(config-if)#
Configuring Proxy ARP
Configure proxy ARP on the device to determine the media addresses of hosts on other networks or subnets.
Step 1
Step 2
Step 3
Step 4
Step 5
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config-if)# interface ethernet number switch(config-if)# no switchport switch(config-if)# ip proxy arp switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Enables proxy ARP on the interface.
(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure proxy ARP: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip proxy-arp switch(config-if)# copy running-config startup-config switch(config-if)#
Configuring Local Proxy ARP
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
31
IP
Configuring Gratuitous ARP
Step 1
Step 2
Step 3
Step 4
Step 5
Procedure
Command or Action switch# configure terminal switch(config)# interface ethernet number switch(config)# no switchport switch(config-if)# ip local-proxy-arp
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Enables local proxy ARP on the interface.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure local proxy ARP: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip local-proxy-arp switch(config-if)# copy running-config startup-config switch(config-if)#
Configuring Gratuitous ARP
Step 1
Step 2
Step 3
Step 4
Step 5
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# interface ethernet number switch(config-if)# no switchport switch(config-if)# ip arp gratuitous { request | update ]
(Optional) switch(config)# startup-config copy running-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Configures the interface as a Layer 3 routed interface.
Enables gratuitous ARP on the interface.
Gratuitous ARP is enabled by default.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
32
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring the IP ARP Cache Limit
Example
This example shows how to configure gratuitous ARP: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# no switchport switch(config-if)# ip arp gratuitous request switch(config-if)# copy running-config startup-config switch(config-if)#
Configuring the IP ARP Cache Limit
Step 1
Step 2
Step 3
Step 4
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch(config)# configure terminal
Purpose
Enters global configuration mode.
switch(config)# ip arp cache limit max-arp-entries [ syslog syslogs-per-second ]
Configures the maximum number of ARP entries in the neighbor adjacency table. The range is from 1 to 409600.
The syslog keyword configures the number of syslogs per second. The range is from 1 to 1000.
If you do not configure a limit, system logs appear on the console if you try to add an adjacency after reaching the default limit. If you configure a limit for IPv4 ARP entries, system logs appear if you try to add an adjacency after reaching the configured limit.
switch(config)# show ip adjacency summary
(Optional) switch(config)# startup-config copy running-config
Displays the global limit of the neighbor adjacency table and a summary of throttle adjacencies.
Saves this configuration change.
Configuring Glean Optimization
You can configure glean optimization to improve the performance of glean packets by reducing the processing of the packets in the supervisor. Glean optimization applies to glean packets where the destination IP address is part of the same subnet and does not apply to packets where the destination IP address is in a different subnet. The default is enabled.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
33
IP
Configuring Bloom Filter Support for Glean Adjacencies
Step 1
Step 2
Step 3
Procedure
Command or Action switch# configure terminal switch(config)# interface ethernet number switch(config-if)# [ no ] ip arp fast-path
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Enables glean optimization.
Use the no form of the command to disable this feature.
Saves this configuration change.
Step 4 (Optional) switch(config)# copy running-config startup-config
Configuring Bloom Filter Support for Glean Adjacencies
Bloom Filter Support for Glean Adjacencies is introduced in Cisco NX-OS Release 8.4(2).
When a routed frame has an ARP cache miss, the packet hits a glean adjacency (which means the IP DA hits on the FIB table but cannot resolve MAC DA for the routed frame), and it is punted to the supervisor module.
Until the ARP cache is updated, all packets belonging to this flow will hit the glean adjacency and are punted to the supervisor module. To avoid this punting of the supervisor module, the L3 engine hashes a flow to set a bit in a leak table to indicate that the packet has been punted to the supervisor module. Subsequent frames are dropped until the software clears the leak table bit. This helps to forward the packets without any further delay.
The Bloom Filter Support for Glean Adjacencies feature is supported on M3 and F4 modules.
Before you perform the configuration, ensure that you are in the correct VDC or use the switchto vdc command.
This command is a global, system CLI on the default vdc and it is not configurable on a non-default vdc.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# hardware forwarding glean-bloom-filter
3.
switch(config)# no hardware forwarding glean-bloom-filter
4.
(Optional) switch(config)# copy running-config startup-config
5.
switch(config)# exit
6.
(Optional) switch# show system internal forwarding route summary
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# hardware forwarding glean-bloom-filter Enables the bloom filter forwarding. This command is disabled by default.
Step 3 switch(config)# no hardware forwarding glean-bloom-filter
Disables the bloom filter forwarding.
34
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring Path MTU Discovery
Step 4
Step 5
Step 6
Command or Action
(Optional) switch(config)# copy running-config startup-config
Purpose
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
switch(config)# exit Exits the global configuration mode.
(Optional) switch# show system internal forwarding route summary
Displays the glean routes from all supported modules.
Example
This example shows how to enable IP glean throttling: switch# configure terminal switch(config)# hardware forwarding glean-bloom-filter switch(config)# copy running-config startup-config switch(config)# exit switch# show system internal forwarding route summary
Configuring Path MTU Discovery
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# ip tcp path-mtu-discovery
3.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Command or Action switch# configure terminal switch(config)# ip tcp path-mtu-discovery
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables path MTU discovery.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring IP Packet Verification
Cisco NX-OS supports an Intrusion Detection System (IDS) that checks for IP packet verification. You can enable or disable these IDS checks.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
35
IP
Configuring IP Packet Verification
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Procedure
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# hardware ip verify address { destination zero | identical | reserved | source { broadcast | multicast }}
Performs the following IDS checks on the IP address:
• destination zero—Drops IP packets if the destination
IP address is 0.0.0.0.
• identical—Drops IP packets if the source IP address is identical to the destination IP address.
• reserved—Drops IP packets if the IP address is in the
127.x.x.x range.
• source—Drops IP packets if the IP source address is either 255.255.255.255 (broadcast) or in the 224.x.x.x
range (multicast).
switch(config)# switch(config)# hardware ip verify checksum hardware ip verify fragment
Drops IP packets if the packet checksum is invalid.
Drops IP packets if the packet fragment has a nonzero offset and the DF bit is active.
switch(config)# hardware ip verify length { consistent | maximum { max-frag | max-tcp | udp } | minimum }
Performs the following IDS checks on the IP address:
• consistent— Drops IP packets where the Ethernet frame size is greater than or equal to the IP packet length plus the Ethernet header.
• maximum max-frag—Drops IP packets if the maximum fragment offset is greater than 65536.
• maximum max-tcp—Drops IP packets if the TCP length is greater than the IP payload length.
• maximum udp—Drops IP packets if the IP payload length is less than the UDP packet length.
• minimum—Drops IP packets if the Ethernet frame length is less than the IP packet length plus four octets
(the CRC length).
switch(config)# hardware ip verify tcp tiny-frag switch(config)# hardware ip verify version
Drops TCP packets if the IP fragment offset is 1, or if the
IP fragment offset is 0 and the IP payload length is less than
16.
Drops IP packets if the ethertype is not set to 4 (IPv4).
What to do next
Use the show hardware forwarding ip verify command to display the IP packet verification configuration.
36
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Enabling Forwarding of IP Directed Broadcasts
Enabling Forwarding of IP Directed Broadcasts
Step 1
Step 2
Step 3
Step 4
Step 5
Enter global configuration mode: switch# configure terminal
Specify the interface on which forwarding of IP directed broadcasts should be configured and enter interface configuration mode: switch(config)# interface type slot / port
Enable forwarding of IP directed broadcasts: switch(config-if)# ip directed-broadcast [ acl-name | hw-assist [ drop ]]
Note • Use the ip directed-broadcast command to enable software forwarding of IP directed broadcasts.
• Use the ip directed-broadcast acl-name command to filter the IP directed broadcast packets through the specified IP access list.
• Use the ip directed-broadcast hw-assist command to enable hardware forwarding of IP directed broadcasts.
• Use the ip directed-broadcast hw-assist drop command to enable dropping of all directed broadcast packets on that interface in the hardware.
• You can either use the ip directed-broadcast acl-name command or the ip directed-broadcast hw-assist command on an interface. However, you cannot use both the commands on the same interface.
Use the ip directed-broadcast command to enable software forwarding of IP directed broadcasts. Use the ip
directed-broadcast acl-name command to filter the IP directed broadcast packets through the specified IP access list. Use the ip directed-broadcast hw-assist command to enable hardware forwarding of IP directed broadcasts. Use the ip directed-broadcast hw-assist drop command to enable dropping of all directed broadcast packets on that interface in hardware. You can either use the ip directed-broadcast acl-name command or the ip directed-broadcast hw-assist command on an interface. You cannot use both the commands on the same interface.
(Optional) Display the running configuration on the specified interface: switch# show running-config interface
(Optional) Display forwarding information: switch# show forwarding interfaces
Example: Running Configuration
This example shows a running configuration to enable software forwarding of IP directed broadcasts on a specific interface, followed by a verification command that displays the running configuration on that interface: configure terminal interface vlan 11
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
37
IP
Enabling Forwarding of IP Directed Broadcasts ip directed-broadcast
.
.
.
switch# show running-config interface vlan 11
!Command: show running-config interface Vlan11
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Vlan11 ip directed-broadcast
This example shows a running configuration to enable software forwarding of IP directed broadcasts on a specific interface along with an ACL to filter the IP directed broadcast packets through a specified
IP access list, followed by a verification command that displays running configuration on that interface: configure terminal interface vlan 11 ip directed-broadcast acl
.
.
.
switch# show running-config interface vlan 11
!Command: show running-config interface Vlan11
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Vlan11 ip directed-broadcast acl
This example shows a running configuration to enable hardware forwarding of IP directed broadcasts on a specific interface, followed by verification commands that display the running configuration and forwarding information: configure terminal interface vlan11 ip directed-broadcast hw-assist
.
.
.
switch# show running-config interface Ethernet2/5
!Command: show running-config interface Ethernet2/5
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Vlan11 ip directed-broadcast hw-assist switch# show forwarding interfaces slot 2
=======
Vlan11, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode
= pu nt, mac address = 0022.557a.5341
sup-eth2, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode = punt, mac address = 0000.0000.0000
Ethernet2/5, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode
= fwd, mac address = 0022.557a.5341
Ethernet12/17, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mo de = drop, mac address = 0022.557a.5341
Slot 4
======
38
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Disabling Forwarding of IP Directed Broadcasts
.
.
.
switch# show forwarding interfaces | i Ethernet2/5
Ethernet2/5, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode
= fwd, mac address = 0022.557a.5341
This example shows a running configuration to enable dropping of all the IP directed broadcasts in the hardware on a specific interface, followed by a verification command that displays the running configuration on that interface: configure terminal interface vlan 11 ip directed-broadcast hw-assist drop
.
.
.
switch# show running-config interface vlan 11
!Command: show running-config interface Vlan11
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Vlan11 ip directed-broadcast hw-assist drop
Disabling Forwarding of IP Directed Broadcasts
Step 1
Step 2
Step 3
Enter global configuration mode: switch# configure terminal
Specify the interface on which forwarding of IP directed broadcasts has been configured and enter interface configuration mode: switch(config)# interface type slot / port
Disable forwarding of IP directed broadcasts: switch(config-if)# no ip directed-broadcast [ acl-name | hw-assist [ drop ]]
Note • Use the no ip directed-broadcast command to disable forwarding of IP directed broadcasts.
• Use the no ip directed-broadcast acl-name command to disable forwarding of IP directed broadcasts on a specific interface along with the configured ACL.
• Use the no ip directed-broadcast hw-assist command to disable hardware forwarding of IP directed broadcasts and to disable dropping of all directed broadcasts on a specific interface in the hardware if the ip directed-broadcast hw-assist drop command has been used.
• Use the no ip directed-broadcast hw-assist drop command to disable dropping of all directed broadcasts on a specific interface in the hardware.
Step 4 (Optional) Display the running configuration on the specified interface: switch# show running-config interface
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
39
Disabling Forwarding of IP Directed Broadcasts
Step 5 (Optional) Display forwarding information: switch# show forwarding interfaces
Example: Running Configuration
This example shows a running configuration to disable forwarding of IP directed broadcasts on a specific interface, followed by a verification command that displays the running configuration on that interface: configure terminal interface vlan 11 no ip directed-broadcast
.
.
.
switch# show running-config interface vlan 11
!Command: show running-config interface Vlan11
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Vlan11
This example shows a running configuration to disable forwarding of IP directed broadcasts on a specific interface along with the configured ACL, followed by a verification command that displays the running configuration on that interface: configure terminal interface vlan 11 no ip directed-broadcast acl
.
.
.
switch# show running-config interface vlan 11
!Command: show running-config interface Vlan11
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Vlan11
This example shows a running configuration to disable hardware forwarding of IP directed broadcasts on an interface, followed by verification commands that display the running configuration and forwarding information: configure terminal interface Ethernet2/5 no ip directed-broadcast hw-assist
.
.
.
switch# show running-config interface Ethernet2/5
!Command: show running-config interface Ethernet2/5
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Ethernet2/5 switch# show forwarding interfaces slot 2
=======
IP
40
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring IP Glean Throttling
Vlan11, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode
= pu nt, mac address = 0022.557a.5341
sup-eth2, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode = punt, mac address = 0000.0000.0000
Ethernet2/5, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode
= punt, mac address = 0022.557a.5341
Ethernet12/17, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mo de = drop, mac address = 0022.557a.5341
.
.
Slot 4
======
.
switch# show forwarding interfaces | i Ethernet2/5
Ethernet2/5, v4 adj-count = 0, v6 adj-count = 0, v4_rpf-mode = none, v6_rpf-mode = none, bcast-mode
= punt, mac address = 0022.557a.5341
This example shows a running configuration to disable dropping of all IP directed broadcasts in the hardware on a specific interface, followed by a verification command that displays the running configuration on that interface: configure terminal interface vlan 11 no ip directed-broadcast hw-assist drop
.
.
.
switch# show running-config interface vlan 11
!Command: show running-config interface Vlan11
!Time: Fri Jul 21 14:42:00 2017 version 8.2(1) interface Vlan11
Configuring IP Glean Throttling
Cisco NX-OS software supports glean throttling rate limiters to protect the supervisor from the glean traffic.
Note We recommend that you configure the IP glean throttle feature by using the hardware ip glean throttle command to filter the unnecessary glean packets that are sent to the supervisor for ARP resolution for the next hops that are not reachable or do not exist. IP glean throttling boosts software performance and helps to manage traffic more efficiently.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
41
IP
Configuring the Hardware IP Glean Throttle Maximum
Step 1
Step 2
Step 3
Step 4
Procedure
Command or Action switch# configure terminal switch(config)# hardware ip glean throttle switch(config)# no hardware ip glean throttle
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables ARP throttling.
Disables ARP throttling.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to enable IP glean throttling: switch# configure terminal switch(config)# hardware ip glean throttle switch(config-if)# copy running-config startup-config
Configuring the Hardware IP Glean Throttle Maximum
You can limit the maximum number of drop adjacencies that are installed in the Forwarding Information Base
(FIB).
Step 1
Step 2
Step 3
Step 4
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# hardware ip glean throttle maximum count
Purpose
Enters global configuration mode.
Configures the number of drop adjacencies that are installed in the FIB.
switch(config)# no hardware ip glean throttle maximum count
Applies the default limits.
The default value is 1000. The range is from 0 to 32767 entries.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
42
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring the Hardware IP Glean Throttle Timeout
Example
This example shows how to limit the maximum number of drop adjacencies that are installed in the
FIB: switch# configure terminal switch(config)# hardware ip glean throttle maximum 2134 switch(config-if)# copy running-config startup-config
Configuring the Hardware IP Glean Throttle Timeout
You can configure a timeout for the installed drop adjacencies to remain in the Forwarding Information Base
(FIB).
Step 1
Step 2
Step 3
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# hardware ip glean throttle maximum
timeout timeout-in-seconds
Purpose
Enters global configuration mode.
Configures the timeout for the installed drop adjacencies to remain in the FIB.
switch(config)# no hardware ip glean throttle maximum
timeout timeout-in-seconds
Applies the default limits.
The timeout value is in seconds. The range is from 300 seconds (5 minutes) to 1800 seconds (30 minutes).
Note After the timeout period is exceeded, the drop adjacencies are removed from the FIB.
Step 4 (Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring the Hardware IP Glean Throttle Syslog
You can a syslog if the number of packets that get dropped for a specific flow exceeds the configured packet count.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
43
IP
Verifying the IPv4 Configuration
Step 1
Step 2
Step 3
Step 4
Procedure
Command or Action switch# configure terminal switch(config)# hardware ip glean throttle syslog packet-count switch(config)# no hardware ip glean throttle syslog packet-count
(Optional) switch(config)# startup-config copy running-config
Purpose
Enters global configuration mode.
Generates a syslog if the number of packets that get dropped for a specific flow exceed the configured packet count.
Applies the default limits.
The default is 10000 packets. The range is from 0 to 65535 packets.
Note After the timeout period is exceeded, the drop adjacencies are removed from the FIB.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to generate a syslog if the number of packets that get dropped for a specific flow exceeds the configured packet count: switch# configure terminal switch(config)# hardware ip glean throttle maximum timeout 300 switch(config-if)# copy running-config startup-config
Verifying the IPv4 Configuration
Use one of the following commands to verify the configuration:
Command show forwarding interfaces show hardware forwarding ip verify
Purpose
Displays forwarding information.
Shows the IP packet verification configuration.
show ip adjacency show ip adjacency summary show ip arp show ip arp summary show ip adjacency throttle statistics show ip interface
Displays the adjacency table.
Displays the summary of number of throttle adjacencies.
Displays the ARP table.
Displays the summary of the number of throttle adjacencies.
Displays only the throttle adjacencies.
Displays IP-related interface information.
44
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuration Examples for IPv4
Command show ip arp statistics [ vrf vrf-name ]
show running-config interface
Purpose
Displays the ARP statistics.
Displays the running configuration on the specified interface.
Configuration Examples for IPv4
Example: Reserving All Ports on a Module for Proxy Routing
This example shows how to reserve all ports on a module for proxy routing:
Step 1: Determine which modules are present in the device: switch# show module
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 32 10 Gbps Ethernet Module N7K-M132XP-12 ok
2 48 10/100/1000 Mbps Ethernet Module N7K-M148GT-11 ok
3 48 1000 Mbps Optical Ethernet Modul N7K-M148GS-11 ok
5 0 Supervisor module-1X N7K-SUP1 active *
6 0 Supervisor module-1X N7K-SUP1 ha-standby
8 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok
The F1 module is in Slot 8, and the M1 modules are in Slots 1 to 3.
Step 2: Determine which ports are available in the VDC: switch# show vdc membership | end "Ethernet3/48" vdc_id: 0 vdc_name: Unallocated interfaces: vdc_id: 1 vdc_name: switch interfaces:
Ethernet1/9 Ethernet1/10 Ethernet1/11
Ethernet1/12 Ethernet1/13 Ethernet1/14
Ethernet1/15 Ethernet1/16 Ethernet1/17
Ethernet1/18 Ethernet1/19 Ethernet1/20
Ethernet1/21 Ethernet1/22 Ethernet1/23
Ethernet1/24 Ethernet1/25 Ethernet1/26
Ethernet1/27 Ethernet1/28 Ethernet1/29
Ethernet1/30 Ethernet1/31 Ethernet1/32
Ethernet2/1 Ethernet2/2 Ethernet2/3
Ethernet2/4 Ethernet2/5 Ethernet2/6
Ethernet2/7 Ethernet2/8 Ethernet2/9
Ethernet2/10 Ethernet2/11 Ethernet2/12
Ethernet2/25 Ethernet2/26 Ethernet2/27
Ethernet2/28 Ethernet2/29 Ethernet2/30
Ethernet2/31 Ethernet2/32 Ethernet2/33
Ethernet2/34 Ethernet2/35 Ethernet2/36
Ethernet2/37 Ethernet2/38 Ethernet2/39
Ethernet2/40 Ethernet2/41 Ethernet2/42
Ethernet2/43 Ethernet2/44 Ethernet2/45
Ethernet2/46 Ethernet2/47 Ethernet2/48
Ethernet3/1 Ethernet3/2 Ethernet3/3
Ethernet3/4 Ethernet3/5 Ethernet3/6
Ethernet3/7 Ethernet3/8 Ethernet3/9
Ethernet3/10 Ethernet3/11 Ethernet3/12
Ethernet3/13 Ethernet3/14 Ethernet3/15
Ethernet3/16 Ethernet3/17 Ethernet3/18
Ethernet3/19 Ethernet3/20 Ethernet3/21
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
45
Example: Reserving All Ports on a Module for Proxy Routing
Ethernet3/22 Ethernet3/23 Ethernet3/24
Ethernet3/25 Ethernet3/26 Ethernet3/27
Ethernet3/28 Ethernet3/29 Ethernet3/30
Ethernet3/31 Ethernet3/32 Ethernet3/33
Ethernet3/34 Ethernet3/35 Ethernet3/36
Ethernet3/37 Ethernet3/38 Ethernet3/39
Ethernet3/40 Ethernet3/41 Ethernet3/42
Ethernet3/43 Ethernet3/44 Ethernet3/45
Ethernet3/46 Ethernet3/47 Ethernet3/48
Step 3: Determine which ports are available for proxy routing: switch# show hardware proxy layer-3 detail
Global Information:
F1 Modules: Count: 1 Slot: 8
M1 Modules: Count: 3 Slot: 1-3
Replication Rebalance Mode: Manual
Number of proxy layer-3 forwarders: 13
Number of proxy layer-3 replicators: 8
Forwarder Interfaces Status Reason
------------------------------------------------------------------------------
Eth1/9, Eth1/11, Eth1/13, Eth1/15 up SUCCESS
Eth1/10, Eth1/12, Eth1/14, Eth1/16 up SUCCESS
Eth1/17, Eth1/19, Eth1/21, Eth1/23 up SUCCESS
Eth1/18, Eth1/20, Eth1/22, Eth1/24 up SUCCESS
Eth1/25, Eth1/27, Eth1/29, Eth1/31 up SUCCESS
Eth1/26, Eth1/28, Eth1/30, Eth1/32 up SUCCESS
Eth2/1-12 up SUCCESS
Eth2/25-36 up SUCCESS
Eth2/37-48 up SUCCESS
Eth3/1-12 up SUCCESS
Eth3/13-24 up SUCCESS
Eth3/25-36 up SUCCESS
Eth3/37-48 up SUCCESS
Replicator Interfaces #Interface-Vlan Interface-Vlan
------------------------------------------------------------------------------
Eth1/1, Eth1/3, Eth1/5, Eth1/7, Eth1/9, 0
Eth1/11, Eth1/13, Eth1/15
Eth1/2, Eth1/4, Eth1/6, Eth1/8, Eth1/10, 0
Eth1/12, Eth1/14, Eth1/16
Eth1/17, Eth1/19, Eth1/21, Eth1/23, 0
Eth1/25, Eth1/27, Eth1/29, Eth1/31
Eth1/18, Eth1/20, Eth1/22, Eth1/24, 0
Eth1/26, Eth1/28, Eth1/30, Eth1/32
Eth2/1-24 0
Eth2/25-48 0
Eth3/1-24 0
Eth3/25-48 0 switch#
Note Ports are listed in their respective port groups.
Step 4: Reserve a module for unicast and multicast proxy routing: switch# configure terminal switch(config)# hardware proxy layer-3 forwarding use module 2 switch(config)# hardware proxy layer-3 replication use module 2
Step 5: Verify this configuration: switch(config)# show hardware proxy layer-3 detail
Global Information:
IP
46
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Example: Reserving Ports for Proxy Routing
F1 Modules: Count: 1 Slot: 8
M1 Modules: Count: 3 Slot: 1-3
Replication Rebalance Mode: Manual
Number of proxy layer-3 forwarders: 3
Number of proxy layer-3 replicators: 2
Forwarder Interfaces Status Reason
------------------------------------------------------------------------------
Eth2/1-12 up SUCCESS
Eth2/25-36 up SUCCESS
Eth2/37-48 up SUCCESS
Replicator Interfaces #Interface-Vlan Interface-Vlan
------------------------------------------------------------------------------
Eth2/1-24 0
Eth2/25-48 0 switch(config)#
Example: Reserving Ports for Proxy Routing
This example shows how to reserve some ports on a module for proxy routing:
Step 1: Reserve a subset of ports on a module: switch(config)# hardware proxy layer-3 forwarding use interface ethernet 2/1-6 switch(config)# hardware proxy layer-3 replication use interface ethernet 2/1-6 <----subset of port group
This example reserves a subset of ports from a port group.
Step 2: Verify this configuration: switch(config)# show hardware proxy layer-3 detail
Global Information:
F1 Modules: Count: 1 Slot: 8
M1 Modules: Count: 3 Slot: 1-3
Replication Rebalance Mode: Manual
Number of proxy layer-3 forwarders: 1
Number of proxy layer-3 replicators: 1
Forwarder Interfaces Status Reason
------------------------------------------------------------------------------
Eth2/1-12 up SUCCESS
Replicator Interfaces #Interface-Vlan Interface-Vlan
------------------------------------------------------------------------------
Eth2/1-24 0 switch(config)#
Note All ports in a port group are reserved for proxy routing.
Example: Excluding Ports From Proxy Routing
The following example excludes some ports on a module for proxy routing: switch(config)# hardware proxy layer-3 forwarding exclude interface ethernet 2/1-12 switch(config)# hardware proxy layer-3 replication exclude interface ethernet 2/1-12 switch(config)# show hardware proxy layer-3 detail
Global Information:
F1 Modules: Count: 1 Slot: 8
M1 Modules: Count: 3 Slot: 1-3
Replication Rebalance Mode: Manual
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
47
IP
Related Documents for IPv4
Number of proxy layer-3 forwarders: 12
Number of proxy layer-3 replicators: 7
Forwarder Interfaces Status Reason
------------------------------------------------------------------------------
Eth1/9, Eth1/11, Eth1/13, Eth1/15 up SUCCESS
Eth1/10, Eth1/12, Eth1/14, Eth1/16 up SUCCESS
Eth1/17, Eth1/19, Eth1/21, Eth1/23 up SUCCESS
Eth1/18, Eth1/20, Eth1/22, Eth1/24 up SUCCESS
Eth1/25, Eth1/27, Eth1/29, Eth1/31 up SUCCESS
Eth1/26, Eth1/28, Eth1/30, Eth1/32 up SUCCESS
Eth2/25-36 up SUCCESS
Eth2/37-48 up SUCCESS
Eth3/1-12 up SUCCESS
Eth3/13-24 up SUCCESS
Eth3/25-36 up SUCCESS
Eth3/37-48 up SUCCESS
Replicator Interfaces #Interface-Vlan Interface-Vlan
------------------------------------------------------------------------------
Eth1/1, Eth1/3, Eth1/5, Eth1/7, Eth1/9, 0
Eth1/11, Eth1/13, Eth1/15
Eth1/2, Eth1/4, Eth1/6, Eth1/8, Eth1/10, 0
Eth1/12, Eth1/14, Eth1/16
Eth1/17, Eth1/19, Eth1/21, Eth1/23, 0
Eth1/25, Eth1/27, Eth1/29, Eth1/31
Eth1/18, Eth1/20, Eth1/22, Eth1/24, 0
Eth1/26, Eth1/28, Eth1/30, Eth1/32
Eth2/25-48 0
Eth3/1-24 0
Eth3/25-48 0 switch(config)#
Related Documents for IPv4
Related Topic
IP CLI commands
Document Title https://www.cisco.com/c/en/us/td/docs/switches/ datacenter/nexus7000/sw/unicast/command/cisco_ nexus7000_unicast_routing_command_ref.html
Standards for IPv4
Standards Title
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
—
Feature History for IPv4
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
48
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Table 4: Feature History for IPv4
Feature Name
Bloom Filter Support for
Glean Adjacencies
Hardware Forwarding of IP
Directed Broadcasts
Release
8.4(2)
8.2(1)
Glean optimization
ARP
6.2(2)
6.2(2)
IP
ACL filter for IP directed broadcasts
Glean throttling
ARP
6.0(1)
5.2(1)
5.1(1)
4.1(4)
IP 4.1(3)
ARP 4.0(3)
IP 4.0(1)
Feature History for IPv4
Feature Information
This feature was introduced.
This feature enables hardware forwarding of
IP directed broadcasts. This feature is limited to the VDC on which it is applied.
This feature was introduced.
Added the ability to configure the maximum number of ARP entries in the neighbor adjacency table.
Updated for F2 Series modules.
Added support to filter IP directed broadcasts through an IP access list.
Added support for IPv4 glean throttling.
Added support to protect against an ARP broadcast storm.
Changed the platform ip verify command to the hardware ip verify command.
Added support for gratuitous ARP. The ip arp gratuitous { request | update } command was added.
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
49
Feature History for IPv4
IP
50
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
4
Configuring IPv6
This chapter contains the following sections:
•
Finding Feature Information, on page 51
•
Information About IPv6, on page 51
•
Virtualization Support for IPv6, on page 68
•
Prerequisites for IPv6, on page 68
•
Guidelines and Limitations for Configuring IPv6, on page 68
•
Default Settings for IPv6, on page 69
•
•
Verifying the IPv6 Configuration, on page 77
•
Configuration Example for IPv6, on page 78
•
Related Documents for IPv6, on page 78
•
Standards for IPv6, on page 78
•
Feature History for IPv6, on page 78
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About IPv6
IPv6, which is designed to replace IPv4, increases the number of network address bits from 32 bits (in IPv4) to 128 bits. IPv6 is based on IPv4 but it includes a much larger address space and other improvements such as a simplified main header and extension headers.
The larger IPv6 address space allows networks to scale and provide global reachability. The simplified IPv6 packet header format handles packets more efficiently. The flexibility of the IPv6 address space reduces the need for private addresses and the use of Network Address Translation (NAT), which translates private (not globally unique) addresses into a limited number of public addresses. IPv6 enables new application protocols that do not require special processing by border routers at the edge of networks.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
51
IP
IPv6 Address Formats
IPv6 functionality, such as prefix aggregation, simplified network renumbering, and IPv6 site multihoming capabilities, enable more efficient routing. IPv6 supports Routing Information Protocol (RIP), Integrated
Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF) for IPv6, and multiprotocol Border Gateway Protocol (BGP).
IPv6 Address Formats
An IPv6 address has 128 bits or 16 bytes. The address is divided into eight, 16-bit hexadecimal blocks separated by colons (:) in the format x:x:x:x:x:x:x:x.
Two examples of IPv6 addresses are as follows:
2001:0DB8:7654:3210:FEDC:BA98:7654:3210
2001:0DB8:0:0:8:800:200C:417A
IPv6 addresses contain consecutive zeros within the address. You can use two colons (::) at the beginning, middle, or end of an IPv6 address to replace the consecutive zeros.
Note You can use two colons (::) only once in an IPv6 address to replace the longest string of consecutive zeros within the address.
You can use a double colon as part of the IPv6 address when consecutive 16-bit values are denoted as zero.
You can configure multiple IPv6 addresses per interface but only one link-local address.
The hexadecimal letters in IPv6 addresses are not case sensitive.
Table 5: Compressed IPv6 Address Formats
IPv6 Address Type
Unicast
Multicast
Loopback
Unspecified
Preferred Format Compressed Format
2001:0:0:0:0:DB8:800:200C:417A 2001::0DB8:800:200C:417A
FF01:0:0:0:0:0:0:101
0:0:0:0:0:0:0:0:1
FF01::101
::1
0:0:0:0:0:0:0:0:0 ::
A node may use the loopback address listed in the table to send an IPv6 packet to itself. The loopback address in IPv6 is the same as the loopback address in IPv4.
Note You cannot assign the IPv6 loopback address to a physical interface. A packet that contains the IPv6 loopback address as its source or destination address must remain within the node that created the packet. IPv6 routers do not forward packets that have the IPv6 loopback address as their source or destination address.
You cannot assign an IPv6 unspecified address to an interface. You should not use the unspecified IPv6 addresses as destination addresses in IPv6 packets or the IPv6 routing header.
The IPv6-prefix is in the form documented in RFC 2373 where the IPv6 address is specified in hexadecimal using 16-bit values between colons. The prefix length is a decimal value that indicates how many of the
52
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
IPv6 Unicast Addresses high-order contiguous bits of the address comprise the prefix (the network portion of the address). For example,
2001:0DB8:8086:6502::/32 is a valid IPv6 prefix.
IPv6 Unicast Addresses
An IPv6 unicast address is an identifier for a single interface on a single node. A packet that is sent to a unicast address is delivered to the interface identified by that address.
Aggregatable Global Addresses
An aggregatable global address is an IPv6 address from the aggregatable global unicast prefix. The structure of aggregatable global unicast addresses enables strict aggregation of routing prefixes that limits the number of routing table entries in the global routing table. Aggregatable global addresses are used on links that are aggregated upward through organizations and eventually to the Internet service providers (ISPs).
Aggregatable global IPv6 addresses are defined by a global routing prefix, a subnet ID, and an interface ID.
Except for addresses that start with binary 000, all global unicast addresses have a 64-bit interface ID. The
IPv6 global unicast address allocation uses the range of addresses that start with binary value 001 (2000::/3).
The figure shows the structure of an aggregatable global address.
Figure 7: Aggregatable Global Addresses
Addresses with a prefix of 2000::/3 (001) through E000::/3 (111) are required to have 64-bit interface identifiers in the extended universal identifier (EUI)-64 format. The Internet Assigned Numbers Authority (IANA) allocates the IPv6 address space in the range of 2000::/16 to regional registries.
The aggregatable global address consists of a 48-bit global routing prefix and a 16-bit subnet ID or Site-Level
Aggregator (SLA). In the IPv6 aggregatable global unicast address format document (RFC 2374), the global routing prefix included two other hierarchically structured fields called Top-Level Aggregator (TLA) and
Next-Level Aggregator (NLA). The IETF decided to remove the TLS and NLA fields from the RFCs because these fields are policy based. Some existing IPv6 networks deployed before the change might still use networks that are on the older architecture.
A subnet ID, which is a 16-bit subnet field, can be used by individual organizations to create a local addressing hierarchy and to identify subnets. A subnet ID is similar to a subnet in IPv4, except that an organization with an IPv6 subnet ID can support up to 65,535 individual subnets.
An interface ID identifies interfaces on a link. The interface ID is unique to the link. In many cases, an interface
ID is the same as or based on the link-layer address of an interface. Interface IDs used in aggregatable global unicast and other IPv6 address types have 64 bits and are in the modified EUI-64 format.
Interface IDs are in the modified EUI-64 format in one of the following ways:
• For all IEEE 802 interface types (for example, Ethernet, and Fiber Distributed Data interfaces), the first three octets (24 bits) are the Organizationally Unique Identifier (OUI) of the 48-bit link-layer address
(MAC address) of the interface, the fourth and fifth octets (16 bits) are a fixed hexadecimal value of
FFFE, and the last three octets (24 bits) are the last three octets of the MAC address. The Universal/Local
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
53
IP
Link-Local Addresses
(U/L) bit, which is the seventh bit of the first octet, has a value of 0 or 1. Zero indicates a locally administered identifier; 1 indicates a globally unique IPv6 interface identifier.
• For all other interface types (for example, serial, loopback, ATM, Frame Relay, and tunnel interface types-except tunnel interfaces used with IPv6 overlay tunnels), the interface ID is similar to the interface
ID for IEEE 802 interface types; however, the first MAC address from the pool of MAC addresses in the router is used as the identifier (because the interface does not have a MAC address).
• For tunnel interface types that are used with IPv6 overlay tunnels, the interface ID is the IPv4 address assigned to the tunnel interface with all zeros in the high-order 32 bits of the identifier
Note For interfaces that use the Point-to-Point Protocol (PPP), where the interfaces at both ends of the connection might have the same MAC address, the interface identifiers at both ends of the connection are negotiated (picked randomly and, if necessary, reconstructed) until both identifiers are unique. The first MAC address in the router is used as the identifier for interfaces using PPP.
If no IEEE 802 interface types are in the router, link-local IPv6 addresses are generated on the interfaces in the router in the following sequence:
1.
The router is queried for MAC addresses (from the pool of MAC addresses in the router).
2.
If no MAC addresses are available in the router, the serial number of the router is used to form the link-local addresses.
3.
If the serial number of the router cannot be used to form the link-local addresses, the router uses a Message
Digest 5 (MD5) hash to determine the MAC address of the router from the hostname of the router.
Link-Local Addresses
A link-local address is an IPv6 unicast address that can be automatically configured on any interface using the link-local prefix FE80::/10 (1111 1110 10) and the interface identifier in the modified EUI-64 format.
Link-local addresses are used in the Neighbor Discovery Protocol (NDP) and the stateless autoconfiguration process. Nodes on a local link can use link-local addresses to communicate; the nodes do not need globally unique addresses to communicate.
IPv6 routers cannot forward packets that have link-local source or destination addresses to other links.
Figure 8: Link-Local Address Format
54
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
IPv4-Compatible IPv6 Addresses
IPv4-Compatible IPv6 Addresses
An IPv4-compatible IPv6 address is an IPv6 unicast address that has zeros in the high-order 96 bits of the address and an IPv4 address in the low-order 32 bits of the address. The format of an IPv4-compatible IPv6 address is 0:0:0:0:0:0:A.B.C.D or ::A.B.C.D. The entire 128-bit IPv4-compatible IPv6 address is used as the
IPv6 address of a node and the IPv4 address embedded in the low-order 32 bits is used as the IPv4 address of the node. IPv4-compatible IPv6 addresses are assigned to nodes that support both the IPv4 and IPv6 protocol stacks and are used in automatic tunnels.
Figure 9: IPv4-Compatible IPv6 Address Format
Unique Local Addresses
A unique local address is an IPv6 unicast address that is globally unique and is intended for local communications. It is not expected to be routable on the global Internet and is routable inside of a limited area, such as a site, and it may be routed between a limited set of sites. Applications may treat unique local addresses like global scoped addresses.
A unique local address has the following characteristics:
• It has a globally unique prefix (it has a high probability of uniqueness).
• It has a well-known prefix to allow for easy filtering at site boundaries
• It allows sites to be combined or privately interconnected without creating any address conflicts or requiring renumbering of interfaces that use these prefixes.
• It is ISP-independent and can be used for communications inside of a site without having any permanent or intermittent Internet connectivity.
• If it is accidentally leaked outside of a site through routing or the Domain Name Server (DNS), there is no conflict with any other addresses.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
55
IP
Site Local Addresses
Figure 10: Unique Local Address Structure
Site Local Addresses
Because RFC 3879 deprecates the use of site-local addresses, you should follow the recommendations of unique local addressing (ULA) in RFC 4193 when you configure private IPv6 addresses.
IPv6 Anycast Addresses
An anycast address is an address that is assigned to a set of interfaces that belong to different nodes. A packet sent to an anycast address is delivered to the closest interface-as defined by the routing protocols in use-identified by the anycast address. Anycast addresses are syntactically indistinguishable from unicast addresses because anycast addresses are allocated from the unicast address space. Assigning a unicast address to more than one interface turns a unicast address into an anycast address. You must configure the nodes to which the anycast address to recognize that the address is an anycast address.
Note Anycast addresses can be used only by a router, not a host. Anycast addresses cannot be used as the source address of an IPv6 packet.
The following figure shows the format of the subnet router anycast address; the address has a prefix concatenated by a series of zeros (the interface ID). The subnet router anycast address can be used to reach a router on the link that is identified by the prefix in the subnet router anycast address.
Figure 11: Subnet Router Anycast Address Format
IPv6 Multicast Addresses
An IPv6 multicast address is an IPv6 address that has a prefix of FF00::/8 (1111 1111). An IPv6 multicast address is an identifier for a set of interfaces that belong to different nodes. A packet sent to a multicast address
56
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
IPv6 Multicast Addresses is delivered to all interfaces identified by the multicast address. The second octet following the prefix defines the lifetime and scope of the multicast address. A permanent multicast address has a lifetime parameter equal to 0; a temporary multicast address has a lifetime parameter equal to 1. A multicast address that has the scope of a node, link, site, or organization, or a global scope, has a scope parameter of 1, 2, 5, 8, or E, respectively.
For example, a multicast address with the prefix FF02::/16 is a permanent multicast address with a link scope.
Figure 12: IPv6 Multicast Address Format
IPv6 nodes (hosts and routers) are required to join (where received packets are destined for) the following multicast groups:
• All-nodes multicast group FF02:0:0:0:0:0:0:1 (the scope is link-local)
• Solicited-node multicast group FF02:0:0:0:0:1:FF00:0000/104 for each of its assigned unicast and anycast addresses
IPv6 routers must also join the all-routers multicast group FF02:0:0:0:0:0:0:2 (the scope is link-local).
The solicited-node multicast address is a multicast group that corresponds to an IPv6 unicast or anycast address.
IPv6 nodes must join the associated solicited-node multicast group for every unicast and anycast address to which it is assigned. The IPv6 solicited-node multicast address has the prefix FF02:0:0:0:0:1:FF00:0000/104 concatenated with the 24 low-order bits of a corresponding IPv6 unicast or anycast address. For example, the solicited-node multicast address that corresponds to the IPv6 address 2037::01:800:200E:8C6C is
FF02::1:FF0E:8C6C. Solicited-node addresses are used in neighbor solicitation messages.
Figure 13: Pv6 Solicited-Node Multicast Address Format
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
57
IP
IPv4 Packet Header
Note IPv6 has no broadcast addresses. IPv6 multicast addresses are used instead of broadcast addresses.
IPv4 Packet Header
The base IPv4 packet header has 12 fields with a total size of 20 octets (160 bits). The 12 fields may be followed by an Options field, which is followed by a data portion that is usually the transport-layer packet.
The variable length of the Options field adds to the total size of the IPv4 packet header. The shaded fields of the IPv4 packet header are not included in the IPv6 packet header.
Figure 14: IPv4 Packet Header Format
Simplified IPv6 Packet Header
The base IPv6 packet header has 8 fields with a total size of 40 octets (320 bits). Fragmentation is handled by the source of a packet and checksums at the data link layer and transport layer are used. The User Datagram
Protocol (UDP) checksum checks the integrity of the inner packet and the base IPv6 packet header and Options field are aligned to 64 bits, which can facilitate the processing of IPv6 packets.
Table 6: Base IPv6 Packet Header Fields
Field
Version
Traffic Class
Flow Label
Payload Length
Description
Similar to the Version field in the IPv4 packet header, except that the field lists number 6 for IPv6 instead of number 4 for IPv4.
Similar to the Type of Service field in the IPv4 packet header. The Traffic Class field tags packets with a traffic class that is used in differentiated services.
New field in the IPv6 packet header. The Flow Label field tags packets with a specific flow that differentiates the packets at the network layer.
Similar to the Total Length field in the IPv4 packet header. The Payload Length field indicates the total length of the data portion of the packet.
58
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Field
Next Header
Hop Limit
Source Address
Destination Address
Figure 15: IPv6 Packet Header Format
Simplified IPv6 Packet Header
Description
Similar to the Protocol field in the IPv4 packet header.
The value of the Next Header field determines the type of information that follows the base IPv6 header.
The type of information that follows the base IPv6 header can be a transport-layer packet, for example, a TCP or UDP packet, or an Extension Header.
Similar to the Time to Live field in the IPv4 packet header. The value of the Hop Limit field specifies the maximum number of routers that an IPv6 packet can pass through before the packet is considered invalid.
Each router decrements the value by one. Because no checksum is in the IPv6 header, the router can decrement the value without needing to recalculate the checksum, which saves processing resources.
Similar to the Source Address field in the IPv4 packet header, except that the field contains a 128-bit source address for IPv6 instead of a 32-bit source address for
IPv4.
Similar to the Destination Address field in the IPv4 packet header, except that the field contains a 128-bit destination address for IPv6 instead of a 32-bit destination address for IPv4.
Optional extension headers and the data portion of the packet are after the eight fields of the base IPv6 packet header. If present, each extension header is aligned to 64 bits. There is no fixed number of extension headers in an IPv6 packet. Each extension header is identified by the Next Header field of the previous header.
Typically, the final extension header has a Next Header field of a transport-layer protocol, such as TCP or
UDP.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
59
IP
Simplified IPv6 Packet Header
Figure 16: IPv6 Extension Header Format
Table 7: IPv6 Extension Header Types
Header Type
Hop-by-Hop options header
Next Header Value
0
Destination Header Options 60
Routing Header 43
Description
Header that is processed by all hops in the path of a packet.
When present, the hop-by-hop options header always follows immediately after the base
IPv6 packet header.
Header that can follow any hop-by-hop options header.
The header is processed at the final destination and at each visited address specified by a routing header. Alternatively, the destination options header can follow any Encapsulating
Security Payload (ESP) header. The destination options header is processed only at the final destination.
Header that is used for source routing.
60
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
DNS for IPv6
Header Type
Fragment Header
Upper-Layer Headers
Next Header Value
44
6 (TCP)
17 (UDP)
Description
Header that is used when a source fragments a packet that is larger than the maximum transmission unit (MTU) for the path between itself and a destination. The Fragment header is used in each fragmented packet.
Headers that are used inside a packet to transport the data.
The two main transport protocols are TCP and UDP.
DNS for IPv6
IPv6 supports DNS record types that are supported in the DNS name-to-address and address-to-name lookup processes. The DNS record types support IPv6 addresses.
Note IPv6 also supports the reverse mapping of IPv6 addresses to DNS names.
Table 8: IPv6 DNS Record Types
Record Type
AAAA
PTR
Description Format
Maps a hostname to an IPv6 address. (Equivalent to an A record in IPv4.) www.abc.test AAAA
3FFE:YYYY:C18:1::2
Maps an IPv6 address to a hostname. (Equivalent to a PTR record in IPv4.)
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0.8.1.c.0.y.y.y.y.e.f.f.3.ip6.int
PTR www.abc.test
Path MTU Discovery for IPv6
As in IPv4, you can use path MTU discovery in IPv6 to allow a host to dynamically discover and adjust to differences in the MTU size of every link along a data path. In IPv6, however, fragmentation is handled by the source of a packet when the path MTU of one link along a given data path is not large enough to accommodate the size of the packets. Having IPv6 hosts handle packet fragmentation saves IPv6 router processing resources and helps IPv6 networks run more efficiently. Once the path MTU is reduced by the arrival of an ICMP Too Big message, Cisco NX-OS retains the lower value. The connection does not increase the segment size to gauge the throughput.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
61
IP
CDP IPv6 Address Support
Note In IPv6, the minimum link MTU is 1280 octets. We recommend that you use an MTU value of 1500 octets for IPv6 links.
CDP IPv6 Address Support
You can use the Cisco Discovery Protocol (CDP) IPv6 address support for the neighbor information feature to transfer IPv6 addressing information between two Cisco devices. Cisco Discovery Protocol support for
IPv6 addresses provides IPv6 information to network management products and troubleshooting tools.
ICMP for IPv6
You can use ICMP in IPv6 to provide information about the health of the network. ICMPv6, the version that works with IPv6, reports errors if packets cannot be processed correctly and sends informational messages about the status of the network. For example, if a router cannot forward a packet because it is too large to be sent out on another network, the router sends out an ICMPv6 message to the originating host. Additionally,
ICMP packets in IPv6 are used in IPv6 neighbor discovery and path MTU discovery. The path MTU discovery process ensures that a packet is sent using the largest possible size that is supported on a specific route.
A value of 58 in the Next Header field of the base IPv6 packet header identifies an IPv6 ICMP packet. The
ICMP packet follows all the extension headers and is the last piece of information in the IPv6 packet.Within
the IPv6 ICMP packets, the ICMPv6 Type and ICMPv6 Code fields identify IPv6 ICMP packet specifics, such as the ICMP message type. The value in the Checksum field is computed by the sender and checked by the receiver from the fields in the IPv6 ICMP packet and the IPv6 pseudo header.
Note The IPv6 header does not have a checksum. But a checksum on the transport layer can determine if packets have not been delivered correctly. All checksum calculations that include the IP address in the calculation must be modified for IPv6 to accommodate the new 128-bit address. A checksum is generated using a pseudo header.
The ICMPv6 Payload field contains error or diagnostic information that relates to IP packet processing.
62
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Figure 17: IPv6 ICMP Packet Header Format
IPv6 Neighbor Discovery
IPv6 Neighbor Discovery
You can use the IPv6 Neighbor Discovery Protocol (NDP) to determine whether a neighboring router is reachable. IPv6 nodes use neighbor discovery to determine the addresses of nodes on the same network (local link), to find neighboring routers that can forward their packets, to verify whether neighboring routers are reachable or not, and to detect changes to link-layer addresses. NDP uses ICMP messages to detect whether packets are sent to neighboring routers that are unreachable.
IPv6 Neighbor Solicitation Message
A node sends a neighbor solicitation message, which has a value of 135 in the Type field of the ICMP packet header, on the local link when it wants to determine the link-layer address of another node on the same local link. The source address is the IPv6 address of the node that sends the neighbor solicitation message. The destination address is the solicited-node multicast address that corresponds to the IPv6 address of the destination node. The neighbor solicitation message also includes the link-layer address of the source node.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
63
IPv6 Neighbor Solicitation Message
Figure 18: IPv6 Neighbor Discovery-Neighbor Solicitation Message
IP
After receiving the neighbor solicitation message, the destination node replies by sending a neighbor advertisement message, which has a value of 136 in the Type field of the ICMP packet header, on the local link. The source address is the IPv6 address of the node (the IPv6 address of the node interface that sends the neighbor advertisement message). The destination address is the IPv6 address of the node that sends the neighbor solicitation message. The data portion includes the link-layer address of the node that sends the neighbor advertisement message.
After the source node receives the neighbor advertisement, the source node and destination node can communicate.
Neighbor solicitation messages can verify the reachability of a neighbor after a node identifies the link-layer address of a neighbor. When a node wants to verify the reachability of a neighbor, it uses the destination address in a neighbor solicitation message as the unicast address of the neighbor.
Neighbor advertisement messages are also sent when there is a change in the link-layer address of a node on a local link. When there is a change, the destination address for the neighbor advertisement is the all-nodes multicast address.
Neighbor unreachability detection identifies the failure of a neighbor or the failure of the forward path to the neighbor and is used for all paths between hosts and neighboring nodes (hosts or routers). Neighbor unreachability detection is performed for neighbors to which only unicast packets are being sent and is not performed for neighbors to which multicast packets are being sent.
A neighbor is considered reachable when a positive acknowledgment is returned from the neighbor (indicating that packets previously sent to the neighbor have been received and processed). A positive acknowledgment-from an upper-layer protocol (such as TCP)-indicates that a connection is making forward progress (reaching its destination). If packets are reaching the peer, they are also reaching the next-hop neighbor of the source. Forward progress is also a confirmation that the next-hop neighbor is reachable.
For destinations that are not on the local link, forward progress implies that the first-hop router is reachable.
When acknowledgments from an upper-layer protocol are not available, a node probes the neighbor using unicast neighbor solicitation messages to verify that the forward path is still working. The return of a solicited neighbor advertisement message from the neighbor is a positive acknowledgment that the forward path is still working (neighbor advertisement messages that have the solicited flag set to a value of 1 are sent only in response to a neighbor solicitation message). Unsolicited messages confirm only the one-way path from the
64
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
IPv6 Router Advertisement Message source to the destination node; solicited neighbor advertisement messages indicate that a path is working in both directions.
Note A neighbor advertisement message that has the solicited flag set to a value of 0 is not considered as a positive acknowledgment that the forward path is still working.
Neighbor solicitation messages are also used in the stateless autoconfiguration process to verify the uniqueness of unicast IPv6 addresses before the addresses are assigned to an interface. Duplicate address detection is performed first on a new, link-local IPv6 address before the address is assigned to an interface (the new address remains in a tentative state while duplicate address detection is performed). A node sends a neighbor solicitation message with an unspecified source address and a tentative link-local address in the body of the message. If another node is already using that address, the node returns a neighbor advertisement message that contains the tentative link-local address. If another node is simultaneously verifying the uniqueness of the same address, that node also returns a neighbor solicitation message. If no neighbor advertisement messages are received in response to the neighbor solicitation message and no neighbor solicitation messages are received from other nodes that are attempting to verify the same tentative address, the node that sent the original neighbor solicitation message considers the tentative link-local address to be unique and assigns the address to the interface.
IPv6 Router Advertisement Message
Router advertisement (RA) messages, which have a value of 134 in the Type field of the ICMP packet header, are periodically sent out to each configured interface of an IPv6 router. For stateless autoconfiguration to work properly, the advertised prefix length in RA messages must always be 64 bits.
The RA messages are sent to the all-nodes multicast address.
Figure 19: Neighbor Discovery—RA Message
RA messages typically include the following information:
• One or more onlink IPv6 prefixes that nodes on the local link can use to automatically configure their
IPv6 addresses
• Life-time information for each prefix included in the advertisement
• Sets of flags that indicate the type of autoconfiguration (stateless or stateful) that can be completed
• Default router information (whether the router sending the advertisement should be used as a default router and, if so, the amount of time in seconds that the router should be used as a default router)
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
65
IP
IPv6 Router Advertisement Options for DNS Configuration
• Additional information for hosts, such as the hop limit and MTU that a host should use in packets that it originates
RAs are also sent in response to router solicitation messages. Router solicitation messages, which have a value of 133 in the Type field of the ICMP packet header, are sent by hosts at system startup so that the host can immediately autoconfigure without needing to wait for the next scheduled RA message. The source address is usually the unspecified IPv6 address (0:0:0:0:0:0:0:0). If the host has a configured unicast address, the unicast address of the interface that sends the router solicitation message is used as the source address in the message. The destination address is the all-routers multicast address with a scope of the link. When an RA is sent in response to a router solicitation, the destination address in the RA message is the unicast address of the source of the router solicitation message.
You can configure the following RA message parameters:
• The time interval between periodic RA messages
• The router life-time value, which indicates the usefulness of a router as the default router (for use by all nodes on a given link)
• The network prefixes in use on a given link
• The time interval between neighbor solicitation message retransmissions (on a given link)
• The amount of time that a node considers a neighbor reachable (for use by all nodes on a given link)
The configured parameters are specific to an interface. The sending of RA messages (with default values) is automatically enabled on Ethernet interfaces. For other interface types, you must enter the no ipv6 nd suppress-ra command to send RA messages. You can disable the RA message feature on individual interfaces by entering the ipv6 nd suppress-ra command.
IPv6 Router Advertisement Options for DNS Configuration
Most of the internet services are identified by a Domain Name Server (DNS) name. Cisco NX-OS IPv6 Router
Advertisement (RA) provides the following two options to allow IPv6 hosts to perform automatic DNS configuration:
• Recursive DNS Server (RDNSS)
• DNS Search List (DNSSL)
RDNSS contains the address of recursive DNS servers that help in DNS name resolution in IPv6 hosts. DNS
Search List is a list of DNS suffix domain names used by IPv6 hosts when they perform DNS query searches.
For more information on RA options for DNS configuration, refer IETF RFC 6106.
IPv6 Neighbor Redirect Message
Routers send neighbor redirect messages to inform hosts of better first-hop nodes on the path to a destination.
A value of 137 in the Type field of the ICMP packet header identifies an IPv6 neighbor redirect message.
66
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Figure 20: IPv6 Neighbor Discovery—Neighbor Redirect Message
IPv6 Neighbor Redirect Message
Note A router must be able to determine the link-local address for each of its neighboring routers in order to ensure that the target address (the final destination) in a redirect message identifies the neighbor router by its link-local address. For static routing, you should specify the address of the next-hop router using the link-local address of the router. For dynamic routing, you must configure all IPv6 routing protocols to exchange the link-local addresses of neighboring routers.
After forwarding a packet, a router sends a redirect message to the source of the packet under the following circumstances:
• The destination address of the packet is not a multicast address.
• The packet was not addressed to the router.
• The packet is about to be sent out the interface on which it was received.
• The router determines that a better first-hop node for the packet resides on the same link as the source of the packet.
• The source address of the packet is a global IPv6 address of a neighbor on the same link or a link-local address.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
67
IP
Virtualization Support for IPv6
Virtualization Support for IPv6
IPv6 supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts
(VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual
Device Context Configuration Guide .
Prerequisites for IPv6
IPv6 has the following prerequisites:
• You must be familiar with IPv6 basics such as IPv6 addressing, IPv6 header information, ICMPv6, and the IPv6 Neighbor Discovery (ND) Protocol.
• Ensure that you follow the memory/processing guidelines when you make a device a dual-stack device
(IPv4/IPv6).
Guidelines and Limitations for Configuring IPv6
IPv6 has the following configuration guidelines and limitations:
• IPv6 packets are transparent to Layer 2 LAN switches because the switches do not examine Layer 3 packet information before forwarding IPv6 frames. IPv6 hosts can be directly attached to Layer 2 LAN switches.
• You can configure multiple IPv6 global addresses within the same prefix on an interface. However, multiple IPv6 link-local addresses on an interface are not supported.
• It supports contiguous masks only for both IPv4 and IPv6 addresses and does not support discontiguous masks IPv6 and IPv4 filters.
• Each interface can be configured with a maximum of 255 global IPv6 addresses and a maximum of 255 anycast IPv6 addresses.
• Because RFC 3879 deprecates the use of site-local addresses, you should configure private IPv6 addresses according to the recommendations of unique local addressing (ULA) in RFC 4193.
• F2 Series modules do not support IPv6 tunnels.
• On F2 Series modules, you must disable IGMP optimized multicast flooding (OMF) on any VLANs that require any IPv6 packet forwarding (unicast or multicast). IPv6 neighbor discovery functions correctly only in a VLAN with the OMF feature disabled. To disable OMF, use the no ip igmp snooping optimised-multicast-flood command in VLAN configuration mode. With OMF disabled, unknown IPv4 multicast traffic (as well as all IPv6 multicast traffic) is flooded to all ports in the VLAN. Note that unknown multicast traffic refers to multicast packets with an active source but no receivers (and therefore no group forwarding entry in the hardware) in the ingress VLAN.
• IPv6 static route next hop link-local address cannot be configured at any local interface.
68
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Default Settings for IPv6
Default Settings for IPv6
Parameters
ND reachable time neighbor solicitation retransmit interval
Default
0 milliseconds
1000 milliseconds
Configuring IPv6
Configuring IPv6 Addressing
You must configure an IPv6 address on an interface so that the interface can forward IPv6 traffic. When you configure a global IPv6 address on an interface, it automatically configures a link-local address and activates
IPv6 for that interface.
Note Each interface can be configured with a maximum of 255 global IPv6 addresses and a maximum of 255 anycast IPv6 addresses.
Step 1
Step 2
Step 3
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# interface ethernet number
Purpose
Enters global configuration mode.
Enters interface configuration mode.
switch(config-if)# ipv6 address { address [ eui64 ]
[ route-preference preference ] [ secondary ] tag tag-id ] or switch(config-if)# ipv6 address ipv6-address use-link-local-only
Specifies an IPv6 address assigned to the interface and enables IPv6 processing on the interface.
Entering the ipv6 address command configures global IPv6 addresses with an interface identifier (ID) in the low-order
64 bits of the IPv6 address. Only the 64-bit network prefix for the address needs to be specified; the last 64 bits are automatically computed from the interface ID.
Entering the ipv6 address use-link-local-only command configures a link-local address on the interface that is used instead of the link-local address that is automatically configured when IPv6 is enabled on the interface.
This command enables IPv6 processing on an interface without configuring an IPv6 address.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
69
IP
Configuring IPv6 Neighbor Discovery
Step 4
Step 5
Command or Action
(Optional) switch(config-if)# show ip interface
(Optional) switch(config)# copy running-config startup-config
Purpose
Displays interfaces configured for IPv4.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to assign an IPv6 address: switch# configure terminal switch(config)# interface ethernet 2/3 switch(config-if)# ipv6 address 2001:db8::/64 eui64 switch(config-if)# copy running-config startup-config switch(config-if)#
This example shows how to display an IPv6 interface: switch# configure terminal switch(config)# show ipv6 interface ethernet 3/1
Ethernet3/1, Interface status: protocol-down/link-down/admin-down, iod: 36
IPv6 address: 0dc3:0dc3:0000:0000:0218:baff:fed8:239d
IPv6 subnet: 0dc3:0dc3:0000:0000:0000:0000:0000:0000/64
IPv6 link-local address: fe80::0218:baff:fed8:239d (default)
IPv6 multicast routing: disabled
IPv6 multicast groups locally joined: ff02::0001:ffd8:239d ff02::0002 ff02::0001 ff02::0001:ffd8:239d
IPv6 multicast (S,G) entries joined: none
IPv6 MTU: 1500 (using link MTU)
IPv6 RP inbound packet-filtering policy: none
IPv6 RP outbound packet-filtering policy: none
IPv6 inbound packet-filtering policy: none
IPv6 outbound packet-filtering policy: none
IPv6 interface statistics last reset: never
IPv6 interface RP-traffic statistics: (forwarded/originated/consumed)
Unicast packets: 0/0/0
Unicast bytes: 0/0/0
Multicast packets: 0/0/0
Multicast bytes: 0/0/0
Configuring IPv6 Neighbor Discovery
You can configure IPv6 neighbor discovery on the router. Neighbor Discovery (ND) enables IPv6 nodes and routers to determine the link-layer address of a neighbor on the same link, find neighboring routers, and keep track of neighbors.
Step 1
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
70
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring IPv6 Neighbor Discovery
Step 2
Step 3
Command or Action switch(config)# interface ethernet number
Purpose
Enters interface configuration mode.
switch(config-if)# ipv6 nd [ hop-limit hop-limit | managed-config-flag | mtu mtu | ns-interval interval | other-config-flag | prefix | ra-interval interval | ra-lifetime lifetime | reachable-time time | redirects | retrans-timer time | suppress-ra ]
Specifies an IPv6 address assigned to the interface and enables IPv6 processing on the interface.
• hop-limit hop-limit
255.
— Advertises the hop limit in IPv6 neighbor discovery packets. The range is from 0 to
• managed-config-flag — Advertises in ICMPv6 router-advertisement messages to use stateful address auto-configuration to obtain address information.
• mtu mtu —Advertises the maximum transmission unit
(MTU) in ICMPv6 router-advertisement messages on this link. The range is from 1280 to 65535 bytes.
• ns-interval interval —Configures the retransmission interval between IPv6 neighbor solicitation messages.
The range is from 1000 to 3600000 milliseconds.
• other-config-flag —Indicates in ICMPv6 router-advertisement messages that hosts use stateful auto-configuration to obtain nonaddress related information.
• prefix —Advertises the IPv6 prefix in the router-advertisement messages.
• ra-interval interval —Configures the interval between sending ICMPv6 router-advertisement messages. The range is from 4 to 1800 seconds.
• ra-lifetime lifetime —Advertises the lifetime of a default router in ICMPv6 router-advertisement messages. The range is from 0 to 9000 seconds.
• reachable-time time —Advertises the time when a node considers a neighbor up after receiving a reachability confirmation in ICMPv6 router-advertisement messages. The range is from 0 to 9000 seconds.
• redirects —Enables sending ICMPv6 redirect messages.
• retrans-timer time —Advertises the time between neighbor-solicitation messages in ICMPv6 router-advertisement messages. The range is from 0 to 9000 seconds.
• suppress-ra — Disables sending ICMPv6 router-advertisement messages.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
71
IP
Configuring IPv6 Neighbor Discovery
Step 4
Step 5
Step 6
Command or Action
Required: switch(config-if)# ipv6 nd prefix
{ ipv6-address/prefix-length | default } { valid-lifetime | infinite | no-advertise } { preferred-lifetime | infinite }
[ no-autoconfig ] [ no-onlink ] [ off-link ]
(Optional) switch(config-if)# show ip nd interface
(Optional) switch(config)# copy running-config startup-config
Purpose
Advertises the IPv6 prefix in the router advertisement messages.
• valid-lifetime —The amount of time (in seconds) that the specified IPv6 prefix is advertised as being valid.
• infinite —Specifies that the valid lifetime is infinite.
• no-advertise —Specifies that the prefix is not advertised.
• preferred-lifetime —The amount of time (in seconds) that the specified IPv6 prefix is advertised as being preferred.
• no-autoconfig —Indicates to hosts on the local link that the specified prefix cannot be used for IPv6 autoconfiguration. The prefix will be advertised with the A-bit clear.
• no-onlink —Configures the specified prefix as not on-link. The prefix will be advertised with the L-bit clear.
• off-link —Configures the specified prefix as off-link.
The prefix will be advertised with the L-bit clear. The prefix will not be inserted into the routing table as a connected prefix. If the prefix is already present in the routing table as a connected prefix (for example, because the prefix was also configured using the ipv6 address command), it will be removed.
Displays interfaces configured for IPv6 neighbor discovery.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure IPv6 neighbor discovery reachable time: switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# ipv6 nd reachable-time 10 switch(config-if)# copy running-config startup-config switch(config-if)#
This example shows how to display an IPv6 interface: switch# configure terminal switch(config)# show ipv6 nd interface ethernet 3/1
ICMPv6 ND Interfaces for VRF "default"
72
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring Optional IPv6 Neighbor Discovery
Ethernet3/1, Interface status: protocol-down/link-down/admin-down
IPv6 address: 0dc3:0dc3:0000:0000:0218:baff:fed8:239d
ICMPv6 active timers:
Last Neighbor-Solicitation sent: never
Last Neighbor-Advertisement sent: never
Last Router-Advertisement sent:never
Next Router-Advertisement sent in: 0.000000
Router-Advertisement parameters:
Periodic interval: 200 to 600 seconds
Send "Managed Address Configuration" flag: false
Send "Other Stateful Configuration" flag: false
Send "Current Hop Limit" field: 64
Send "MTU" option value: 1500
Send "Router Lifetime" field: 1800 secs
Send "Reachable Time" field: 10 ms
Send "Retrans Timer" field: 0 ms
Neighbor-Solicitation parameters:
NS retransmit interval: 1000 ms
ICMPv6 error message parameters:
Send redirects: false
Send unreachables: false
This example shows how to include the IPv6 prefix 2001:0DB8::/35 in router advertisements that are sent out Ethernet interface 0/0 with a valid lifetime of 1000 seconds and a preferred lifetime of
900 seconds: switch(config)# interface ethernet 0/0 switch(config-if)# ipv6 nd prefix 2001:0DB8::/35 1000 900
Configuring Optional IPv6 Neighbor Discovery
You can use the following optional IPv6 neighbor discovery commands:
Command Purpose
ipv6 nd cache limit max-nd-adj [ syslog syslogs-per-second ]
ipv6 nd dad attempts number
Configures the maximum number of entries in the neighbor adjacency table. The range is from 1 to
409600.
The syslog keyword configures the number of system logs per second. The range is from 1 to 1000.
If you configure a limit for IPv6 neighbor discovery entries, system logs appear if you try to add an adjacency after reaching the configured limit.
Note You cannot unconfigure the cache limit until the total number of current adjacencies is less than 131,072.
Sets the number of consecutive neighbor solicitation messages that the device sends from the IPv6 interface for duplicate address detection (DAD) validation. The default value is 1 attempt.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
73
IP
Configuring Recursive DNS Server (RDNSS)
Command ipv6 nd fast-path ipv6 nd hop-limit ipv6 nd managed-config-flag ipv6 nd mtu ipv6 nd ns-interval ipv6 nd other-config-flag ipv6 nd ra-interval ipv6 nd ra-lifetime ipv6 nd reachable-time ipv6 nd redirects ipv6 nd retrans-timer ipv6 nd suppress-ra
Purpose
Improves the performance of glean packets by reducing the processing of the packets in the supervisor. It applies to glean packets where the destination IP address is part of the same subnet and does not apply to packets where the destination IP address is in a different subnet. The default is enabled.
Configures the maximum number of hops used in router advertisements and all IPv6 packets that are originated by the router.
Sets the managed address configuration flag in IPv6 router advertisements.
Sets the maximum transmission unit (MTU) size of
IPv6 packets sent on an interface.
Configures the interval between IPv6 neighbor solicitation retransmissions on an interface.
Configures the other stateful configuration flag in
IPv6 router advertisements.
Configures the interval between IPv6 router advertisement (RA) transmissions on an interface.
Configures the router lifetime value in IPv6 router advertisements on an interface.
Configures the amount of time that a remote IPv6 node is considered reachable after some reachability confirmation event has occurred.
Enables ICMPv6 redirect messages to be sent.
Configures the advertised time between neighbor solicitation messages in router advertisements.
Suppresses IPv6 router advertisement transmissions on a LAN interface.
Configuring Recursive DNS Server (RDNSS)
You can configure up to eight DNS servers to advertise with Router Advertisement. You can also remove one or more DNS servers from the advertising list by using the no form of the command.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
74
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring DNS Search List (DNSSL)
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6 switch#
Procedure
Command or Action configure terminal switch(config)# interface ethernet number switch(config-if)# ipv6 nd ra dns server ipv6-addr [ rdnss-life | infinite ] sequence sequence-num
Purpose
Enters the global configuration mode.
Enters interface configuration mode.
Configures the recursive DNS server. You can specify the life time and the sequence of the server.
switch(config-if)# show ipv6 nd ra dns server [ interface interface ]
(Optional) Displays the configured RDNSS list.
switch(config-if)# ipv6 nd ra dns server suppress (Optional) Disables the configured server list.
switch(config-if)# no ipv6 nd ra dns server ipv6-addr [ rdnss-life | infinite ] sequence sequence-num
Removes a server from the RDNSS list.
Example
The following example shows how to configure Recursive DNS Server list on Ethernet 3/3 and verify the same.
switch# configure terminal switch(config)# interface ethernet 3/3 switch(config-if)# ipv6 nd ra dns server 1::1 1000 sequence 0 switch(config-if)# ipv6 nd ra dns server 2::1 infinite sequence 1 switch(config)# show ipv6 nd ra dns server
Recursive DNS Server List on: mgmt0
Suppress DNS Server List: No
Recursive DNS Server List on: Ethernet3/3
Suppress DNS Server List: No
DNS Server 1: 1::1 Lifetime:1000 seconds Sequence:0
DNS Server 2: 2::1 Infinite Sequence:1
Configuring DNS Search List (DNSSL)
You can configure up to eight DNS search lists to advertise with Router Advertisement. You can also remove one or more DNS search lists from the advertising list by using the no form of the command.
Step 1
Step 2
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# interface ethernet number
Purpose
Enters the global configuration mode.
Enters interface configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
75
IP
Configuring IPv6 Packet Verification
Step 3
Step 4
Step 5
Step 6
Command or Action Purpose switch(config-if)# ipv6 nd ra dns search-list list [ dnssl-life
| infinite ] sequence sequence-num
Configures the DNS search list. You can specify the life time and the sequence of the search list.
(Optional) Displays the configured DNS search list.
switch(config-if)# show ipv6 nd ra dns search-list [
interface interface ] switch(config-if)# ipv6 nd ra dns search-list suppress switch(config-if)# no ipv6 nd ra dns search-list list [ dnssl-life | infinite ] sequence sequence-num
(Optional) Disables the configured search list.
(Optional) Removes a search list from the RA.
Example
The following example shows how to configure DNS Search list on Ethernet 3/3 and verify the same.
switch# configure terminal switch(config)# interface ethernet 3/3 switch(config-if)# ipv6 nd ra dns search-list cisco.com 100 sequence 1 switch(config-if)# ipv6 nd ra dns search-list ind.cisco.com 100 sequence 2 switch(config)# show ipv6 nd ra dns search-list
DNS Search List on: mgmt0
Suppress DNS Search List: No
DNS Search List on: Ethernet3/3
Suppress DNS Search List: No
DNS Server 1:cisco.com 100 Sequence:1
DNS Server 2:ind.cisco.com 100 Sequence:2
Configuring IPv6 Packet Verification
Cisco NX-OS supports an Intrusion Detection System (IDS) that checks for IPv6 packet verification. You can enable or disable these IDS checks.
Step 1
Step 2
Procedure
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# hardware ip verify address { destination zero | identical | reserved | source multicast }
Performs the following IDS checks on the IPv6 address:
• destination zero—Drops IPv6 packets if the destination
IP address is ::.
• identical—Drops IPv6 packets if the source IPv6 address is identical to the destination IPv6 address.
• reserved—Drops IPv6 packets if the IPv6 address is
::1.
• source multicast—Drops IPv6 packets if the IPv6 source address is in the FF00::/8 range (multicast).
76
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Verifying the IPv6 Configuration
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action switch(config)# hardware ip verify length { consistent | maximum { max-frag | max-tcp | udp }}
Purpose
Performs the following IDS checks on the IPv6 address:
• consistent—Drops IPv6 packets where the Ethernet frame size is greater than or equal to the IPv6 packet length plus the Ethernet header.
• maximum max-frag—Drops IPv6 packets if the formula (IPv6 Payload Length - IPv6 Extension Header
Bytes) + (Fragment Offset * 8) is greater than 65536..
• maximum max-tcp—Drops IPv6 packets if the TCP length is greater than the IP payload length.
• maximum max-udp—Drops IPv6 packets if the TCP length is less than the UDP packet length.
switch(config)# hardware ipv6 verify tcp tiny-frag switch(config)# switch(config)# switch(config)# hardware ipv6 verify version show hardware forwarding ip verify copy running-config startup-config
Drops TCP packets if the IPv6 fragment offset is 1, or if the IPv6 fragment offset is 0 and the IP payload length is less than 16.
Drops TCP packets if the EtherType is not set to 6 (IPv6).
Displays the IPv6 packet verification configuration.
(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Verifying the IPv6 Configuration
Use one of the following commands to verify the configuration:
Command show hardware forwarding ip verify show ipv6 interface show ipv6 adjacency
Purpose
Shows the IPv4 and IPv6 packet verification configuration.
Displays IPv6-related interface information.
Displays the adjacency table.
show ipv6 icmp show ipv6 nd show ipv6 neighbor
Displays ICMP IPv6 information.
Displays IPv6 neighbor discovery information.
Displays IPv6 neighbor entry.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
77
IP
Configuration Example for IPv6
Configuration Example for IPv6 switch# configure terminal switch(config)# interface ethernet 3/1 switch(config-if)# ipv6 address 2001:db8::/64 eui64 switch(config-if)# ipv6 nd reachable-time 10 switch(config-if)#
Related Documents for IPv6
For more information related to IP CLI commands, see the Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference.
Standards for IPv6
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Feature History for IPv6
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 9: Feature History for IPv6
Feature Name
Duplicate address detection
Release
6.2(2)
Glean optimization
IPv6
IPv6
IPv6
IPv6
6.2(2)
6.2(2)
6.0(1)
5.0(2)
4.1(3)
Feature Information
Added the ability to set the number of consecutive neighbor solicitation messages that the device sends from the IPv6 interface.
Added the fast-path keyword to the ipv6 nd command to improve the performance of glean packets by reducing the processing of the packets in the supervisor.
Added the ability to configure the maximum number of neighbor discovery entries in the neighbor adjacency table.
Updated for F2 Series modules.
Added support for IPv6 path MTU discovery.
Changed platform { ip | ipv6 } verify command to the hardware { ip | ipv6 } verify command.
78
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Feature Name
IPv6
IPv6
Release
4.0(3)
4.0(1)
Feature History for IPv6
Feature Information
Added the tag keyword to the ipv6 address command.
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
79
Feature History for IPv6
IP
80
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
5
Configuring DNS
This chapter contains the following sections:
•
Finding Feature Information, on page 81
•
Information About DNS Clients, on page 81
•
Prerequisites for DNS Clients, on page 82
•
Guidelines and Limitations for DNS Clients, on page 83
•
Default Settings for DNS Client Parameters, on page 83
•
Configuring DNS Clients, on page 83
•
Verifying the DNS Client Configuration, on page 84
•
Configuration Examples for DNS Clients, on page 85
•
Related Documents for DNS Clients, on page 85
•
Standards for DNS Clients, on page 85
•
Feature History for DNS, on page 85
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About DNS Clients
DNS Client Overview
If your network devices require connectivity with devices in networks for which you do not control the name assignment, you can assign device names that uniquely identify your devices within the entire internetwork using the domain name server (DNS). DNS uses a hierarchical scheme for establishing host names for network nodes, which allows local control of the segments of the network through a client-server scheme. The DNS system can locate a network device by translating the hostname of the device into its associated IP address.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
81
IP
DNS Name Servers
On the Internet, a domain is a portion of the naming hierarchy tree that refers to general groupings of networks based on the organization type or geography. Domain names are pieced together with periods (.) as the delimiting characters. For example, Cisco is a commercial organization that the Internet identifies by a com domain, so its domain name is cisco.com
. A specific hostname in this domain, the File Transfer Protocol
(FTP) system, for example, is identified as ftp.cisco.com
.
DNS Name Servers
Name servers keep track of domain names and know the parts of the domain tree for which they have complete information. A name server may also store information about other parts of the domain tree. To map domain names to IP addresses in Cisco NX-OS, you must identify the hostnames, specify a name server, and enable the DNS service.
Cisco NX-OS allows you to statically map IP addresses to domain names. You can also configure Cisco
NX-OS to use one or more domain name servers to find an IP address for a host name.
DNS Operation
A name server handles client-issued queries to the DNS server for locally defined hosts within a particular zone as follows:
• An authoritative name server responds to DNS user queries for a domain name that is under its zone of authority by using the permanent and cached entries in its own host table. If the query is for a domain name that is under its zone of authority but for which it does not have any configuration information, the authoritative name server replies that no such information exists.
• A name server that is not configured as the authoritative name server responds to DNS user queries by using information that it has cached from previously received query responses. If no router is configured as the authoritative name server for a zone, queries to the DNS server for locally defined hosts receive nonauthoritative responses.
Name servers answer DNS queries (forward incoming DNS queries or resolve internally generated DNS queries) according to the forwarding and lookup parameters configured for the specific domain.
High Availability for DNS Clients
Cisco NX-OS supports stateless restarts for the DNS client. After a reboot or supervisor switchover, Cisco
NX-OS applies the running configuration.
Virtualization Support for DNS Clients
Cisco NX-OS supports multiple instances of the DNS clients that run on the same system. You can configure a DNS client in each virtual device connect (VDC).You can optionally have a different DNS client configuration in each virtual routing and forwarding (VRF) instance within a VDC. By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. See the Cisco
NX-OS Virtual Device Context Configuration Guide .
Prerequisites for DNS Clients
• You must have a DNS name server on your network.
82
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Guidelines and Limitations for DNS Clients
Guidelines and Limitations for DNS Clients
• You configure the DNS client in a specific VRF. If you do not specify a VRF, Cisco NX-OS uses the default VRF.
• Cisco NX-OS does not support underscore in a DNS name. Hence do not use underscore in a DNS name.
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings for DNS Client Parameters
The table below lists the default settings for DNS client parameters.
Table 10: Default DNS Client Parameters
Parameters
DNS client
Default
Enabled
Configuring DNS Clients
Configuring the DNS Client
Before you begin
• Ensure that you have a domain name server on your network.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
Step 1
Step 2
Step 3
Procedure
Command or Action switch# address6 configure terminal switch(config)#
]
ip host name address1 [ address2...
Purpose
Enters global configuration mode.
Defines up to six static hostname-to-address mappings in the hostname cache. The address can be either an IPv4 address or an IPv6 address.
(Optional) switch(config)# ip domain-name name [ use-vrf vrf-name ]
Defines the default domain name that Cisco NX-OS uses to complete unqualified host names. You can optionally define a VRF that Cisco NX-OS uses to resolve this domain name if it cannot be resolved in the VRF that you configured this domain name under.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
83
IP
Verifying the DNS Client Configuration
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Command or Action switch(config)# ip dns source-interface different interface ]
[ loopback X
Purpose
Cisco NX-OS appends the default domain name to any hostname that does not contain a complete domain name before starting a domain-name lookup.
use-vrf is used as a DNS query supposed to be sending on a different VRF and listening for the reply on a different
VRF. Example: DNS query is sent over VRF RED while the response should come on VRF Default.
Defines what will be the source IP for the DNS Query which will be sent out. When DNS server tries to answer back, it will use the Loopback0 as the destination and there should be a valid return route.
(Optional) switch(config)# ip domain-list name [ use-vrf vrf-name ]
Defines additional domain names that Cisco NX-OS can use to complete unqualified hostnames. You can optionally define a VRF that Cisco NX-OS uses to resolve these domain names if they cannot be resolved in the VRF that you configured this domain name under.
Cisco NX-OS uses each entry in the domain list to append that domain name to any hostname that does not contain a complete domain name before starting a domain-name lookup. Cisco NX-OS continues this process for each entry in the domain list until it finds a match.
(Optional) switch(config)# ip name-server address1
[ address2... address6 ] [ use-vrf vrf-name ]
Defines up to six name servers. The address can be either an IPv4 address or an IPv6 address.
You can optionally define a VRF that Cisco NX-OS uses to reach this name server if it cannot be reached in the VRF that you configured this name server under.
(Optional) switch(config)# ip domain-lookup Enables DNS-based address translation. This feature is enabled by default.
Displays information about DNS.
(Optional) switch(config)# show hosts
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Verifying the DNS Client Configuration
To display the DNS client configuration, perform the following task:
Command show hosts
Purpose
Displays information about DNS.
84
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuration Examples for DNS Clients
Configuration Examples for DNS Clients
This example shows how to establish a domain list with several alternate domain names: ip domain list csi.com
ip domain list telecomprog.edu
ip domain list merit.edu
This example shows how to configure the hostname-to-address mapping process and specify IP DNS-based translation. The example also configures the addresses of the name servers and the default domain name.
ip domain lookup ip name-server 192.168.1.111 192.168.1.2
ip domain name cisco.com
Related Documents for DNS Clients
Related Topic
DNS Client CLI commands
VDCs and VRFs
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide, Release 5.x
Standards for DNS Clients
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Feature History for DNS
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Feature Name
DNS
Release
4.0(1)
Feature Information
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
85
Feature History for DNS
IP
86
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
6
Configuring WCCPv2
This chapter contains the following sections:
•
Finding Feature Information, on page 87
•
Information About WCCPv2, on page 87
•
Prerequisites for WCCPv2, on page 94
•
Guidelines and Limitations for WCCPv2, on page 94
•
WCCPv2 Default Settings, on page 96
•
Configuring WCCPv2, on page 96
•
Verifying the WCCPv2 Configuration, on page 101
•
Configuration Examples for WCCPv2, on page 102
•
Related Documents for WCCPv2, on page 103
•
Standards for the WCCPv2, on page 103
•
Feature History for WCCPv2, on page 103
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About WCCPv2
WCCPv2 Overview
WCCPv2 enables the Cisco NX-OS router to transparently redirect packets to cache engines. WCCPv2 does not interfere with normal router operations. Using WCCPv2, the router can redirect requests on configured interfaces to cache engines rather than to intended host sites. With WCCPv2, the router can balance traffic loads across a cluster of cache engines (cache cluster) and ensure fault-tolerant and fail-safe operation in the cluster. As you add or delete cache engines from a cache cluster, WCCPv2 dynamically redirects the packets to the currently available cache engines.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
87
IP
WCCPv2 Service Types
WCCPv2 accepts the traffic at the cache engine and establishes the connection with the traffic originator (the client). The cache engine acts as if it were the original destination server. If the requested object is not available on the cache engine, the cache engine establishes its own connection out to the original destination server to retrieve the object.
Until Release 8.1(2), WCCPv2 is supported only on the Layer3 or SVI interfaces, for Cisco Nexus 7000 Series
Switches.
Beginning from Release 8.2(1), WCCPv2 feature is supported on L3VNI BDI interfaces as an ingress feature.
This feature is supported on Cisco Nexus 7000 Series and 7700 Series Switches on M3 and F3 modules only.
WCCPv2 communicates between routers and cache engines on UDP port 2048.
By allowing a cache cluster to connect to multiple routers, WCCPv2 provides redundancy and a distributed architecture for instances when a cache engine must connect to many interfaces. In addition, WCCPv2 allows you to keep all the cache engines in a single cluster, which avoids the unnecessary duplication of web pages across several clusters.
WCCPv2 Service Types
A service is a defined traffic type that the router redirects to a cache engine with the WCCPv2 protocol.
You can configure the router to run one of the following cache-related services:
• Well-known —The router and the cache engine know the traffic type, for example the web cache service on TCP port 80 for HTTP.
• Dynamic service—A service in which the cache engine describes the type of redirected traffic to the router.
WCCPv2 Service Groups
A service group is a subset of cache engines within a cluster and the routers connected to the cluster that are running the same service. The figure shows a service group within a cache cluster. The cache engines and the routers can be a part of multiple service groups.
88
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Figure 21: WCCPv2 Cache Cluster and Service Group
WCCPv2 Service Group Lists
You can configure a service group as open or closed. An open service group forwards traffic without redirection if there is no cache engine to redirect the traffic to. A closed service group drops traffic if there is no cache engine to redirect the traffic to.
The service group defines the traffic that is redirected to individual cache engines in that service group. The service group definition consists of the following:
• Service ID (0–255)
• Service Type
• Priority of the service group
• Protocol (TCP or UDP) of redirected traffic
• Service flags
• Up to eight TCP or UDP port numbers (either all source or all destination port numbers)
WCCPv2 Service Group Lists
WCCPv2 requires that each cache engine be aware of all the routers in the service group. You can configure a list of router addresses for each of the routers in the group on each cache engine.
The following sequence of events details how WCCPv2 configuration works:
1.
You configure each cache engine with a list of routers.
2.
Each cache engine announces its presence and generates a list of all routers with which it has established communications.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
89
IP
WCCPv2 Designated Cache Engine
3.
The routers reply with their view (list) of cache engines in the group.
The cache engines and routers exchange control messages every 10 seconds by default.
WCCPv2 Designated Cache Engine
WCCPv2 designates one cache engine as the lead. If there is a group of cache engines, the one seen by all routers and the one that has the lowest IP address becomes the designated cache engine. The designated cache engine determines how traffic should be allocated across cache engines. The traffic assignment method is passed to the entire service group from the designated cache engine so that the routers of the group can redirect the packets and the cache engines of the group can manage their traffic load better.
Cisco NX-OS uses the mask method to assign traffic. The designated cache engine assigns the mask and value sets to the router in the WCCP Redirect Assignment message. The router matches these mask and value sets to the source IP address, destination IP address, source port, and destination port of each packet. The router redirects the packet to the cache engine if the packet matches an assigned mask and value set. If the packet does not match an assigned mask and value set, the router forwards the packet without any redirection.
WCCPv2 Redirection
You can use an IP access list as a redirect list to specify a subset of traffic to redirect with WCCPv2. You can apply this access list for ingress or egress traffic on an interface. The figure shows how redirection applies to ingress or egress traffic.
You can also exclude ingress traffic on an interface but allow egress redirection on that interface.
Figure 22: WCCPv2 Redirection
Supported Modules for WCCPv2 Redirection
The following tables show the supported modules in Cisco NX-OS for WCCPv2 redirection.
Redirect-In
Table 11: Supported Modules for WCCPv2 Redirect-In—Same Module Type
Ingress module
M
F2
Egress Module
M
F2
Module used to connect to WCCPv2 enabled device
M
F2
90
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Supported Modules for WCCPv2 Redirection
Ingress module Egress Module
F2e
F3
F2e
F3
Table 12: Supported Modules for WCCPv2 Redirect-In—Mixed Module Type
Ingress module Egress Module
M
F2
F2e
F3
F2e
F2e
F3
F3
F3
F2e
M
M2/M3
M2/M3
F3
M2/M3
F3
F3
F2e
F3
F2e
F3
F2e
F3
F2e
M2/M3
F3
M2/M3
F3
M2/M3
F3
Redirect-Out
Table 13: Supported Modules for WCCPv2 Redirect-Out—Same Module Type
Ingress module Egress Module
M
F2
1
F2e
1
F3
Module used to connect to WCCPv2 enabled device
F2e
F3
F3
F2e
F2e
F2e
Module used to connect to WCCPv2 enabled device
F2e
F3
M2/M3
M2/M3
F3
F3
M2/M3
F3
F3
Module used to connect to WCCPv2 enabled device
M
F2
1
F2e
1
F3
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
91
IP
WCCPv2 Authentication
Note
1
Redirect-out and exclude-in are not supported on interface VLANs (SVIs).
Table 14: Supported Modules for WCCPv2 Redirect-Out—Mixed Module Type
Ingress module Egress Module
F2e
F2e
M
M2/M3
F3
2
F3
F2e
3
F2e
3
F3
3
F3
3
F3
3
F2e
3
M
F2e
F2e
M2/M3
M2/M3
M2/M3
F2e
4
F3
F2e
4
F3
F2e
4
F3
M2/M3
F3
F3
F2e
5
F2e
5
F2e
5
F3
F3
M
M
Module used to connect to WCCPv2 enabled device
M
F3
Note
2
Will not work if the F3 port is a FabricPath core port.
3
WCCP redirect-out will not work if the ingress traffic is on a FabricPath VLAN.
4
WCCP redirect-out is not supported on an F2e SVI.
5
WCCP exclude-in is not supported on an F2e SVI.
WCCPv2 Authentication
WCCPv2 can authenticate a device before it adds that device to the service group. Message Digest (MD5) authentication allows each WCCPv2 service group member to use a secret key to generate a keyed MD5 digest string that is part of the outgoing packet. At the receiving end, a keyed digest of an incoming packet is generated. If the MD5 digest within the incoming packet does not match the generated digest, WCCP ignores the packet.
WCCPv2 rejects packets in any of the following cases:
• The authentication schemes differ on the router and in the incoming packet.
92
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
WCCPv2 Redirection Method
• The MD5 digests differ on the router and in the incoming packet.
You must configure the same authentication on all members of a WCCPv2 service group.
WCCPv2 Redirection Method
WCCPv2 negotiates the packet redirection method between the router and the cache engine. Cisco NX-OS uses this traffic redirection method for all cache engines in a service group.
WCCPv2 redirects packets using Layer 2 Destination MAC rewrite method, where WCCPv2 replaces the destination MAC address of the packet with the MAC address of the cache engine that needs to handle the packet. The cache engine and the router must be adjacent to Layer 2.
You can also configure an access control list (ACL), called a redirect list, for a WCCPv2 service group. This
ACL can either permit a packet to go through the WCCPv2 redirection process or deny the WCCP redirection and send the packet through the normal packet forwarding procedure.
WCCPv2 Packet Return Method
WCCPv2 filters packets to determine which redirected packets have been returned from the cache engine and which packets have not. WCCPv2 does not redirect the returned packets, because the cache engine has determined that these packets should not be cached. WCCPv2 returns packets that the cache engine does not service to the router that transmitted them.
A cache engine may return a packet for one of the following reasons:
• The cache engine is overloaded and cannot service the packets.
• The cache engine is filtering certain conditions that make caching packets counterproductive, for example, when IP authentication has been turned on.
WCCPv2 negotiates the packet return method between the router and the cache engine. Cisco NX-OS uses this traffic return method for all cache engines in a service group.
WCCPv2 returns packets using the Destination MAC rewrite method, where WCCPv2 replaces the destination
MAC address of the packet with the MAC address of the router that originally redirected the packet. The cache engine and the router must be adjacent to Layer 2.
High Availability for WCCPv2
WCCPv2 supports stateful restarts and stateful switchovers. A stateful restart occurs when the WCCPv2 process fails and is restarted. A stateful switchover occurs when the active supervisor switches to the standby supervisor. Cisco NX-OS applies the running configuration after a switchover.
Virtualization Support for WCCPv2
WCCPv2 supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts
(VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF.
WCCP redirection occurs within a VRF. You must configure the WCCP cache engine so that the forward and return traffic to and from the cache engine occurs from interfaces that are a part of the same VRF.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
93
IP
WCCPv2 Error Handling for SPM Operations
The VRF used for the WCCP on an interface should match the VRF configured on that interface.
If you change the VRF membership of an interface, Cisco NX-OS removes all layer 3 configuration, including
WCCPv2.
For more information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide .
WCCPv2 Error Handling for SPM Operations
The Service Policy Manager (SPM) supervisor component acts as a data path manager for the WCCP Manager.
The WCCP manager is shielded from the underlying platform specifics by the SPM and is portable to platform variations. The WCCP manager has a set of SPM APIs to pass the configurations that are mapped and programmed in the hardware. These APIs can process and parse the application data that is implemented and maintained in one single handler.
The interface redirects that failed to be programmed by the SPM are stored until there is a service group configuration change through the CLI or an RA message. The WCCP manager retries programming policies that failed previously.
The WCCP manager sends policy updates to the SPM in intervals to program TCAM entries in the hardware.
These policy updates can be triggered by the CLI or through RA (Redirect-Assign) messages. When the
WCCP is notified of an SPM error, a syslog message appears.
Prerequisites for WCCPv2
WCCPv2 has the following prerequisites:
• You must globally enable the WCCPv2 feature.
• You can only configure WCCPv2 on Layer 3 or VLAN interfaces (see the Cisco Nexus 7000 Series
NX-OS Interfaces Configuration Guide ).
Guidelines and Limitations for WCCPv2
WCCPv2 has the following configuration guidelines and limitations:
• A WCCPv2 service group supports up to 32 routers and 32 cache engines.
• All cache engines in a cluster must include all routers that service the cluster in its configuration. If a cache engine within a cluster does not include one or more of the routers in its configuration, the service group detects the inconsistency and the cache engine is not allowed to operate within the service group.
• The cache engine cannot be on the same SVI with a redirect out statement.
• WCCPv2 works with IPv4 networks only.
• Any traffic that is coming from an M1-Series or M2-Series I/O module interface and going towards a
Traffic Engineering (TE) Class-based Tunnel Selection (CBTS) tunnel will be dropped if you have configured the ip wccp redirect exclude in command on the inbound M1-Series or M2-Series I/O module interface or Switch Virtual Interface (SVI).
94
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Guidelines and Limitations for WCCPv2
• WCCPv2 supports multiple service groups in the same direction (either inbound or outbound) on any
Layer 3 interface, under the following conditions:
• The access-list used must not have deny ip any any entry.
• The access-list used for multiple service groups must not contain overlapping entries.
The following is an example of an overlapping entry: ip access-list wccp_acl1 permit tcp 10.0.0.0/8 10.0.0.0/8 ip access-list wccp_acl2 permit tcp 10.10.10.1/32 10.10.10.10/32
• Cisco NX-OS removes all Layer 3 configuration on an interface when you change the VDC, interface
VRF membership, port-channel membership, or the port mode to Layer 2.
• Cisco NX-OS does not support WCCPv2 on tunnel interfaces.
• WCCPv2 is supported on all types of FEX devices.
• WCCP requires the client, server, and WCCP client to be on separate interfaces. If you migrate a topology from a Cisco Catalyst 6500 Series switch deployment, it might not be supported.
• F2 Series, F2e Series, M1 Series, and M2 Series modules support WCCPv2. However, F2 and F2e Series modules do not support egress WCCPv2 on an SVI including “exclude in” on SVI. F1 Series modules do not support WCCPv2.
• WCCPv2 redirect-in and redirect-out is fully supported in Cisco NX-OS Release 6.2 in non-mixed module
VDCs. WCCPv2 is also support in mixed module VDC scenarios for most module combinations.
• For egress WCCPv2, traffic is not redirected when the ingress includes F2 series modules, and the next-hop is pointing to an SVI interface or subinterface of any module. If the egress WCCP policy is applied on a SVI or subinterface and if the packet ingresses on a F2 module, the same limitation applies.
• Beginning with Cisco NX-OS Release 5.2(4), policy-based routing and WCCPv2 are supported on the same interface. However, policy-based routing with statistics and WCCPv2 is supported on the same interface only if bank chaining is disabled.
• GRE redirection/return and hash assignment are not supported on a Cisco Nexus 7000 Series switch.
• Traffic might encounter a vPC loop and drop if you have Web Cache Control Protocol (WCCP) and vPC on your Cisco Nexus 7000 Series switch and the traffic migrates from a Cisco Nexus 65xx switch to your switch. Traffic that comes from a vPC member port and crosses a vPC peer-link is not permitted to egress any vPC member port. However, it can egress any other type of port, such a Layer 3 port or an orphan port. This behavior is expected.
If traffic drops after you configure WCCP and vPC on your Nexus 7000 Series switch and based on your design, you can perform one of the following tasks to avoid the vPC loop:
• Configure a Layer 2 trunk to carry the traffic in question.
• Enable a peer gateway.
• Shut down one of the member ports in the vPC.
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
95
IP
WCCPv2 Default Settings
• The following restrictions apply to the redirect-list, ACL:
• Permit statements in the redirect ACL will consume more security TCAM entries compared to deny statements. Ensure the TCAM does not become oversubscribed.
• The ACL must be an IPV4 simple ACL.
• The protocol must be IP or TCP.
• Only individual source or destination port numbers may be specified; port ranges cannot be specified.
• The use of fragments or options is not permitted.
• From Cisco NX-OS Release 8.2(1), the following guidelines and limitations are applicable for WCCPv2:
• WCCPv2 is supported for the L3 Virtual Network Identifier (VNI) Bridge Domain Interface (BDI), if it is applied on the ingress traffic only by using the ip wccp service redirect in command.
• WCCPv2 is not supported for the L2VNI BDI.
• The commands ip wccp service redirect out and ip wccp redirect exclude in are not supported on L3VNI BDI.
• ip wccp web-cache redirect out command is not supported in WCCP on BDI interface.
WCCPv2 Default Settings
Parameters
Authentication
WCCPv2
Default
No authentication
Disable
Configuring WCCPv2
To configure WCCPv2, perform these tasks in this chapter:
Step 1
Step 2
Step 3
Enable the WCCPv2 feature.
Configure a WCCPv2 service group.
Apply WCCPv2 redirection to an interface.
Enabling and Disabling WCCPv2
Before you begin
• Enable the WCCPv2 feature.
96
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Configuring a WCCPv2 Service Group
Step 1
Step 2
Procedure
Command or Action switch# configure terminal
(config)# [ no ] feature wccp
Step 3
• Ensure you are in the correct VDC (or use the switchto vdc command
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables or disables the WCCPv2 feature in a VDC. Use the no form of the command to disable the feature.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring a WCCPv2 Service Group
Note You must enter the ip wccp command with all your required parameters. Any subsequent entry of the ip wccp command overwrites the earlier configuration.
Before you begin
• Enable the WCCPv2 feature.
• Ensure you are in the correct VDC (or use the switchto vdc command
Step 1
Step 2
Procedure
Command or Action Purpose switch# configure terminal Enters global configuration mode.
switch(config)# ip wccp { service-number | web-cache }
[ mode { open [ redirect-list acl-name ] | closed service-list acl-name }][ password [ 0-7 ] pwstring ]
Creates an open or closed mode service group. The service list identifies a named extended IP access list that defines the packets that will match the service. This list is required only when the service is defined as closed mode
Optional parameters are as follows:
• mode —Configures the service group in open or closed mode. On a service list, the mode controls the traffic type that the service group handles. The default is open. For closed mode, use this keyword to configure an IP access list to define the traffic type that matches this service.
Closed mode for dynamic service groups requires a service list ACL that specifies the protocol and port information that is used for the service group. If there
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
97
IP
Applying WCCPv2 Redirection to an Interface
Command or Action
Step 3 (Optional) switch(config)# copy running-config startup-config
Purpose are no members in the service group, packets matching the service-list ACL are dropped.
• password —Configures MD5 authentication for a service group. Use password 0 pwstring to store the password in clear text. Use password 7 pwstring to store the password in encrypted form. You can use the password 7 keywords for an already encrypted password.
• redirect-list —Configures a global WCCPv2 redirection list for the service group to control the traffic that is redirected to the cache engine.
• service-list —Configures an IP access list that defines the traffic type redirected by the service group.
• The service-number range is from 1 to 255. The acl-name can be any case-sensitive, alphanumeric string up to 64 characters. The pwstring can be any case-sensitive, alphanumeric string up to eight characters.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Applying WCCPv2 Redirection to an Interface
Step 1
Step 2
Step 3
Procedure
Command or Action switch# configure terminal switch(config)# interface ethernet number
Purpose
Enters global configuration mode.
Enters interface configuration mode.
switch(config-if)# ip wccp { service-number redirect { in | out } | web-cache | redirect { in | out }}
Applies the specified type of WCCPv2 redirection to the interface. The command examples show the following:
• WCCPv2 redirection applied on the ingress or egress traffic for this interface.
• WCCPv2 redirection applied on the ingress or egress web cache traffic for this interface.
• Ingress traffic excluded from WCCP redirection on this interface.
Note ip wccp web-cache redirect out command is not supported in WCCP on BDI interface.
98
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Applying WCCPv2 Redirection to an Interface
Step 4
Command or Action switch(config)# copy running-config startup-config
Purpose
(Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure a router to redirect web-related packets without a destination of 19.20.2.1 to the web cache: switch(config)# access-list 100 switch(config-acl)# deny ip any host 192.0.2.1
switch(config-acl)# permit ip any any switch(config-acl)# exit switch(config)# ip wccp web-cache redirect-list 100 switch(config)# interface ethernet 2/1 switch(config-if)# ip wccp web-cache redirect out
This example shows sample configuration for un-supported features: switch# configure terminal switch(config)# interface Bdi555 switch(config-if)# ip wccp redirect exclude in
This will remove all redirect-in on the interface. Proceed (y/n)?
[no] y
ERROR: Exclude in not supported on BDI switch(config-if)# ip wccp 62 redirect out
ERROR: Redirect out not supported on BDI
This example shows a running-configuration, followed by a verification command that displays the
L3VNI-BDI configuration details. Replace the placeholders with relevant values for your setup. The example considers that interface 555 is configured for BDI.
switch (config)# show running-configuration interface bdi 555
!Command: show running-config wccp
!Time: Thu Sep 25 02:46:02 2017 version 8.2(1) interface Bdi555 description L3VNI-BDI no shutdown vrf member vrf5000 no ip redirects ip forward ip pin sparse-mode ip wccp 61 redirect in
This example show running-configuration for WCCP configuration on BDI interface. Replace the placeholders with relevant values for your setup.
switch (config)# show running-configuration wccp
!Command: show running-config wccp
!Time: Thu Sep 25 02:46:02 2017 version 8.2(1) feature wccp vrf context vrf5000
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
99
IP
Configuring WCCPv2 in a VRF ip wccp web-cache ip wccp 61 ip wccp 62 interface Bdi555 vrf member vrf5000 ip wccp 61 redirect in
Configuring WCCPv2 in a VRF
Note You must enter the ip wccp command with all your required parameters. Any subsequent entry of the ip wccp command overwrites the earlier configuration.
Before you begin
• Enable the WCCPv2 feature.
• Ensure you are in the correct VDC (or use the switchto vdc command
Step 1
Step 2
Step 3 switch#
Procedure
Command or Action configure terminal switch(config)# vrf context vrf-name
Purpose
Enters global configuration mode.
Enters VRF configuration mode. The vrf-name can be any case-sensitive, alphanumeric string up to 63 characters.
switch(config)# ip wccp { service-number | web-cache }
[ mode { open [ redirect-list acl-name ] | closed service-list acl-name }][ password [ 0-7 ] pwstring ]
Creates an open or closed mode service group. The service list identifies a named extended IP access list that defines the packets that will match the service. This list is required only when the service is defined as closed mode
Optional parameters are as follows:
• mode —Configures the service group in open or closed mode. On a service list, the mode controls the traffic type that the service group handles. The default is open. For closed mode, use this keyword to configure an IP access list to define the traffic type that matches this service.
Closed mode for dynamic service groups requires a service list ACL that specifies the protocol and port information that is used for the service group. If there are no members in the service group, packets matching the service-list ACL are dropped.
• password —Configures MD5 authentication for a service group. Use password 0 pwstring to store the password in clear text. Use password 7 pwstring to store the password in encrypted form. You can use the
100
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Verifying the WCCPv2 Configuration
Step 4
Step 5
Command or Action Purpose password 7 keywords for an already encrypted password.
• redirect-list —Configures a global WCCPv2 redirection list for the service group to control the traffic that is redirected to the cache engine.
• service-list —Configures an IP access list that defines the traffic type redirected by the service group.
• The service-number range is from 1 to 255. The acl-name can be any case-sensitive, alphanumeric string up to 64 characters. The pwstring can be any case-sensitive, alphanumeric string up to eight characters.
(Optional) switch(config-vrf)# show ip wccp [ vrf vrf-name ] Displays information about WCCPv2. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure WCCPv2 in VRF Red on interface Ethernet 2/1: switch# configure terminal switch(config)# vrf context Red switch(config-vrf)# ip wccp web-cache password Test1 redirect-list httpTest switch(config-vrf)# interface ethernet 2/1 switch(config-if)# vrf member Red switch(config-if)# ip wccp web-cache redirect out
Verifying the WCCPv2 Configuration
Use one of the following commands to verify the configuration:
Command show ip wccp [ vrf vrf-name ] [ service-number | web-cache ]
Purpose
Displays the WCCPv2 status for all groups or one group in a VRF.
show ip interface show ip wccp [
[ ethernet-number service-number |
] web-cache ]
Displays the WCCPv2 interface information.
Displays the WCCPv2 service group status.
show ip wccp [ service-number | web-cache ] detail Displays the clients in a WCCPv2 service group.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
101
IP
Configuration Examples for WCCPv2
Command Purpose show ip wccp [ service-number | web-cache ] mask Displays the WCCPv2 mask assignment.
show ip wccp [ service-number | web-cache ] service Displays the WCCPv2 service group definition.
show ip wccp [ service-number | web-cache ] view Displays the WCCPv2 group membership.
Configuration Examples for WCCPv2
This example shows how to configure WCCPv2 authentication on router redirect web-related packets without a destination of 192.0.2.1 to the web cache: access-list 100 deny ip any host 192.0.2.1
permit ip any any feature wccp ip wccp web-cache password 0 Test1 redirect-list 100 interface ethernet 1/2 ip wccp web-cache redirect out no shutdown
This example shows the sample output when WCCP is configuration in a VRF.
switch(config)# show ip wccp vrf vrf5000
VRF vrf5000 WCCP information:
Router information:
Router Identifier:
Protocol Version:
Service Identifier: web-cache
Number of Service Group Clients:
Number of Service Group Routers:
Service mode:
Service Access-list:
Redirect Access-list:
Service Identifier: 61
Number of Service Group Clients:
Number of Service Group Routers:
Service mode:
Service Access-list:
Redirect Access-list:
Service Identifier: 62
Number of Service Group Clients:
Number of Service Group Routers:
Service mode:
Service Access-list:
Redirect Access-list:
50.50.50.1
2.0
1
1
Open
-none-
-none-
1
1
Open
-none-
-none-
1
1
Open
-none-
-none-
The following example shows a verification command to display the kind of service for WCCP.
switch(config)# show ip wccp vrf vrf5000 61 service
WCCP service information definition:
Type: Dynamic
Id:
Priority:
Protocol:
Options:
--------
61
34
6
0x00000501
102
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
IP
Related Documents for WCCPv2
Mask/Value sets: 1
Value elements : 16
Ports: -none-
The following example shows a verification command to display cache engine information, after the connection with the cache engine is established switch(config)# show ip wccp vrf vrf5000 61 view
WCCP Router Informed of:
50.50.50.1
WCCP Cache Engines Visible:
10.10.10.3
WCCP Cache Engines Not Visible:
-none-
Related Documents for WCCPv2
Related Topic
WCCPv2 CLI commands
IP ACLs
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
Cisco Nexus 7000 Series NX-OS Security
Configuration Guide, Release 6.x
Standards for the WCCPv2
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Feature History for WCCPv2
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Feature Name
WCCPv2 on BDI
WCCPv2 Redirection
Release
8.2(1)
7.3(0)DX(1)
Feature Information
Added support on BDI interface.
Added support for M3 module.
WCCPv2 5.2(4) Added support for policy-based routing and
WCCPv2 on the same interface if bank chaining is disabled.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
103
Feature History for WCCPv2
Feature Name
WCCPv2
Release
WCCPv2 Error Handling for
SPM Operations
5.1(1)
4.2(1)
IP
Feature Information
This feature was added.
This feature was introduced.
104
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
P A R T
II
Routing
•
Configuring OSPFv2, on page 107
•
Configuring OSPFv3, on page 153
•
Configuring EIGRP, on page 205
•
Configuring IS-IS, on page 239
•
Configuring Basic BGP, on page 265
•
Configuring Advanced BGP, on page 295
•
•
Configuring Static Routing, on page 371
•
Configuring the Interoperability of Modules for Unicast Routing, on page 383
•
Configuring Layer 3 Virtualization, on page 387
•
Managing the Unicast RIB and FIB, on page 399
•
Configuring Route Policy Manager, on page 413
•
Configuring Policy-Based Routing, on page 435
C H A P T E R
7
Configuring OSPFv2
This chapter contains the following sections:
•
Finding Feature Information, on page 107
•
Information About OSPFv2, on page 107
•
Prerequisites for OSPFv2, on page 118
•
Guidelines and Limitations for OSPFv2, on page 118
•
Default Settings for OSPFv2, on page 120
•
Configuring Basic OSPFv2, on page 120
•
Configuring Advanced OSPFv2, on page 129
•
Verifying the OSPFv2 Configuration, on page 148
•
Monitoring OSPFv2 , on page 150
•
Configuration Examples for OSPFv2, on page 150
•
Related Documents for OSPFv2, on page 150
•
Feature History for OSPFv2, on page 150
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About OSPFv2
OSPFv2 is an IETF link-state protocol for IPv4 networks. An OSPFv2 router sends a special message, called a hello packet, out each OSPF-enabled interface to discover other OSPFv2 neighbor routers. Once a neighbor is discovered, the two routers compare information in the to determine if the routers have compatible configurations. The neighbor routers try to establish , which means that the routers synchronize their link-state databases to ensure that they have identical OSPFv2 routing information. Adjacent routers share (LSAs) that include information about the operational state of each link, the cost of the link, and any other neighbor information. The routers then flood these received LSAs out every OSPF-enabled interface so that all OSPFv2 routers eventually have identical link-state databases. When all OSPFv2 routers have identical link-state
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
107
Routing
Hello Packet databases, the network is converged. Each router then uses Dijkstra’s Shortest Path First (SPF) algorithm to build its route table.
You can divide OSPFv2 networks into areas. Routers send most LSAs only within one area, which reduces the CPU and memory requirements for an OSPF-enabled router.
OSPFv2 supports IPv4, while OSPFv3 supports IPv6. For more information, see the "Configuring OSPFv3" chapter.
Note OSPFv2 on Cisco NX-OS supports RFC 2328. This RFC introduced a different method to calculate route summary costs which is not compatible with the calculation used by RFC1583. RFC 2328 also introduced different selection criteria for AS-external paths. It is important to ensure that all routers support the same
RFC. Use the rfc1583compatibility command if your network includes routers that are only compliant with
RFC1583. The default supported RFC standard for OSPFv2 may be different for Cisco NX-OS and Cisco
IOS. You must make adjustments to set the values identically. For more information, see the “OSPF RFC
Compatibility Mode Example” section.
Hello Packet
OSPFv2 routers periodically send Hello packets on every OSPF-enabled interface. The hello interval determines how frequently the router sends these Hello packets and is configured per interface. OSPFv2 uses Hello packets for the following tasks:
• Neighbor discovery
• Keepalives
• Bidirectional communications
• Designated router election
The Hello packet contains information about the originating OSPFv2 interface and router, including the assigned OSPFv2 cost of the link, the , and optional capabilities of the originating router. An OSPFv2 interface that receives these Hello packets determines if the settings are compatible with the receiving interface settings.
Compatible interfaces are considered neighbors and are added to the neighbor table.
Hello packets also include a list of router IDs for the routers that the originating interface has communicated with. If the receiving interface sees its own router ID in this list, then bidirectional communication has been established between the two interfaces.
OSPFv2 uses Hello packets as a keepalive message to determine if a neighbor is still communicating. If a router does not receive a Hello packet by the configured (usually a multiple of the hello interval), then the neighbor is removed from the local neighbor table.
Neighbors
An OSPFv2 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv2 interfaces must match the following criteria:
• Hello interval
• Dead interval
108
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Adjacency
• Area ID
• Authentication
• Optional capabilities
If there is a match, the following information is entered into the neighbor table:
• Neighbor ID—The router ID of the neighbor.
• Priority—Priority of the neighbor. The priority is used for designated router election.
• State—Indication of whether the neighbor has just been heard from, is in the process of setting up bidirectional communications, is sharing the link-state information, or has achieved full adjacency.
• Dead time—Indication of the time since the last Hello packet was received from this neighbor.
• IP Address—The IP address of the neighbor.
• Designated Router—Indication of whether the neighbor has been declared as the designated router or as the backup designated router.
• Local interface—The local interface that received the Hello packet for this neighbor.
Adjacency
Not all neighbors establish adjacency. Depending on the network type and designated router establishment, some neighbors become fully adjacent and share LSAs with all their neighbors, while other neighbors do not.
Adjacency is established using Database Description packets, Link State Request packets, and Link State
Update packets in OSPF. The Database Description packet includes just the LSA headers from the link-state database of the neighbor. The local router compares these headers with its own link-state database and determines which LSAs are new or updated. The local router sends a Link State Request packet for each LSA that it needs new or updated information on. The neighbor responds with a Link State Update packet. This exchange continues until both routers have the same link-state information.
Designated Routers
Networks with multiple routers present a unique situation for OSPF. If every router floods the network with
LSAs, the same link-state information is sent from multiple sources. Depending on the type of network,
OSPFv2 might use a single router, the (DR), to control the LSA floods and represent the network to the rest of the OSPFv2 area. If the DR fails, OSPFv2 selects a (BDR). If the DR fails, OSPFv2 uses the BDR.
Network types are as follows:
• Point-to-point—A network that exists only between two routers. All neighbors on a point-to-point network establish adjacency and there is no DR.
• Broadcast—A network with multiple routers that can communicate over a shared medium that allows broadcast traffic, such as Ethernet. OSPFv2 routers establish a DR and BDR that controls LSA flooding on the network. OSPFv2 uses the well-known IPv4 multicast addresses 224.0.0.5 and a MAC address of 0100.5300.0005 to communicate with neighbors.
The DR and BDR are selected based on the information in the Hello packet. When an interface sends a Hello packet, it sets the priority field and the DR and BDR field if it knows who the DR and BDR are. The routers
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
109
Areas
Routing follow an election procedure based on which routers declare themselves in the DR and BDR fields and the priority field in the Hello packet. As a final tie breaker, OSPFv2 chooses the highest router IDs as the DR and
BDR.
All other routers establish adjacency with the DR and the BDR and use the IPv4 multicast address 224.0.0.6
to send LSA updates to the DR and BDR. Figure 3-1 shows this adjacency relationship between all routers and the DR.
DRs are based on a router interface. A router might be the DR for one network and not for another network on a different interface.
Figure 23: DR in Multi-Access Network
Areas
You can limit the CPU and memory requirements that OSPFv2 puts on the routers by dividing an OSPFv2 network into . An area is a logical division of routers and links within an OSPFv2 domain that creates separate subdomains. LSA flooding is contained within an area, and the link-state database is limited to links within the area. You can assign an area ID to the interfaces within the defined area. The Area ID is a 32-bit value that you can enter as a number or in dotted decimal notation, such as 10.2.3.1.
Cisco NX-OS always displays the area in dotted decimal notation.
If you define more than one area in an OSPFv2 network, you must also define the backbone area, which has the reserved area ID of 0. If you have more than one area, then one or more routers become (ABRs). An ABR connects to both the backbone area and at least one other defined area.
110
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Figure 24: OSPFv2 Areas
Link-State Advertisements
The ABR has a separate link-state database for each area to which it connects. The ABR sends Network
Summary (type 3) from one connected area to the backbone area. The backbone area sends summarized information about one area to another area. In the OSPFv2 Areas Figure, Area 0 sends summarized information about Area 5 to Area 3.
OSPFv2 defines one other router type: the autonomous system boundary router (ASBR). This router connects an OSPFv2 area to another autonomous system. An autonomous system is a network controlled by a single technical administration entity. OSPFv2 can redistribute its routing information into another autonomous system or receive redistributed routes from another autonomous system.
Link-State Advertisements
Link-State Advertisements Types
OSPFv2 uses link-state advertisements (LSAs) to build its routing table.
Names
Router LSA
Network LSA
Network Summary LSA
Description
LSA sent by every router. This LSA includes the state and the cost of all links and a list of all OSPFv2 neighbors on the link. Router LSAs trigger an SPF recalculation. Router LSAs are flooded to local
OSPFv2 area.
LSA sent by the DR. This LSA lists all routers in the multi-access network. Network LSAs trigger an SPF recalculation.
LSA sent by the area border router to an external area for each destination in the local area. This LSA includes the link cost from the area border router to the local destination.
ASBR Summary LSA LSA sent by the area border router to an external area.
This LSA advertises the link cost to the ASBR only.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
111
Routing
Link Cost
Names
AS External LSA
NSSA External LSA
Opaque LSAs
Description
LSA generated by the ASBR. This LSA includes the link cost to an external autonomous system destination. AS External LSAs are flooded throughout the autonomous system.
LSA generated by the ASBR within a not-so-stubby area (NSSA). This LSA includes the link cost to an external autonomous system destination. NSSA
External LSAs are flooded only within the local
NSSA.
LSA used to extend OSPF.
Link Cost
Flooding and LSA Group Pacing
When an OSPFv2 router receives an LSA, it forwards that LSA out every OSPF-enabled interface, flooding the OSPFv2 area with this information. This LSA flooding guarantees that all routers in the network have identical routing information. LSA flooding depends on the OSPFv2 area configuration. The LSAs are flooded based on the (every 30 minutes by default). Each LSA has its own link-state refresh time.
You can control the flooding rate of LSA updates in your network by using the LSA group pacing feature.
LSA group pacing can reduce high CPU or buffer utilization. This feature groups LSAs with similar link-state refresh times to allow OSPFv2 to pack multiple LSAs into an OSPFv2 Update message.
By default, LSAs with link-state refresh times within 10 seconds of each other are grouped together. You should lower this value for large link-state databases or raise it for smaller databases to optimize the OSPFv2 load on your network.
Link-State Database
Each OSPFv2 interface is assigned a . The cost is an arbitrary number. By default, Cisco NX-OS assigns a cost that is the configured reference bandwidth divided by the interface bandwidth. By default, the reference bandwidth is 40 Gb/s. The link cost is carried in the LSA updates for each link.
Each router maintains a link-state database for the OSPFv2 network. This database contains all the collected
LSAs, and includes information on all the routes through the network. OSPFv2 uses this information to calculate the best path to each destination and populates the routing table with these best paths.
LSAs are removed from the link-state database if no LSA update has been received within a set interval, called the MaxAge. Routers flood a repeat of the LSA every 30 minutes to prevent accurate link-state information from being aged out. Cisco NX-OS supports the LSA grouping feature to prevent all LSAs from refreshing at the same time.
Opaque LSAs
Opaque LSAs allow you to extend OSPF functionality. Opaque LSAs consist of a standard LSA header followed by application-specific information. This information might be used by OSPFv2 or by other applications. OSPFv2 uses Opaque LSAs to support OSPFv2 Graceful Restart capability. Three Opaque LSA types are defined as follows:
• LSA type 9—Flooded to the local network.
112
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
OSPFv2 and the Unicast RIB
• LSA type 10—Flooded to the local area.
• LSA type 11—Flooded to the local autonomous system.
OSPFv2 and the Unicast RIB
OSPFv2 runs the Dijkstra shortest path first algorithm on the link-state database. This algorithm selects the best path to each destination based on the sum of all the link costs for each link in the path. The resultant shortest path for each destination is then put in the OSPFv2 route table. When the OSPFv2 network is converged, this route table feeds into the unicast RIB. OSPFv2 communicates with the unicast RIB to do the following:
• Add or remove routes
• Handle route redistribution from other protocols
• Provide convergence updates to remove stale OSPFv2 routes and for stub router advertisements
OSPFv2 also runs a modified Dijkstra algorithm for fast recalculation for summary and external (type 3, 4,
5, and 7) LSA changes.
Authentication
You can configure authentication on OSPFv2 messages to prevent unauthorized or invalid routing updates in your network. Cisco NX-OS supports two authentication methods:
• Simple password authentication
• MD5 authentication digest
You can configure the OSPFv2 authentication for an OSPFv2 area or per interface.
Simple Password Authentication
Simple password authentication uses a simple clear-text password that is sent as part of the OSPFv2 message.
The receiving OSPFv2 router must be configured with the same clear-text password to accept the OSPFv2 message as a valid route update. Because the password is in clear text, anyone who can watch traffic on the network can learn the password.
MD5 Authentication
You should use MD5 authentication to authenticate OSPFv2 messages. You configure a password that is shared at the local router and all remote OSPFv2 neighbors. For each OSPFv2 message, Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password. The interface sends this digest with the OSPFv2 message. The receiving OSPFv2 neighbor validates the digest using the same encrypted password. If the message has not changed, the digest calculation is identical and the OSPFv2 message is considered valid.
MD5 authentication includes a sequence number with each OSPFv2 message to ensure that no message is replayed in the network.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
113
Routing
Advanced Features for OSPFv2
Advanced Features for OSPFv2
Cisco NX-OS supports advanced OSPFv2 features that enhance the usability and scalability of OSPFv2 in the network.
Stub Area
You can limit the amount of external routing information that floods an area by making it a stub area. A stub area is an area that does not allow AS External (type 5) LSAs. These LSAs are usually flooded throughout the local autonomous system to propagate external route information. Stub areas have the following requirements:
• All routers in the stub area are stub routers.
• No ASBR routers exist in the stub area.
• You cannot configure virtual links in the stub area.
The following figure shows an example of an OSPFv2 autonomous system where all routers in area 0.0.0.10
have to go through the ABR to reach external autonomous systems. Area 0.0.0.10 can be configured as a stub area.
Figure 25: Stub Area
Stub areas use a default route for all traffic that needs to go through the backbone area to the external autonomous system. The default route is 0.0.0.0 for IPv4.
Not-So-Stubby Area
A Not-so-Stubby Area (NSSA) is similar to a stub area, except that an NSSA allows you to import autonomous system external routes within an NSSA using redistribution. The NSSA ASBR redistributes these routes and generates NSSA External (type 7) LSAs that it floods throughout the NSSA. You can optionally configure the ABR that connects the NSSA to other areas to translate this NSSA External LSA to AS External (type 5)
LSAs. The ABR then floods these AS External LSAs throughout the OSPFv2 autonomous system.
Summarization and filtering are supported during the translation.
You can, for example, use NSSA to simplify administration if you are connecting a central site using OSPFv2 to a remote site that is using a different routing protocol. Before NSSA, the connection between the corporate site border router and a remote router could not be run as an OSPFv2 stub area because routes for the remote site could not be redistributed into a stub area. With NSSA, you can extend OSPFv2 to cover the remote connection by defining the area between the corporate router and remote router as an NSSA.
The backbone Area 0 cannot be an NSSA.
114
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Virtual Links
Virtual Links
Virtual links allow you to connect an OSPFv2 area ABR to a backbone area ABR when a direct physical connection is not available. The figure shows a virtual link that connects Area 3 to the backbone area through
Area 5.
Figure 26: Virtual Links
You can also use virtual links to temporarily recover from a partitioned area, which occurs when a link within the area fails, isolating part of the area from reaching the designated ABR to the backbone area.
Route Redistribution
OSPFv2 can learn routes from other routing protocols by using route redistribution. You configure OSPFv2 to assign a link cost for these redistributed routes or a default link cost for all redistributed routes.
Route redistribution uses route maps to control which external routes are redistributed. You must configure a route map with the redistribution to control which routes are passed into OSPFv2. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. You can use route maps to modify parameters in the AS External (type 5) and NSSA External (type 7)
LSAs before these external routes are advertised in the local OSPFv2 autonomous system.
OSPFv2 sets the type-5 LSA's forwarding address as described below:
• If the next-hop for the route is an attached-route then the forwarding address is the next-hop address for that route.
• If the next-hop for the route is a recursive route and next-hop's next-hop is an attached route then the forwarding address is the next-hop's next-hop address.
Route Summarization
Because OSPFv2 shares all learned routes with every OSPF-enabled router, you might want to use route summarization to reduce the number of unique routes that are flooded to every OSPF-enabled router. Route summarization simplifies route tables by replacing more-specific addresses with an address that represents
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
115
Routing
High Availability and Graceful Restart all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address, 10.1.0.0/16.
Typically, you would summarize at the boundaries of area border routers (ABRs). Although you could configure summarization between any two areas, it is better to summarize in the direction of the backbone so that the backbone receives all the aggregate addresses and injects them, already summarized, into other areas. The two types of summarization are as follows
• Inter-area route summarization
• External route summarization
You configure inter-area route summarization on ABRs, summarizing routes between areas in the autonomous system. To take advantage of summarization, you should assign network numbers in areas in a contiguous way to be able to lump these addresses into one range.
External route summarization is specific to external routes that are injected into OSPFv2 using route redistribution. You should make sure that external ranges that are being summarized are contiguous.
Summarizing overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Configure external route summarization on ASBRs that are redistributing routes into OSPF.
When you configure a summary address, Cisco NX-OS automatically configures a discard route for the summary address to prevent routing black holes and route loops.
High Availability and Graceful Restart
Cisco NX-OS provides a multilevel high-availability architecture. OSPFv2 supports stateful restart, which is also referred to as non-stop routing (NSR). If OSPFv2 experiences problems, it attempts to restart from its previous run-time state. The neighbors do not register any neighbor event in this case. If the first restart is not successful and another problem occurs, OSPFv2 attempts a graceful restart.
A graceful restart, or nonstop forwarding (NSF), allows OSPFv2 to remain in the data forwarding path through a process restart. When OSPFv2 needs to perform a graceful restart, it sends a link-local opaque (type 9) LSA, called a grace LSA. This restarting OSPFv2 platform is called NSF capable.
The grace LSA includes a grace period, which is a specified time that the neighbor OSPFv2 interfaces hold onto the LSAs from the restarting OSPFv2 interface. (Typically, OSPFv2 tears down the adjacency and discards all LSAs from a down or restarting OSPFv2 interface.) The participating neighbors, which are called
NSF helpers, keep all LSAs that originate from the restarting OSPFv2 interface as if the interface was still adjacent.
When the restarting OSPFv2 interface is operational again, it rediscovers its neighbors, establishes adjacency, and starts sending its LSA updates again. At this point, the NSF helpers recognize that the graceful restart has finished.
Stateful restart is used in the following scenarios:
• First recovery attempt after the process experiences problems
• ISSU
• User-initiated switchover using the system switchover command
• Active supervisor reload using the reload module active-sup command
Graceful restart is used in the following scenarios:
• Second recovery attempt after the process experiences problems within a 4-minute interval
116
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
OSPFv2 Stub Router Advertisements
• Manual restart of the process using the restart ospf command
• Active supervisor removal
Note The Cisco Nexus 7000 series devices support the Internet Engineering Task Force (IETF) version only. As a result, NSF IETF must be explicitly configured under the routing protocols in the Virtual Switching System
(VSS). Use the nsf ietf command in router configuration mode for NSF IETF configuration. No additional configuration is required on the Cisco Nexus 7000 pairs because they run NSF IETF graceful-restart by default.
However, each neighbor device that will become Layer 3 adjacent must have NSF configured and the same mode of NSF must be enabled to successfully operate a graceful failover.
OSPFv2 Stub Router Advertisements
You can configure an OSPFv2 interface to act as a stub router using the OSPFv2 Stub Router Advertisements feature. Use this feature when you want to limit the OSPFv2 traffic through this router, such as when you want to introduce a new router to the network in a controlled manner or limit the load on a router that is already overloaded. You might also want to use this feature for various administrative or traffic engineering reasons.
OSPFv2 stub router advertisements do not remove the OSPFv2 router from the network topology, but they do prevent other OSPFv2 routers from using this router to route traffic to other parts of the network. Only the traffic that is destined for this router or directly connected to this router is sent.
OSPFv2 stub router advertisements mark all stub links (directly connected to the local router) to the cost of the local OSPFv2 interface. All remote links are marked with the maximum cost (0xFFFF).
Multiple OSPFv2 Instances
Cisco NX-OS supports multiple instances of the OSPFv2 protocol that run on the same node. You cannot configure multiple instances over the same interface. By default, every instance uses the same system router
ID. You must manually configure the router ID for each instance if the instances are in the same OSPFv2 autonomous system.
SPF Optimization
Cisco NX-OS optimizes the SPF algorithm in the following ways:
• Partial SPF for Network (type 2) LSAs, Network Summary (type 3) LSAs, and AS External (type 5)
LSAs—When there is a change on any of these LSAs, Cisco NX-OS performs a faster partial calculation rather than running the whole SPF calculation.
• SPF timers—You can configure different timers for controlling SPF calculations. These timers include exponential backoff for subsequent SPF calculations. The exponential backoff limits the CPU load of multiple SPF calculations.
BFD
This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol that provides fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 7000 Series NX-OS Interfaces
Configuration Guide for more information.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
117
Routing
Virtualization Support for OSPFv2
Virtualization Support for OSPFv2
OSPFv2 supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts
(VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF.
Cisco NX-OS Release 6.1 or later supports more than four process instances for OSPFv2 per VDC. However, only the first four configured OSPFv2 instances are supported with MPLS LDP and MPLS TE. Each OSPFv2 instance can support multiple VRFs, up to the system limit. For more information, see the Cisco Nexus 7000
Series NX-OS Virtual Device Context Configuration Guide and the Cisco Nexus 7000 Series NX-OS Verified
Scalability Guide .
Prerequisites for OSPFv2
OSPFv2 has the following prerequisites:
• You must be familiar with routing fundamentals to configure OSPF.
• You are logged on to the switch.
• You have configured at least one interface for IPv4 that can communicate with a remote OSPFv2 neighbor.
• You have completed the OSPFv2 network strategy and planning for your network. For example, you must decide whether multiple areas are required.
• You have enabled the OSPF feature.
• You have installed the appropriate license and entered the desired VDC (see the Cisco Nexus 7000 Series
NX-OS Virtual Device Context Configuration Guide for configuration information and the Cisco NX-OS
Licensing Guide for licensing information) if you are configuring VDCs.
Guidelines and Limitations for OSPFv2
OSPFv2 has the following configuration guidelines and limitations:
• CE devices installs type 3 LSAs with DN-bit or Type 5 LSAs with DN-bit and VPN Route TAG in the
RIB (non-default VRF). This behaviour is applicable prior to Cisco NX-OS Release 8.3(2).
• The default-information originate command must be configured so that the MPLS default route is advertised to the CE-VRF. When using default-information originate command, the DN-bit in type 3 5
LSAs options and Route TAGs in Type 5 LSAs are not set for the default route only.
• The Cisco Nexus 7000 supports the Internet Engineering Task Force (IETF) version only. As a result,
NSF IETF must be explicitly configured under the routing protocols in the Virtual Switching System
(VSS). No additional configuration is required on the Cisco Nexus 7000 pairs because they run NSF
IETF graceful-restart by default. However, each neighbor device that will become Layer 3 adjacent must have NSF configured and the same mode of NSF must be enabled to successfully operate a graceful failover.
• Cisco NX-OS displays areas in dotted decimal notation regardless of whether you enter the area in decimal or dotted decimal notation.
118
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Guidelines and Limitations for OSPFv2
• All OSPFv2 routers must operate in the same RFC compatibility mode. OSPFv2 for Cisco NX-OS complies with RFC 2328. Use the rfc1583compatibility command in router configuration mode if your network includes routers that support only RFC 1583.
• In scaled scenarios, when the number of interfaces and link-state advertisements in an OSPF process is large, the snmp-walk on OSPF MIB objects is expected to time out with a small-values timeout at the
SNMP agent. If your observe a timeout on the querying SNMP agent while polling OSPF MIB objects, increase the timeout value on the polling SNMP agent.
• MTU configured at interface level works in either the data plane or in the control plane but not at both planes at the same time.
When you configure MTU with a size lower than the supported size in data and control planes a few features that have minimum MTU requirements may not work in both the planes.
For example, MPLS VPN is supported in the data plane since this plane supports the MTU of 1500 bytes that the MPLS VPN requires. But control plane does not support MPLS VPN because this plane cannot handle the 1500-byte packets.
To make the configured MTU work in control plane for MPLS VPN, you need to manually configure the OSPF packet size (by using the packet-sizesize command) so that OSPF works on the control plane.
This is applicable from Cisco NX-OS Release 8.3(2) onwards.
The packet-sizesize command is supported on the Ethernet, SVI, and GRE tunnel interfaces.
• Cisco NX-OS Release 6.1 or later supports more than four process instances for OSPFv2 per VDC.
However, only the first four configured OSPFv2 instances are supported with MPLS LDP and MPLS
TE.
• The default-information-originate always command advertises the OSPF defaut route from Cisco
NX-OS Release 7.3(5)D1(1) and later releases and from Cisco NX-OS Release 8.0(1) and later releases in 8.x release train.
• The following guidelines and limitations apply to the administrative distance feature, which is supported beginning with Cisco NX-OS Release 6.1:
• When an OSPF route has two or more equal cost paths, configuring the administrative distance is non-deterministic for the match ip route-source command.
• Configuring the administrative distance is supported only for the match route-type , match ip address prefix-list , and match ip route-source prefix-list commands. The other match statements are ignored.
• There is no preference among the match route-type , match ip address , and match ip route-source commands for setting the administrative distance of OSPF routes. In this way, the behavior of the table map for setting the administrative distance in Cisco NX-OS OSPF is different from that in
Cisco IOS OSPF.
• The discard route is always assigned an administrative distance of 220. No configuration in the table map applies to OSPF discard routes.
• In Cisco NX-OS Release 6.2(6a) and later releases, you can filter next-hop paths for an OSPF route to prevent the path from being added to the RIB. Before Cisco NX-OS Release 6.2(6a), filtering on a specific path was ignored and the entire route was not added to the RIB.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
119
Default Settings for OSPFv2
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings for OSPFv2
Table 15: Default OSPFv2 Parameters
Parameters
Administrative distance
Hello interval
Dead interval
Discard routes
Graceful restart grace period
OSPFv2 feature
Stub router advertisement announce time
Reference bandwidth for link cost calculation
LSA minimal arrival time
LSA group pacing
SPF calculation initial delay time
SPF minimum hold time
SPF calculation initial delay time
Default
110
10 seconds
40 seconds
Enabled
60 seconds
Disabled
600 seconds
40 Gb/s
1000 milliseconds
10 seconds
200 milliseconds
5000 milliseconds
1000 milliseconds
Configuring Basic OSPFv2
Enabling OSPFv2
You must enable the OSPFv2 feature before you can configure OSPFv2.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
120
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Routing
Creating an OSPFv2 Instance
Step 1
Step 2
Procedure
Command or Action switch# configure terminal switch(config)# [ no ] feature ospf
Step 3
Step 4
(Optional) switch(config)# show feature
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables the OSPFv2 feature.
Note Use the no form of this command to disable the
OSPFv2 feature and remove all associated configuration.
Displays enabled and disabled features.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Creating an OSPFv2 Instance
The first step in configuring OSPFv2 is to create an OSPFv2 instance. You assign a unique instance tag for this OSPFv2 instance. The instance tag can be any string.
Note The OSPF router ID changes without a restart on a Cisco Nexus 7000 switch when you have not configured a manual router ID in the following cases:
• Configuring an SVI or physical interface with a higher IP address than the current router ID on a setup without any configured loopback interfaces.
• Configuring a loopback interface with any given IP address on a setup without any previously configured loopback interfaces.
• Configuring a loopback interface with a higher IP address than the IP address of an existing configured loopback interface.
When a router ID changes, OSPF has to re-advertise all LSAs with the new router ID. To avoid this issue, you can configure a manual OSPF router ID.
Before you begin
Ensure that you have enabled the OSPF feature.
Use the show ip ospf instance-tag command to verify that the instance tag is not in use.
OSPFv2 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
121
Routing
Configuring OSPF Packet Size
Step 1
Step 2
Step 3
Step 4
Step 5 switch#
Procedure
Command or Action configure terminal switch(config)# router ospf instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Note Use the no form of this command in global configuration mode to remove the OSPFv2 instance and all associated configurations.
Using the no form of this command in the interface configuration mode does not remove the OSPF configuration. You must manually remove any OSPFv2 commands configured in interface mode.
(Optional) switch(config-router)# router-id ip-address Configures the OSPFv2 router ID. This IP address identifies this OSPFv2 instance and must exist on a configured interface in the system.
This command restarts the OSPF process automatically and changes the router id after it is configured.
(Optional) switch(config-router)# show ip ospf instance-tag Displays OSPF information.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring OSPF Packet Size
MTU configured at interface level works in either the data plane or in the control plane but not at both planes at the same time.
When you configure MTU with a size lower than the supported size in data and control planes a few features that have minimum MTU requirements may not work in both the planes.
For example, MPLS VPN is supported in the data plane since this plane supports the MTU of 1500 bytes that the MPLS VPN requires. But control plane does not support MPLS VPN because this plane cannot handle the 1500-byte packets.
To make the configured MTU work in control plane for MPLS VPN, you need to manually configure the
OSPF packet size so that OSPF works on the control plane. This is applicable from Cisco NX-OS Release
8.3(2) onwards.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# [ no ] router ospf instance-tag
3.
switch(config-router)# router-id ip-address
4.
switch(config-router)# packet-size size
122
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring OSPF Packet Size
5.
(Optional) switch(config-router)# show ip ospf interface interface-number
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# [ no ] router ospf instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPF instance with the configured instance tag.
Note Use the no form of this command in global configuration mode to remove the OSPFv2 instance and all associated configurations.
Using the no form of this command in the interface configuration mode does not remove the OSPF configuration. You must manually remove any OSPFv2 commands configured in interface mode.
Step 3
Step 4 switch(config-router)# router-id ip-address switch(config-router)# packet-size size
Configures the OSPFv2 router ID. This IP address identifies this OSPFv2 instance and must exist on a configured interface in the system.
This command restarts the OSPF process automatically and changes the router id after it is configured.
• Configures the OSPFv2 packet size. The size range is from 572 to 9212 bytes.
• You can configure the packet-size in the interface configuration mode also.
• You can configure the packet-size size command even if the ip ospf mtu-ignore command is already configured in the network.
Step 5 (Optional) switch(config-router)# interface-number show ip ospf interface Displays OSPF information.
Example
This example shows how to configure the OSPF packet-size: router ospf 1 router-id 3.3.3.3
[no] packet-size 2000
This example shows the display of the OSPF packet-size:
Switch (config-router)# show ip ospf interface ethernet 1/25
Ethernet1/25 is up, line protocol is up
IP address 1.0.0.1/24
--------snip ---------------
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
123
Routing
Configuring Optional Parameters on an OSPFv2 Instance
Number of opaque link LSAs: 0, checksum sum 0
Max Packet Size: 2000
Configuring Optional Parameters on an OSPFv2 Instance
You can configure optional parameters for OSPF. The following commands are available in the router configuration mode.
For more information about OSPFv2 instance parameters, see the “Configuring Advanced OSPFv2” section
Before you begin
Ensure that you have enabled the OSPF feature.
OSPFv2 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch(config-router)# distance number
2.
switch(config-router)# log-adjacency-changes [detail]
3.
switch(config-router)# maximum-paths path-number
4.
switch(config-router)# [ no ] name-lookup path-number
5.
switch(config-router)# passive-interface default
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action switch(config-router)# distance number switch(config-router)# log-adjacency-changes [detail] switch(config-router)# switch(config-router)# [ switch(config-router)#
maximum-paths path-number no ] name-lookup path-number passive-interface default
Purpose
Configures the administrative distance for this OSPFv2 instance. The range is from 1 to 255. The default is 110.
Generates a system message whenever a neighbor changes state.
Configures the maximum number of equal OSPFv2 paths to a destination in the route table. This command is used for load balancing. The range is from 1 to 16. The default is 8.
Enables the translation of OSPF router IDs to host names, either by looking up the local hosts database or querying
DNS names in IPv6. This command makes it easier to identify a device because it displays the device by name rather than by its router ID or neighbor ID.
Note To stop displaying OSPF router IDs as DNS names, use the no form of this command.
Suppresses routing updates on all interfaces. This command is overridden by the VRF or interface command mode configuration.
124
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Networks in OSPFv2
Example
This example shows how to create an OSPFv2 instance: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# copy running-config startup-config
Configuring Networks in OSPFv2
You can configure a network to OSPFv2 by associating it through the interface that the router uses to connect to that network. You can add all networks to the default backbone area (Area 0), or you can create new areas using any decimal number or an IP address.
Note All areas must connect to the backbone area either directly or through a virtual link.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Note OSPF is not enabled on an interface until you configure a valid IP address for that interface.
Before you begin
Ensure that you have enabled the OSPF feature
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# interface interface-type slot/port switch(config-if)# ip address ip-prefix/length
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Assigns an IP address and subnet mask to this interface.
switch(config-if)# ip router ospf instance-tag area area-id
[ secondaries none ]
Adds the interface to the OSPFv2 instance and area.
Displays OSPF information.
(Optional) switch(config-if)# show ip ospf instance-tag
interface interface-type slot/port
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
(Optional) switch(config)# ip ospf cost number Configures the OSPFv2 cost metric for this interface. The default is to calculate cost metric, based on reference bandwidth and interface bandwidth. The range is from 1 to 65535.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
125
Routing
Configuring Authentication for an Area
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Command or Action Purpose
(Optional) switch(config)# ip ospf dead-interval seconds Configures the OSPFv2 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
(Optional) switch(config)# ip ospf hello-interval seconds Configures the OSPFv2 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
(Optional) switch(config)# ip ospf mtu-ignore
(Optional) switch(config)# passive-interface
[default | no] ip ospf
Configures OSPFv2 to ignore any IP MTU mismatch with a neighbor. The default is to not establish adjacency if the neighbor MTU does not match the local interface MTU.
Suppresses routing updates on the interface. This command overrides the router or VRF command mode configuration.
The default option removes this interface mode command and reverts to the router or VRF configuration, if present.
(Optional) switch(config)# ip ospf priority number
(Optional) switch(config)# ip ospf shutdown
Configures the OSPFv2 priority, used to determine the DR for an area. The range is from 0 to 255. The default is 1.
Shuts down the OSPFv2 instance on this interface.
Example
This example shows how to add a network area 0.0.0.10 in OSPFv2 instance 201: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router ospf 201 area 0.0.0.10
switch(config-if)# copy running-config startup-config
Use the show ip ospf interface command to verify the interface configuration. Use the show ip ospf neighbor command to see the neighbors for this interface.
Configuring Authentication for an Area
You can configure authentication for all networks in an area or for individual interfaces in the area. Interface authentication configuration overrides area authentication.
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that all neighbors on an interface share the same authentication configuration, including the shared authentication key.
Create the key chain for this authentication configuration. See the Cisco Nexus 7000 Series NX-OS Security
Configuration Guide
Ensure that you are in the correct VDC (or use the switchto vdc command).
126
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Authentication for an Interface
Note For OSPFv2, the key identifier in the key key-id command supports values from 0 to 255 only.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action switch#
Procedure configure terminal switch(config)# router ospf instance-tag switch(config-router)# area area-id authentication
[ message-digest ] switch(config-router)# interface interface-type slot/port
(Optional) Configure one of the following commands:
• ip ospf authentication-key [ 0 | 3 ] key
• ip ospf message-digest-key key-id md5 [ 0 | 3 ] key
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Configures the authentication mode for an area.
Enters interface configuration mode.
The first command configures simple password authentication for this interface. Use this command if the authentication is not set to key-chain or message-digest.
The 0 keyword configures the password in clear text. The
3 keyword configures the password as 3DES encrypted.
The second command configures message digest authentication for this interface. Use this command if the authentication is set to message-digest. The key-id range is from 1 to 255. The MD5 option 0 configures the password in clear text and 3 configures the pass key as 3DES encrypted.
Displays OSPF information.
(Optional) switch(config)# show ip ospf instance-tag
interface interface-type slot/port
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring Authentication for an Interface
You can configure authentication for all networks in an area or for individual interfaces in the area. Interface authentication configuration overrides area authentication.
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that all neighbors on an interface share the same authentication configuration, including the shared authentication key.
Create the key chain for this authentication configuration. See the Cisco Nexus 7000 Series NX-OS Security
Configuration Guide .
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
127
Routing
Configuring Authentication for an Interface
Note For OSPFv2, the key identifier in the key key-id command supports values from 0 to 255 only.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Command or Action switch#
Procedure configure terminal
Purpose
Enters global configuration mode.
switch(config)# interface interface-type slot/port Enters interface configuration mode.
switch(config-if)# ip ospf authentication [ message-digest ] Enables interface authentication mode for OSPFv2 for either cleartext or message-digest type. Overrides area-based authentication for this interface. All neighbors must share this authentication type.
(Optional) switch(config-if)#
key-chain key-name ip ospf authentication Configures interface authentication to use key chains for
OSPFv2. For details on key chains, see the Cisco Nexus
7000 Series NX-OS Security Configuration Guide .
(Optional) switch(config-if)# ip ospf authentication-key
[ 0 | 3 | 7 ] key
Configures simple password authentication for this interface.
Use this command if the authentication is not set to key-chain or message-digest.
The options are as follows:
• 0 —configures the password in clear text.
• 3 —configures the pass key as 3DES encrypted.
• 7 —configures the key as Cisco type 7 encrypted.
(Optional) switch(config-if)# ip ospf message-digest-key
key-id md5 [ 0 | 3 | 7 ] key
Configures message digest authentication for this interface.
Use this command if the authentication is set to message-digest. The key-id range is from 1 to 255. The
MD5 options are as follows:
• 0 —configures the password in clear text.
• 3 —configures the pass key as 3DES encrypted.
• 7 —configures the key as Cisco type 7 encrypted.
(Optional) switch(config-if)# show ip ospf instance-tag
interface interface-type slot/port
(Optional) switch(config)# copy running-config startup-config
Displays OSPF information.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
128
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Advanced OSPFv2
Example
This example shows how to set an interface for simple, unencrypted passwords and set the password for Ethernet interface 1/2: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# ip router ospf 201 area 0.0.0.10
switch(config-if)# ip ospf authentication switch(config-if)# ip ospf authentication-key 0 mypass switch(config-if)# copy running-config startup-config
Configuring Advanced OSPFv2
Configuring Filter Lists for Border Routers
You can separate your OSPFv2 domain into a series of areas that contain related networks. All areas must connect to the backbone area through an area border router (ABR). OSPFv2 domains can connect to external domains as well, through an autonomous system border router (ASBR).
ABRs have the following optional configuration parameters:
• Area range—Configures route summarization between areas.
• Filter list—Filters the Network Summary (type 3) LSAs that are allowed in from an external area.
ASBRs also support filter lists.
Before you begin
Ensure that you have enabled the OSPF feature.
Create the route map that the filter list uses to filter IP prefixes in incoming or outgoing Network Summary
(type 3) LSAs.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# area area-id filter-list route-map map-name { in | out }
4.
(Optional) switch(config-if)# show ip ospf policy statistics area id filter-list { in | out }
5.
(Optional) switch(config)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
129
Routing
Configuring Stub Areas
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action switch# configure terminal switch(config)# router ospf instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
switch(config-router)# area area-id filter-list route-map map-name { in | out }
Filters incoming or outgoing Network Summary (type 3)
LSAs on an ABR.
(Optional) switch(config-if)# show ip ospf policy statistics
area id filter-list { in | out }
Displays OSPF policy information.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure a filter list in area 0.0.0.10: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 filter-list route-map FilterLSAs in switch(config-router)# copy running-config startup-config
Configuring Stub Areas
You can configure a stub area for part of an OSPFv2 domain where external traffic is not necessary. Stub areas block AS External (type 5) LSAs and limit unnecessary routing to and from selected networks. You can optionally block all summary routes from going into the stub area.
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that there are no virtual links or ASBRs in the proposed stub area.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# area area-id stub
4.
(Optional) switch(config-router)# area area-id default-cost cost
5.
(Optional) switch(config-if)# show ip ospf instance-tag
6.
(Optional) switch(config)# copy running-config startup-config
130
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Totally Stubby Area
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Purpose
Enters global configuration mode.
switch(config)# router ospf instance-tag Creates a new OSPFv2 instance with the configured instance tag.
Creates this area as a stub area.
switch(config-router)# area area-id stub
(Optional) switch(config-router)# area area-id default-cost cost
Sets the cost metric for the default summary route sent into this stub area. The range is from 0 to 16777215. The default is 1.
Step 5
Step 6
(Optional) switch(config-if)# show ip ospf instance-tag
(Optional) switch(config)# copy running-config startup-config
Displays OSPF information.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create a stub area: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 stub switch(config-router)# copy running-config startup-config
Configuring a Totally Stubby Area
You can create a totally stubby area and prevent all summary route updates from going into the stub area. To create a totally stubby area, use the following command in router configuration mode:
Command
router ospf instance-tag
Purpose
Creates this area as a totally stubby area.
Configuring NSSA
You can configure an NSSA for part of an OSPFv2 domain where limited external traffic is required. You can optionally translate this external traffic to an AS External (type 5) LSA and flood the OSPFv2 domain with this routing information. An NSSA can be configured with the following optional parameters:
• No redistribution—Redistributed routes bypass the NSSA and are redistributed to other areas in the
OSPFv2 autonomous system. Use this option when the NSSA ASBR is also an ABR.
• Default information originate—Generates an NSSA External (type 7) LSA for a default route to the external autonomous system. Use this option on an NSSA ASBR if the ASBR contains the default route in the routing table. This option can be used on an NSSA ABR whether or not the ABR contains the default route in the routing table.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
131
Routing
Configuring NSSA
• Route map—Filters the external routes so that only those routes that you want are flooded throughout the NSSA and other areas.
• Translate—Translates NSSA External LSAs to AS External LSAs for areas outside the NSSA. Use this command on an NSSA ABR to flood the redistributed routes throughout the OSPFv2 autonomous system.
You can optionally suppress the forwarding address in these AS External LSAs. If you choose this option, the forwarding address is set to 0.0.0.0.
• No summary—Blocks all summary routes from flooding the NSSA. Use this option on the NSSA ABR.
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that there are no virtual links in the proposed NSSA and that it is not the backbone area.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# area area-id nssa [no-redistribution] [default-information-originate]originate
[ route-map map-name ]] [ no-summary ] [ translate type7 { always | never } [ suppress-fa ]]
4.
(Optional) switch(config-router)# area area-id default-cost cost
5.
(Optional) switch(config-if)# show ip ospf instance-tag
6.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action switch# configure terminal switch(config)# router ospf instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
switch(config-router)# area area-id nssa
[no-redistribution]
[default-information-originate]originate [ route-map map-name ]] [ no-summary ] [ translate type7 { always | never } [ suppress-fa ]]
Creates this area as an NSSA.
(Optional) switch(config-router)# area area-id default-cost cost
Sets the cost metric for the default summary route sent into this NSSA.
(Optional) switch(config-if)# show ip ospf instance-tag
(Optional) switch(config)# copy running-config startup-config
Displays OSPF information.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
132
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Virtual Links
Example
This example shows how to create an NSSA that blocks all summary route updates: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that generates a default route: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa default-info-originate switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that filters external routes and blocks all summary route updates: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa route-map ExternalFilter no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that always translates NSSA External (type 5) LSAs to
AS External (type 7) LSAs: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 nssa translate type 7 always switch(config-router)# copy running-config startup-config
Configuring Virtual Links
A virtual link connects an isolated area to the backbone area through an intermediate area. You can configure the following optional parameters for a virtual link:
• Authentication—Sets a simple password or MD5 message digest authentication and associated keys.
• Dead interval—Sets the time that a neighbor waits for a Hello packet before declaring the local router as dead and tearing down adjacencies.
• Hello interval—Sets the time between successive Hello packets.
• Retransmit interval—Sets the estimated time between successive LSAs.
• Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
Note You must configure the virtual link on both routers involved before the link becomes active.
You cannot add a virtual link to a stub area.
Before you begin
Ensure that you have enabled the OSPF feature.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
133
Routing
Configuring Virtual Links
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# area area-id virtual link router-id
4.
(Optional) switch(config-router-vlink)# show ip ospf virtual-link [ brief ]
5.
(Optional) switch(config-router-vlink)# authentication [ key-chain key-id message-digest | null ]
6.
(Optional) switch(config-router-vlink)# authentication-key [ 0 | 3 ] key
7.
(Optional) switch(config-router-vlink)# dead-interval seconds
8.
(Optional) switch(config-router-vlink)# hello-interval seconds
9.
(Optional) switch(config-router-vlink)# message-digest-key key-id md5 [ 0 | 3 ] key
10.
(Optional) switch(config-router-vlink)# retransmit-interval seconds
11.
(Optional) switch(config-router-vlink)# transmit-delay seconds
12.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Command or Action switch# configure terminal switch(config)# router ospf instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
switch(config-router)# area area-id virtual link router-id Creates one end of a virtual link to a remote router. You must create the virtual link on that remote router to complete the link.
Displays OSPF virtual link information.
(Optional) switch(config-router-vlink)# show ip ospf virtual-link [ brief ]
(Optional) switch(config-router-vlink)# authentication
[ key-chain key-id message-digest | null ]
(Optional) switch(config-router-vlink)# authentication-key [ 0 | 3 ] key
Overrides area-based authentication for this virtual link.
(Optional) switch(config-router-vlink)# seconds
(Optional) switch(config-router-vlink)# seconds dead-interval hello-interval
(Optional) switch(config-router-vlink)#
message-digest-key key-id md5 [ 0 | 3 ] key
Configures a simple password for this virtual link. Use this command if the authentication is not set to key-chain or message-digest. 0 configures the password in clear text.
3 configures the password as 3DES encrypted.
Configures the OSPFv2 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
Configures the OSPFv2 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
Configures message digest authentication for this virtual link. Use this command if the authentication is set to message-digest. 0 configures the password in cleartext. 3 configures the pass key as 3DES encrypted.
134
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Redistribution
Step 10
Step 11
Step 12
Command or Action
(Optional) switch(config-router-vlink)#
retransmit-interval seconds
Purpose
Configures the OSPFv2 retransmit interval, in seconds.
The range is from 1 to 65535. The default is 5.
(Optional) switch(config-router-vlink)# transmit-delay seconds
Configures the OSPFv2 transmit-delay, in seconds. The range is from 1 to 450. The default is 1.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create a simple virtual link between two ABRs.
The configuration for ABR 1 (router ID 27.0.0.55) is as follows: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 virtual-link 10.1.2.3
switch(config-router)# copy running-config startup-config
The configuration for ABR 2 (Router ID 10.1.2.3) is as follows: switch# configure terminal switch(config)# router ospf 101 switch(config-router)# area 0.0.0.10 virtual-link 27.0.0.55
switch(config-router)# copy running-config startup-config
Configuring Redistribution
You can redistribute routes learned from other routing protocols into an OSPFv2 autonomous system through the ASBR.
You can configure the following optional parameters for route redistribution in OSPF:
• Default information originate—Generates an AS External (type 5) LSA for a default route to the external autonomous system.
Note Default information originate ignores match statements in the optional route map.
• Default metric—Sets all redistributed routes to the same cost metric.
Note If you redistribute static routes, Cisco NX-OS requires the configuration of default-information originate command under the router OSPF process to successfully redistribute or generate the default static route.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
135
Routing
Configuring Redistribution
Before you begin
Ensure that you have enabled the OSPF feature.
Create the necessary route maps used for redistribution.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# redistribute { bgp id | direct | eigrp id | isis id ospf id rip id | static } route-map map-name
4.
switch(config-router)# default-information originate [ always ] [ route-map map-name ]
5.
switch(config-router)# default-metric [ cost ]
6.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Purpose
Enters global configuration mode.
switch(config)# router ospf instance-tag Creates a new OSPFv2 instance with the configured instance tag.
switch(config-router)# redistribute { bgp id | direct | eigrp id | isis id ospf id rip id | static } route-map map-name
Redistributes the selected protocol into OSPF through the configured route map.
Note If you redistribute static routes, Cisco NX-OS also redistributes the default static route.
Step 4 switch(config-router)# default-information originate
[ always ] [ route-map map-name ]
Creates a default route into this OSPF domain if the default route exists in the RIB. Use the following optional keywords:
• always —Always generate the default route of 0.0.0.
even if the route does not exist in the RIB
• route-map —Generate the default route if the route map returns true.
Note This command ignores match statements in the route map.
Step 5
Step 6 switch(config-router)# default-metric [ cost ]
(Optional) switch(config)# startup-config copy running-config
Sets the cost metric for the redistributed routes. This command does not apply to directly connected routes. Use a route map to set the default metric for directly connected routes.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
136
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Limiting the Number of Redistributed Routes
Example
This example shows how to create an NSSA that blocks all summary route updates: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# copy running-config startup-config
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the OSPFv2 route table. You can configure a maximum limit to the number of routes accepted from external protocols. OSPFv2 provides the following options to configure redistributed route limits:
• Fixed limit—Logs a message when OSPFv2 reaches the configured maximum. OSPFv2 does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where OSPFv2 logs a warning when that threshold is passed.
• Warning only—Logs a warning only when OSPFv2 reaches the maximum. OSPFv2 continues to accept redistributed routes.
• Withdraw—Starts the timeout period when OSPFv2 reaches the maximum. After the timeout period,
OSPFv2 requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, OSPFv2 withdraws all redistributed routes. You must clear this condition before OSPFv2 accepts more redistributed routes.
• You can optionally configure the timeout period.
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# redistribute { bgp id direct | eigrp id | isis id | ospf id | rip id | static } route-map map-name
4.
switch(config-router)# redistribute maximum-prefix max [ threshold ] [ warning-only | withdraw
[ num-retries timeout ]]
5.
(Optional) switch(config-router)# show running-config ospf
6.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
137
Routing
Configuring Route Summarization
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action switch(config)# router ospf instance-tag
Purpose
Creates a new OSPFv2 instance with the configured instance tag.
switch(config-router)# redistribute { bgp id direct | eigrp id | isis id | ospf id | rip id | static } route-map map-name
Redistributes the selected protocol into OSPF through the configured route map.
switch(config-router)# redistribute maximum-prefix max
[ threshold ] [ warning-only | withdraw [ num-retries timeout ]]
Specifies a maximum number of prefixes that OSPFv2 distributes. The range is from 0 to 65536. Optionally specifies the following:
• threshold —Percent of maximum prefixes that trigger a warning message.
• warning-only —Logs an warning message when the maximum number of prefixes is exceeded.
• withdraw —Withdraws all redistributed routes.
Optionally tries to retrieve the redistributed routes.
The num-retries range is from 1 to 12. The timeout is
60 to 600 seconds. The default is 300 seconds. Use the clear ip ospf redistribution command if all routes are withdrawn.
(Optional) switch(config-router)# show running-config ospf
(Optional) switch(config)# copy running-config startup-config
Displays the OSPFv2 configuration.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to limit the number of redistributed routes into OSPF: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# redistribute maximum-prefix 1000 75
Configuring Route Summarization
You can configure route summarization for inter-area routes by configuring an address range that is summarized.
You can also configure route summarization for external, redistributed routes by configuring a summary address for those routes on an ASBR.
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that you are in the correct VDC (or use the switchto vdc command).
138
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Route Summarization
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
Configure one of the following commands:
• area area-id range ip-prefix/length [ no-advertise ] [ cost cost ]
• summary-address ip-prefix/length [ no-advertise | tag tag ]
4.
(Optional) switch(config-router)# [ no ] discard route { internal | external }
5.
(Optional) switch(config-router)# show ip ospf summary-address
6.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action switch# switch(config)#
Configure one of the following commands:
• area area-id range ip-prefix/length [ no-advertise ]
[ cost cost ]
• summary-address ip-prefix/length [ no-advertise |
tag tag ]
(Optional) switch(config-router)# [
{ configure terminal internal |
router ospf instance-tag external } no ] discard route
(Optional) switch(config-router)# show ip ospf summary-address
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
The first command creates a summary address on an ABR for a range of addresses and optionally does not advertise this summary address in a Network Summary (type 3) LSA.
The cost range is from 0 to 16777215.
The second command creates a summary address on an
ASBR for a range of addresses and optionally assigns a tag for this summary address that can be used for redistribution with route maps.
When you configure a summary address, Cisco NX-OS software automatically configures a discard route for the summary address to prevent routing black holes and route loops. You can use the no form of this command to prevent the discard routes from being created.
Displays information about OSPF summary addresses.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create summary addresses between areas on an ABR: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# area 0.0.0.10 range 10.3.0.0/16 switch(config-router)# copy running-config startup-config
This example shows how to create summary addresses on an ASBR:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
139
Routing
Configuring Stub Route Advertisements switch# configure terminal switch(config)# router ospf 201 switch(config-router)# summary-address 10.5.0.0/16 switch(config-router)# copy running-config startup-config
Configuring Stub Route Advertisements
Use stub route advertisements when you want to limit the OSPFv2 traffic through this router for a short time.
Stub route advertisements can be configured with the following optional parameters:
• on startup —Sends stub route advertisements for the specified announce time.
• wait-for bgp —Sends stub router advertisements until BGP converges.
Note You should not save the running configuration of a router when it is configured for a graceful shutdown because the router continues to advertise a maximum metric after it is reloaded.
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# max-metric router-lsa [ external-lsa [ max-metric-value ]] [ include-stub ]
[ on-startup [ seconds ]] [ wait-for bgp tag ] [ summary-lsa [ max-metric-value ]]
4.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action switch# configure terminal switch(config)# router ospf instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
switch(config-router)# max-metric router-lsa [ external-lsa
[ max-metric-value ]] [ include-stub ] [ on-startup [ seconds ]]
[ wait-for bgp tag ] [ summary-lsa [ max-metric-value ]]
Configures OSPFv2 stub route advertisements.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
140
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring the Administrative Distance of Routes
Example
This example shows how to enable the stub router advertisements on startup for the default 600 seconds: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# max-metric router-lsa on-startup switch(config-router)# copy running-config startup-config
Configuring the Administrative Distance of Routes
Beginning with Cisco NX-OS Release 6.1, you can set the administrative distance of routes added by OSPFv2 into the RIB.
The administrative distance is a rating of the trustworthiness of a routing information source. A higher value indicates a lower trust rating. Typically, a route can be learned through more than one routing protocol. The administrative distance is used to discriminate between routes learned from more than one routing protocol.
The route with the lowest administrative distance is installed in the IP routing table.
Before you begin
Ensure that you have enabled OSPF.
Ensure that you are in the correct VDC (or use the switchto vdc command).
See the guidelines and limitations for this feature.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# [ no ] table-map map-name [ filter ]
4.
switch(config-router)# exit
5.
switch(config)# route-map map-name [ permit | deny ] [ seq ]
6.
switch(config-route-map)# match route-type route-type
7.
switch(config-route-map)# match ip route-source prefix-list name
8.
switch(config-route-map)# match ip address prefix-list name
9.
switch(config-route-map)# set distance value
10.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router ospf instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
141
Routing
Configuring the Administrative Distance of Routes
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Command or Action Purpose switch(config-router)# [ no ] table-map map-name [ filter ] Configures the policy for filtering or modifying OSPFv2 routes before sending them to the RIB. You can enter up to 63 alphanumeric characters for the map name.
The filter keyword specifies that only routes that are permitted by the route map( map-name ) configuration are downloaded to the routing information base (RIB).
switch(config-router)# exit switch(config)# route-map map-name [ permit | deny ]
[ seq ]
Exits router configuration mode.
Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.
Note The permit option enables you to set the distance. If you use the deny option, the default distance is applied.
switch(config-route-map)# match route-type route-type Matches against one of the following route types:
• external: The external route (BGP, EIGRP, and OSPF type 1 or 2)
• inter-area: OSPF inter-area route
• internal: The internal route (including the OSPF intraor inter-area)
• intra-area: OSPF intra-area route
• nssa-external: The NSSA external route (OSPF type
1 or 2)
• type-1: The OSPF external type 1 route
• type-2: The OSPF external type 2 route switch(config-route-map)#
prefix-list name match ip route-source Matches the IPv4 route source address or router ID of a route to one or more IP prefix lists. Use the ip prefix-list command to create the prefix list.
switch(config-route-map)# match ip address prefix-list name
Matches against one or more IPv4 prefix lists. Use the ip prefix-list command to create the prefix list.
switch(config-route-map)# set distance value Sets the administrative distance of routes for OSPFv2. The range is from 1 to 255.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
142
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Modifying the Default Timers
Example
This example shows how to configure the OSPFv2 administrative distance for inter-area routes to
150, for external routes to 200, and for all prefixes in prefix list p1 to 190: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# table-map foo switch(config-router)# exit switch(config)# route-map foo permit 10 switch(config-route-map)# match route-type inter-area switch(config-route-map)# set distance 150 switch(config)# route-map foo permit 20 switch(config-route-map)# match route-type external switch(config-route-map)# set distance 200 switch(config)# route-map foo permit 30 switch(config-route-map)# match ip route-source prefix-list p1 switch(config-route-map)# match ip address prefix-list p1 switch(config-route-map)# set distance 190
The following example shows how to configure a route map for blocking the next hops that are learned through VLAN 10: switch(config)# route-map Filter-OSPF 10 deny switch(config-route-map)# match interface VLAN 10 switch(config-route-map)# exit switch(config)# route-map Filter-OSPF 20 permit
The following example shows how to configure the table-map command with the filter keyword to use a route map (Filter-OSPF) to remove the next-hop path that is learned through VLAN 10 but not the next-hop path that is learned through VLAN 20: switch(config)# route ospf p1 switch(config-router)# table-map Filter-OSPF filter
Modifying the Default Timers
OSPFv2 includes a number of timers that control the behavior of protocol messages and shortest path first
(SPF) calculations. OSPFv2 includes the following optional timer parameters:
• LSA arrival time—Sets the minimum interval allowed between LSAs that arrive from a neighbor. LSAs that arrive faster than this time are dropped.
• Pacing LSAs—Sets the interval at which LSAs are collected into a group and refreshed, checksummed, or aged. This timer controls how frequently LSA updates occur and optimizes how many are sent in an
LSA update message.
• Throttle LSAs—Sets the rate limits for generating LSAs. This timer controls how frequently LSAs are generated after a topology change occurs.
• Throttle SPF calculation—Controls how frequently the SPF calculation is run.
At the interface level, you can also control the following timers:
• Retransmit interval—Sets the estimated time between successive LSAs
• Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
143
Routing
Modifying the Default Timers
Before you begin
Ensure that you have enabled the OSPF feature.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# timers lsa-arrival msec
4.
switch(config-router)# timers lsa-group-pacing seconds
5.
switch(config-router)# timers throttle lsa start-time hold-interval max-time
6.
switch(config-router)# timers throttle spf delay-time hold-time max-wait
7.
switch(config)# interface type slot/port
8.
switch(config-if)# ip ospf hello-interval seconds
9.
switch(config-if)# ip ospf dead-interval seconds
10.
switch(config-if)# ip ospf retransmit-interval seconds
11.
switch(config-if)# ip ospf transmit-delay seconds
12.
(Optional) switch(config-if)# show ip ospf
13.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action switch# configure terminal switch(config)# router ospf instance-tag switch(config-router)# timers lsa-arrival msec
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Sets the LSA arrival time in milliseconds. The range is from 10 to 600000. The default is 1000 milliseconds.
switch(config-router)# timers lsa-group-pacing seconds Sets the interval in seconds for grouping LSAs. The range is from 1 to 1800. The default is 240 seconds.
switch(config-router)# timers throttle lsa start-time hold-interval max-time
Sets the rate limit in milliseconds for generating LSAs with the following timers:
• start-time —The range is from 50 to 5000 milliseconds. The default value is 50 milliseconds.
• hold-interval —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
• max-time —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds
Step 6 switch(config-router)# timers throttle spf delay-time hold-time max-wait
Sets the SPF best path schedule initial delay time and the minimum hold time in seconds between SPF best path calculations. The range is from 1 to 600000. The default is no delay time and 5000 millisecond hold time.
144
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Graceful Restart
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Command or Action switch(config)# interface type slot/port switch(config-if)# switch(config-if)#
ip ospf hello-interval seconds
ip ospf dead-interval seconds switch(config-if)# ip ospf retransmit-interval seconds
Purpose
Enters interface configuration mode.
Sets the hello interval this interface. The range is from 1 to 65535. The default is 10.
Sets the dead interval for this interface. The range is from
1 to 65535.
Sets the estimated time in seconds between LSAs transmitted from this interface. The range is from 1 to
65535. The default is 5.
switch(config-if)# ip ospf transmit-delay seconds
(Optional) switch(config-if)# show ip ospf
(Optional) switch(config)# copy running-config startup-config
Sets the estimated time in seconds to transmit an LSA to a neighbor. The range is from 1 to 450. The default is 1.
Displays information about OSPF.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to control LSA flooding with the lsa-group-pacing option: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# timers lsa-group-pacing 300 switch(config-router)# copy running-config startup-config
Configuring Graceful Restart
Graceful restart is enabled by default. You can configure the following optional parameters for graceful restart in an OSPFv2 instance:
• Grace period—Configures how long neighbors should wait after a graceful restart has started before tearing down adjacencies.
• Helper mode disabled—Disables helper mode on the local OSPFv2 instance. OSPFv2 does not participate in the graceful restart of a neighbor.
• Planned graceful restart only—Configures OSPFv2 to support graceful restart only in the event of a planned restart.
Before you begin
Ensure that you have enabled OSPF.
Ensure that all neighbors are configured for graceful restart with matching optional parameters set.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
145
Routing
Restarting an OSPFv2 Instance
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# graceful-restart
4.
(Optional) switch(config-router)# graceful-restart grace-period seconds
5.
(Optional) switch(config-router)# graceful-restart helper-disable
6.
(Optional) switch(config-router)# graceful-restart planned-only
7.
(Optional) switch(config-if)# show ip ospf instance-tag
8.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Command or Action switch# configure terminal switch(config)# router ospf instance-tag switch(config-router)# graceful-restart
Purpose
Enters global configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Enables a graceful restart. A graceful restart is enabled by default.
Sets the grace period, in seconds. The range is from 5 to
1800. The default is 60 seconds.
Disables helper mode. This feature is enabled by default.
(Optional) switch(config-router)# graceful-restart
grace-period seconds
(Optional) switch(config-router)# graceful-restart helper-disable
(Optional) switch(config-router)# graceful-restart planned-only
(Optional) switch(config-if)# show ip ospf instance-tag
(Optional) switch(config)# copy running-config startup-config
Configures a graceful restart for planned restarts only.
Displays OSPF information.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to enable a graceful restart if it has been disabled and set the grace period to 120 seconds: switch# configure terminal switch(config)# router ospf 201 switch(config-router)# graceful-restart switch(config-router)# graceful-restart grace-period 120 switch(config-router)# copy running-config startup-config
Restarting an OSPFv2 Instance
You can restart an OSPv2 instance. This action clears all neighbors for the instance.
146
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring OSPFv2 with Virtualization
To restart an OSPFv2 instance and remove all associated neighbors, use the following command:
Command
restart ospf instance-tag
Purpose
Restarts the OSPFv2 instance and removes all neighbors.
Configuring OSPFv2 with Virtualization
You can configure multiple OSPFv2 instances in each VDC. You can also create multiple VRFs within each
VDC and use the same or multiple OSPFv2 instances in each VRF. You assign an OSPFv2 interface to a
VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a
VRF for an interface deletes all the configuration for that interface
Before you begin
Create the VDCs.
Ensure that you have enabled the OSPF feature.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
Step 4
1.
switch# configure terminal
2.
switch(config)# vrf context vrf-name
3.
switch(config)# router ospf instance-tag
4.
switch(config-router)# vrf vrf-name
5.
(Optional) switch(config-router-vrf)# maximum-paths path
6.
switch(config-router-vrf)# interface interface-type slot/port
7.
switch(config-if)# vrf member vrf-name
8.
switch(config-if)# ip address ip-prefix/length
9.
switch(config-if)# ip router ospf instance-tag area area-id
10.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3 switch(config)# vrf context vrf-name switch(config)# router ospf instance-tag switch(config-router)# vrf vrf-name
Purpose
Enters global configuration mode.
Creates a new VRF and enters VRF configuration mode.
Creates a new OSPFv2 instance with the configured instance tag.
Enters VRF configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
147
Routing
Verifying the OSPFv2 Configuration
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Command or Action
(Optional) switch(config-router-vrf)# maximum-paths path
Purpose
Configures the maximum number of equal OSPFv2 paths to a destination in the route table for this VRF. Used for load balancing.
Enters interface configuration mode.
switch(config-router-vrf)# interface interface-type slot/port switch(config-if)# vrf member vrf-name switch(config-if)# ip address ip-prefix/length
Adds this interface to a VRF.
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
switch(config-if)# ip router ospf instance-tag area area-id Assigns this interface to the OSPFv2 instance and area configured.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create summary addresses between areas on an ABR: switch# configure terminal switch(config)# vrf context NewVRF switch(config)# router ospf 201 switch(config)# interface ethernet 1/2 switch(config-if)# vrf member NewVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router ospf 201 area 0 switch(config)# copy running-config startup-config
Verifying the OSPFv2 Configuration
To display the OSPFv2 configuration, perform one of the following tasks:
148
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Verifying the OSPFv2 Configuration
Command show ip ospf [ instance-tag ] [ vrf vrf-name ]
Purpose
Displays the information about one or more OSPFv2 routing instances. The output includes the following area-level counts:
• Interfaces in this area—A count of all interfaces added to this area (configured interfaces).
• Active interfaces—A count of all interfaces considered to be in router link states and SPF
(UP interfaces).
• Passive interfaces—A count of all interfaces considered to be OSPF passive ( no adjacencies will be formed).
• Loopback interfaces—A count of all local loopback interfaces.
show ip ospf border-routers [ vrf {vrf-name | all | default | management }]
show ip ospf interface number [ vrf {vrf-name | all
| default | management }]
Displays the OSPFv2 link-state database summary.
Displays the OSPFv2 interface configuration.
show ip ospf lsa-content-changed-list neighbor-id interface-type number [ vrf { vrf-name | all | default
| management }]
Displays the OSPFv2 LSAs that have changed.
show ip ospf neighbors [ neighbor-id ] [ detail ]
[ interface-type number ] [ vrf { vrf-name | all | default
| management }] [ summary ]
Displays the list of OSPFv2 neighbors.
show ip ospf request-list neighbor-id interface-type number [ vrf { vrf-name | all | default | management }]
Displays the list of OSPFv2 link-state requests.
show ip ospf retransmission-list neighbor-id interface-type number [ vrf { vrf-name | all | default | management }]
Displays the list of OSPFv2 link-state retransmissions.
show ip ospf route [ ospf-route ] [ summary ] [ vrf
{ vrf-name | all | default | management }]
Displays the internal OSPFv2 routes.
show ip ospf summary-address [ vrf { vrf-name | all
| default | management }]
Displays information about the OSPFv2 summary addresses.
show ip ospf virtual-links [ brief ] [ vrf { vrf-name | all | default | management }]
Displays information about OSPFv2 virtual links.
show ip ospf vrf { vrf-name | all | default | management }
Displays information about VRF-based OSPFv2 configuration.
show running-configuration ospf Displays the current running OSPFv2 configuration.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
149
Routing
Monitoring OSPFv2
Monitoring OSPFv2
To display OSPFv2 statistics, use the following commands:
Command Purpose
show ip ospf policy statistics area area-id filter-list
{ in | out } [ vrf vrf-name | all | default | management }]
Displays the OSPFv2 route policy statistics for an area.
show ip ospf policy statistics redistribute { bgp id
| direct | eigrp id | isis id | ospf id | rip id | static }
[ vrf { vrf-name | all | default | management }]
Displays the OSPFv2 route policy statistics.
show ip ospf statistics [ vrfnumber [ vrf { vrf-name | all | default | management }]
Displays the OSPFv2 event counters.
show ip ospf traffic interface-type number [ vrf
{ vrf-name | all | default | management }]
Displays the OSPFv2 packet counters.
Configuration Examples for OSPFv2 feature ospf router ospf 201 router-id 290.0.2.1
interface ethernet 1/2 ip router ospf 201 area 0.0.0.10
ip ospf authentication ip ospf authentication-key 0 mypass
Related Documents for OSPFv2
.
For more information related to OSPFv2 CLI commands, see the Cisco Nexus 5000 Series Command Reference
Feature History for OSPFv2
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 16: Feature History for OSPFv2
Feature Name
OSPF Packet-size
Release
8.3(2)
Feature Information
Added support for configuring OSPF packet-size.
150
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Feature Name
OSPF—Distribute List to
Filter Paths
Release
6.2(6a)
Administrative distance of routes
6.2(2)
Route summarization 6.2(2)
OSPFv2
OSPFv2
OSPFv2
Passive interface
OSPFv2
BFD
6.2(2)
6.1(1)
6.1(1)
5.2(1)
5.1(2)
5.0(2)
OSPFv2 4.0(1)
Feature History for OSPFv2
Feature Information
Added support for filtering next-hop paths for an OSPF route to prevent the path from being added to the RIB.
Added the filter keyword to the table-map command to specify that only routes permitted by the route map are downloaded to the RIB.
Added the ability to prevent discard routes from being created
Added support for the optional name lookup parameter for OSFPv2 instances.
Added support for more than four process instances for OSPFv2 per VDC.
Added support for configuring the administrative distance of routes for OSPFv2.
Added support for setting the passive interface mode on all interfaces in the router or VRF.
Added options for the max-metric router-lsa command.
Added support for BFD. See the Cisco Nexus
7000 Series NX-OS Interfaces Configuration
Guide for more information.
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
151
Feature History for OSPFv2
Routing
152
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
8
Configuring OSPFv3
This chapter contains the following sections:
•
Finding Feature Information, on page 153
•
Information About OSPFv3, on page 153
•
Advanced Features, on page 162
•
Prerequisites for OSPFv3, on page 166
•
Guidelines and Limitations for OSPFv3, on page 166
•
Default Settings for OSPFv3, on page 168
•
Configuring Basic OSPFv3, on page 168
•
Configuring Advanced OSPFv3, on page 175
•
Configuring OSPFv3 Encryption at Router Level, on page 197
•
Configuring OSPFv3 Encryption at Area Level, on page 198
•
Configuring OSPFv3 Encryption at Interface Level, on page 199
•
Configuring OSPFv3 Encryption for Virtual Links, on page 200
•
Configuration Examples for OSPFv3, on page 202
•
Related Documents for OSPFv3, on page 202
•
Feature History for OSPFv3, on page 202
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About OSPFv3
OSPFv3 is an IETF link-state protocol. An OSPFv3 router sends a special message, called a hello packet, out each OSPF-enabled interface to discover other OSPFv3 neighbor routers. Once a neighbor is discovered, the two routers compare information in the Hello packet to determine if the routers have compatible configurations.
The neighbor routers attempt to establish adjacency, which means that the routers synchronize their link-state databases to ensure that they have identical OSPFv3 routing information. Adjacent routers share link-state advertisements (LSAs) that include information about the operational state of each link, the cost of the link,
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
153
Routing
Comparison of OSPFv3 and OSPFv2 and any other neighbor information. The routers then flood these received LSAs out every OSPF-enabled interface so that all OSPFv3 routers eventually have identical link-state databases. When all OSPFv3 routers have identical link-state databases, the network is converged. Each router then uses Dijkstra’s Shortest Path
First (SPF) algorithm to build its route table.
You can divide OSPFv3 networks into areas. Routers send most LSAs only within one area, which reduces the CPU and memory requirements for an OSPF-enabled router.
OSPFv3 supports IPv6.
Comparison of OSPFv3 and OSPFv2
Much of the OSPFv3 protocol is the same as in OSPFv2. OSPFv3 is described in RFC 2740.
The key differences between the OSPFv3 and OSPFv2 protocols are as follows:
• OSPFv3 expands on OSPFv2 to provide support for IPv6 routing prefixes and the larger size of IPv6 addresses.
• LSAs in OSPFv3 are expressed as prefix and prefix length instead of address and mask.
• The router ID and area ID are 32-bit numbers with no relationship to IPv6 addresses.
• OSPFv3 uses link-local IPv6 addresses for neighbor discovery and other features.
• OSPFv3 can use the IPv6 authentication trailer (RFC 6506) or IPSec (RFC 4552) for authentication.
However, neither of these options is supported on Cisco NX-OS.
• OSPFv3 redefines LSA types.
Hello Packet
OSPFv3 routers periodically send Hello packets on every OSPF-enabled interface. The hello interval determines how frequently the router sends these Hello packets and is configured per interface. OSPFv3 uses Hello packets for the following tasks:
• Neighbor discovery
• Keepalives
• Bidirectional communications
• Designated router election
The Hello packet contains information about the originating OSPFv3 interface and router, including the assigned OSPFv3 cost of the link, the hello interval, and optional capabilities of the originating router. An
OSPFv3 interface that receives these Hello packets determines if the settings are compatible with the receiving interface settings. Compatible interfaces are considered neighbors and are added to the neighbor table.
Hello packets also include a list of router IDs for the routers that the originating interface has communicated with. If the receiving interface sees its own router ID in this list, then bidirectional communication has been established between the two interfaces.
OSPFv3 uses Hello packets as a keepalive message to determine if a neighbor is still communicating. If a router does not receive a Hello packet by the configured dead interval (usually a multiple of the hello interval), then the neighbor is removed from the local neighbor table.
154
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Neighbors
Neighbors
An OSPFv3 interface must have a compatible configuration with a remote interface before the two can be considered neighbors. The two OSPFv3 interfaces must match the following criteria:
• Hello interval
• Dead interval
• Area ID
• Optional capabilities
If there is a match, the information is entered into the neighbor table:
• If there is a match, the information is entered into the neighbor table:
• Priority—Priority of the neighbor router. The priority is used for designated router election.
• State—Indication of whether the neighbor has just been heard from, is in the process of setting up bidirectional communications, is sharing the link-state information, or has achieved full adjacency.
• Dead time—Indication of how long since the last Hello packet was received from this neighbor.
• Link-local IPv6 Address—The link-local IPv6 address of the neighbor.
• Designated Router—Indication of whether the neighbor has been declared the designated router or backup designated router.
• Local interface—The local interface that received the Hello packet for this neighbor.
When the first Hello packet is received from a new neighbor, the neighbor is entered into the neighbor table in the initialization state. Once bidirectional communication is established, the neighbor state becomes two-way.
ExStart and exchange states come next, as the two interfaces exchange their link-state database. Once this is all complete, the neighbor moves into the full state, which signifies full adjacency. If the neighbor fails to send any Hello packets in the dead interval, then the neighbor is moved to the down state and is no longer considered adjacent.
Adjacency
Not all neighbors establish adjacency. Depending on the network type and designated router establishment, some neighbors become fully adjacent and share LSAs with all their neighbors, while other neighbors do not.
Adjacency is established using Database Description packets, Link State Request packets, and Link State
Update packets in OSPFv3. The Database Description packet includes the LSA headers from the link-state database of the neighbor. The local router compares these headers with its own link-state database and determines which LSAs are new or updated. The local router sends a Link State Request packet for each LSA that it needs new or updated information on. The neighbor responds with a Link State Update packet. This exchange continues until both routers have the same link-state information.
Designated Routers
Networks with multiple routers present a unique situation for OSPFv3. If every router floods the network with LSAs, the same link-state information is sent from multiple sources. Depending on the type of network,
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
155
Areas
Routing
OSPFv3 might use a single router, the designated router (DR), to control the LSA floods and represent the network to the rest of the OSPFv3 area. If the DR fails, OSPFv3 uses the BDR.
Network types are as follows:
• Point-to-point—A network that exists only between two routers. All neighbors on a point-to-point network establish adjacency and there is no DR.
• Broadcast—A network with multiple routers that can communicate over a shared medium that allows broadcast traffic, such as Ethernet. OSPFv3 routers establish a DR and BDR that controls LSA flooding on the network. OSPFv3 uses the well-known IPv6 multicast addresses, FF02::5, and a MAC address of 0100.5300.0005 to communicate with neighbors.
The DR and BDR are selected based on the information in the Hello packet. When an interface sends a Hello packet, it sets the priority field and the DR and BDR field if it knows who the DR and BDR are. The routers follow an election procedure based on which routers declare themselves in the DR and BDR fields and the priority field in the Hello packet. As a final determinant, OSPFv3 chooses the highest router IDs as the DR and BDR.
All other routers establish adjacency with the DR and the BDR and use the IPv6 multicast address FF02::6 to send LSA updates to the DR and BDR. The Figure shows this adjacency relationship between all routers and the DR.
DRs are based on a router interface. A router might be the DR for one network and not for another network on a different interface.
Figure 27: DR in Multi-Access Network
Areas
You can limit the CPU and memory requirements that OSPFv3 puts on the routers by dividing an OSPFv3 network into areas. An area is a logical division of routers and links within an OSPFv3 domain that creates separate subdomains. LSA flooding is contained within an area, and the link-state database is limited to links within the area. You can assign an area ID to the interfaces within the defined area. The Area ID is a 32-bit value that can be expressed as a number or in dotted decimal notation, such as 10.2.3.1.
Cisco NX-OS always displays the area in dotted decimal notation.
If you define more than one area in an OSPFv3 network, you must also define the backbone area, which has the reserved area ID of 0. If you have more than one area, then one or more routers become area border routers
(ABRs). An ABR connects to both the backbone area and at least one other defined area.
156
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Figure 28: OSPFv3 Areas
Link-State Advertisement Types
The ABR has a separate link-state database for each area which it connects to. The ABR sends Inter-Area
Prefix (type 3) LSAs from one connected area to the backbone area. The backbone area sends summarized information about one area to another area. In the figure, Area 0 sends summarized information about Area
5 to Area 3.
OSPFv3 defines one other router type: the autonomous system boundary router (ASBR). This router connects an OSPFv3 area to another autonomous system. An autonomous system is a network controlled by a single technical administration entity. OSPFv3 can redistribute its routing information into another autonomous system or receive redistributed routes from another autonomous system.
Link-State Advertisement Types
OSPFv3 uses link-state advertisements (LSAs) to build its routing table.
1
Names
Router LSA
2 Network LSA
Description
LSA sent by every router.
This LSA includes the state and cost of all links but does not include prefix information. Router
LSAs trigger an SPF recalculation. Router
LSAs are flooded to the local OSPFv3 area.
LSA sent by the DR. This
LSA lists all routers in the multi-access network but does not include prefix information. Network
LSAs trigger an SPF recalculation.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
157
Link-State Advertisement Types
3
Names
Inter-Area Prefix LSA
4
5
7
Inter-Area Router LSA
AS External LSA
Type-7 LSA
8
9
Link LSA
Intra-Area Prefix LSA
Routing
Description
LSA sent by the area border router to an external area for each destination in local area.
This LSA includes the link cost from the border router to the local destination.
LSA sent by the area border router to an external area. This LSA advertises the link cost to the ASBR only.
LSA generated by the
ASBR. This LSA includes the link cost to an external autonomous system destination. AS External
LSAs are flooded throughout the autonomous system.
LSA generated by the
ASBR within an NSSA.
This LSA includes the link cost to an external autonomous system destination. Type-7 LSAs are flooded only within the local NSSA.
LSA sent by every router, using a link-local flooding scope. This LSA includes the link-local address and
IPv6 prefixes for this link.
LSA sent by every router.
This LSA includes any prefix or link state changes. Intra-Area Prefix
LSAs are flooded to the local OSPFv3 area. This
LSA does not trigger an
SPF recalculation.
158
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Link Cost
11
Names
Grace LSAs
Description
LSA sent by a restarting router, using a link-local flooding scope. This LSA is used for a graceful restart of OSPFv3.
Link Cost
Each OSPFv3 interface is assigned a link cost. The cost is an arbitrary number. By default, Cisco NX-OS assigns a cost that is the configured reference bandwidth divided by the interface bandwidth. By default, the reference bandwidth is 40 Gb/s. The link cost is carried in the LSA updates for each link.
Flooding and LSA Group Pacing
OSPFv3 floods LSA updates to different sections of the network, depending on the LSA type. OSPFv3 uses the following flooding scopes:
• Link-local—LSA is flooded only on the local link. Used for Link LSAs and Grace LSAs.
• Area-local—LSA is flooded throughout a single OSPF area only. Used for Router LSAs, Network LSAs,
Inter-Area-Prefix LSAs, Inter-Area-Router LSAs, and Intra-Area-Prefix LSAs.
• AS scope—LSA is flooded throughout the routing domain. An AS scope is used for AS External LSAs.
LSA flooding guarantees that all routers in the network have identical routing information. LSA flooding depends on the OSPFv3 area configuration. The LSAs are flooded based on the link-state refresh time (every
30 minutes by default). Each LSA has its own link-state refresh time.
You can control the flooding rate of LSA updates in your network by using the LSA group pacing feature.
LSA group pacing can reduce high CPU or buffer utilization. This feature groups LSAs with similar link-state refresh times to allow OSPFv3 to pack multiple LSAs into an OSPFv3 Update message.
By default, LSAs with link-state refresh times within 10 seconds of each other are grouped together. You should lower this value for large link-state databases or raise it for smaller databases to optimize the OSPFv3 load on your network.
Link-State Database
Each router maintains a link-state database for the OSPFv3 network. This database contains all the collected
LSAs and includes information on all the routes through the network. OSPFv3 uses this information to calculate the bast path to each destination and populates the routing table with these best paths.
LSAs are removed from the link-state database if no LSA update has been received within a set interval, called the MaxAge. Routers flood a repeat of the LSA every 30 minutes to prevent accurate link-state information from being aged out. Cisco NX-OS supports the LSA grouping feature to prevent all LSAs from refreshing at the same time.
Multi-Area Adjacency
OSPFv3 multi-area adjacency allows you to configure a link on the primary interface that is in more than one area. This link becomes the preferred intra-area link in those areas. Multi-area adjacency establishes a point-to-point unnumbered link in an OSPFv3 area that provides a topological path for that area. The primary
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
159
Routing
OSPFv3 and the IPv6 Unicast RIB adjacency uses the link to advertise an unnumbered point-to-point link in the Router LSA for the corresponding area when the neighbor state is full.
The multi-area interface exists as a logical construct over an existing primary interface for OSPF; however, the neighbor state on the primary interface is independent of the multi-area interface. The multi-area interface establishes a neighbor relationship with the corresponding multi-area interface on the neighboring router.
OSPFv3 and the IPv6 Unicast RIB
OSPFv3 runs the Dijkstra shortest path first algorithm on the link-state database. This algorithm selects the best path to each destination based on the sum of all the link costs for each link in the path. The shortest path for each destination is then put in the OSPFv3 route table. When the OSPFv3 network is converged, this route table feeds into the IPv6 unicast RIB. OSPFv3 communicates with the IPv6 unicast RIB to do the following:
• Add or remove routes
• Handle route redistribution from other protocols
• Provide convergence updates to remove stale OSPFv3 routes and for stub router advertisements.
OSPFv3 also runs a modified Dijkstra algorithm for fast recalculation for Inter-Area Prefix, Inter-Area Router,
AS-External, type-7, and Intra-Area Prefix (type 3, 4, 5, 7, 8) LSA changes.
Address Family Support
Cisco NX-OS supports multiple address families, such as unicast IPv6 and multicast IPv6. OSPFv3 features that are specific to an address family are as follows:
• Default routes
• Route summarization
• Route redistribution
• Filter lists for border routers
• SPF optimization
Use the address-family ipv6 unicast command to enter the IPv6 unicast address family configuration mode when configuring these features.
Authentication
You can configure authentication on OSPFv3 messages to prevent unauthorized or invalid routing updates in the network. OSPFv3 uses the Cisco NX-OS IPSecV6 secure sockets API to add authentication and encryption to its packets. It uses IPSec in transport mode with manually configured security association (SA) shared by all OSPFv3 routers in a link.
Cisco NX-OS OSPFv3 uses IPSec AH header with MD5 or SHA1 authentication. You can configure IPSec with a security policy, which is a combination of the security policy index (SPI) and a key.
OSPFv3 authentication can be configured at the following levels:
• Router / Process
160
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Encryption
• Area
• Interface
If you configure IPSec for an OSPFv3 area, the authentication is applied to all the interfaces in that area, except for the interfaces that have IPSec configured directly. If you configure IPSec for an OSPFv3 process, the authentication is applied on each interface in every area of that process. A security policy applied on an interface overrides the policy applied at the process or the area level.
Encryption
Beginning from Cisco Nexus Release 8.4.4, you can encrypt and authenticate OSPFv3 messages. OSPFv3 depends on IPSec for secure connection. IPSec supports two encapsulation types:
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
ESP configuration provides both encryption and authentication for OSPFv3 messages.
You can configure ESP at the following levels:
• Router
• Area
• Interface
• Virtual Links
Guidelines and Limitations for configuring ESP on OSPFv3
ESP configuration has the following guidelines and limitations:
• ESP configuration supports IPsec Transport Mode only.
• You can configure ESP on OSPFv3 for one SPI at one level, cannot configure two SPIs in one level.
• You cannot configure both encryption and authentication configurations for a same level.
• Supported encryption algorithms in ESP:
• AES-CBC (128-bit)
• 3DES-CBC
• NULL
• Supported authentication algorithms in ESP:
• SHA-1
• NULL
• You cannot configure both ESP and AUTH algorithm as null in one ESP CLI.
• If ESP is not configured at local level, it inherits configuration from higher level, if configured:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
161
Routing
Advanced Features
• If ESP is not configured at interface level, it inherits configuration from area level.
• If ESP is not configured at area level, it inherits configuration from router level.
• On local level SPI, inherited data will be removed internally.
Note Ensure that the CoPP policy is customized to allow ESP packets, as default CoPP policy drops ESP packets.
Advanced Features
Cisco NX-OS supports advanced OSPFv3 features that enhance the usability and scalability of OSPFv3 in the network.
Stub Area
You can limit the amount of external routing information that floods an area by making it a stub area. A stub area is an area that does not allow AS External (type 5) LSAs. These LSAs are usually flooded throughout the local autonomous system to propagate external route information. Stub areas have the following requirements:
• All routers in the stub area are stub routers.
• No ASBR routers exist in the stub area.
• You cannot configure virtual links in the stub area.
The figure shows an example an OSPFv3 autonomous system where all routers in area 0.0.0.10 have to go through the ABR to reach external autonomous systems. Area 0.0.0.10 can be configured as a stub area.
Figure 29: Stub Area
Stub areas use a default route for all traffic that needs to go through the backbone area to the external autonomous system. The default route is an Inter-Area-Prefix LSA with the prefix length set to 0 for IPv6.
Not-So-Stubby Area
A Not-So-Stubby Area (NSSA) is similar to the stub area, except that an NSSA allows you to import autonomous system external routes within an NSSA using redistribution. The NSSA ASBR redistributes these routes and generates type-7 LSAs that it floods throughout the NSSA. You can optionally configure the ABR
162
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Virtual Links that connects the NSSA to other areas to translate this type-7 LSA to AS External (type 5) LSAs. The ABR then floods these AS External LSAs throughout the OSPFv3 autonomous system. Summarization and filtering are supported during the translation.
You can, for example, use NSSA to simplify administration if you are connecting a central site using OSPFv3 to a remote site that is using a different routing protocol. Before NSSA, the connection between the corporate site border router and a remote router could not be run as an OSPFv3 stub area because routes for the remote site could not be redistributed into a stub area. With NSSA, you can extend OSPFv3 to cover the remote connection by defining the area between the corporate router and remote router as an NSSA.
The backbone Area 0 cannot be an NSSA
Virtual Links
Virtual links allow you to connect an OSPFv3 area ABR to a backbone area ABR when a direct physical connection is not available. The figure shows a virtual link that connects Area 3 to the backbone area through
Area 5.
Figure 30: Virtual Links
You can also use virtual links to temporarily recover from a partitioned area, which occurs when a link within the area fails, isolating part of the area from reaching the designated ABR to the backbone area.
Route Redistribution
OSPFv3 can learn routes from other routing protocols by using route redistribution. You configure OSPFv3 to assign a link cost for these redistributed routes or a default link cost for all redistributed routes.
Route redistribution uses route maps to control which external routes are redistributed. You must configure a route map with the redistribution to control which routes are passed into OSPFv3. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. You can use route maps to modify parameters in the AS External (type 5) and NSSA External (type 7)
LSAs before these external routes are advertised in the local OSPFv3 autonomous system.
OSPFv3 sets the type-5 LSA's forwarding address as described below:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
163
Routing
Route Summarization
• If the next-hop for the route is an attached-route then the forwarding address is the next-hop address for that route.
• If the next-hop for the route is a recursive route and next-hop's next-hop is an attached route then the forwarding address is the next-hop's next-hop address.
Route Summarization
Because OSPFv3 shares all learned routes with every OSPF-enabled router, you might want to use route summarization to reduce the number of unique routes that are flooded to every OSPF-enabled router. Route summarization simplifies route tables by replacing more-specific addresses with an address that represents all the specific addresses. For example, you can replace 2010:11:22:0:1000::1 and 2010:11:22:0:2000:679:1 with one summary address, 2010:11:22::/32.
Typically, you would summarize at the boundaries of area border routers (ABRs). Although you could configure summarization between any two areas, it is better to summarize in the direction of the backbone so that the backbone receives all the aggregate addresses and injects them, already summarized, into other areas. The two types of summarization are as follows:
• Inter-area route summarization
• External route summarization
You configure inter-area route summarization on ABRs, summarizing routes between areas in the autonomous system. To take advantage of summarization, assign network numbers in areas in a contiguous way to be able to lump these addresses into one range.
External route summarization is specific to external routes that are injected into OSPFv3 using route redistribution. You should make sure that external ranges that are being summarized are contiguous.
Summarizing overlapping ranges from two different routers could cause packets to be sent to the wrong destination. Configure external route summarization on ASBRs that are redistributing routes into OSPF.
When you configure a summary address, Cisco NX-OS automatically configures a discard route for the summary address to prevent routing black holes and route loops.
High Availability and Graceful Restart
Cisco NX-OS provides a multilevel high-availability architecture. OSPFv3 supports stateful restart, which is also referred to as non-stop routing (NSR). If OSPFv3 experiences problems, it attempts to restart from its previous run-time state. The neighbors do not register any neighbor event in this case. If the first restart is not successful and another problem occurs, OSPFv3 attempts a graceful restart.
A graceful restart, or non-stop forwarding (NSF), allows OSPFv3 to remain in the data forwarding path through a process restart. When OSPFv3 needs to perform a graceful restart, it sends a link-local Grace (type 11) LSA.
This restarting OSPFv3 platform is called NSF capable.
The Grace LSA includes a grace period, which is a specified time that the neighbor OSPFv3 interfaces hold onto the LSAs from the restarting OSPFv3 interface. (Typically, OSPFv3 tears down the adjacency and discards all LSAs from a down or restarting OSPFv3 interface.) The participating neighbors, which are called
NSF helpers, keep all LSAs that originate from the restarting OSPFv3 interface as if the interface was still adjacent.
164
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Multiple OSPFv3 Instances
When the restarting OSPFv3 interface is operational again, it rediscovers its neighbors, establishes adjacency, and starts sending its LSA updates again. At this point, the NSF helpers recognize that the graceful restart has finished.
Stateful restart is used in the following scenarios:
• First recovery attempt after the process experiences problems
• ISSU
• User-initiated switchover using the system switchover command
Graceful restart is used in the following scenarios:
• Second recovery attempt after the process experiences problems within a 4-minute interval
• Manual restart of the process using the restart ospfv3 command
• Active supervisor removal
• Active supervisor reload using the reload module active-sup command
Multiple OSPFv3 Instances
Cisco NX-OS supports multiple instances of the OSPFv3 protocol. By default, every instance uses the same system router ID. You must manually configure the router ID for each instance if the instances are in the same
OSPFv3 autonomous system.
The OSPFv3 header includes an instance ID field to identify that OSPFv3 packet for a particular OSPFv3 instance. You can assign the OSPFv3 instance. The interface drops all OSPFv3 packets that do not have a matching OSPFv3 instance ID in the packet header.
Cisco NX-OS allows only one OSPFv3 instance on an interface.
SPF Optimization
Cisco NX-OS optimizes the SPF algorithm in the following ways:
• Partial SPF for Network (type 2) LSAs, Inter-Area Prefix (type 3) LSAs, and AS External (type 5)
LSAs—When there is a change on any of these LSAs, Cisco NX-OS performs a faster partial calculation rather than running the whole SPF calculation.
• SPF timers—You can configure different timers for controlling SPF calculations. These timers include exponential backoff for subsequent SPF calculations. The exponential backoff limits the CPU load of multiple SPF calculations.
Virtualization Support
OSPFv3 supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts
(VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. Each OSPFv3 instance can support multiple VRFs, up to the system limit.
For more information, see the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guid e.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
165
Routing
Prerequisites for OSPFv3
Prerequisites for OSPFv3
OSPFv3 has the following prerequisites:
• You must be familiar with routing fundamentals to configure OSPFv3.
• You must be logged on to the switch.
• You have configured at least one interface for IPv6 that is capable of communicating with a remote
OSPFv3 neighbor.
• You have completed the OSPFv3 network strategy and planning for your network. For example, you must decide whether multiple areas are required.
• You have enabled OSPF.
• You are familiar with IPv6 addressing and basic configuration.
Guidelines and Limitations for OSPFv3
OSPFv3 has the following configuration guidelines and limitations:
• You can have up to four instances of OSPFv3 in a VDC.
• Before Cisco NX-OS Release 6.2(2), Bidirectional Forwarding Detection (BFD) was not supported for
OSPFv3. In Cisco NX-OS Release 6.2(2) and later releases, BFD includes a client for OSPFv3.
• Cisco NX-OS displays areas in dotted decimal notation regardless of whether you enter the area in decimal or dotted decimal notation.
• MTU configured at interface level works in either the data plane or in the control plane but not at both planes at the same time.
When you configure MTU with a size lower than the supported size in data and control planes a few features that have minimum MTU requirements may not work in both the planes.
For example, MPLS VPN is supported in the data plane since this plane supports the MTU of 1500 bytes that the MPLS VPN requires. But control plane does not support MPLS VPN because this plane cannot handle the 1500-byte packets.
To make the configured MTU work in control plane for MPLS VPN, you need to manually configure the OSPF packet size (by using the packet-sizesize command) so that OSPF works on the control plane.
This is applicable from Cisco NX-OS Release 8.3(2) onwards.
The packet-sizesize command is supported on the Ethernet, SVI, and GRE tunnel interfaces.
• If you configure OSPFv3 in a virtual port channel (vPC) environment, use the following timer commands in router configuration mode on the core switch to ensure fast OSPF convergence when a vPC peer link is shut down: switch (config-router)# timers throttle spf 1 50 50 switch (config-router)# timers lsa-arrival 10
• The value of object OSPFv3 router ID differs from RFC 5643 for traps ospfv3NbrRestartHelperStatusChange and ospfv3VirtNbrRestartHelperStatusChange. As per the RFC
166
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Guidelines and Limitations for OSPFv3
5643, the value of object OSPFv3 router ID should be the router ID of the originator of the trap. But the current implementation will provide the router ID of the neighbor for both ospfv3NbrRestartHelperStatusChange and ospfv3VirtNbrRestartHelperStatusChange.
• Only the first four OSPFv3 instances are supported with MPLS LDP and MPLS TE.
• In scaled scenarios, when the number of interfaces and link-state advertisements in an OSPFv3 process is large, the snmp-walk on OSPF MIB objects is expected to time out with a small-value timeout at the
SNMP agent. If you observe a timeout on the querying SNMP agent while polling OSPF MIB objects, increase the timeout value on the polling SNMP agent.
• If there is a particular OSPFv3 prefix that is learnt through type-5 as well as type-7, and both have different forwarding addresses, then these two route types are not comparable as per RFC3101, Section
2.5, step 6(e). (This applies only if the same destination/cost/non-zero forwarding addresses are there).
OSPF will therefore do ECMP with all available next-hops.
• NXOS OSPF and U6RIB store only one route-type per route. If there is a mix of route-type across next-hops, only one of them, (the new path type) will be shown for all next hops.
Currently, route-type is a route property, and not a next-hop property.
• The default-information-originate always command advertises the OSPF defaut route from Cisco
NX-OS Release 7.3(5)D1(1) and later releases and from Cisco NX-OS Release 8.0(1) and later releases in 8.x release train.
• The following guidelines and limitations apply to the administrative distance feature, which is supported beginning with Cisco NX-OS Release 6.1:
• When an OSPF route has two or more equal cost paths, configuring the administrative distance is non-deterministic for the match ip route-source command.
• For matching route sources in OSPFv3 routes, you must configure match ip route-source instead of match ipv6 route-source because the route sources and router IDs for OSPFv3 are IPv4 addresses.
• Configuring the administrative distance is supported only for the match route-type , match ipv6 address prefix-list , and match ip route-source prefix-list commands. The other match statements are ignored.
• The discard route is always assigned an administrative distance of 220. No configuration in the table map applies to OSPF discard routes.
• There is no preference among the match route-type , match ipv6 address , and match ip route-source commands for setting the administrative distance of OSPF routes. In this way, the behavior of the table map for setting the administrative distance in Cisco NX-OS OSPF is different from that in Cisco IOS OSPF.
• In Cisco NX-OS Release 6.2(6a) and later releases, you can filter next-hop paths for an OSPF route to prevent the path from being added to the RIB. Before Cisco NX-OS Release 6.2(6a), filtering on a specific path was ignored and the entire route was not added to the RIB.
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
167
Default Settings for OSPFv3
Default Settings for OSPFv3
Table 17: Default OSPFv3 Parameters
Parameters
Administrative distance
Hello interval
Dead interval
Discard routes
Graceful restart grace period
Graceful restart notify period
OSPFv3 feature
Stub router advertisement announce time
Reference bandwidth for link cost calculation
LSA minimal arrival time
LSA group pacing
SPF calculation initial delay time
SPF calculation hold time
SPF calculation initial delay time
Default
110
10 seconds
40 seconds
Enabled
60 seconds
15 seconds
Disabled
600 seconds
40 Gb/s
1000 milliseconds
10 seconds
0 milliseconds
5000 milliseconds
0 milliseconds
Configuring Basic OSPFv3
Configure OSPFv3 after you have designed your OSPFv3 network.
Enabling OSPFv3
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# [ no ] feature ospfv3
3.
(Optional) switch(config)# show feature
168
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Routing
Creating an OSPFv3 Instance
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# [ no ] feature ospfv3
Step 3
Step 4
4.
(Optional) switch(config)# copy running-config startup-config
(Optional) switch(config)# show feature
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables OSPFv3. To disable the OSPFv3 feature and remove all associated configurations, use the no form of the command.
Displays enabled and disabled features.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Creating an OSPFv3 Instance
The first step in configuring OSPFv3 is to create an instance or OSPFv3 instance. You assign a unique instance tag for this OSPFv3 instance. The instance tag can be any string. For each OSPFv3 instance, you can also configure the following optional parameters:
• Router ID—Configures the router ID for this OSPFv3 instance. If you do not use this parameter, the router ID selection algorithm is used.
• Administrative distance—Rates the trustworthiness of a routing information source.
• Log adjacency changes—Creates a system message whenever an OSPFv3 neighbor changes its state.
• Name lookup—Translates OSPF router IDs to host names, either by looking up the local hosts database or querying DNS names in IPv6.
• Maximum paths—Sets the maximum number of equal paths that OSPFv3 installs in the route table for a particular destination. Use this parameter for load balancing between multiple paths.
• Reference bandwidth—Controls the calculated OSPFv3 cost metric for a network. The calculated cost is the reference bandwidth divided by the interface bandwidth. You can override the calculated cost by assigning a link cost when a network is added to the OSPFv3 instance.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
169
Routing
Creating an OSPFv3 Instance
Note The OSPF router ID changes without a restart on a Cisco Nexus 7000 series switch when you have not configured a manual router ID in the following cases:
• Configuring an SVI or physical interface with a higher IP address than the current router ID on a setup without any configured loopback interfaces.
• Configuring a loopback interface with any given IP address on a setup without any previously configured loopback interfaces.
• Configuring a loopback interface with a higher IP address than the IP address of an existing configured loopback interface.
When a router ID changes, OSPF has to re-advertise all LSAs with the new router ID. To avoid this issue, you need to configure a manual OSPF router ID.
Before you begin
You must enable OSPFv3.
Ensure that the OSPFv3 instance tag that you plan on using is not already in use on this router.
Use the show ospfv3 instance-tag command to verify that the instance tag is not in use.
OSPFv3 must be able to obtain a router identifier (for example, a configured loopback address) or you must configure the router ID option.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# [ no ] router ospfv3 instance-tag
3.
(Optional) switch(config-router)# router-id ip-address
4.
(Optional) switch(config-router)# show ipv6 ospfv3 instance-tag
5.
(Optional) switch(config-router)# log-adjacency-changes [ detail ]
6.
(Optional) switch(config-router)# passive-interface default
7.
(Optional) switch(config-router-af)# distance numbers
8.
switch(config-router-af)# maximum-paths paths
9.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# [ no ] router ospfv3 instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
170
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring OSPFv3 Packet Size
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Command or Action Purpose
Note The no router ospfv3 instance tag command does not remove OSPF configuration in interface mode. You must manually remove any OSPFv3 commands configured in interface mode.
(Optional) switch(config-router)# router-id ip-address Configures the OSPFv3 router ID. This ID uses the dotted decimal notation and identifies this OSPFv3 instance and must exist on a configured interface in the system.
This command restarts the OSPF process automatically and changes the router id after it is configured.
(Optional) switch(config-router)# show ipv6 ospfv3 instance-tag
Displays OSPFv3 information.
(Optional) switch(config-router)# log-adjacency-changes
[ detail ]
Generates a system message whenever a neighbor changes state.
(Optional) switch(config-router)# passive-interface default Suppresses routing updates on all interfaces. This command is overridden by the VRF or interface command mode configuration.
(Optional) switch(config-router-af)# distance numbers Configures the administrative distance for this OSPFv3 instance. The range is from 1 to 255. The default is 110.
switch(config-router-af)# maximum-paths paths
(Optional) switch(config)# startup-config copy running-config
Configures the maximum number of equal OSPFv3 paths to a destination in the route table. The range is from 1 to
16. The default is 8. This command is used for load balancing.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create an OSPFv3 instance: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# copy running-config startup-config
Configuring OSPFv3 Packet Size
MTU configured at interface level works in either the data plane or in the control plane but not at both planes at the same time.
When you configure MTU with a size lower than the supported size in data and control planes a few features that have minimum MTU requirements may not work in both the planes.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
171
Routing
Configuring OSPFv3 Packet Size
For example, MPLS VPN is supported in the data plane since this plane supports the MTU of 1500 bytes that the MPLS VPN requires. But control plane does not support MPLS VPN because this plane cannot handle the 1500-byte packets.
To make the configured MTU work in control plane for MPLS VPN, you need to manually configure the
OSPF packet size so that OSPF works on the control plane. This is applicable from Cisco NX-OS Release
8.3(2) onwards.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# [ no ] router ospfv3 instance-tag
3.
switch(config-router)# router-id ip-address
4.
switch(config-router)# ospfv3 packet-size size
5.
(Optional) switch(config-router)# show ospfv3 interface
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# [ no ] router ospfv3 instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
Note The no router ospfv3 instance-tag command does not remove OSPF configuration in interface mode. You must manually remove any OSPFv3 commands configured in interface mode.
Step 3
Step 4
Step 5 switch(config-router)# switch(config-router)#
router-id ip-address
ospfv3 packet-size size
Configures the OSPFv3 router ID. This ID uses the dotted decimal notation and identifies this OSPFv3 instance and must exist on a configured interface in the system.
This command restarts the OSPF process automatically and changes the router id after it is configured.
• Configures the OSPFv3 packet size. The size range is from 1280 to 9212 bytes.
• You can configure the packet-size in the interface configuration mode also.
• You can configure the packet-size size command even if the ip ospf mtu-ignore command is already configured in the network.
(Optional) switch(config-router)# show ospfv3 interface Displays OSPF information.
Example
This example shows how to configure the OSPFv3 packet-size:
172
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Networks in OSPFv3 router ospf 1 router-id 3.3.3.3
[no] packet-size 2000
This example shows the display of the configured OSPFv3 packet-size:
Switch (config-router)# show ospfv3 interface ethernet 1/25
Ethernet1/25 is up, line protocol is up
IP address 1.0.0.1/24
--------snip ---------------
Number of opaque link LSAs: 0, checksum sum 0
Max Packet Size: 2000
Configuring Networks in OSPFv3
You can configure a network to OSPFv3 by associating it through the interface that the router uses to connect to that network. You can add all networks to the default backbone area (Area 0), or you can create new areas using any decimal number or an IP address.
Note All areas must connect to the backbone area either directly or through a virtual link.
Note OSPFv3 is not enabled on an interface until you configure a valid IPv6 address for that interface.
Before you begin
You must enable OSPFv3.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# interface interface-type slot/port
3.
switch(config-if)# ipv6 address ipv6-prefix/length
4.
switch(config-if)# ipv6 router ospfv3 instance-tag area area-id [ secondaries none ]
5.
(Optional) switch(config-if)# show ipv6 ospfv3 instance-tag interface interface-type slot/port
6.
(Optional) switch(config-if)# ospfv3 cost number
7.
(Optional) switch(config-if)# ospfv3 dead-interval seconds
8.
(Optional) switch(config-if)# ospfv3 hello-interval seconds
9.
(Optional) switch(config-if)# ospfv3 instance instance
10.
(Optional) switch(config-if)# ospfv3 mtu-ignore
11.
(Optional) switch(config-if)# ospfv3 network { broadcast | point-point }
12.
(Optional) switch(config-if)# ospfv3 priority number
13.
(Optional) switch(config-if)# ospfv3 shutdown
14.
(Optional) switch(config)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
173
Routing
Configuring Networks in OSPFv3
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action switch# configure terminal switch(config)# interface interface-type slot/port switch(config-if)# ipv6 address ipv6-prefix/length
Step 5
Step 6
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Assigns an IPv6 address to this interface.
switch(config-if)# ipv6 router ospfv3 instance-tag area area-id [ secondaries none ]
Adds the interface to the OSPFv3 instance and area.
Displays OSPFv3 information.
(Optional) switch(config-if)# show ipv6 ospfv3
instance-tag interface interface-type slot/port
(Optional) switch(config-if)# ospfv3 cost number Configures the OSPFv3 cost metric for this interface. The default is to calculate a cost metric, based on the reference bandwidth and interface bandwidth. The range is from 1 to 65535.
Step 7 (Optional) switch(config-if)# seconds ospfv3 dead-interval
Step 8
Step 9
Step 10
(Optional) switch(config-if)# seconds
(Optional) switch(config-if)#
(Optional) switch(config-if)# ospfv3 hello-interval
ospfv3 instance instance ospfv3 mtu-ignore
Configures the OSPFv3 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
Configures the OSPFv3 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
Configures the OSPFv3 instance ID. The range is from 0 to 255. The default is 0. The instance ID is link-local in scope.
Configures OSPFv3 to ignore any IP maximum transmission unit (MTU) mismatch with a neighbor. The default is to not establish adjacency if the neighbor MTU does not match the local interface MTU.
Step 11
Step 12
Step 13
Step 14
(Optional) switch(config-if)# ospfv3 network { broadcast
| point-point }
Sets the OSPFv3 network type.
(Optional) switch(config-if)# ospfv3 priority number Configures the OSPFv3 priority, used to determine the DR for an area. The range is from 0 to 255. The default is 1.
(Optional) switch(config-if)# ospfv3 shutdown
(Optional) switch(config)# copy running-config startup-config
Shuts down the OSPFv3 instance on this interface.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to add a network area 0.0.0.10 in OSPFv3 instance 201: switch# configure terminal switch(config)# interface ethernet 1/2
174
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Advanced OSPFv3 switch(config-if)# ipv6 address 2001:0DB8::1/48 switch(config-if)# ipv6 ospfv3 201 area 0.0.0.10
switch(config-if)# copy running-config startup-config
Configuring Advanced OSPFv3
Configure OSPFv3 after you have designed your OSPFv3 network.
Configuring Filter Lists for Border Routers
You can separate your OSPFv3 domain into a series of areas that contain related networks. All areas must connect to the backbone area through an area border router (ABR). OSPFv3 domains can connect to external domains as well through an autonomous system border router (ASBR).
ABRs have the following optional configuration parameters:
• Area range—Configures route summarization between areas.
• Filter list—Filters the Inter-Area Prefix (type 3) LSAs on an ABR that are allowed in from an external area.
ASBRs also support filter lists.
Before you begin
Create the route map that the filter list uses to filter IP prefixes in incoming or outgoing Inter-Area Prefix
(type 3) LSAs.
You must enable OSPFv3.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
Step 3
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# address-family ipv6 unicast
4.
switch(config-router-af)# area area-id filter-list route-map map-name { in | out }
5.
(Optional) switch(config-if)# show ipv6 ospfv3 policy statistics area id filter-list { in | out }
6.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router ospfv3 instance-tag switch(config-router)# address-family ipv6 unicast
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag
Enters IPv6 unicast address family mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
175
Routing
Configuring Stub Areas
Step 4
Step 5
Step 6
Command or Action Purpose switch(config-router-af)# area area-id filter-list route-map map-name { in | out }
Filters incoming or outgoing Inter-Area Prefix (type 3)
LSAs on an ABR.
(Optional) switch(config-if)# show ipv6 ospfv3 policy
statistics area id filter-list { in | out }
(Optional) switch(config)# copy running-config startup-config
Displays OSPFv3 policy information.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to enable graceful restart if it has been disabled: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# area 0.0.0.10 filter-list route-map FilterLSAs in switch(config-router-af)# copy running-config startup-config
Configuring Stub Areas
You can configure a stub area for part of an OSPFv3 domain where external traffic is not necessary. Stub areas block AS External (type 5) LSAs, limiting unnecessary routing to and from selected networks. You can optionally block all summary routes from going into the stub area.
Before you begin
You must enable OSPF.
Ensure that there are no virtual links or ASBRs in the proposed stub area.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# area area-id stub
4.
(Optional) switch(config-router)# address-family ipv6 unicast
5.
(Optional) switch(config-router-af)# area area-id default cost cost
6.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
176
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Totally Stubby Area
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action switch(config)# router ospfv3 instance-tag
Purpose
Creates a new OSPFv3 instance with the configured instance tag.
Creates this area as a stub area.
switch(config-router)# area area-id stub
(Optional) switch(config-router)# address-family ipv6 unicast
Enters IPv6 unicast address family mode.
(Optional) switch(config-router-af)# area area-id default
cost cost
Sets the cost metric for the default summary route sent into this stub area. The range is from 0 to 16777215.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This shows how to create a stub area that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 stub no-summary switch(config-router)# copy running-config startup-config
Configuring a Totally Stubby Area
You can create a totally stubby area and prevent all summary route updates from going into the stub area.
To create a totally stubby area, use the following command in router configuration mode:
SUMMARY STEPS
1.
switch(config-router)# area area-id stub no-summary
DETAILED STEPS
Step 1
Command or Action switch(config-router)# area area-id stub no-summary
Purpose
Creates this area as a totally stubby area.
Configuring NSSA
You can configure an NSSA for part of an OSPFv3 domain where limited external traffic is required. You can optionally translate this external traffic to an AS External (type 5) LSA and flood the OSPFv3 domain with this routing information. An NSSA can be configured with the following optional parameters:
• No redistribution—Redistributes routes that bypass the NSSA to other areas in the OSPFv3 autonomous system. Use this option when the NSSA ASBR is also an ABR.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
177
Routing
Configuring NSSA
• Default information originate—Generates a Type-7 LSA for a default route to the external autonomous system. Use this option on an NSSA ASBR if the ASBR contains the default route in the routing table.
This option can be used on an NSSA ABR whether or not the ABR contains the default route in the routing table.
• Route map—Filters the external routes so that only those routes you want are flooded throughout the
NSSA and other areas.
• Translate—Translates Type-7 LSAs to AS External (type 5) LSAs for areas outside the NSSA. Use this command on an NSSA ABR to flood the redistributed routes throughout the OSPFv3 autonomous system.
You can optionally suppress the forwarding address in these AS External LSAs.
• No summary—Blocks all summary routes from flooding the NSSA. Use this option on the NSSA ABR.
Before you begin
You must enable OSPF.
Ensure that there are no virtual links in the proposed NSSA and that it is not the backbone area.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# area area-id nssa [ no-redistribution ] [ default-information-originate ] [ route-map map-name ] [ no-summary ] [ translate type7 { always | never } [ suppress-fa ]]
4.
(Optional) switch(config-router)# address-family ipv6 unicast
5.
(Optional) switch(config-router-af)# area area-id default cost cost
6.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action switch# configure terminal switch(config)# router ospfv3 instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
switch(config-router)# area area-id nssa
[ no-redistribution ] [ default-information-originate ]
[ route-map map-name ] [ no-summary ] [ translate type7
{ always | never } [ suppress-fa ]]
(Optional) switch(config-router)# address-family ipv6 unicast
Creates this area as an NSSA.
Enters IPv6 unicast address family mode.
(Optional) switch(config-router-af)# area area-id default
cost cost
Sets the cost metric for the default summary route sent into this NSSA. The range is from 0 to 16777215.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
178
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Multi-Area Adjacency
Example
This example shows how to create an NSSA that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that generates a default route: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa default-info-originate switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that filters external routes and blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa route-map ExternalFilter no-summary switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that always translates Type-7 LSAs to AS External
(type 5) LSAs: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa translate type 7 always switch(config-router)# copy running-config startup-config
This example shows how to create an NSSA that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 nssa no-summary switch(config-router)# copy running-config startup-config
Configuring Multi-Area Adjacency
You can add more than one area to an existing OSPFv3 interface. The additional logical interfaces support multi-area adjacency.
Before you begin
You must enable OSPF.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Ensure that you have configured a primary area for the interface.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# interface interface-type slot/port
3.
switch(config-if)# ipv6 router ospfv3 instance-tag multi-area area-id
4.
(Optional) switch(config-if)# show ipv6 ospfv3 instance-tag interface interface-type slot/port
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
179
Routing
Configuring Virtual Links
5.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action switch# configure terminal switch(config)# interface interface-type slot/port switch(config-if)# ipv6 router ospfv3 instance-tag
multi-area area-id
(Optional) switch(config-if)# show ipv6 ospfv3
instance-tag interface interface-type slot/port
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Adds the interface to another area.
Displays OSPFv3 information.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to add a second area to an OSPFv3 interface: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ipv6 address 2001:0DB8::1/48 switch(config-if)# ipv6 ospfv3 201 area 0.0.0.10
switch(config-if)# ipv6 ospfv3 201 multi-area 20 switch(config-if)# copy running-config startup-config
Configuring Virtual Links
A virtual link connects an isolated area to the backbone area through an intermediate area. You can configure the following optional parameters for a virtual link:
• Dead interval—Sets the time that a neighbor waits for a Hello packet before declaring the local router as dead and tearing down adjacencies.
• Hello interval—Sets the time between successive Hello packets.
• Retransmit interval—Sets the estimated time between successive LSAs.
• Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
Note You must configure the virtual link on both routers involved before the link becomes active.
Before you begin
You must enable OSPF.
Ensure that you are in the correct VDC (or use the switchto vdc command).
180
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Virtual Links
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# area area-id virtual-link router-id
4.
(Optional) switch(config-if)# show ipv6 ospfv3 virtual-link [ brief ]
5.
(Optional) switch(config-router-vlink)# dead-interval seconds
6.
(Optional) switch(config-router-vlink)# hello-interval seconds
7.
(Optional) switch(config-router-vlink)# retransmit-interval seconds
8.
(Optional) switch(config-router-vlink)# transmit-delay seconds
9.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Purpose
Enters global configuration mode.
switch(config)# router ospfv3 instance-tag Creates a new OSPFv3 instance with the configured instance tag.
switch(config-router)# area area-id virtual-link router-id Creates one end of a virtual link to a remote router. You must create the virtual link on that remote router to complete the link.
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
(Optional) switch(config-if)# show ipv6 ospfv3 virtual-link
[ brief ]
Displays OSPFv3 virtual link information.
(Optional) switch(config-router-vlink)# dead-interval seconds
Configures the OSPFv3 dead interval, in seconds. The range is from 1 to 65535. The default is four times the hello interval, in seconds.
(Optional) switch(config-router-vlink)# hello-interval seconds
Configures the OSPFv3 hello interval, in seconds. The range is from 1 to 65535. The default is 10 seconds.
(Optional) switch(config-router-vlink)# retransmit-interval seconds
Configures the OSPFv3 retransmit interval, in seconds. The range is from 1 to 65535. The default is 5.
(Optional) switch(config-router-vlink)# transmit-delay seconds
(Optional) switch(config)# copy running-config startup-config
Configures the OSPFv3 transmit-delay, in seconds. The range is from 1 to 450. The default is 1.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
These examples show how to create a simple virtual link between two ABRs:
Configuration for ABR 1 (router ID 2001:0DB8::1) is as follows: switch# configure terminal switch(config)# router ospfv3 201
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
181
Routing
Configuring Redistribution switch(config-router)# area 0.0.0.10 virtual-link 2001:0DB8::10 switch(config-router)# copy running-config startup-config
Configuration for ABR 2 (router ID 2001:0DB8::10) is as follows: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# area 0.0.0.10 virtual-link 2001:0DB8::1 switch(config-router)# copy running-config startup-config
Configuring Redistribution
You can redistribute routes learned from other routing protocols into an OSPFv3 autonomous system through the ASBR.
You can configure the following optional parameters for route redistribution in OSPF:
• Default information originate—Generates an AS External (type 5) LSA for a default route to the external autonomous system.
Note Default information originate ignores match statements in the optional route map.
• Default metric—Sets all redistributed routes to the same cost metric.
Note If you redistribute static routes, Cisco NX-OS also redistributes the default static route.
Before you begin
Create the necessary route maps used for redistribution.
You must enable OSPF.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# address-family ipv6 unicast
4.
switch(config-router-af)# redistribute { bgpid | direct | isis id | rip id | static } route-map map-name
5.
switch(config-router-af)# default-information originate [ always ] [ route-map map-name ]
6.
switch(config-router-af)# default-metric cost
7.
(Optional) switch(config)# copy running-config startup-config
182
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Redistribution
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Purpose
Enters global configuration mode.
switch(config)# router ospfv3 instance-tag Creates a new OSPFv3 instance with the configured instance tag.
Enters IPv6 unicast address family mode.
switch(config-router)# address-family ipv6 unicast switch(config-router-af)# redistribute { bgpid | direct | isis id | rip id | static } route-map map-name
Redistributes the selected protocol into OSPFv3 through the configured route map.
Note If you redistribute static routes, Cisco NX-OS also redistributes the default static route.
Step 5 switch(config-router-af)# default-information originate
[ always ] [ route-map map-name ]
Creates a default route into this OSPFv3 domain if the default route exists in the RIB. Use the following optional keywords:
• always —Always generates the default route of 0.0.0.
even if the route does not exist in the RIB.
• route-map —Generates the default route if the route map returns true.
Note This command ignores match statements in the route map.
Step 6 switch(config-router-af)# default-metric cost
Step 7 (Optional) switch(config)# startup-config copy running-config
Sets the cost metric for the redistributed routes. The range is from 1 to 16777214. This command does not apply to directly connected routes. Use a route map to set the default metric for directly connected routes.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to redistribute the Border Gateway Protocol (BGP) into OSPFv3: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# redistribute bgp route-map FilterExternalBGP switch(config-router-af)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
183
Routing
Limiting the Number of Redistributed Routes
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the OSPFv3 route table. You can configure a maximum limit to the number of routes accepted from external protocols. OSPFv3 provides the following options to configure redistributed route limits:
• Fixed limit—Logs a message when OSPFv3 reaches the configured maximum. OSPFv3 does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where OSPFv3 logs a warning when that threshold is passed.
• Warning only—Logs a warning only when OSPFv3 reaches the maximum. OSPFv3 continues to accept redistributed routes.
• Withdraw—Starts the configured timeout period when OSPFv3 reaches the maximum. After the timeout period, OSPFv3 requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, OSPFv3 withdraws all redistributed routes. You must clear this condition before OSPFv3 accepts more redistributed routes. You can optionally configure the timeout period.
Before you begin
You must enable OSPF.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# address-family ipv6 unicast
4.
switch(config-router)# redistribute { bgpid | direct | isis id | rip id | static } route-map map-name
5.
switch(config-router)# redistribute maximum-prefixmax [ threshold ] [ warning-only | withdraw
[ num-retries timemout ]]
6.
(Optional) show running-config ospfv3
7.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Purpose
Enters global configuration mode.
switch(config)# router ospfv3 instance-tag Creates a new OSPFv3 instance with the configured instance tag.
Enters IPv6 unicast address family mode.
switch(config-router)# address-family ipv6 unicast switch(config-router)# redistribute { bgpid | direct | isis id | rip id | static } route-map map-name
Redistributes the selected protocol into OSPFv3 through the configured route map.
Step 5 switch(config-router)# redistribute maximum-prefixmax
[ threshold ] [ warning-only | withdraw [ num-retries timemout ]]
Specifies a maximum number of prefixes that OSPFv2 distributes. The range is from 0 to 65536. Optionally, specifies the following:
184
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Route Summarization
Step 6
Step 7
Command or Action Purpose
• threshold —Percent of maximum prefixes that triggers a warning message.
• warning-only —Logs an warning message when the maximum number of prefixes is exceeded.
• withdraw —Withdraws all redistributed routes and optionally tries to retrieve the redistributed routes. The num-retries range is from 1 to 12. The timeout range is from 60 to 600 seconds. The default is 300 seconds.
(Optional) show running-config ospfv3
Example: switch(config-router)# show running-config ospf
(Optional) switch(config)# copy running-config startup-config
Displays the OSPFv3 configuration.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to limit the number of redistributed routes into OSPF: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# redistribute bgp route-map FilterExternalBGP switch(config-router-af)# copy running-config startup-config
Configuring Route Summarization
You can configure route summarization for inter-area routes by configuring an address range that is summarized.
You can also configure route summarization for external, redistributed routes by configuring a summary address for those routes on an ASBR.
Before you begin
You must enable OSPF.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# address-family ipv6 unicast
4.
switch(config-router-af)# area area-id range ipv6-prefix/length [ no-advertise ] [ cost cost ]
5.
switch(config-router-af)# summary-address ipv6-prefix/length [ no-advertise ] [ tag tag ]
6.
(Optional) switch(config-router)# show ipv6 ospfv3 summary-address
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
185
Routing
Configuring the Administrative Distance of Routes
7.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router ospfv3 instance-tag
Step 3
Step 4
Step 5
Step 6
Step 7 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# area area-id range ipv6-prefix/length [ no-advertise ] [ cost cost ] switch(config-router-af)# ipv6-prefix/length [ summary-address no-advertise ] [ tag tag ]
(Optional) switch(config-router)# show ipv6 ospfv3 summary-address
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
Enters IPv6 unicast address family mode.
Creates a summary address on an ABR for a range of addresses and optionally advertises this summary address in a Inter-Area Prefix (type 3) LSA. The cost range is from
0 to 16777215.
Creates a summary address on an ASBR for a range of addresses and optionally assigns a tag for this summary address that can be used for redistribution with route maps.
Displays information about OSPFv3 summary addresses.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This shows how to create a stub area that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router)# area 0.0.0.10 range 2001:0DB8::/48 switch(config-router)# copy running-config startup-config
This example shows how to create summary addresses on an ASBR: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router)# summary-address 2001:0DB8::/48 switch(config-router)# copy running-config startup-config
Configuring the Administrative Distance of Routes
Beginning with Cisco NX-OS Release 6.1, you can set the administrative distance of routes added by OSPFv3 into the RIB.
The administrative distance is a rating of the trustworthiness of a routing information source. A higher value indicates a lower trust rating. Typically, a route can be learned through more than one routing protocol. The
186
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring the Administrative Distance of Routes administrative distance is used to discriminate between routes learned from more than one routing protocol.
The route with the lowest administrative distance is installed in the IP routing table.
Before you begin
Ensure that you have enabled OSPFv3.
Ensure that you are in the correct VDC (or use the switchto vdc command).
See the guidelines and limitations for this feature.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospf instance-tag
3.
switch(config-router)# address-family ipv6 unicast
4.
switch(config-router-af)# [ no ] table-map map-name [ filter ]
5.
switch(config-router-af)# exit
6.
switch(config-router)# exit
7.
switch(config)# route-map map-name [ permit | deny ] [ seq ]
8.
switch(config-route-map)# match route-type route-type
9.
switch(config-route-map)# match ip route-source prefix-list name
10.
switch(config-route-map)# match ipv6 address prefix-list name
11.
switch(config-route-map)# set distance value
12.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action switch# configure terminal switch(config)# router ospf instance-tag switch(config-router)# address-family ipv6 unicast switch(config-router-af)# [ no ] table-map map-name
[ filter ] switch(config-router-af)# exit switch(config-router)# exit switch(config)# route-map map-name [ permit | deny ]
[ seq ]
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
Enters IPv6 unicast address family mode.
Configures the policy for filtering or modifying OSPFv2 routes before sending them to the RIB. You can enter up to 63 alphanumeric characters for the map name.
The filter keyword specifies that only routes that are permitted by the route map( map-name ) configuration are downloaded to the routing information base (RIB).
Exits router address-family configuration mode.
Exits router configuration mode.
Creates a route map or enters route-map configuration mode for an existing route map. Use seq to order the entries in a route map.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
187
Routing
Configuring the Administrative Distance of Routes
Step 8
Step 9
Step 10
Step 11
Step 12
Command or Action Purpose
Note The permit option enables you to set the distance. If you use the deny option, the default distance is applied.
switch(config-route-map)# match route-type route-type Matches against one of the following route types:
• external—The external route (BGP, EIGRP, and
OSPF type 1 or 2)
• inter-area—OSPF inter-area route
• internal—The internal route (including the OSPF intra- or inter-area)
• intra-area—OSPF intra-area route
• nssa-external—The NSSA external route (OSPF type
1 or 2)
• type-1—The OSPF external type 1 route
• type-2—The OSPF external type 2 route switch(config-route-map)# match ip route-source
prefix-list name
Matches the IPv6 route source address or router ID of a route to one or more IP prefix lists. Use the ip prefix-list command to create the prefix list.
Note For OSPFv3, the router ID is 4 bytes.
switch(config-route-map)# match ipv6 address prefix-list name
Matches against one or more IPv6 prefix lists. Use the ip prefix-list command to create the prefix list.
switch(config-route-map)# set distance value
(Optional) switch(config)# startup-config copy running-config
Sets the administrative distance of routes for OSPFv3. The range is from 1 to 255.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure the OSPFv3 administrative distance for inter-area routes to
150, for external routes to 200, and for all prefixes in prefix list p1 to 190: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# table-map foo switch(config-router)# exit switch(config)# exit switch(config)# route-map foo permit 10 switch(config-route-map)# match route-type inter-area switch(config-route-map)# set distance 150 switch(config)# route-map foo permit 20
188
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Modifying the Default Timers switch(config-route-map)# match route-type external switch(config-route-map)# set distance 200 switch(config)# route-map foo permit 30 switch(config-route-map)# match ip route-source prefix-list p1 switch(config-route-map)# match ipv6 address prefix-list p1 switch(config-route-map)# set distance 190
The following example shows how to configure a route map for blocking the next hops that are learned through VLAN 10: switch(config)# route-map Filter-OSPF 10 deny switch(config-route-map)# match interface VLAN 10 switch(config-route-map)# exit switch(config)# route-map Filter-OSPF 20 permit
The following example shows how to configure the table-map command with the filter keyword to use a route map (Filter-OSPF) to remove the next-hop path that is learned through VLAN 10 but not the next-hop path that is learned through VLAN 20: switch(config)# route ospfv3 p1 switch(config-router)# table-map Filter-OSPF filter
Modifying the Default Timers
OSPFv3 includes a number of timers that control the behavior of protocol messages and shortest path first
(SPF) calculations. OSPFv3 includes the following optional timer parameters:
• LSA arrival time—Sets the minimum interval allowed between LSAs arriving from a neighbor. LSAs that arrive faster than this time are dropped.
• Pacing LSAs—Sets the interval at which LSAs are collected into a group and refreshed, checksummed, or aged. This timer controls how frequently LSA updates occur and optimizes how many are sent in an
LSA update message.
• Throttle LSAs—Sets rate limits for generating LSAs. This timer controls how frequently LSAs are generated after a topology change occurs.
• Throttle SPF calculation—Controls how frequently the SPF calculation is run.
At the interface level, you can also control the following timers:
• Retransmit interval—Sets the estimated time between successive LSAs
• Transmit delay—Sets the estimated time to transmit an LSA to a neighbor.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# timers lsa-arrival msec
4.
switch(config-router)# timers lsa-group-pacing seconds
5.
switch(config-router)# timers throttle lsa start-time hold-interval max-time
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
189
Routing
Modifying the Default Timers
6.
switch(config-router)# address-family ipv6 unicast
7.
switch(config-router)# timers throttle spf delay-time hold-time
8.
switch(config)# interface type slot/port
9.
switch(config-if)# ospfv3 retransmit-interval seconds
10.
switch(config-if)# ospfv3 transmit-delay seconds
11.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router ospfv3 instance-tag
Step 3
Step 4
Step 5
Purpose
Enters global configuration mode.
switch(config-router)# timers lsa-arrival msec
Creates a new OSPFv3 instance with the configured instance tag.
Sets the LSA arrival time in milliseconds. The range is from 10 to 600000. The default is 1000 milliseconds.
switch(config-router)# timers lsa-group-pacing seconds Sets the interval in seconds for grouping LSAs. The range is from 1 to 1800. The default is 10 seconds.
switch(config-router)# timers throttle lsa start-time hold-interval max-time
Sets the rate limit in milliseconds for generating LSAs.
You can configure the following timers:
• start-time —The range is from 50 to 5000 milliseconds. The default value is 50 milliseconds.
• hold-interval —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
• max-time —The range is from 50 to 30,000 milliseconds. The default value is 5000 milliseconds.
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11 switch(config-router)# address-family ipv6 unicast switch(config-router)# timers throttle spf delay-time hold-time switch(config)# interface type slot/port switch(config-if)# ospfv3 retransmit-interval seconds switch(config-if)# ospfv3 transmit-delay seconds
(Optional) switch(config)# startup-config copy running-config
Enters IPv6 unicast address family mode.
Sets the SPF best path schedule initial delay time and the minimum hold time in seconds between SPF best path calculations. The range is from 1 to 600000. The default is no delay time and 5000 millisecond hold time.
Enters interface configuration mode.
Sets the estimated time in seconds between LSAs transmitted from this interface. The range is from 1 to
65535. The default is 5.
Sets the estimated time in seconds to transmit an LSA to a neighbor. The range is from 1 to 450. The default is 1.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
190
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring the OSPFv3 Max-Metric Router LSA
Example
This shows how to create a stub area that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# timers lsa-group-pacing 300 switch(config-router)# copy running-config startup-config
Configuring the OSPFv3 Max-Metric Router LSA
You can configure OSPFv3 to advertise its locally generated router LSAs with the maximum metric value possible (the infinity metric 0xFFF). This feature allows OSPFv3 processes to converge but not attract transit traffic through the device if there are better alternate paths. After a specified timeout or a notification from
BGP, OSPFv3 advertises the LSAs with normal metrics.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# max-metric router-lsa [ external-lsa [ max-metric-value ]] [ stub-prefix-lsa ]
[ on-startup [ seconds ]] [ wait-for bgp tag ] [ inter-area-prefix-lsa [ max-metric-value ]]
4.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action switch# configure terminal switch(config)# router ospfv3 instance-tag
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
switch(config-router)# max-metric router-lsa [ external-lsa
[ max-metric-value ]] [ stub-prefix-lsa ] [ on-startup
[ seconds ]] [ wait-for bgp tag ] [ inter-area-prefix-lsa
[ max-metric-value ]]
Configures a device that is running the OSPFv3 protocol to advertise a maximum metric so that other devices do not prefer the device as an intermediate hop in their SPF calculations.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure a router to advertise a maximum metric for the stub links:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
191
Routing
Configuring Graceful Restart switch(config)# router ospfv3 200 switch(config-router)# max-metric router-lsa stub-prefix-lsa
Configuring Graceful Restart
Graceful restart is enabled by default. You can configure the following optional parameters for graceful restart in an OSPFv3 instance:
• Grace period—Configures how long neighbors should wait after a graceful restart has started before tearing down adjacencies.
• Helper mode disabled—Disables helper mode on the local OSPFv3 instance. OSPFv3 does not participate in the graceful restart of a neighbor.
• Planned graceful restart only—Configures OSPFv3 to support graceful restart only in the event of a planned restart.
Before you begin
You must enable OSPF.
Ensure that all neighbors are configured for graceful restart with matching optional parameters set.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router ospfv3 instance-tag
3.
switch(config-router)# graceful restart
4.
switch(config-router)# graceful-restart grace-period seconds
5.
switch(config-router)# graceful-restart helper-disable
6.
switch(config-router)# graceful-restart planned-only
7.
(Optional) switch(config-if)# show ipv6 ospfv3 instance-tag
8.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action switch# configure terminal switch(config)# router ospfv3 instance-tag switch(config-router)# graceful restart switch(config-router)# graceful-restart grace-period seconds switch(config-router)# graceful-restart helper-disable
Purpose
Enters global configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
Enables graceful restart. A graceful restart is enabled by default.
Sets the grace period, in seconds. The range is from 5 to
1800. The default is 60 seconds.
Disables helper mode. Enabled by default.
192
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Restarting an OSPFv3 Instance
Step 6
Step 7
Step 8
Command or Action switch(config-router)# graceful-restart planned-only
(Optional) switch(config-if)# show ipv6 ospfv3 instance-tag
(Optional) switch(config)# copy running-config startup-config
Purpose
Configures graceful restart for planned restarts only.
Displays OSPFv3 information.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This shows how to create a stub area that blocks all summary route updates: switch# configure terminal switch(config)# router ospfv3 201 switch(config-router)# graceful-restart switch(config-router)# graceful-restart grace-period 120 switch(config-router)# copy running-config startup-config
Restarting an OSPFv3 Instance
You can restart an OSPv3 instance. This action clears all neighbors for the instance.
To restart an OSPFv3 instance and remove all associated neighbors, use the following command:
SUMMARY STEPS
1.
switch(config)# restart ospfv3 instance-tag
DETAILED STEPS
Step 1
Command or Action switch(config)# restart ospfv3 instance-tag
Purpose
Restarts the OSPFv3 instance and removes all neighbors.
Configuring OSPFv3 with Virtualization
You can configure multiple OSPFv3 instances in each VDC. You can also create multiple VRFs within each
VDC and use the same or multiple OSPFv3 instances in each VRF. You assign an OSPFv3 interface to a
VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a
VRF for an interface deletes all the configuration for that interface.
Before you begin
Create the VDCs.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
193
Routing
Configuring OSPFv3 with Virtualization
You must enable OSPF.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# vrf context vrf-name
3.
switch(config)# router ospfv3 instance-tag
4.
switch(config-router)# vrf vrf-name
5.
(Optional) switch(config-router-vrf)# maximum-paths paths
6.
switch(config)# interface type slot/port
7.
switch(config-if)# vrf member vrf-name
8.
switch(config-if)# ipv6 address ipv6-prefix/length
9.
switch(config-if)# ipv6 ospfv3 instance-tag area area-id
10.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Command or Action switch# configure terminal switch(config)# vrf context vrf-name switch(config)# router ospfv3 instance-tag
Purpose
Enters global configuration mode.
Creates a new VRF and enters VRF configuration mode.
Creates a new OSPFv3 instance with the configured instance tag.
Enters VRF configuration mode.
switch(config-router)# vrf vrf-name
(Optional) switch(config-router-vrf)# maximum-paths paths switch(config)# interface type slot/port switch(config-if)# switch(config-if)#
vrf member vrf-name
ipv6 address ipv6-prefix/length
Configures the maximum number of equal OSPFv3 paths to a destination in the route table for this VRF. Use this command for load balancing.
Enters interface configuration mode.
Adds this interface to a VRF.
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
switch(config-if)# ipv6 ospfv3 instance-tag area area-id Assigns this interface to the OSPFv3 instance and area configured.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create a VRF and add an interface to the VRF:
194
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring OSPFv3 Authentication at Router Level switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# exit switch(config)# router ospfv3 201 switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# vrf member NewVRF switch(config-if)# ipv6 address 2001:0DB8::1/48 switch(config-if)# ipv6 ospfv3 201 area 0 switch(config-if)# copy running-config startup-config
Configuring OSPFv3 Authentication at Router Level
You can enable authentication of OSPFv3 packets on a per-interface basis at the Router level using the following commands.
Before you begin
Ensure you have enabled OSPF.
Ensure that you are in the correct VDC(or use the switchto vdc command)
Enable the authentication package.
Step 1
Step 2
Step 3
Step 4
Step 5
Enter the global configuration mode: switch# configure terminal
Enable the authentication package: switch(config)# feature imp
Create a new OSPFv3 instance with the configured instance tag: switch(config)# router ospfv3 instance-tag
Enable IPSec AH Authentication: switch(config-router)# authentication ipsec spi spi auth [ 0 | 3 | 7 ] key
You can specify the security policy index through spi and define the authentication algorithm through auth which can be md5 or sha1. Numbers 0, 3 and 7 specify the format of key .
(Optional) Display OSPFv3 information: switch(config)# show running-config ospfv3
Configuring OSPFv3 Authentication at Area Level
Authentication of OSPFv3 packets is enabled on a per-interface basis at the Area level using the following commands.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
195
Routing
Configuring OSPFv3 Authentication at Interface Level
Before you begin
Ensure you have enabled OSPF.
Ensure that you are in the correct VDC(or use the switchto vdc command)
Enable the authentication package.
Step 1
Step 2
Step 3
Step 4
Step 5
Enter the global configuration mode: switch# configure terminal
Enable the authentication package: switch(config)# feature imp
Create a new OSPFv3 instance with the configured instance tag: switch(config)# router ospfv3 instance-tag
Enable IPSec AH Authentication: switch(config-router)# area area-num authentication ipsec spi spi auth [ 0 | 3 | 7 ] key
You can specify the security policy index through spi and define the authentication algorithm through auth which can be md5 or sha1. Numbers 0, 3 and 7 specify the format of key .
(Optional) Display OSPFv3 information: switch(config)# show running-config ospfv3
Configuring OSPFv3 Authentication at Interface Level
You can configure the authentication of OSPFv3 packets per interface using the following commands.
Before you begin
Ensure you have enabled OSPF.
Ensure that you are in the correct VDC(or use the switchto vdc command)
Enable the authentication package.
Step 1
Step 2
Step 3
Step 4
Enter the global configuration mode: switch# configure terminal
Enables the authentication mode: switch(config)# feature imp
Enters the interface configuration mode: switch(config)# interface ethernet interface
Change the port mode to Layer 3 interface:
196
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring OSPFv3 Encryption at Router Level
Step 5
Step 6
Step 7 switch(config-if)# no switchport
Specify the OSPFv3 instance and area for the interface: switch(config-if)# ipv6 router ospfv3 instance-tag area area-id
Enable IPSec AH Authentication: switch(config-if)# ospfv3 authentication ipsec spi spi auth [ 0 | 3 | 7 ] key
You can specify the security policy index through spi and define the authentication algorithm through auth which can be md5 or sha1. Numbers 0, 3 and 7 specify the format of key .
(Optional) Display the running configuration on the interface: switch(config-if)# show run interface interface
Configuration Example
The following example shows how to enable security for Ethernet interface 2/1.
switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# no switchport switch(config-if)# ipv6 router ospfv3 1 area 0 switch(config-if)# ospfv3 authentication ipsec spi 256 md5 0 11111111111111111111111111111111 switch(config-if)# show run interface ethernet 2/1
!Command: show running-config interface Ethernet2/1
!Time: Mon Oct 26 09:19:30 2015 version 7.2(0)D1(1) interface Ethernet2/1 shutdown no switchport medium p2p ospfv3 authentication ipsec spi 256 md5 3 b54dc5a961fb42098f6902e512cb6e099d44 d3239f4e48e73668de6f52254f0e ipv6 router ospfv3 1 area 0.0.0.0
switch(config-if)#
Configuring OSPFv3 Encryption at Router Level
You can configure OSPFv3 ESP to encrypt and authenticate OSPFv3 packets at the router level using the following commands.
Before you begin
You must enable OSPFv3.
Enable authentication package.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
197
Routing
Configuring OSPFv3 Encryption at Area Level
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Enter the global configuration mode: switch# configure terminal
Enter the configuration of OSPFv3 mode: switch# configure ospfv3
Enable authentication package: switch(config)# feature imp
Create a new OSPFv3 instance with the configured instance tag: switch(config)# router ospfv3 instance-tag
Enable IPSec ESP encryption: switch(config-router)# encryption ipsec spi spi_id esp encrypt_algorithm [ 0 | 3 | 7 ] key authentication auth_algorithm
[ 0 | 3 | 7 ] key .
You can specify the security policy index through spi_id and define the encryption algorithm through encrypt_algorithm which can be 3des, aes 128 or null. Numbers 0, 3, and 7 specify the format of the key . You can define the authentication algorithm through auth_algorithm which can be sha1 or md5.
Note MD5 is not supported in FIPS mode.
(Optional) Display OSPFv3 information: switch(config)# show running-config ospfv3
Configuring OSPFv3 Encryption at Area Level
You can configure OSPFv3 ESP to encrypt and authenticate OSPFv3 packets at the area level using the following commands.
Before you begin
You must enable OSPFv3.
Enable authentication package.
Step 1
Step 2
Step 3
Enter the global configuration mode: switch# configure terminal
Enter the configuration of OSPFv3 mode: switch# configure ospfv3
Enable the authentication package: switch(config)# feature imp
198
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring OSPFv3 Encryption at Interface Level
Step 4
Step 5
Step 6
Create a new OSPFv3 instance with the configured instance tag: switch(config)# router ospfv3 instance-tag
Enable IPSec ESP Encryption: switch(config-router)# area area-num encryption ipsec spi spi_val esp encrypt_algorithm [ 0 | 3 | 7 ] key authentication auth_algorithm [ 0 | 3 | 7 ] key
You can specify the security policy index through spi_id and define the encryption algorithm through encrypt_algorithm which can be 3des, aes 128 or null. Numbers 0, 3, and 7 specify the format of the key . You can define the authentication algorithm through auth_algorithm which can be sha1 or md5.
Note MD5 is not supported in FIPS mode.
(Optional) Display OSPFv3 information: switch(config)# show running-config ospfv3
Configuring OSPFv3 Encryption at Interface Level
You can configure OSPFv3 ESP to encrypt and authenticate OSPFv3 packets at the interface level using the following commands.
Before you begin
You must enable OSPFv3.
Enable authentication package.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Enter the global configuration mode: switch# configure terminal
Enter the configuration of OSPFv3 mode: switch# configure ospfv3
Enables the authentication mode: switch(config)# feature imp
Enters the interface configuration mode: switch(config)# interface ethernet interface
Specify the OSPFv3 instance and area for the interface: switch(config-if)# ipv6 router ospfv3 instance-tag area area-id
Enable IPSec ESP Encryption: switch(config-if)# ospfv3 encryption ipsec spi spi_id esp encrypt_algorithm [ 0 | 3 | 7 ] key authentication auth_algorithm
[ 0 | 3 | 7 ] key
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
199
Routing
Configuring OSPFv3 Encryption for Virtual Links
Step 7
You can specify the security policy index through spi_id and define the encryption algorithm through encrypt_algorithm which can be 3des, aes 128 or null. Numbers 0,3 and 7 specify the format of the key . You can define the authentication algorithm through auth_algorithm which can be sha1 or md5.
Note MD5 is not supported in FIPS mode.
(Optional) Display the running configuration on the interface: switch(config-if)# show run interface interface
Configuration Example
The following example shows how to enable security for Ethernet interface 3/2.
switch# configure terminal switch(config)# feature ospfv3 switch(config)# feature imp switch(config)# interface ethernet 3/2 switch(config-if)# ipv6 router ospfv3 1 area 0.0.0.0
switch(config-if)# ospfv3 encryption ipsec spi 444 esp Specify encryption parameters switch(config-if)# ospfv3 encryption ipsec spi 444 esp
3des Use the triple DES algorithim aes Use the AES algorithim null Use NULL authentication switch(config-if)# ospfv3 encryption ipsec spi 444 esp aes
128 Use the 128-bit AES algorithim switch(config-if)# ospfv3 encryption ipsec spi 444 esp aes 128
0
3
Specifies an UNENCRYPTED encryption key will follow
Specifies an 3DES ENCRYPTED encryption key will follow
7 Specifies a Cisco type 7 ENCRYPTED encryption key will follow
WORD The UNENCRYPTED (cleartext) encryption key switch(config-if)# ospfv3 encryption ipsec spi 444 esp aes 128
12345678123456781234567812345678 authentication null switch(config-if)# sh ospfv3 interface
Ethernet3/2 is up, line protocol is up
IPv6 address 1:1:1:1::2/64
Process ID 1 VRF default, Instance ID 0, area 0.0.0.0
Enabled by interface configuration
State DOWN, Network type BROADCAST, cost 40
ESP Encryption AES, Authentication NULL, SPI 444, ConnId 444 switch(config-if)#
Configuring OSPFv3 Encryption for Virtual Links
You can configure OSPFv3 ESP to encrypt and authenticate OSPFv3 packets for virtual links using the following commands.
Before you begin
You must enable OSPFv3.
Enable authentication package.
200
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring OSPFv3 Encryption for Virtual Links
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Enter the global configuration mode: switch# configure terminal
Enter the configuration of OSPFv3 mode: switch# configure ospfv3
Enable the authentication package: switch(config)# feature imp
Create a new OSPFv3 instance with the configured instance tag: switch(config)# router ospfv3 instance-tag
Enable IPSec ESP Encryption: switch(config-router)# encryption ipsec spi spi_id esp encrypt_algorithm [ 0 | 3 | 7 ] key authentication auth_algorithm
[ 0 | 3 | 7 ] key
You can specify the security policy index through spi_id and define the encryption algorithm through encrypt_algorithm which can be 3des, aes 128 or null. Numbers 0,3 and 7 specify the format of the key . You can define the authentication algorithm through auth_algorithm which can be sha1 or md5.
Note MD5 is not supported in FIPS mode.
(Optional) Display OSPFv3 information: switch(config)# show running-config ospfv3
Configuration Example
The following example shows how to encrypt Virtual links.
switch(config)# feature ospfv3 switch(config)# feature imp switch(config-if)# router ospfv3 1 switch(config-router)# area 0.0.0.1 virtual-link 3.3.3.3
switch(config-router-vlink)# encryption ipsec spi ?
<256-4294967295> SPI Value switch(config-router-vlink)# encryption ipsec spi 256 esp ?
3des Use the triple DES algorithim aes Use the AES algorithim null Use NULL authentication switch(config-router-vlink)# encryption ipsec spi 256 esp aes 128
123456789A123456789B123456789C12 authentication ?
null Use NULL authentication sha1 Use the SHA1 algorithim switch(config-router-vlink)# encryption ipsec spi 256 esp aes 128
123456789A123456789B123456789C12 authentication null
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
201
Routing
Configuration Examples for OSPFv3
Configuration Examples for OSPFv3
This example shows how to configure OSPFv3:
This example shows how to configure OSPFv3: feature ospfv3 router ospfv3 201 router-id 290.0.2.1
interface ethernet 1/2 ipv6 address 2001:0DB8::1/48 ipv6 ospfv3 201 area 0.0.0.10
Related Documents for OSPFv3
Related Topic
OSPFv3 CLI commands
VDCs
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
Cisco Nexus 7000 Series NX-OS Virtual Device
Context Command Reference
Feature History for OSPFv3
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 18: Feature History for OSPFv3
Feature Name
OSPFv3 ESP Encryption
OSPF—Distribute List to
Filter Paths
Administrative distance of routes
Route summarization
Release
8.4(4)
6.2(6a)
6.2(2)
6.2(2)
Feature Information
Added ESP encryption for OSPFv3 packets.
Added support for filtering next-hop paths for an OSPF route to prevent the path from being added to the RIB.
Added the filter keyword to the table-map command to specify that only routes permitted by the route map are downloaded to the RIB.
Added the ability to prevent discard routes from being created.
202
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Feature Name
OSPFv3
Release
6.2(2)
MIBs
OSPFv3
Passive interface
OSPFv3
6.2(2)
6.1(1)
5.2(1)
4.0(1)
Feature History for OSPFv3
Feature Information
• Bidirectional Forwarding Detection
(BFD) was enhanced to add a client for
OSPFv3
• Added the ability to advertise locally generated router LSAs with the maximum metric value possible.
• Added the optional name-lookup parameter for
OSPFv3 instances.
Added OSPFv3 SNMP/trap support.
Added support for configuring the administrative distance of routes for OSPFv3.
Added support for setting the passive interface mode on all interfaces in the router or VRF.
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
203
Feature History for OSPFv3
Routing
204
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
9
Configuring EIGRP
This chapter contains the following sections:
•
Finding Feature Information, on page 205
•
Information About EIGRP, on page 205
•
Prerequisites for EIGRP, on page 213
•
Guidelines and Limitations for EIGRP, on page 213
•
Default Settings for EIGRP Parameters, on page 214
•
Configuring Basic EIGRP, on page 215
•
Configuring Advanced EIGRP, on page 219
•
Configuring Virtualization for EIGRP, on page 234
•
Verifying the EIGRP Configuration, on page 235
•
Displaying EIGRP Statistics, on page 236
•
Configuration Example for EIGRP, on page 236
•
Related Documents for EIGRP, on page 237
•
•
Feature History for EIGRP, on page 237
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About EIGRP
EIGRP combines the benefits of distance vector protocols with the features of link-state protocols. EIGRP sends out periodic Hello messages for neighbor discovery. Once EIGRP learns a new neighbor, it sends a one-time update of all the local EIGRP routes and route metrics. The receiving EIGRP router calculates the route distance based on the received metrics and the locally assigned cost of the link to that neighbor. After this initial full route table update, EIGRP sends incremental updates to only those neighbors affected by the route change. This process speeds convergence and minimizes the bandwidth used by EIGRP.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
205
Routing
EIGRP Components
EIGRP Components
EIGRP has the following basic components:
• Reliable Transport Protocol
• Neighbor Discovery and Recovery
• Diffusing Update Algorithm
Reliable Transport Protocol
The Reliable Transport Protocol guarantees ordered delivery of EIGRP packets to all neighbors. The Reliable
Transport Protocol supports an intermixed transmission of multicast and unicast packets. The reliable transport can send multicast packets quickly when unacknowledged packets are pending. This provision helps to ensure that the convergence time remains low for various speed links.
The Reliable Transport Protocol includes the following message types:
• Hello—Used for neighbor discovery and recovery. By default, EIGRP sends a periodic multicast Hello message on the local network at the configured hello interval. By default, the hello interval is 5 seconds.
• Acknowledgement—Verify reliable reception of Updates, Queries, and Replies.
• Updates—Send to affected neighbors when routing information changes. Updates include the route destination, address mask, and route metrics such as delay and bandwidth. The update information is stored in the EIGRP topology table.
• Queries and Replies—Sent as part of the Diffusing Update Algorithm used by EIGRP.
Neighbor Discovery and Recovery
EIGRP uses the Hello messages from the Reliable Transport Protocol to discover neighboring EIGRP routers on directly attached networks. EIGRP adds neighbors to the neighbor table. The information in the neighbor table includes the neighbor address, the interface it was learned on, and the hold time, which indicates how long EIGRP should wait before declaring a neighbor unreachable. By default, the hold time is three times the hello interval or 15 seconds.
EIGRP sends a series of Update messages to new neighbors to share the local EIGRP routing information.
This route information is stored in the EIGRP topology table. After this initial transmission of the full EIGRP route information, EIGRP sends Update messages only when a routing change occurs. These Update messages contain only the new or changed information and are sent only to the neighbors affected by the change.
EIGRP also uses the Hello messages as a keepalive to its neighbors. As long as Hello messages are received,
Cisco NX-OS can determine that a neighbor is alive and functioning.
Diffusing Update Algorithm
The Diffusing Update Algorithm (DUAL) calculates the routing information based on the destination networks in the topology table. The topology table includes the following information:
• IPv4 or IPv6 address/mask—The network address and network mask for this destination.
• Successors—The IP address and local interface connection for all feasible successors or neighbors that advertise a shorter distance to the destination than the current feasible distance.
206
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
EIGRP Route Updates
• Feasibility distance (FD)—The lowest calculated distance to the destination. The feasibility distance is the sum of the advertised distance from a neighbor plus the cost of the link to that neighbor.
DUAL uses the distance metric to select efficient, loop-free paths. DUAL selects routes to insert into the unicast Routing Information Base (RIB) based on feasible successors. When a topology change occurs, DUAL looks for feasible successors in the topology table. If there are feasible successors, DUAL selects the feasible successor with the lowest feasible distance and inserts that into the unicast RIB, avoiding unnecessary recomputation.
When there are no feasible successors but there are neighbors advertising the destination, DUAL transitions from the passive state to the active state and triggers a recomputation to determine a new successor or next-hop router to the destination. The amount of time required to recompute the route affects the convergence time.
EIGRP sends Query messages to all neighbors, searching for feasible successors. Neighbors that have a feasible successor send a Reply message with that information. Neighbors that do not have feasible successors trigger a DUAL recomputation.
EIGRP Route Updates
When a topology change occurs, EIGRP sends an Update message with only the changed routing information to affected neighbors. This Update message includes the distance information to the new or updated network destination.
The distance information in EIGRP is represented as a composite of available route metrics, including bandwidth, delay, load utilization, and link reliability. Each metric has an associated weight that determines if the metric is included in the distance calculation. You can configure these metric weights. You can fine-tune link characteristics to achieve optimal paths, but we recommend that you use the default settings for most configurable metrics.
Internal Route Metrics
Internal routes are routes that occur between neighbors within the same EIGRP autonomous system. These routes have the following metrics:
• Next hop—The IP address of the next-hop router.
• Delay—The sum of the delays configured on the interfaces that make up the route to the destination network. The delay is configured in tens of microseconds.
• Bandwidth—The calculation from the lowest configured bandwidth on an interface that is part of the route to the destination.
Note We recommend that you use the default bandwidth value. This bandwidth parameter is also used by EIGRP.
• MTU—The smallest maximum transmission unit value along the route to the destination.
• Hop count—The number of hops or routers that the route passes through to the destination. This metric is not directly used in the DUAL computation.
• Reliability—An indication of the reliability of the links to the destination.
• Load—An indication of how much traffic is on the links to the destination.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
207
Routing
Wide Metrics
By default, EIGRP uses the bandwidth and delay metrics to calculate the distance to the destination. You can modify the metric weights to include the other metrics in the calculation.
Wide Metrics
EIGRP supports wide (64-bit) metrics to improve route selection on higher-speed interfaces or bundled interfaces. Routers supporting wide metrics can interoperate with routers that do not support wide metrics as follows:
• A router that supports wide metrics—Adds local wide metrics values to the received values and sends the information on.
• A router that does not support wide metrics— Sends any received metrics on without changing the values.
EIGRP uses the following equation to calculate path cost with wide metrics: metric = [k1 x bandwidth + (k2 x bandwidth)/(256 – load) + k3 x delay + k6 xextended attributes] x
[k5/(reliability + k4)]
Because the unicast RIB cannot support 64-bit metric values, EIGRP wide metrics use the following equation with a RIB scaling factor to convert the 64-bit metric value to a 32-bit value:
RIB Metric = (Wide Metric / RIB scale value) where the RIB scale value is a configurable parameter.
EIGRP wide metrics introduce the following two new metric values represented as k6 in the EIGRP metrics configuration:
• Jitter—(Measured in microseconds) accumulated across all links in the route path. Routes lower jitter values are preferred for EIGRP path selection.
• Energy—(Measured in watts per kilobit) accumulated across all links in the route path. Routes lower energy values are preferred for EIGRP path selection.
EIGRP prefers a path with no jitter or energy metric values or lower jitter or metric values over a path with higher values.
Note EIGRP wide metrics are sent with a TLV version of 2.
External Route Metrics
External routes are routes that occur between neighbors in different EIGRP autonomous systems. These routes have the following metrics:
• Next hop—The IP address of the next-hop router.
• Router ID—The router ID of the router that redistributed this route into EIGRP.
• AS number—The autonomous system number of the destination.
• Protocol ID—A code that represents the routing protocol that learned the destination route.
• Tag—An arbitrary tag that can be used for route maps.
• Metric—The route metric for this route from the external routing protocol.
208
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
EIGRP and the Unicast RIB
EIGRP and the Unicast RIB
EIGRP adds all learned routes to the EIGRP topology table and the unicast RIB. When a topology change occurs, EIGRP uses these routes to search for a feasible successor. EIGRP also listens for notifications from the unicast RIB for changes in any routes redistributed to EIGRP from another routing protocol.
Advanced EIGRP
You can use the advanced features of EIGRP to optimize your EIGRP configuration.
Address Families
EIGRP supports both IPv4 and IPv6 address families. For backward compatibility, you can configure EIGRPv4 in route configuration mode or in IPv4 address family mode. You must configure EIGRP for IPv6 in address family mode.
Address family configuration mode includes the following EIGRP features:
• Authentication
• AS number
• Default route
• Metrics
• Distance
• Graceful restart
• Logging
• Load balancing
• Redistribution
• Router ID
• Stub router
• Timers
You cannot configure the same feature in more than one configuration mode. For example, if you configure the default metric in router configuration mode, you cannot configure the default metric in address family mode.
Authentication
You can configure authentication on EIGRP messages to prevent unauthorized or invalid routing updates in your network. EIGRP authentication supports MD5 authentication digest.
You can configure the EIGRP authentication per virtual routing and forwarding (VRF) instance or interface using key-chain management for the authentication keys. Key-chain management allows you to control changes to the authentication keys used by MD5 authentication digest. See the Cisco Nexus 7000 Series NX-OS Security
Configuration Guide , for more details about creating key chains.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
209
Routing
Stub Routers
For MD5 authentication, you configure a password that is shared at the local router and all remote EIGRP neighbors. When an EIGRP message is created, Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password and sends this digest along with the EIGRP message. The receiving EIGRP neighbor validates the digest using the same encrypted password. If the message has not changed, the calculation is identical and the EIGRP message is considered valid.
MD5 authentication also includes a sequence number with each EIGRP message that is used to ensure that no message is replayed in the network.
Stub Routers
You can use the EIGRP stub routing feature to improve network stability, reduce resource usage, and simplify stub router configuration. Stub routers connect to the EIGRP network through a remote router.
When using EIGRP stub routing, you need to configure the distribution and remote routers to use EIGRP and configure only the remote router as a stub. EIGRP stub routing does not automatically enable summarization on the distribution router. In most cases, you need to configure summarization on the distribution routers.
Without EIGRP stub routing, even after the routes that are sent from the distribution router to the remote router have been filtered or summarized, a problem might occur. For example, if a route is lost somewhere in the corporate network, EIGRP could send a query to the distribution router. The distribution router could then send a query to the remote router even if routes are summarized. If a problem communicating over the
WAN link between the distribution router and the remote router occurs, EIGRP could get stuck in an active condition and cause instability elsewhere in the network. EIGRP stub routing allows you to prevent queries to the remote router.
Route Summarization
You can configure a summary aggregate address for a specified interface. Route summarization simplifies route tables by replacing a number of more-specific addresses with an address that represents all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address,
10.1.0.0/16.
If more specific routes are in the routing table, EIGRP advertises the summary address from the interface with a metric equal to the minimum metric of the more specific routes.
Note EIGRP does not support automatic route summarization.
Route Redistribution
You can use EIGRP to redistribute static routes, routes learned by other EIGRP autonomous systems, or routes from other protocols. You must configure a route map with the redistribution to control which routes are passed into EIGRP. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on.
You also configure the default metric that is used for all imported routes into EIGRP.
You use distribute lists to filter routes from routing updates. These filtered routes are applied to each interface with the ip distribute-list eigrp command.
210
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Load Balancing
Load Balancing
You can use load balancing to allow a router to distribute traffic over all the router network ports that are the same distance from the destination address. Load balancing increases the usage of network segments, which increases effective network bandwidth.
Cisco NX-OS supports the Equal Cost Multiple Paths (ECMP) feature with up to 16 equal-cost paths in the
EIGRP route table and the unicast RIB. You can configure EIGRP to load balance traffic across some or all of those paths.
Note EIGRP in Cisco NX-OS does not support unequal cost load balancing.
Split Horizon
You can use split horizon to ensure that EIGRP never advertises a route out of the interface where it was learned.
Split horizon is a method that controls the sending of EIGRP update and query packets. When you enable split horizon on an interface, Cisco NX-OS does not send update and query packets for destinations that were learned from this interface. Controlling update and query packets in this manner reduces the possibility of routing loops.
Split horizon with poison reverse configures EIGRP to advertise a learned route as unreachable back through that the interface that EIGRP learned the route from.
EIGRP uses split horizon or split horizon with poison reverse in the following scenarios:
• Exchanging topology tables for the first time between two routers in startup mode.
• Advertising a topology table change.
• Sending a Query message.
By default, the split horizon feature is enabled on all interfaces.
BFD
This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol designed to provide fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 7000 Series NX-OS Interfaces
Configuration Guide , for more information.
Virtualization Support for EIGRP
Cisco NX-OS supports multiple instances of EIGRP that runs on the same system. EIGRP supports Virtual
Routing and Forwarding instances (VRFs). VRFs exist within virtual device contexts (VDCs). By default,
Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide , for more information.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
211
Routing
Graceful Restart and High Availability
Graceful Restart and High Availability
Cisco NX-OS supports nonstop forwarding and graceful restart for EIGRP.
You can use nonstop forwarding for EIGRP to forward data packets along known routes in the FIB while the
EIGRP routing protocol information is being restored following a failover. With nonstop forwarding (NSF), peer networking devices do not experience routing flaps. During failover, data traffic is forwarded through intelligent modules while the standby supervisor becomes active.
If a Cisco NX-OS system experiences a cold reboot, the device does not forward traffic to the system and removes the system from the network topology. In this scenario, EIGRP experiences a stateless restart, and all neighbors are removed. Cisco NX-OS applies the startup configuration, and EIGRP rediscovers the neighbors and shares the full EIGRP routing information again.
A dual supervisor platform that runs Cisco NX-OS can experience a stateful supervisor switchover. Before the switchover occurs, EIGRP uses a graceful restart to announce that EIGRP will be unavailable for some time. During a switchover, EIGRP uses nonstop forwarding to continue forwarding traffic based on the information in the FIB, and the system is not taken out of the network topology.
The graceful restart-capable router uses Hello messages to notify its neighbors that a graceful restart operation has started. When a graceful restart-aware router receives a notification from a graceful restart-capable neighbor that a graceful restart operation is in progress, both routers immediately exchange their topology tables. The graceful restart-aware router performs the following actions to assist the restarting router as follows:
• The router expires the EIGRP Hello hold timer to reduce the time interval set for Hello messages. This process allows the graceful restart-aware router to reply to the restarting router more quickly and reduces the amount of time required for the restarting router to rediscover neighbors and rebuild the topology table.
• The router starts the route-hold timer. This timer sets the period of time that the graceful restart-aware router will hold known routes for the restarting neighbor. The default time period is 240 seconds.
• The router notes in the peer list that the neighbor is restarting, maintains adjacency, and holds known routes for the restarting neighbor until the neighbor signals that it is ready for the graceful restart-aware router to send its topology table or the route-hold timer expires. If the route-hold timer expires on the graceful restart-aware router, the graceful restart-aware router discards held routes and treats the restarting router as a new router that joins the network and reestablishes adjacency.
After the switchover, Cisco NX-OS applies the running configuration, and EIGRP informs the neighbors that it is operational again.
Note You must enable graceful restart to support in-service software upgrades (ISSU) for EIGRP. If you disable graceful restart, Cisco NX-OS issues a warning that an ISSU cannot be supported with this configuration.
Multiple EIGRP Instances
Cisco NX-OS supports multiple instances of the EIGRP protocol that run on the same system. Every instance uses the same system router ID. You can optionally configure a unique router ID for each instance. For the number of supported EIGRP instances, see the Cisco Nexus 7000 Series NX-OS Verified Scalabilty Guide .
212
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Prerequisites for EIGRP
Prerequisites for EIGRP
You must enable EIGRP.
If you configure VDCs, you must install the Advanced Services license and enter the desired VDC (see the
Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide ).
Guidelines and Limitations for EIGRP
• A system configured with EIGRP 64bit metric version and having 32bit metric version neighbors precision in delay conversion from 64bit metric to 32bit metric and from 32bit metric to 64bit metric is improved.
It implies that the 32bit metric of prefixes in the 64bit EIGRP system and 64bit metric of prefixed in
32bit EIGRP system changes from previous releases. This is not applicable for the 32bit metric EIGRP system or if all neighbors are the 64bit metric version.
• When you configure a table map, administrative distance of the routes and the metric, the configuration commands make the EIGRP neighbours to flap. This is an expected behavior.
• If the filtered list is modified when redistributing routes into EIGRP and filtering prefixes with a route map or prefix list, all prefixes permitted by the filter, even those not touched, are refreshed in the EIGRP topology table. This refresh is signaled to all EIGRP routers in the query domain for this set of prefixes.
• A metric configuration (either through the default-metric configuration option or through a route map) is required for redistribution from any other protocol, connected routes, or static routes.
• For graceful restart, an NSF-aware router must be up and completely converged with the network before it can assist an NSF-capable router in a graceful restart operation.
• For graceful restart, neighboring devices participating in the graceful restart must be NSF-aware or
NSF-capable.
• Cisco NX-OS EIGRP is compatible with EIGRP in the Cisco IOS software.
• Do not change the metric weights without a good reason. If you change the metric weights, you must apply the change to all EIGRP routers in the same autonomous system.
• A mix of standard metrics and wide metrics in an EIGRP network with interface speeds of 1 Gigabit or greater may result in suboptimal routing.
• Consider using stubs for larger networks.
• Avoid redistribution between different EIGRP autonomous systems because the EIGRP vector metric will not be preserved.
• The no { ip | ipv6 } next-hop-self command does not guarantee reachability of the next hop.
• The { ip | ipv6 } passive-interface eigrp command suppresses neighbors from forming.
• Cisco NX-OS does not support IGRP or connecting IGRP and EIGRP clouds.
• Autosummarization is disabled by default and cannot be enabled.
• Cisco NX-OS supports only IP.
• EIGRPv6 adjacency cannot be formed over an interface that only has IPv6 link local address.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
213
Routing
Default Settings for EIGRP Parameters
Global IPv6 address is required on the interface for EIGRPv6 neighbour adjacency to be formed over such interface.
• High availability is not supported with EIGRP aggressive timers.
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings for EIGRP Parameters
Table 19: Default Settings for EIGRP Parameters
Parameters
Administrative distance
Bandwidth percent
Default metric for redistributed routes
EIGRP feature
Hello interval
Hold time
Equal-cost paths
Metric weights
Next-hop address advertised
NSF convergence time
NSF route-hold time
NSF signal time
Redistribution
Split horizon
Default
Internal routes—90
External routes—170
50 percent
Bandwidth—100000 Kb/s
Delay—100 (10 microsecond units)
Reliability—255
Loading—1
MTU—1500
Disabled
5 seconds
15 seconds
8
1 0 1 0 0 0
IP address of local interface
120
240
20
Disabled
Enabled
214
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Basic EIGRP
Configuring Basic EIGRP
Enabling or Disabling the EIGRP Feature
You must enable the EIGRP feature before you can configure EIGRP.
Step 1
Step 2
Step 3
Step 4
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# [ no ] feature eigrp
(Optional) switch(config)# show feature
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables the EIGRP feature. The no option disables the
EIGRP feature and removes all associated configuration.
Displays information about enabled features.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example enables EIGRP: switch# configure terminal switch(config)# feature eigrp switch(config)# copy running-config startup-config
Creating an EIGRP Instance
You can create an EIGRP instance and associate an interface with that instance. You assign a unique autonomous system number for this EIGRP process. Routes are not advertised or accepted from other autonomous systems unless you enable route redistribution.
Before you begin
• Ensure that you have enabled the EIGRP feature.
• EIGRP must be able to obtain a router ID (for example, a configured loopback address) or you must configure the router ID option.
• If you configure an instance tag that does not qualify as an AS number, you must configure the AS number explicitly or this EIGRP instance remains in the shutdown state. For IPv6, this number must be configured under address family.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
215
Routing
Creating an EIGRP Instance
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Procedure
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# [ no ] router eigrp instance-tag Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance tag that does not qualify as an
AS number, you must use the autonomous-system command to configure the AS number explicitly or this
EIGRP instance will remain in the shutdown state.
The no option deletes the EIGRP process and all associated configuration. You should also remove any EIGRP commands configured in interface mode if you remove the
EIGRP process.
(Optional) switch(config-router)# as-number autonomous-system Configures a unique AS number for this EIGRP instance.
The range is from 1 to 65535.
(Optional) switch(config-router)# log-adjacency-changes Generates a system message whenever an adjacency changes state. This command is enabled by default.
(Optional) switch(config-router)# log-neighbor-warnings
[ seconds ]
Generates a system message whenever a neighbor warning occurs.
You can configure the time between warning messages, from 1 to 65535, in seconds. The default is 10 seconds. This command is enabled by default.
switch(config-router)# interface interface-type slot / port switch(config-if)# { ip | ipv6 } router eigrp instance-tag
Enters interface configuration mode. Use ?
to determine the slot and port ranges.
Associates this interface with the configured EIGRP process.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) switch(config-if)# show { ip | ipv6 } eigrp interfaces
(Optional) switch(config-if)# copy running-config startup-config
Displays information about EIGRP interfaces.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create an EIGRP process and configure an interface for EIGRP:
216
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Restarting an EIGRP Instance switch# configure terminal switch(config)# router eigrp Test1 switch(config)# interface ethernet 1/2 switch(config-if)# ip router eigrp Test1 switch(config-if)# no shutdown switch(config-if)# copy running-config startup-config
Restarting an EIGRP Instance
You can restart an EIGRP instance. This action clears all neighbors for the instance.
Step 1
Procedure
Command or Action
(Optional) switch(config)# flush-routes
Step 2
Step 3
Required: switch(config)# restart eigrp instance-tag
(Optional) switch(config)# copy running-config startup-config
Purpose
Flushes all EIGRP routes in the unicast RIB when this
EIGRP instance restarts.
Restarts the EIGRP instance and removes all neighbors.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to restart an EIGRP instance: switch(config)# flush-routes switch(config)# restart eigrp Test1 switch(config)# copy running-config startup-config
Shutting Down an EIGRP Instance
You can gracefully shut down an EIGRP instance. This action removes all routes and adjacencies but preserves the EIGRP configuration.
Step 1
Step 2
Procedure
Command or Action switch(config-router)# shutdown
(Optional) switch(config-router)# copy running-config startup-config
Purpose
Disables this instance of EIGRP. The EIGRP router configuration remains.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
217
Routing
Configuring a Passive Interface for EIGRP
Example
The following example shows how to shut down an EIGRP instance: switch(config-router)# shutdown switch(config-router)# copy running-config startup-config
Configuring a Passive Interface for EIGRP
You can configure a passive interface for EIGRP. A passive interface does not participate in EIGRP adjacency, but the network address for the interface remains in the EIGRP topology table.
Step 1
Step 2
Procedure
Command or Action switch(config-if)# { ip | ipv6 } passive-interface eigrp instance-tag
(Optional) switch(config-if)# copy running-config startup-config
Purpose
Suppresses EIGRP hellos, which prevents neighbors from forming and sending routing updates on an EIGRP interface.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Note To configure all EIGRP interfaces as passive by default, use the passive-interface default command.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to configure a passive interface for EIGRP: switch(config-if)# ip passive-interface eigrp tag10 switch(config-if)# copy running-config startup-config
Shutting Down EIGRP on an Interface
You can gracefully shut down EIGRP on an interface. This action removes all adjacencies and stops EIGRP traffic on this interface but preserves the EIGRP configuration.
Step 1
Procedure
Command or Action Purpose switch(config-if)# { ip | ipv6 } eigrp instance-tag shutdown Disables EIGRP on this interface. The EIGRP interface configuration remains. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
218
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Advanced EIGRP
Step 2
Command or Action
(Optional) switch(config-if)# copy running-config startup-config
Purpose
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to shut down EIGRP on an interface: switch(config-if)# ip eigrp Test1 shutdown switch(config-if)# copy running-config startup-config
Configuring Advanced EIGRP
Configuring Authentication in EIGRP
You can configure authentication between neighbors for EIGRP. You can configure EIGRP authentication for the EIGRP process or for individual interfaces. The interface EIGRP authentication configuration overrides the EIGRP process-level authentication configuration.
Before you begin
• Ensure that you have enabled the EIGRP feature.
• Ensure that all neighbors for an EIGRP process share the same authentication configuration, including the shared authentication key.
• Create the key chain for this authentication configuration. For more information, see the Cisco Nexus
7000 Series NX-OS Security Configuration Guide .
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Step 1
Step 2
Step 3 switch#
Procedure
Command or Action configure terminal switch(config)# router eigrp instance-tag switch(config-router)# address-family { ipv4 | ipv6 } unicast
Purpose
Enters global configuration mode.
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance tag that does not qualify as an AS number, you must use the autonomous-system command to configure the AS number explicitly or this
EIGRP instance will remain in the shutdown state.
Enters the address-family configuration mode. This command is optional for IPv4.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
219
Routing
Configuring EIGRP Stub Routing
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Command or Action switch(config-router-af)# authentication key-chain key-chain
Purpose
Associates a key chain with this EIGRP process for this
VRF. The key chain can be any case-sensitive, alphanumeric string up to 20 characters.
switch(config-router-af)# authentication mode md5 Configures MD5 message digest authentication mode for this VRF.
switch(config-router-af)# interface interface-type slot/port Enters interface configuration mode. Use ?
to find the supported interfaces.
switch(config-if)# { ip | ipv6 } router eigrp instance-tag Associates this interface with the configured EIGRP process. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
switch(config-if)# { ip | ipv6 } authentication key-chain
eigrp instance-tag key-chain
Associates a key chain with this EIGRP process for this interface. This configuration overrides the authentication configuration set in the router VRF mode. The instance tag can be any case-sensitive, alphanumeric string up to
20 characters.
switch(config-if)# { ip | ipv6 } authentication mode eigrp
instance-tag md5
Configures the MD5 message digest authentication mode for this interface. This configuration overrides the authentication configuration set in the router VRF mode.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) switch(config-if)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to configure MD5 message digest authentication for EIGRP over
Ethernet interface 1/2: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# ip router eigrp Test1 switch(config-if)# ip authentication key-chain eigrp Test1 routeKeys switch(config-if)# ip authentication mode eigrp Test1 md5 switch(config-if)# copy running-config startup-config
Configuring EIGRP Stub Routing
To configure a router for EIGRP stub routing, use these commands in address-family configuration mode:
220
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Summary Address for EIGRP
Step 1
Step 2
Step 3
Procedure
Command or Action switch(config-router-af)# stub [ direct | receive-only | redistributed [ direct ] leak-map map-name ]
Purpose
Configures a remote router as an EIGRP stub router. The map name can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) switch(config-router-af)# show ip eigrp neighbor detail
Verifies that the router has been configured as a stub router.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to configure a stub router to advertise directly connected and redistributed routes. The last line of the output for the show ip eigrp neighbor detail command shows the stub status of the remote or spoke router.
switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# stub direct redistributed switch(config-router-af)# show ip eigrp neighbor detail
IP-EIGRP neighbors for process 201
H Address Interface Hold Uptime SRTT RTO Q Seq Type
0 10.1.1.2
Se3/1
(sec)
11 00:00:59
(ms)
1 4500
Cnt Num
0 7
Version 12.1/1.2, Retrans: 2, Retries: 0
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes switch(config-router-af)# copy running-config startup-config
Configuring a Summary Address for EIGRP
You can configure a summary aggregate address for a specified interface. If any more specific routes are in the routing table, EIGRP advertises the summary address out the interface with a metric equal to the minimum of all more specific routes.
Step 1
Procedure
Command or Action switch(config-if)# { ip | ipv6 } summary-address eigrp instance-tag ip-prefix/length [ distance | leak-map map-name ]
Purpose
Configures a summary aggregate address as either an IP address and network mask or an IP prefix/length. The instance tag and map name can be any case-sensitive, alphanumeric string up to 20 characters.
You can optionally configure the administrative distance for this aggregate address. The default administrative distance is 5 for aggregate addresses.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
221
Routing
Redistributing Routes into EIGRP
Step 2
Command or Action
(Optional) switch(config-if)# copy running-config startup-config
Purpose
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to cause EIGRP to summarize network 192.0.2.0 out Ethernet
1/2 only: switch(config)# interface ethernet 1/2 switch(config-if)# ip summary-address eigrp Test1 192.0.2.0 255.255.255.0
switch(config-if)# copy running-config startup-config
Redistributing Routes into EIGRP
You can redistribute routes in EIGRP from other routing protocols.
Before you begin
• Ensure that you have enabled the EIGRP feature.
• You must configure the metric (either through the default-metric configuration option or through a route map) for routes redistributed from any other protocol.
• You must create a route map to control the types of routes that are redistributed into EIGRP.
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Step 1
Step 2
Step 3
Step 4
Procedure
Command or Action switch# configure terminal switch(config)# router eigrp instance-tag
Purpose
Enters global configuration mode.
switch(config-router)# address-family { ipv4 | ipv6 } unicast
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance tag that does not qualify as an
AS number, you must use the autonomous-system command to configure the AS number explicitly or this
EIGRP instance will remain in the shutdown state.
Enters the address-family configuration mode. This command is optional for IPv4.
switch(config-router-af)# redistribute { bgp as | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | direct | static }
route-map map-name
Injects routes from one routing domain into EIGRP. The instance tag and map name can be any case-sensitive, alphanumeric string up to 20 characters.
222
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Limiting the Number of Redistributed Routes
Step 5
Step 6
Step 7
Command or Action Purpose switch(config-router-af)# default-metric bandwidth delay reliability loading mtu
Sets the metrics assigned to routes learned through route redistribution. The default values are as follows:
• bandwidth—100000 Kb/s
• delay—100 (10 microsecond units)
• reliability—255
• loading—1
• MTU—1492
(Optional) switch(config-router-af)# show { ip | ipv6 } eigrp route-map statistics redistribute
Displays information about EIGRP route map statistics.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to redistribute BGP into EIGRP for IPv4: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# redistribute bgp 100 route-map BGPFilter switch(config-router)# default-metric 500000 30 200 1 1500 switch(config-router)# copy running-config startup-config
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the EIGRP route table. You can configure a maximum limit to the number of routes accepted from external protocols. EIGRP provides the following options to configure redistributed route limits:
• Fixed limit—Logs a message when EIGRP reaches the configured maximum. EIGRP does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where EIGRP logs a warning when that threshold is passed.
• Warning only—Logs a warning only when EIGRP reaches the maximum. EIGRP continues to accept redistributed routes.
• Withdraw—Starts the timeout period when EIGRP reaches the maximum. After the timeout period,
EIGRP requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, EIGRP withdraws all redistributed routes. You must clear this condition before EIGRP accepts more redistributed routes.
You can optionally configure the timeout period.
Before you begin
• Ensure that you have enabled the EIGRP feature.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
223
Routing
Configuring the Administrative Distance of Routes
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Procedure
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# router eigrp instance-tag Creates a new EIGRP process with the configured instance tag.
switch(config-router)# redistribute { bgp id | direct | eigrp id | isis id | ospf id | rip id | static } route-map map-name
Redistributes the selected protocol into EIGRP through the configured route map.
switch(config-router)# redistribute maximum-prefix max
[ threshold ] [ warning-only | withdraw [ num-retries timeout ]]
Specifies a maximum number of prefixes that EIGRP distributes. The range is from 0 to 65536. Optionally specifies the following:
• threshold —Percent of maximum prefixes that triggers a warning message.
• warning-only —Logs a warning message when the maximum number of prefixes is exceeded.
• withdraw —Withdraws all redistributed routes.
Optionally tries to retrieve the redistributed routes.
The num-retries range is from 1 to 12. The timeout is from 60 to 600 seconds. The default is 300 seconds.
Use the clear ip eigrp redistribution command if all routes are withdrawn.
(Optional) switch(config-router)# show running-config eigrp
(Optional) switch(config-router)# copy running-config startup-config
Displays the EIGRP configuration.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to limit the number of redistributed routes into EIGRP: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# redistribute maximum-prefix 1000 75
Configuring the Administrative Distance of Routes
You can set the administrative distance of routes added by EIGRP into the RIB.
224
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Route-Map Filtering
Before you begin
You must enable EIGRP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router eigrp instance-tag
3.
switch(config-router)# table-map route-map-name [ filter ]
4.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Purpose
Enters global configuration mode.
switch(config)# router eigrp instance-tag Creates a new EIGRP instance and enters router configuration mode.
switch(config-router)# table-map route-map-name [ filter ] Configures a table map with route map information. You can enter up to 63 alphanumeric characters for the map name. The filter keyword filters routes rejected by the route map and does not download them to the RIB.
Note When you configure a table map, administrative distance of the routes and the metric, the configuration commands make the EIGRP neighbours to flap. This is an expected behavior.
Step 4 (Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring Route-Map Filtering
You can enable EIGRP to interoperate with other protocols to leverage additional routing functionality by filtering inbound and outbound traffic based on route-map options.
Step 1
Before you begin
You must enable EIGRP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
225
Routing
Configuring Route-Map Filtering
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Command or Action switch(config)# route-map map-tag [ permit | deny ]
[ sequence-number ] switch(config-route-map)# match metric metric-value
[ +- deviation-number ] [...
metric-value [ +deviation-number ]] switch(config-route-map)# source-protocol switch(config)#
[ as-number switch(config-route-map)# switch(config-route-map)# switch(config)# match source-protocol
]
set tag tag-value exit
router eigrp instance-tag switch(config-router)#
interface interface-type slot/port switch(config-if)# switch(config-if)# exit
ip address ip-address
ip router eigrp as-number switch(config-if)# ip distribute-list eigrp as-number
route-map map-tag in
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters route-map configuration mode.
Specifies a match clause that filters inbound updates that match an internal or external protocol metric.
The metric-value argument is an internal protocol metric that can be an EIGRP five-part metric. The range is from
1 to 4294967295.
The +- deviation-number argument represents a standard deviation, which can be any number. When you specify a metric deviation with the + and keywords, the router matches any metric that falls inclusively in that range.
Specifies a match clause that matches external routes from sources that match the source protocol.
The source-protocol argument is the protocol to match.
The valid options are bgp , connected , eigrp , isis , ospf , rip , and static .
The as-number argument does not apply to the connected , rip , and static options. The range is from 1 to 65535.
Sets a tag value on the route in the destination routing protocol when all the match criteria of a route map are met.
Exits route-map configuration mode.
Creates a new EIGRP instance and enters router configuration mode.
Exits router configuration mode.
Enters interface configuration mode. Use ? to determine the slot and port ranges.
Specifies an IP address for the EIGRP routing process.
Configures the EIGRP routing process and enters the router configuration mode.
Filters networks received in updates.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
226
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Load Balancing in EIGRP
Configuring Load Balancing in EIGRP
You can configure the number of Equal Cost Multiple Path (ECMP) routes using the maximum-paths option.
Before you begin
• Ensure that you have enabled the EIGRP feature.
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Step 1
Step 2
Step 3
Step 4
Step 5 switch#
Procedure
Command or Action configure terminal switch(config)# router eigrp instance-tag
Purpose
Enters global configuration mode.
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance tag that does not qualify as an
AS number, you must use the autonomous-system command to configure the AS number explicitly or this
EIGRP instance remains in the shutdown state.
switch(config-router)# address-family { ipv4 | ipv6 } unicast switch(config-router-af)# maximum-paths num-paths
Enters the address-family configuration mode. This command is optional for IPv4.
Sets the number of equal cost paths that EIGRP accepts in the route table. The range is from 1 to 16. The default is 8.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to configure equal cost load balancing for EIGRP over IPv4 with a maximum of six equal cost paths: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# maximum-paths 6 switch(config-router-af)# copy running-config startup-config
Configuring Graceful Restart for EIGRP
You can configure graceful restart or nonstop forwarding for EIGRP.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
227
Routing
Configuring Graceful Restart for EIGRP
Note Graceful restart is enabled by default.
Before you begin
• Ensure that you have enabled the EIGRP feature.
• An NSF-aware router must be up and completely converged with the network before it can assist an
NSF-capable router in a graceful restart operation.
• Neighboring devices participating in the graceful restart must be NSF aware or NSF capable.
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Command or Action switch#
Procedure configure terminal switch(config)# router eigrp instance-tag switch(config-router)# unicast address-family switch(config-router-af)# switch(config-router-af)#
{ ipv4 graceful-restart
| ipv6 }
timers nsf converge seconds
Purpose
Enters global configuration mode.
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance tag that does not qualify as an
AS number, you must use the autonomous-system command to configure the AS number explicitly or this
EIGRP instance remains in the shutdown state.
Enters the address-family configuration mode. This command is optional for IPv4.
Enables graceful restart. This feature is enabled by default.
Sets the time limit for the convergence after a switchover.
The range is from 60 to 180 seconds. The default is 120.
switch(config-router-af)# timers nsf route-hold seconds Sets the hold time for routes learned from the graceful restart-aware peer. The range is from 20 to 300 seconds.
The default is 240.
switch(config-router-af)# timers nsf signal seconds Sets the time limit for signaling a graceful restart. The range is from 10 to 30 seconds. The default is 20.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
228
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Adjusting the Interval Between Hello Packets and the Hold Time
Example
This example shows how to configure graceful restart for EIGRP over IPv6 using the default timer values: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# address-family ipv6 unicast switch(config-router-af)# graceful-restart switch(config-router-af)# copy running-config startup-config
Adjusting the Interval Between Hello Packets and the Hold Time
You can adjust the interval between Hello messages and the hold time.
By default, Hello messages are sent every 5 seconds. The hold time is advertised in Hello messages and indicates to neighbors the length of time that they should consider the sender valid. The default hold time is three times the hello interval, or 15 seconds.
On very congested and large networks, the default hold time might not be sufficient time for all routers to receive hello packets from their neighbors. In this case, you might want to increase the hold time.
SUMMARY STEPS
1.
switch(config-if)# { ip | ipv6 } hello-interval eigrp instance-tag seconds
2.
switch(config-if)# { ip | ipv6 } hold-time eigrp instance-tag seconds
3.
(Optional) switch(config-if)# show ip eigrp interface detail
4.
(Optional) switch(config-if)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch(config-if)# { ip | ipv6 } hello-interval eigrp instance-tag seconds
Purpose
Configures the hello interval for an EIGRP routing process.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The range is from 1 to 65535 seconds. The default is 5.
switch(config-if)# { ip | ipv6 } hold-time eigrp instance-tag seconds
Configures the hold time for an EIGRP routing process.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The range is from 1 to 65535 seconds.
Step 3
Step 4
(Optional) switch(config-if)# show ip eigrp interface detail Verifies the timer configuration.
(Optional) switch(config-if)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
229
Routing
Disabling Split Horizon
Example
The following example shows how to change the interval between Hello packets and the hold time: switch(config)# interface ethernet 1/2 switch(config-if)# ip hello-interval eigrp Test1 30 switch(config-if)# ip hold-time eigrp Test1 30 switch(config-if)# show ip eigrp interface detail switch(config-if)# copy running-config startup-config
Disabling Split Horizon
You can use split horizon to block route information from being advertised by a router out of any interface from which that information originated. Split horizon usually optimizes communications among multiple routing devices, particularly when links are broken.
By default, split horizon is enabled on all interfaces.
Step 1
Step 2
Procedure
Command or Action switch(config-if)# no { ip | ipv6 } split-horizon eigrp instance-tag
(Optional) switch(config-if)# copy running-config startup-config
Purpose
Disables split horizon.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to disable split horizon on a particular interface: switch(config)# interface ethernet 1/2 switch(config-if)# no ip split-horizon eigrp Test1 switch(config-if)# copy running-config startup-config
Enabling Wide Metrics
You can enable wide metrics in router or address family configuration mode.
SUMMARY STEPS
1.
switch(config-router)# metrics version 64bit
2.
switch(config-router)# metrics rib-scale value
3.
(Optional) switch(config-router)# copy running-config startup-config
230
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Tuning EIGRP
DETAILED STEPS
Step 1
Step 2
Step 3
Command or Action switch(config-router)# switch(config-router)# metrics version 64bit
metrics rib-scale value
(Optional) switch(config-router)# copy running-config startup-config
Purpose
Enables 64-bit metric values.
(Optional) Configures the scaling factor used to convert the
64-bit metric values to 32 bit in the RIB. The range is from
1 to 255. The default value is 128.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to enable wide metrics in router configuration mode: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# metrics version 64bit switch(config-router)# metrics rib-scale 128 switch(config-router)# copy running-config startup-config
Tuning EIGRP
You can configure optional parameters to tune EIGRP for your network. Some of the parameters can be configured in address-family configuration mode, and others can be configured in interface configuration mode.
Step 1
Step 2
Step 3
Procedure
Command or Action Purpose
(Optional) switch(config-router-af)# default-information originate [ always | route-map map-name ]
Originates or accepts the default route with prefix 0.0.0.0/0.
When a route-map is supplied, the default route is originated only when the route map yields a true condition.
The route-map name can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) switch(config-router-af)# distance internal external
Configures the administrative distance for this EIGRP process. The range is from 1 to 255. The internal value sets the distance for routes learned from within the same autonomous system (the default value is 90). The external value sets the distance for routes learned from an external autonomous system (the default value is 170).
(Optional) switch(config-router-af)# metric max-hops hop-count
Sets the maximum allowed hops for an advertised route.
Routes over this maximum are advertised as unreachable.
The range is from 1 to 255. The default is 100.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
231
Routing
Tuning EIGRP
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Command or Action
(Optional) switch(config-router-af)# metric weights tos k1 k2 k3 k4 k5 k6
Purpose
Adjusts the EIGRP metric or K value. EIGRP uses the following formula to determine the total metric to the network: metric = [k1 x bandwidth + (k2 x bandwidth)/(256 – load)
+ k3 x delay + k6 x extended attributes] x [k5/(reliability
+ k4)]
Default values and ranges are as follows:
• TOS—0. The range is from 0 to 8.
• k1—1. The range is from 0 to 255.
• k2—0. The range is from 0 to 255.
• k3—1. The range is from 0 to 255.
• k4—0. The range is from 0 to 255.
• k5—0. The range is from 0 to 255.
• k6—0. The range is from 0 to 255.
(Optional) switch(config-router-af)# timers active-time
{ time-limit | disabled }
Sets the time the router waits in minutes (after sending a query) before declaring the route to be stuck in the active
(SIA) state. The range is from 1 to 65535. The default is
3.
switch(config-router-af)# exit switch(config-router)# exit
Exits address-family configuration mode.
Exits router configuration mode.
switch(config)# interface ethernet slot/ / port Enters interface configuration mode.
(Optional) switch(config-if)# { ip | ipv6 } bandwidth eigrp instance-tag bandwidth
Configures the bandwidth metric for EIGRP on an interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The bandwidth range is from 1 to 2,560,000,000 Kb/s.
(Optional) switch(config-if)# { ip | ipv6 }
bandwidth-percent eigrp instance-tag percent
Configures the percentage of bandwidth that EIGRP might use on an interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
The percent range is from 0 to 100. The default is 50.
(Optional) switch(config-if)# no { ip | ipv6 } delay eigrp instance-tag delay
Configures the delay metric for EIGRP on an interface.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters. The delay range is from 1 to
16777215 (in tens of microseconds).
(Optional) switch(config-if)# { ip | ipv6 } distribute-list
eigrp instance-tag { prefix-list name | route-map map-name } { in | out }
Configures the route filtering policy for EIGRP on this interface. The instance tag, prefix list name, and route-map name can be any case-sensitive, alphanumeric string up to
20 characters.
232
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Tuning EIGRP
Step 13
Step 14
Step 15
Step 16
Command or Action Purpose
(Optional) switch(config-if)# no { ip | ipv6 } next-hop-self
eigrp instance-tag
Configures EIGRP to use the received next-hop address rather than the address for this interface. The default is to use the IP address of this interface for the next-hop address.
The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) switch(config-if)# { ip | ipv6 } offset-list eigrp instance-tag { prefix-list name | route-map map-name }
{ in | out } offset
Adds an offset to incoming and outgoing metrics to routes learned by EIGRP. The instance tag, prefix list name, and route-map name can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) switch(config-if)# { ip | ipv6 } passive-interface
eigrp instance-tag
Suppresses EIGRP hellos, which prevents neighbors from forming and sending routing updates on an EIGRP interface. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
(Optional) switch(config-if)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to configure optional parameters in address-family configuration mode to tune EIGRP for your network: switch# configure terminal switch(config)# router eigrp Test1 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# default-information originate always switch(config-router-af)# distance 25 100 switch(config-router-af)# metric max-hops 70 switch(config-router-af)# metric weights 0 1 3 2 1 0 switch(config-router-af)# timers active-time 200 switch(config-router-af)# copy running-config startup-config
The following example shows how to configure optional parameters in interface configuration mode to tune EIGRP for your network: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip bandwidth eigrp Test1 30000 switch(config-if)# ip bandwidth-percent eigrp Test1 30 switch(config-if)# ip delay eigrp Test1 100 switch(config-if)# ip distribute-list eigrp Test1 route-map EigrpTest in switch(config-if)# ip next-hop-self eigrp Test1 switch(config-if)# ip offset-list eigrp Test1 prefix-list EigrpList in switch(config-if)# ip passive-interface eigrp Test1 switch(config-if)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
233
Routing
Configuring Virtualization for EIGRP
Configuring Virtualization for EIGRP
You can configure multiple EIGRP processes in each VDC. You can also create multiple VRFs within each
VDC and use the same or multiple EIGRP processes in each VRF. You assign an interface to a VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a
VRF for an interface deletes all other configuration for that interface.
Before you begin
• Ensure that you have enabled the EIGRP feature.
• Create the VDCs and VRFs.
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# vrf context vrf-name
3.
switch(config-vrf)# router eigrp instance-tag
4.
switch(config-router)# interface ethernet slot/ / port
5.
switch(config-if)# vrf member vrf-name
6.
switch(config-if)# { ip | ipv6 } router eigrp instance-tag
7.
(Optional) switch(config-if)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# vrf context vrf-name
Step 3
Step 4 switch(config-vrf)# router eigrp instance-tag switch(config-router)# interface ethernet slot/ / port
Purpose
Enters global configuration mode.
Creates a new VRF and enters VRF configuration mode.
The VRF name can be any case-sensitive, alphanumeric string up to 20 characters.
Creates a new EIGRP process with the configured instance tag. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
If you configure an instance tag that does not qualify as an
AS number, you must use the autonomous-system command to configure the AS number explicitly or this
EIGRP instance remains in the shutdown state.
Enters interface configuration mode. Use ?
to find the slot and port ranges.
234
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Verifying the EIGRP Configuration
Step 5
Step 6
Step 7
Command or Action switch(config-if)# vrf member vrf-name switch(config-if)# { ip | ipv6 } router eigrp instance-tag
(Optional) switch(config-if)# startup-config copy running-config
Purpose
Adds this interface to a VRF. The VRF name can be any case-sensitive, alphanumeric string up to 20 characters.
Adds this interface to the EIGRP process. The instance tag can be any case-sensitive, alphanumeric string up to 20 characters.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# router eigrp Test1 switch(config-router)# interface ethernet 1/2 switch(config-if)# ip router eigrp Test1 switch(config-if)# vrf member NewVRF switch(config-if)# copy running-config startup-config
Verifying the EIGRP Configuration
Use one of the following commands to verify the configuration:
Command show { ip | ipv6 } eigrp [ instance-tag ]
Purpose
Displays a summary of the configured EIGRP processes.
show { ip | ipv6 } eigrp [ instance-tag ] interfaces [ type number ] [ brief ] [ detail ]
Displays information about all configured EIGRP interfaces.
show { ip | ipv6 } eigrp instance-tag neighbors [ type number ] [ detail ]
Displays information about all the EIGRP neighbors.
Use this command to verify the EIGRP neighbor configuration.
Displays information about all the EIGRP routes.
show { ip | ipv6 } eigrp [ instance-tag ] route
[ ip-prefix/length ] [ active ] [ all-links ] [ detail-links ]
[ pending ] [ summary ] [ zero-successors ] [ vrf vrf-name ] show { ip | ipv6 } eigrp [ instance-tag ] topology
[ ip-prefix/length ] [ active ] [ all-links ] [ detail-links ]
[ pending ] [ summary ] [ zero-successors ] [ vrf vrf-name ] show running-configuration eigrp
Displays information about the EIGRP topology table.
Displays the current running EIGRP configuration.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
235
Routing
Displaying EIGRP Statistics
Displaying EIGRP Statistics
Use one of the following commands to display EIGRP statistics:
Command show { ip | ipv6 } eigrp [ instance-tag ] accounting
[ vrf vrf-name ] show { ip | ipv6 } eigrp [ instance-tag ] route-map statistics redistribute show { ip | ipv6 } eigrp [ instance-tag ] traffic [ vrf vrf-name ]
Purpose
Displays accounting statistics for EIGRP.
Displays redistribution statistics for EIGRP.
Displays traffic statistics for EIGRP.
Configuration Example for EIGRP switch# configure terminal switch(config)# feature eigrp switch(config)# interface ethernet 1/2 switch(config-if)# ip address 192.0.2.55/24 switch(config-if)# ip router eigrp Test1 switch(config)# exit switch(config)# no shutdown switch(config)# router eigrp Test1 switch(config-router)# router-id 192.0.2.1
The following example shows how to use a route map with the distribute-list command to filter routes that are dynamically received from (or advertised to) EIGRP peers. The example configures a route table with a metric of 50, a source protocol of BGP, and an autonomous system number of 45000. When the match clauses is true, the tag value of the destination routing protocol is set to 5. The route map is used to distribute incoming packets for an EIGRP process switch(config)# route-map metric-range switch(config-route-map)# match metric 50 switch(config-route-map)# match source-protocol bgp 45000 switch(config-route-map)# set tag 5 switch(config-route-map)# exit switch(config)# router eigrp 1 switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# ip address 172.16.0.0
switch(config-if)# ip router eigrp 1 switch(config-if)# ip distribute-list eigrp 1 route-map metric-range in
The following example shows how to use a route map with the redistribute command to allow routes that are redistributed from the routing table to be filtered with a route map before being admitted into an EIGRP topology table. The example shows how to configure a route map to match EIGRP routes with a metric of
110, 200, or an inclusive range of 700 to 800. When the match clause is true, the tag value of the destination routing protocol is set to 10. The route map is used to redistribute EIGRP packets.
switch(config)# route-map metric-eigrp switch(config-route-map)# match metric 110 200 750 +- 50 switch(config-route-map)# set tag 10 switch(config-route-map)# exit
236
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Related Documents for EIGRP switch(config)# router eigrp 1 switch(config-router)# redistribute eigrp route-map metric-eigrp switch(config-router)# exit switch(config)# interface ethernet 1/2 switch(config-if)# ip address 172.16.0.0
switch(config-if)# ip router eigrp 1
Related Documents for EIGRP
Related Topic
EIGRP CLI commands
VDCs and VRFs
EIGRP overview
EIGRP FAQs
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide
Introduction to EIGRP Tech Note
EIGRP Frequently Asked Questions
MIBs
MIBs
CISCO-EIGRP-MIB
MIBs Link
To locate and download MIBs, go to the following
URL: https://cfnng.cisco.com/mibs .
Feature History for EIGRP
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 20: Feature History for EIGRP
Feature Name
EIGRP
Release
6.2(2)
EIGRP
EIGRP
Wide metrics
6.2(2)
6.2(2)
5.2(1)
Feature Information
Added support for route-map filtering.
Added support for configuring the administrative distance of routes.
Added the ability to configure all
EIGRP interfaces as passive by default.
Added support for EIGRP wide metrics.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
237
Feature History for EIGRP
Feature Name
BFD
Graceful shutdown
EIGRP instance tag
Limits on redistributed routes
EIGRP IPv6 support
Authentication
4.2(1)
4.2(1)
4.1(2)
4.0(3)
EIGRP 4.0(1)
Release
5.0(2)
4.2(1)
Routing
Feature Information
Added support for BFD. See the
Cisco Nexus 7000 Series NX-OS
Interfaces Configuration Guide for more information.
Added support to gracefully shut down an EIGRP instance or EIGRP on an interface but preserve the
EIGRP configuration.
Changed the length to 20 characters.
Added support for limiting the number of redistributed routes.
Added support for IPv6.
Added the ability to configure authentication within a VRF for
EIGRP.
This feature was introduced.
238
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
10
Configuring IS-IS
This chapter contains the following sections:
•
Finding Feature Information, on page 239
•
Information About IS-IS, on page 239
•
Prerequisites for IS-IS, on page 244
•
Guidelines and Limitations for IS-IS, on page 244
•
Default Settings for IS-IS, on page 244
•
Configuring IS-IS, on page 245
•
•
Configuration Examples for IS-IS, on page 261
•
Related Documents for IS-IS, on page 262
•
Standards for IS-IS, on page 262
•
Feature History for IS-IS, on page 262
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About IS-IS
IS-IS is an Interior Gateway Protocol (IGP) based on Standardization (ISO)/International Engineering
Consortium (IEC) 10589. Cisco NX-OS supports Internet Protocol version 4 (IPv4), and beginning with Cisco
NX-OS Release 6.1, Cisco NX-OS supports IPv6. IS-IS is a dynamic link-state routing protocol that can detect changes in the network topology and calculate loop-free routes to other nodes in the network. Each router maintains a link-state database that describes the state of the network and sends packets on every configured link to discover neighbors. IS-IS floods the link-state information across the network to each neighbor. The router also sends advertisements and updates on the link-state database through all the existing neighbors.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
239
Routing
IS-IS Overview
IS-IS Overview
IS-IS sends a hello packet out every configured interface to discover IS-IS neighbor routers. The hello packet contains information, such as the authentication, area, and supported protocols, which the receiving interface uses to determine compatibility with the originating interface. The hello packets are also padded to ensure that IS-IS establishes adjacencies only with interfaces that have matching maximum transmission unit (MTU) settings. Compatible interfaces form adjacencies, which update routing information in the link-state database through link-state update messages (LSPs). By default, the router sends a periodic LSP refresh every 10 minutes and the LSPs remain in the link-state database for 20 minutes (the LSP lifetime). If the router does not receive an LSP refresh before the end of the LSP lifetime, the router deletes the LSP from the database.
The LSP interval must be less than the LSP lifetime or the LSPs time out before they are refreshed.
IS-IS sends periodic hello packets to adjacent routers. If you configure transient mode for hello packets, these hello packets do not include the excess padding used before IS-IS establishes adjacencies. If the MTU value on adjacent routers changes, IS-IS can detect this change and send padded hello packets for a period of time.
IS-IS uses this feature to detect mismatched MTU values on adjacent routers.
IS-IS Areas
You can design IS-IS networks as a single area that includes all routers in the network or as multiple areas that connect into a backbone or Level 2 area. Routers in a nonbackbone area are Level 1 routers that establish adjacencies within a local area (intra-area routing). Level 2 area routers establish adjacencies to other Level
2 routers and perform routing between Level 1 areas (inter-area routing). A router can have both Level 1 and
Level 2 areas configured. These Level 1/Level 2 routers act as area border routers that route information from the local area to the Level 2 backbone area
Within a Level 1 area, routers know how to reach all other routers in that area. The Level 2 routers know how to reach other area border routers and other Level 2 routers. Level 1/Level 2 routers straddle the boundary between two areas, routing traffic to and from the Level 2 backbone area. Level1/Level2 routers use the attached (ATT) bit signal Level 1 routers to set a default route to this Level1/Level2 router to connect to the
Level 2 area.
In some instances, such as when you have two or more Level1/Level 2 routers in an area, you may want to control which Level1/Level2 router that the Level 1 routers use as the default route to the Level 2 area. You can configure which Level1/Level2 router sets the attached bit.
Each IS-IS instance in Cisco NX-OS supports either a single Level 1 or Level 2 area, or one of each. By default, all IS-IS instances automatically support Level 1 and Level 2 routing.
Figure 31: IS-IS Network Divided into Areas
An autonomous system boundary router (ASBR) advertises external destinations throughout the IS-IS autonomous system. External routes are the routes redistributed into IS-IS from any other protocol.
240
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
NET and System ID
NET and System ID
Each IS-IS instance has an associated network entity title (NET). The NET is comprised of the IS-IS system
ID, which uniquely identifies this IS-IS instance in the area and the area ID. For example, if the NET is
47.0004.004d.0001.0001.0c11.1111.00, the system ID is 0000.0c11.1111.00 and the area is ID
47.0004.004d.0001.
Designated Intermediate System
IS-IS uses a designated intermediate system (DIS) in broadcast networks to prevent each router from forming unnecessary links with every other router on the broadcast network. IS-IS routers send LSPs to the DIS, which manages all the link-state information for the broadcast network. You can configure the IS-IS priority that
IS-IS uses to select the DIS in an area.
Note No DIS is required on a point-to-point network.
IS-IS Authentication
You can configure authentication to control adjacencies and the exchange of LSPs. Routers that want to become neighbors must exchange the same password for their configured level of authentication. IS-IS blocks a router that does not have the correct password. You can configure IS-IS authentication globally or for an individual interface for Level 1, Level 2, or both Level 1/Level 2 routing.
IS-IS supports the following authentication methods:
• Clear text—All packets exchanged carry a cleartext 128-bit password.
• MD5 digest—All packets exchanged carry a message digest that is based on a 128-bit key.
To provide protection against passive attacks, IS-IS never sends the MD5 secret key as cleartext through the network. In addition, IS-IS includes a sequence number in each packet to protect against replay attacks.
You can use also keychains for hello and LSP authentication. See the Cisco Nexus 7000 Series NX-OS Security
Configuration Guide , for information on keychain management.
Mesh Groups
A mesh group is a set of interfaces in which all routers reachable over the interfaces have at least one link to every other router. Many links can fail without isolating one or more routers from the network.
In normal flooding, an interface receives a new LSP and floods the LSP out over all other interfaces on the router. With mesh groups, when an interface that is part of a mesh group receives a new LSP, the interface does not flood the new LSP over the other interfaces that are part of that mesh group.
Note You may want to limit LSPs in certain mesh network topologies to improve network scalability. Limiting
LSP floods might also reduce the reliability of the network (in case of failures). For this reason, we recommend that you use mesh groups only if specifically required, and then only after you make a careful network design.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
241
Routing
Overload Bit
You can also configure mesh groups in block mode for parallel links between routers. In this mode, all LSPs are blocked on that interface in a mesh group after the routers initially exchange their link-state information.
Overload Bit
IS-IS uses the overload bit to tell other routers not to use the local router to forward traffic but to continue routing traffic destined for that local router.
You may want to use the overload bit in these situations:
• The router is in a critical condition.
• Graceful introduction and removal of the router to/from the network.
• Other (administrative or traffic engineering) reasons such as waiting for BGP convergence.
Route Summarization
You can configure a summary aggregate address. Route summarization simplifies route tables by replacing a number of more-specific addresses with an address that represents all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address, 10.1.0.0/16.
If more specific routes are in the routing table, IS-IS advertises the summary address with a metric equal to the minimum metric of the more specific routes.
Note Cisco NX-OS does not support automatic route summarization.
Route Redistribution
You can use IS-IS to redistribute static routes, routes learned by other IS-IS autonomous systems, or routes from other protocols. You must configure a route map with the redistribution to control which routes are passed into IS-IS. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on.
Whenever you redistribute routes into an IS-IS routing domain, Cisco NX-OS does not, by default, redistribute the default route into the IS-IS routing domain. You can generate a default route into IS-IS, which can be controlled by a route policy.
You also configure the default metric that is used for all imported routes into IS-IS.
Administrative Distance
The administrative distance is a rating of the trustworthiness of a routing information source. A higher value indicates a lower trust rating. The administrative distance is used to discriminate between routes learned from more than one routing protocol. The route with the lowest administrative distance is installed in the IP routing table.
You can configure the administrative distance for internal and external routes based on various match criteria for a given prefix. Routing protocols such as IS-IS configure the prefix into the Routing Information Base
(RIB), along with the next hops based on these metrics. If multiple paths are available for a prefix, the routing
242
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Load Balancing
Load Balancing
You can use load balancing to allow a router to distribute traffic over all the router network ports that are the same distance from the destination address. Load balancing increases the utilization of network segments and increases the effective network bandwidth.
Cisco NX-OS supports the Equal Cost Multiple Paths (ECMP) feature with up to 16 equal-cost paths in the
IS-IS route table and the unicast RIB. You can configure IS-IS to load balance traffic across some or all of those paths.
BFD protocol chooses the best path based on the cost to reach the next hop and the administrative distance. Beginning with Cisco NX-OS Release 6.2(2), you can specify that prefixes be considered based on specific routes. In prior releases, one administrative distance was sufficient for all internal routes.
This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol designed to provide fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the Cisco Nexus 7000 Series NX-OS Interfaces
Configuration Guide , for more information.
Virtualization Support
Cisco NX-OS supports multiple instances of the IS-IS protocol that runs on the same system. IS-IS supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts (VDCs). You can configure up to four IS-IS instances in a VDC.
By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide .
High Availability and Graceful Restart
Cisco NX-OS provides a multilevel high-availability architecture. IS-IS supports stateful restart, which is also referred to as non-stop routing (NSR). If IS-IS experiences problems, it attempts to restart from its previous run-time state. The neighbors would not register any neighbor event in this case. If the first restart is not successful and another problem occurs, IS-IS attempts a graceful restart as per RFC 3847. A graceful restart, or non-stop forwarding (NSF), allows IS-IS to remain in the data forwarding path through a process restart.
When the restarting IS-IS interface is operational again, it rediscovers its neighbors, establishes adjacency, and starts sending its updates again. At this point, the NSF helpers recognize that the graceful restart has finished.
A stateful restart is used in the following scenarios:
• First recovery attempt after process experiences problems
• ISSU
• User-initiated switchover using the system switchover command
A graceful restart is used in the following scenarios:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
243
Routing
Multiple IS-IS Instances
• Second recovery attempt after the process experiences problems within a 4-minute interval
• Manual restart of the process using the restart isis command
• Active supervisor removal
• Active supervisor reload using the reload module active-sup command
Note Graceful restart is on by default, and we strongly recommended that it not be disabled.
Multiple IS-IS Instances
Cisco NX-OS supports a maximum of four instances of the IS-IS protocol that run on the same node. You cannot configure multiple instances over the same interface. Every instance uses the same system router ID.
Prerequisites for IS-IS
IS-IS has the following prerequisites:
• You must enable IS-IS.
Guidelines and Limitations for IS-IS
IS-IS has the following configuration guidelines and limitations:
• You can configure a maximum of four IS-IS instances per VDC.
• Because the default reference bandwidth is different for Cisco NX-OS and Cisco IOS, the advertised tunnel IS-IS metric is different for these two operating systems.
• For the IS-IS Multitopology feature, one topology for IPv4 and one for IPv6 is supported.
• Unlike IOS, NXOS-ISIS works even when there is a change in bandwidth. It causes an SPF and routes updates. This result in an excessive packet drop, but port P0 continues to be active.
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings for IS-IS
Table 21: Default IS-IS Parameters
Parameters
Administrative distance
Default
115
244
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring IS-IS
Parameters
Area level
DIS priority
Graceful restart
Hello multiplier
Hello padding
Hello time
IS-IS feature
LSP interval
LSP MTU
Maximum LSP lifetime
Maximum paths
Metric
Reference bandwidth
Configuring IS-IS
IS-IS Configuration Modes
Router Configuration Mode Example
This example shows how to enter router configuration mode: switch#: configure terminal switch(config)# router isis isp switch(config-router)#
Default
Level-1-2
64
Enabled
3
Enabled
10 seconds
Disabled
33
1492
1200 seconds
4
40
40 Gbps
Note From a mode, you can enter the ? command to display the commands available in that mode.
Router Address Family Configuration Mode Example
This example shows how to enter router address family configuration mode: switch(config)# router isis isp switch(config-router)# address-family ipv4 unicast switch(config-router-af)#
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
245
Routing
Enabling the IS-IS Feature
Note From a mode, you can enter the ? command to display the commands available in that mode.
Enabling the IS-IS Feature
You must enable the IS-IS feature before you can configure IS-IS.
Step 1
Step 2
Step 3
Step 4
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# [ no ] feature isis
(Optional) switch(config)# show feature
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables the IS-IS feature.
Displays enabled and disabled features.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Creating an IS-IS Instance
You can create an IS-IS instance and configure the area level for that instance.
You must remove any IS-IS commands that are configured in interface mode to completely remove all configuration for the IS-IS instance
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Step 1
Step 2
Step 3
Step 4 switch#
Procedure
Command or Action configure terminal switch(config)# router isis instance-tag
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
switch(config-router)# net network-entity-title Configures the NET for this IS-IS instance.
(Optional) switch(config-router)# is-type { level-1 | level-2
| level-1-2 }
Configures the area level for this IS-IS instance. The default is level-1-2.
246
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Restarting an IS-IS Instance
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Command or Action
(Optional) switch(config)# show isis { vrf vrf-name } process
Purpose
Displays a summary of IS-IS information for all IS-IS instances.
(Optional) switch(config-router)# distance value
(Optional) switch(config-router)# log-adjacency-changes Sends a system message whenever an IS-IS neighbor changes the state.
(Optional) switch(config-router)# lsp-mtu size
Sets the administrative distance for IS-IS. The range is from 1 to 255. The default is 115.
Sets the MTU for LSPs in this IS-IS instance. The range is from 128 to 4352 bytes. The default is 1492.
(Optional) switch(config-router)# number maximum-paths Configures the maximum number of equal-cost paths that
IS-IS maintains in the route table. The range is from 1 to
16. The default is 4.
(Optional) switch(config-router)# reference-bandwidth bandwidth value { Mbps | Gbps }
Sets the default reference bandwidth used for calculating the IS-IS cost metric. The range is from 1 to 4000 Gbps.
The default is 40 Gbps.
(Optional) switch(config-if)# clear isis [ instance-tag ] adjacency [ * | system-id | interface ]
(Optional) switch(config)# copy running-config startup-config
Clears neighbor statistics and removed adjacencies for this
IS-IS instance.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to create an IS-IS instance in a level 2 area: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# net 47.0004.004d.0001.0001.0c11.1111.00
switch(config-router)# is-type level 2 switch(config-router)# copy running-config startup-config
Restarting an IS-IS Instance
You can restart an IS-IS instance. This action clears all neighbors for the instance.
To restart an IS-IS instance and remove all associated neighbors, use the following command:
Step 1
Procedure
Command or Action switch(config)# restart isis instance-tag
Purpose
Restarts the IS-IS instance and removes all neighbors.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
247
Routing
Shutting Down IS-IS
Shutting Down IS-IS
You can shut down the IS-IS instance. This action disables this IS-IS instance and retains the configuration.
To shut down the IS-IS instance, use the following command in router configuration mode:
Step 1
Procedure
Command or Action switch(config-router)# shutdown
Purpose
Disables the IS-IS instance.
Configuring IS-IS on an Interface
You can add an interface to an IS-IS instance.
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9 switch#
Procedure
Command or Action configure terminal switch(config)# interface interface-type slot / port
Purpose
Enters global configuration mode.
Enters interface configuration mode.
(Optional) switch(config-if)# medium { broadcast | p2p } Configures the broadcast or point-to-point mode for the interface. IS-IS inherits this mode.
switch(config-if)# { ip | ipv6 } router isis instance-tag Associates this IPv4 or IPv6 interface with an IS-IS instance.
Displays IS-IS information for an interface.
(Optional) switch(config-if)# show isis [ vrf vrf-name ]
[ instance-tag ] interface [ interface-type slot/port ]
(Optional) switch(config-if)# isis circuit-type { level-1 | level-2 | level-1-2 }
Sets the type of adjacency that this interface participates in.
Use this command only for routers that participate in both
Level 1 and Level 2 areas.
(Optional) isis metric value { level-1 | level-2 } Sets the IS-IS metric for this interface. The range is from
1 to 16777214. The default is 10.
(Optional) switch(config-if)# isis passive value { level-1 | level-2 | level-1-2 }
Prevents the interface from forming adjacencies but still advertises the prefix associated with the interface.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
248
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring IS-IS Authentication in an Area
Example
This example shows how to add Ethernet 1/2 interface to an IS-IS instance: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip router isis Enterprise switch(config-if)# copy running-config startup-config
Configuring IS-IS Authentication in an Area
You can configure IS-IS to authenticate LSPs in an area.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
switch#
Procedure
Command or Action configure terminal switch(config)# router isis instance-tag switch(config-router)# authentication-type { cleartext | md5 } { level-1 | level-2 } switch(config-router)# authentication key-chain key
{ level-1 | level-2 }
(Optional) switch(config-router)# authentication-check
{ level-1 | level-2 }
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
Sets the authentication method used for a Level 1 or Level
2 area as cleartext or as an MD5 authentication digest.
Configures the authentication key used for an IS-IS area-level authentication.
Enables checking the authentication parameters in a received packet.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure cleartext authentication on an IS-IS instance: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# authentication-type cleartext level-2 switch(config-router)# authentication key-chain ISISKey level-2 switch(config-router)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
249
Routing
Configuring IS-IS Authentication on an Interface
Configuring IS-IS Authentication on an Interface
You can configure IS-IS to authenticate Hello packets on an interface.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# interface interface-type slot / port switch(config-if)# isis authentication-type { cleartext | md5 } { level-1 | level-2 } switch(config-if)# isis authentication key-chain key
{ level-1 | level-2 }
(Optional) isis authentication-check { level-1 | level-2 }
(Optional) switch(config)# startup-config copy running-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Sets the authentication type for IS-IS on this interface as cleartext or as an MD5 authentication digest.
Configures the authentication key used for IS-IS on this interface.
Enables checking the authentication parameters in a received packet.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure cleartext authentication on an IS-IS instance: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# isis authentication-type cleartext level-2 switch(config-if)# isis authentication key-chain ISISKey switch(config-if)# copy running-config startup-config
Configuring a Mesh Group
You can add an interface to a mesh group to limit the amount of LSP flooding for interfaces in that mesh group. You can optionally block all LSP flooding on an interface in a mesh group.
To add an interface to a mesh group, use the following command in interface configuration mode:
250
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Designated Intermediate System
Step 1
Procedure
Command or Action switch(config-if)# isis mesh-group { blocked | mesh-id }
Purpose
Adds this interface to a mesh group. The range is from 1 to
4294967295.
Configuring a Designated Intermediate System
You can configure a router to become the designated intermediate system (DIS) for a multiaccess network by setting the interface priority.
To configure the DIS, use the following command in interface configuration mode:
Step 1
Procedure
Command or Action Purpose switch(config-if)# isis priority number { level-1 | level-2 } Sets the priority for DIS selection. The range is from 0 to
127. The default is 64.
Configuring Dynamic Host Exchange
You can configure IS-IS to map between the system ID and the hostname for a router using dynamic host exchange.
To configure dynamic host exchange, use the following command in router configuration mode:
Step 1
Procedure
Command or Action switch(config-router)# hostname dynamic
Purpose
Enables dynamic host exchange.
Setting the Overload Bit
You can configure the router to signal other routers not to use this router as an intermediate hop in their shortest path first (SPF) calculations. You can optionally configure the overload bit temporarily on startup, until BGP converges.
In addition to setting the overload bit, you might also want to suppress certain types of IP prefix advertisements from LSPs for Level 1 or Level 2 traffic.
To set the overload bit, use the following command in router configuration mode:
Step 1
Procedure
Command or Action Purpose switch(config-router)# set-overload-bit { always | on-startup { seconds | wait-for bgp as-number }} [ suppress
[ interlevel | external ]]
Sets the overload bit for IS-IS. The seconds range is from
5 to 86400.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
251
Routing
Configuring the Attached Bit
Configuring the Attached Bit
You can configure the attached bit to control which Level 1/Level 2 router that the Level 1 routers use as the default route to the Level 2 area. If you disable setting the attached bit, the Level 1 routers do not use this
Level 1/Level 2 router to reach the Level 2 area.
To configure the attached bit for a Level 1/Level 2 router, use the following command in router configuration mode:
Step 1
Procedure
Command or Action switch(config-router)# [ no ] attached-bit
Purpose
Configures the Level 1/Level 2 router to set the attached bit. This feature is enabled by default.
Configuring the Transient Mode for Hello Padding
You can configure the transient mode for hello padding to pad hello packets when IS-IS establishes adjacency and remove that padding after IS-IS establishes adjacency.
To configure the mode for hello padding, use the following command in router configuration mode:
Step 1
Procedure
Command or Action switch(config-if)# [ no ] isis hello-padding
Purpose
Pads the hello packet to the full MTU. The default is enabled. Use the no form of this command to configure the transient mode of hello padding.
Configuring a Summary Address
You can create aggregate addresses that are represented in the routing table by a summary address. One summary address can include multiple groups of addresses for a given level. Cisco NX-OS advertises the smallest metric of all the more-specific routes.
Step 1
Step 2
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# router isis instance-tag
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
252
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Redistribution
Step 3
Step 4
Step 5
Step 6
Command or Action switch(config-router)# address-family { ipv4 | ipv6 }
{ unicast | multicast } switch(config-router-af)# ip-prefix/mask-len { level-1 summary-address
| level-2 | level-1-2 }
Purpose
Enters address family configuration mode.
Configures a summary address for an IS-IS area for IPv4 or IPv6 addresses.
(Optional) switch(config-if)# show isis [ vrfvrf-name ] { ip
| ipv6 } summary-address ip-prefix [ longer-prefixes ]
Displays IS-IS IPv4 or IPv6 summary address information.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure an IPv4 unicast summary address for IS-IS: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# summary-address 192.0.2.0/24 level-2 switch(config-router-af)# copy running-config startup-config
Configuring Redistribution
You can configure IS-IS to accept routing information from another routing protocol and redistribute that information through the IS-IS network. You can optionally assign a default route for redistributed routes.
Step 1
Step 2
Step 3
Step 4
Step 5
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# router isis instance-tag
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
switch(config-router)# address-family { ipv4 | ipv6 } unicast switch(config-router-af)# redistribute { bgp as | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | static | direct }
route-map map-name
Enters address family configuration mode.
Redistributes routes from other protocols into IS-IS.
(Optional) switch(config-router-af)# default-information originate [ always ] [ route-map map-name ]
Generates a default route into IS-IS.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
253
Routing
Limiting the Number of Redistributed Routes
Step 6
Step 7
Step 8
Command or Action
(Optional) switch(config-router-af)# distribute { level-1 | level-2 } into { level-1 | level-2 } { route-map route-map | all }
(Optional) switch(config-router-af)# show isis [ vrf vrf-name ] { ip | ipv6 } route ip-prefix [ detail | longer-prefixes [ summary | detail ]]
(Optional) switch(config)# copy running-config startup-config
Purpose
Redistributes routes from one IS-IS level to the other IS-IS level.
Shows the IS-IS routes.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to redistribute EIGRP into IS-IS: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# redistribute eigrp 201 route-map ISISmap switch(config-router-af)# copy running-config startup-config
Limiting the Number of Redistributed Routes
Route redistribution can add many routes to the IS-IS route table. You can configure a maximum limit to the number of routes accepted from external protocols. IS-IS provides the following options to configure redistributed route limits:
• Fixed limit—Logs a message when IS-IS reaches the configured maximum. IS-IS does not accept any more redistributed routes. You can optionally configure a threshold percentage of the maximum where
IS-IS logs a warning when that threshold is passed.
• Warning only—Logs a warning only when IS-IS reaches the maximum. IS-IS continues to accept redistributed routes.
• Withdraw—Starts the timeout period when IS-IS reaches the maximum. After the timeout period, IS-IS requests all redistributed routes if the current number of redistributed routes is less than the maximum limit. If the current number of redistributed routes is at the maximum limit, IS-IS withdraws all redistributed routes. You must clear this condition before IS-IS accepts more redistributed routes. You can optionally configure the timeout period.
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
254
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring the Administrative Distance of Routes
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action switch#
Procedure configure terminal
Purpose
Enters global configuration mode.
switch(config)# router eigrp instance-tag Creates a new IS-IS instance with the configured instance tag.
switch(config-router)# redistribute { bgp ip | direct | eigrp id | isis id | ospf id | rip id | static } route-map map-name
Redistributes the selected protocol into IS-IS through the configured route map.
switch(config-router)# redistribute maximum-prefix max
[ threshold ] [ warning-only | withdraw [ num-retries timeout ]]
Specifies a maximum number of prefixes that IS-IS distributes. The range is from 0 to 65536. You can optionally specify the following:
• threshold —Percent of maximum prefixes that triggers a warning message.
• warning-only —Logs an warning message when the maximum number of prefixes is exceeded.
• withdraw —Withdraws all redistributed routes. You can optionally try to retrieve the redistributed routes.
The num-retries range is from 1 to 12. The timeout is
60 to 600 seconds. The default is 300 seconds. Use the clear isis redistribution command if all routes are withdrawn.
(Optional) switch(config-router)# show running-config isis
(Optional) switch(config)# copy running-config startup-config
Displays the IS-IS configuration.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to limit the number of redistributed routes into IS-IS: switch# configure terminal switch(config)# router eigrp isis Enterprise switch(config-router)# redistribute bgp route-map FilterExternalBGP switch(config-router)# redistribute maximum-prefix 1000 75
Configuring the Administrative Distance of Routes
You can set the administrative distance of routes added by IS-IS into the RIB.
Before you begin
You must enable IS-IS (see the “Enabling the IS-IS Feature” section on page 9-9).
Ensure that you are in the correct VDC (or use the switchto vdc command).
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
255
Routing
Disabling Strict Adjacency Mode
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router isis instance-tag
3.
switch(config-router)# table-map route-map-name [ filter ]
4.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Purpose
Enters global configuration mode.
switch(config)# router isis instance-tag Creates a new IS-IS instance and enters router configuration mode.
switch(config-router)# table-map route-map-name [ filter ] Configures a table map with route map information. You can enter up to 63 alphanumeric characters for the map name.
The filter keyword filters routes rejected by the route map and does not download them to the RIB.
Step 4 (Optional) switch(config)# startup-config copy running-config Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Disabling Strict Adjacency Mode
When both IPv4 and IPv6 address families are enabled, strict adjacency mode is enabled by default. In this mode, the device does not form an adjacency with any router that does not have both address families enabled.
You can disable strict adjacency mode using the no adjacency check command.
Step 1
Step 2
Step 3
Step 4
Step 5
Before you begin
You must enable IS-IS.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# router isis instance-tag switch(config-router)# address-family ipv4 unicast switch(config-router-af)# switch(config-router-af)# no adjacency-check exit
Purpose
Enters global configuration mode.
Creates a new IS-IS instance with the configured instance tag.
Enters address family configuration mode.
Disables strict adjacency mode for the IPv6 address family.
Exits address family configuration mode.
256
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Graceful Restart
Step 6
Step 7
Step 8
Step 9
Command or Action switch(config-router-af)# switch(config-router-af)# address-family ipv6 unicast no adjacency-check
Purpose
Enters address family configuration mode.
Disables strict adjacency mode for the IPv6 address family.
(Optional) switch(config-router-af)# show running-config isis
Displays the IS-IS configuration.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to disable strict adjacency mode: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# address-family ip4 unicast switch(config-router-af)# no adjacency-check switch(config-router)# exit switch(config-router-af)# address-family ip6 unicast switch(config-router-af)# no adjacency-check switch(config-router-af)# show running-config isis switch(config-router-af)# copy running-config startup-config
Configuring a Graceful Restart
You can configure a graceful restart for IS-IS.
Step 1
Step 2
Step 3
Step 4
Step 5
Before you begin
You must enable IS-IS.
Create the VDCs and VRFs.
Ensure that you are in the correct VDC (or use the switchto vdc command).
switch#
Procedure
Command or Action configure terminal switch(config)# router isis instance-tag switch(config-router)# graceful-restart switch(config-router)# graceful-restart t3 manual time
(Optional) switch(config-router)# show running-config isis
Purpose
Enters global configuration mode.
Creates a new IS-IS process with the configured name.
Enables a graceful restart and the graceful restart helper functionality. Enabled by default.
Configures the graceful restart T3 timer. The range is from
30 to 65535 seconds. The default is 60.
Displays the IS-IS configuration.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
257
Routing
Configuring Virtualization
Step 6
Command or Action
(Optional) switch(config)# copy running-config startup-config
Purpose
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to enable a graceful restart: switch# configure terminal switch(config)# router isis Enterprise switch(config-router)# graceful restart switch(config-router)# copy running-config startup-config
Configuring Virtualization
You can configure multiple IS-IS instances in each VDC. You can also create multiple VRFs within each
VDC and use the same or multiple IS-IS instances in each VRF. You assign an IS-IS interface to a VRF.
You must configure a NET for the configured VRF.
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a
VRF for an interface deletes all the configuration for that interface.
Before you begin
You must enable IS-IS.
Create the VDCs and VRFs.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# vrf context vrf-name switch(config)# exit switch(config)# router isis instance-tag
(Optional) switch(config-router)# switch(config-router-vrf)# switch(config-router-vrf)# exit
vrf vrf-name
net network-entity-title
Purpose
Enters global configuration mode.
Creates a new VRF and enters VRF configuration mode.
Exits VRF configuration mode.
Creates a new IS-IS instance with the configured instance tag.
Enters VRF configuration mode.
Configures the NET for this IS-IS instance.
Exits router VRF configuration mode.
258
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Tuning IS-IS
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Command or Action switch(config)# interface ethernet slot/port switch(config-if)# switch(config-if)#
vrf member vrf-name
ip address ip-prefix/length switch(config-if)# ip router isis instance-tag
(Optional) switch(config-if)# show isis [ vrf vrf-name ]
[ instance-tag ] interface [ interface-type slot/port ]
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters interface configuration mode.
Adds this interface to a VRF.
Configures an IP address for this interface. You must do this step after you assign this interface to a VRF.
Associates this IPv4 interface with an IS-IS instance.
Displays IS-IS information for an interface. in a VRF.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# exit switch(config)# router isis Enterprise switch(config-router)# vrf NewVRF switch(config-router-vrf)# net 47.0004.004d.0001.0001.0c11.1111.00
switch(config-router-vrf)# interface ethernet 1/2 switch(config-if)# vrf member NewVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router isis Enterprise switch(config-if)# copy running-config startup-config
Tuning IS-IS
Step 1
You can tune IS-IS to match your network requirements.
You can use the following optional commands in router configuration mode to tune IS-IS:
Procedure
Command or Action Purpose switch(config-router)# lsp-gen-interval [ level-1 | level-2 ] lsp-max-wait [ lsp-initial-wait lsp-second-wait ]
Configures the IS-IS throttle for LSP generation. The optional parameters are as follows:
• lsp-max-wait —The maximum wait between the trigger and LSP generation. The range is from 500 to 65535 milliseconds.
• lsp-initial-wait —The initial wait between the trigger and LSP generation. The range is from 50 to 65535 milliseconds.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
259
Routing
Monitoring IS-IS
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Command or Action switch(config-router)# switch(config-router)# switch(config-router)# spf-max-wait [
max-lsp-lifetime lifetime metric-style transition spf-interval [ level-1 | spf-initial-wait spf-second-wait level-2
]
]
Purpose
• lsp-second-wait —The second wait used for LSP throttle during backoff. The range is from 50 to 65535 milliseconds.
Sets the maximum LSP lifetime in seconds. The range is from 1 to 65535. The default is 1200.
Enables IS-IS to generate and accept both narrow metric-style Type Length Value (TLV) objects and wide metric-style TLV objects. The default is disabled.
Configures the interval between LSA arrivals. The optional parameters are as follows:
• lsp-max-wait —The maximum wait between the trigger and SPF computation. The range is from 500 to 65535 milliseconds.
• lsp-initial-wait —The initial wait between the trigger and SPF computation. The range is from 50 to 65535 milliseconds.
• lsp-second-wait —The second wait used for SPF computation during backoff. The range is from 50 to
65535 milliseconds.
(Optional) switch(config-router-af)# adjacency-check Performs an adjacency check to verify that an IS-IS instance forms an adjacency only with a remote IS-IS entity that supports the same address family. This command is enabled by default.
[
(Optional) switch(config-if)# level-1 | level-2 ]
isis csnp-interval seconds
(Optional) switch(config-if)# isis hello-interval seconds
[ level-1 | level-2 ]
Sets the complete sequence number PDU (CNSP) interval in seconds for IS-IS. The range is from 1 to 65535. The default is 10.
Sets the hello interval in seconds for IS-IS. The range is from 1 to 65535. The default is 10.
[
(Optional) switch(config-if)# level-1 | level-2 ]
isis hello-multiplier num Specifies the number of IS-IS hello packets that a neighbor must miss before the router tears down an adjacency. The range is from 3 to 1000. The default is 3.
(Optional) switch(config-if)# isis lsp-interval milliseconds Sets the interval in milliseconds between LSPs sent on this interface during flooding. The range is from 10 to 65535.
The default is 33.
Monitoring IS-IS
To display IS-IS statistics, use the following commands:
260
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuration Examples for IS-IS
Command show isis [ instance-tag ] adjacency [ interface ]
[ system-ID ] [ detail ] [ summary ] [ vrf vrf-name ]
Purpose
Displays the IS-IS adjacency statistics.
show isis [ instance-tag ] database [ level-1 | level-2 ]
[ detail ] [ summary ] [ lsip ] {[ adjacency id { ip | ipv6 }
prefix prefix ] [ router-id id ] [ zero-sequence ]} [ vrf vrf-name ]
Displays the IS-IS database statistics.
show isis [ instance-tag ] statistics [ interface ] [ vrf vrf-name ]
Displays the IS-IS interface statistics.
show isis ip route-map statistics redistribute { bgp id | eigrp id | isis id | ospf id | rip id | static } [ vrf vrf-name ]
Displays the IS-IS redistribution statistics.
show isis ip route-map statistics distribute { level-1
| level-2 } into { level-1 | level-2 } [ vrf vrf-name ]
Displays IS-IS distribution statistics for routes distributed between levels.
show isis [ instance-tag ] spf-log [ detail ] [ vrf vrf-name ] show isis [ instance-tag ] traffic [ interface ] [ vrf vrf-name ]
Displays the IS-IS SPF calculation statistics.
Displays the IS-IS traffic statistics.
To clear IS-IS configuration statistics, perform one of the following tasks:
Command clear isis [ instance-tag ] adjacency [* | [ interface ]
[ system-id id ]] [ vrf vrf-name ] clear { ip | ipv6 } route map statistics { bgp id |
eigrp id | isis id | ospf id | rip id | static } [ vrf vrf-name ]
Purpose
Clears the IS-IS adjacency statistics.
Clears the IS-IS redistribution statistics clear isis route-map statistics distribute { level-1 | level-2 } into { level-1 | level-2 } [ vrf vrf-name ]
Clears IS-IS distribution statistics for routes distributed between levels.
clear isis [ instance-tag ] statistics [* | interface ] [ vrf vrf-name ]
Clears the IS-IS interface statistics.
clear isis [ instance-tag ] traffic [* | interface ] [ vrf vrf-name ]
Clears the IS-IS traffic statistics.
Configuration Examples for IS-IS
The following example shows how to configure IS-IS: router isis Enterprise is-type level-1 net 49.0001.0000.0000.0003.00
graceful-restart address-family ipv4 unicast default-information originate
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
261
Routing
Related Documents for IS-IS interface ethernet 2/1 ip address 192.0.2.1/24 isis circuit-type level-1 ip router isis Enterprise
Related Documents for IS-IS
Related Topic
IS-IS CLI commands
VDCs and VRFs
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
Cisco Nexus 7000 Series NX-OS Virtual Device
Context Command Reference
Standards for IS-IS
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Feature History for IS-IS
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 22: Feature History for IS-IS
Feature Name
IS-IS
IS-IS
IS-IS
IS-IS
IS-IS
Graceful shutdown
Release
6.2(2)
6.2(2)
6.1(1)
6.1(1)
5.0(2)
4.2(1)
Feature Information
Added support for configuring the administrative distance of routes.
Added the ability to configure all IS-IS interfaces as passive by default and then activate only those interfaces where adjacencies are desired.
Added support for IPv6.
Added the no adjacency-check command to disable strict adjacency mode.
Added support for BFD. See the Cisco Nexus
7000 Series NX-OS Interfaces Configuration
Guide , for more information.
Added support to gracefully shut down an
IS-IS instance or IS-IS on an interface but preserve the IS-IS configuration.
262
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Feature Name Release
Limits on redistributed routes 4.2(1)
4.1(2) Transient mode for hello padding
Attached bit
IS-IS
4.1(2)
4.0(1)
Feature History for IS-IS
Feature Information
Added support for limiting the number of redistributed routes.
Added support to set or unset the hello padding mode.
Added support to set or unset the attached bit.
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
263
Feature History for IS-IS
Routing
264
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Configuring Basic BGP
C H A P T E R
11
This chapter contains the following sections:
•
Finding Feature Information, on page 265
•
Information About Basic BGP, on page 265
•
Prerequisites for BGP, on page 275
•
Guidelines and Limitations for BGP, on page 275
•
•
CLI Configuration Modes, on page 277
•
Configuring Basic BGP, on page 278
•
Verifying the Basic BGP Configuration, on page 290
•
Monitoring BGP Statistics, on page 292
•
Configuration Examples for Basic BGP, on page 292
•
Related Documents for Basic BGP, on page 292
•
•
Feature History for BGP , on page 293
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About Basic BGP
Cisco NX-OS supports BGP version 4, which includes multiprotocol extensions that allow BGP to carry routing information for IP multicast routes and multiple Layer 3 protocol address families. BGP uses TCP as a reliable transport protocol to create TCP sessions with other BGP-enabled devices.
BGP uses a path-vector routing algorithm to exchange routing information between BGP-enabled networking devices or BGP speakers. Based on this information, each BGP speaker determines a path to reach a particular destination while detecting and avoiding paths with routing loops. The routing information includes the actual route prefix for a destination, the path of autonomous systems to the destination, and additional path attributes.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
265
Routing
BGP Autonomous Systems
BGP selects a single path, by default, as the best path to a destination host or network. Each path carries well-known mandatory, well-known discretionary, and optional transitive attributes that are used in BGP best-path analysis. You can influence BGP path selection by altering some of these attributes by configuring
BGP policies.
BGP also supports load balancing or equal-cost multipath (ECMP).
For information on configuring BGP in an MPLS network, see the Cisco Nexus 7000 Series NX-OS MPLS
Configuration Guide.
BGP Autonomous Systems
An autonomous system (AS) is a network controlled by a single administration entity. An autonomous system forms a routing domain with one or more interior gateway protocols (IGPs) and a consistent set of routing policies. BGP supports 16-bit and 32-bit autonomous system numbers.
Separate BGP autonomous systems dynamically exchange routing information through external BGP (eBGP) peering sessions. BGP speakers within the same autonomous system can exchange routing information through internal BGP (iBGP) peering sessions.
4-Byte AS Number Support
BGP supports 2-byte or 4-byte AS numbers. Cisco NX-OS displays 4-byte AS numbers in plain-text notation
(that is, as 32-bit integers). You can configure 4-byte AS numbers as either plain-text notation (for example,
1 to 4294967295) or AS.dot notation (for example, 1.0).
Administrative Distance
An administrative distance is a rating of the trustworthiness of a routing information source. By default, BGP uses the administrative distances shown in the table.
Table 23: BGP Default Administrative Distances
Distance
External
Default Value
20
Internal
Local
200
200
Function
Applied to routes learned from eBGP.
Applied to routes learned from iBGP.
Applied to routes originated by the router.
Note The administrative distance does not influence the BGP path selection algorithm, but it does influence whether
BGP-learned routes are installed in the IP routing table.
266
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
BGP Peers
BGP Peers
A BGP speaker does not discover another BGP speaker automatically. You must configure the relationships between BGP speakers. A BGP peer is a BGP speaker that has an active TCP connection to another BGP speaker.
BGP Sessions
BGP uses TCP port 179 to create a TCP session with a peer. When a TCP connection is established between peers, each BGP peer initially exchanges all of its routes—the complete BGP routing table—with the other peer. After this initial exchange, the BGP peers send only incremental updates when a topology change occurs in the network or when a routing policy change occurs. In the periods of inactivity between these updates, peers exchange special messages called keepalives. The hold time is the maximum time limit that can elapse between receiving consecutive BGP update or keepalive messages.
Cisco NX-OS supports the following peer configuration options:
• Individual IPv4 or IPv4 address—BGP establishes a session with the BGP speaker that matches the remote address and AS number.
• IPv4 or IPv6 prefix peers for a single AS number—BGP establishes sessions with BGP speakers that match the prefix and the AS number.
• Dynamic AS number prefix peers—BGP establishes sessions with BGP speakers that match the prefix and an AS number from a list of configured AS numbers.
Dynamic AS Numbers for Prefix Peers
Cisco NX-OS accepts a range or list of AS numbers to establish BGP sessions. For example, if you configure
BGP to use IPv4 prefix 192.0.2.0/8 and AS numbers 33, 66, and 99, BGP establishes a session with 192.0.2.1
with AS number 66 but rejects a session from 192.0.2.2 with AS number 50.
Cisco NX-OS does not associate prefix peers with dynamic AS numbers as either interior BGP (iBGP) or external BGP (eBGP) sessions until after the session is established.
Note The dynamic AS number prefix peer configuration overrides the individual AS number configuration that is inherited from a BGP template.
BGP Router Identifier
To establish BGP sessions between peers, BGP must have a router ID, which is sent to BGP peers in the
OPEN message when a BGP session is established. The BGP router ID is a 32-bit value that is often represented by an IPv4 address. You can configure the router ID. By default, Cisco NX-OS sets the router ID to the IPv4 address of a loopback interface on the router. If no loopback interface is configured on the router, the software chooses the highest IPv4 address configured to a physical interface on the router to represent the BGP router
ID. The BGP router ID must be unique to the BGP peers in a network.
If BGP does not have a router ID, it cannot establish any peering sessions with BGP peers.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
267
Routing
BGP Path Selection
BGP Path Selection
Although BGP might receive advertisements for the same route from multiple sources, BGP selects only one path as the best path. BGP puts the selected path in the IP routing table and propagates the path to its peers.
Note Beginning with Cisco NX-OS Release 6.1, BGP supports sending and receiving multiple paths per prefix and advertising such paths.
The best-path algorithm runs each time that a path is added or withdrawn for a given network. The best-path algorithm also runs if you change the BGP configuration. BGP selects the best path from the set of valid paths available for a given network.
Beginning with Cisco NX-OS Release 8.4(1), the behavior of the BGP pre-best path point of insertion (POI) is changed. In this release, the NX-OS RPM, BGP, and HMM software uses a single cost community ID
(either 128 for internal routes or 129 for external routes) to identify a BGP VPNv4 route as an EIGRP originated route.
Only the routes that have the pre-best path value set to cost community ID 128 or 129 are installed in the
URIB along with the cost extcommunity. Any non-eigrp originated route carrying the above described cost community ID would be installed in URIB along with pre-best path cost community. As a result, URIB would use this cost to identify the better route between the route learnt through the iBGP and backdoor-EIGRP instead of the administrative distance.
Cisco NX-OS implements the BGP best-path algorithm in the following steps:
1.
Compares two paths to determine which is better.
2.
Explores all paths and determines in which order to compare the paths to select the overall best path.
3.
Determines whether the old and new best paths differ enough so that the new best path should be used.
Note The order of comparison determined in Part 2 is important. Consider the case where you have three paths, A,
B, and C. When Cisco NX-OS compares A and B, it chooses A. When Cisco NX-OS compares B and C, it chooses B. But when Cisco NX-OS compares A and C, it might not choose A because some BGP metrics apply only among paths from the same neighboring autonomous system and not among all paths.
The path selection uses the BGP AS-path attribute. The AS-path attribute includes the list of autonomous system numbers (AS numbers) traversed in the advertised path. If you subdivide your BGP autonomous system into a collection or confederation of autonomous systems, the AS-path contains confederation segments that list these locally defined autonomous systems.
BGP Path Selection - Comparing Pairs of Paths
This first step in the BGP best-path algorithm compares two paths to determine which path is better. The following sequence describes the basic steps that Cisco NX-OS uses to compare two paths to determine the better path:
1.
Cisco NX-OS chooses a valid path for comparison. (For example, a path that has an unreachable next hop is not valid.)
2.
Cisco NX-OS chooses the path with the highest weight.
268
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
BGP Path Selection - Comparing Pairs of Paths
3.
Cisco NX-OS chooses the path with the highest local preference.
4.
If one of the paths is locally originated, Cisco NX-OS chooses that path.
5.
Cisco NX-OS chooses the path with the shorter AS path.
Note When calculating the length of the AS-path, Cisco NX-OS ignores confederation segments and counts AS sets as 1.
6.
Cisco NX-OS chooses the path with the lower origin. Interior Gateway Protocol (IGP) is considered lower than EGP.
7.
Cisco NX-OS chooses the path with the lower multiexit discriminator (MED).
You can configure a number of options that affect whether or not this step is performed. In general,
Cisco NX-OS compares the MED of both paths if the paths were received from peers in the same autonomous system; otherwise, Cisco NX-OS skips the MED comparison.
You can configure Cisco NX-OS to always perform the best-path algorithm MED comparison, regardless of the peer autonomous system in the paths. Otherwise, Cisco NX-OS performs a MED comparison that depends on the AS-path attributes of the two paths being compared: a.
If a path has no AS-path or the AS-path starts with an AS_SET, the path is internal and Cisco NX-OS compares the MED to other internal paths.
b.
If the AS-path starts with an AS_SEQUENCE, the peer autonomous system is the first AS number in the sequence and Cisco NX-OS compares the MED to other paths that have the same peer autonomous system.
c.
If the AS-path contains only confederation segments or starts with confederation segments followed by an AS_SET, the path is internal and Cisco NX-OS compares the MED to other internal paths.
d.
If the AS-path starts with confederation segments that are followed by an AS_SEQUENCE, the peer autonomous system is the first AS number in the AS_SEQUENCE and Cisco NX-OS compares the MED to other paths that have the same peer autonomous system.
Note If Cisco NX-OS receives no MED attribute with the path, Cisco NX-OS considers the MED to be 0 unless you configure the best-path algorithm to set a missing MED to the highest possible value.
e.
If the non-deterministic MED comparison feature is enabled, the best-path algorithm uses the Cisco
IOS style of MED comparison.
8.
If one path is from an internal peer and the other path is from an external peer, Cisco NX-OS chooses the path from the external peer.
9.
If the paths have different IGP metrics to their next-hop addresses, Cisco NX-OS chooses the path with the lower IGP metric.
10.
Cisco NX-OS uses the path that was selected by the best-path algorithm the last time it was run.
11.
If all path parameters in Step 1 through Step 9 are the same, and there is no current best path (for example, the current best path can be lost when the neighbor that offers the current best path goes down), then
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
269
Routing
BGP Path Selection - Determining the Order of Comparisons the route from the BGP router with the lowest router ID is chosen. If the path includes an originator attribute, Cisco NX-OS uses that attribute as the router ID to compare to; otherwise, Cisco NX-OS uses the router ID of the peer that sent the path. If the paths have different router IDs, Cisco NX-OS chooses the path with the lower router ID.
Note When using the attribute originator as the router ID, it is possible that two paths have the same router ID. It is also possible to have two BGP sessions with the same peer router, so you could receive two paths with the same router ID.
12.
Cisco NX-OS selects the path with the shorter cluster length. If a path was not received with a cluster list attribute, the cluster length is 0.
13.
Cisco NX-OS chooses the path received from the peer with the lower IP address. Locally generated paths (for example, redistributed paths) have a peer IP address of 0.
Note Paths that are equal after Step 9 can be used for multipath if you configure multipath.
BGP Path Selection - Determining the Order of Comparisons
The second step of the BGP best-path algorithm implementation is to determine the order in which Cisco
NX-OS compares the paths:
1.
Cisco NX-OS partitions the paths into groups. Within each group, Cisco NX-OS compares the MED among all paths. Cisco NX-OS uses the same rule as in the section Step 1—Comparing Pairs of Paths to determine whether MED can be compared between any two paths. Typically, this comparison results in one group being chosen for each neighbor autonomous system. If you configure the bgp bestpath med always command, Cisco NX-OS chooses just one group that contains all the paths.
2.
Cisco NX-OS determines the best path in each group by iterating through all paths in the group and keeping track of the best one so far. Cisco NX-OS compares each path with the temporary best path found so far and if the new path is better, it becomes the new temporary best path and Cisco NX-OS compares it with the next path in the group.
3.
Cisco NX-OS forms a set of paths that contain the best path selected from each group in Step 2. Cisco
NX-OS selects the overall best path from this set of paths by going through them as in Step 2.
BGP Path Selection - Determining the Best-Path Change Suppression
The next part of the implementation is to determine whether Cisco NX-OS uses the new best path or suppresses the new best path. The router can continue to use the existing best path if the new one is identical to the old path (if the router ID is the same). Cisco NX-OS continues to use the existing best path to avoid route changes in the network.
You can turn off the suppression feature by configuring the best-path algorithm to compare the router IDs.
See the “Tuning the Best-Path Algorithm” section on page 11-10 for more information. If you configure this feature, the new best path is always preferred to the existing one.
You cannot suppress the best-path change if any of the following conditions occur:
270
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
BGP and the Unicast RIB
• The existing best path is no longer valid.
• Either the existing or new best paths were received from internal (or confederation) peers or were locally generated (for example, by redistribution).
• The paths were received from the same peer (the paths have the same router ID).
• The paths have different weights, local preferences, origins, or IGP metrics to their next-hop addresses.
• The paths have different MEDs.
BGP and the Unicast RIB
BGP communicates with the unicast routing information base (unicast RIB) to store IPv4 routes in the unicast routing table. After selecting the best path, if BGP determines that the best path change needs to be reflected in the routing table, it sends a route update to the unicast RIB.
BGP receives route notifications regarding changes to its routes in the unicast RIB. It also receives route notifications about other protocol routes to support redistribution.
BGP also receives notifications from the unicast RIB regarding next-hop changes. BGP uses these notifications to keep track of the reachability and IGP metric to the next-hop addresses.
Whenever the next-hop reachability or IGP metrics in the unicast RIB change, BGP triggers a best-path recalculation for affected routes.
BGP communicates with the IPv6 unicast RIB to perform these operations for IPv6 routes.
BGP Prefix Independent Convergence
The BGP Prefix Independent Convergence (PIC) feature achieves subsecond convergence in the forwarding plane for BGP IP and Layer 3 VPN routes, when there are BGP next-hop network reachability failures.
BGP PIC has two categories:
• PIC core
• PIC edge
PIC core ensures fast convergence for BGP routes when there is a link or node failure in the core that causes a change in the IGP reachability to a remote BGP next-hop address.
PIC edge ensures fast convergence to a BGP backup path when an external (eBGP) edge link or an external neighbor node fails.
BGP PIC Feature Support Matrix
BGP PIC feature support matrix is shown in the table below:
BGP PIC
Core Unipath
Edge Unipath
IPv4 Unicast IPv6 Unicast VPNv4 (per prefix)
Yes
Yes
Yes
Yes
No
No
VPNv6 (per prefix)
No
No
VPNv4 (per
VRF)
Yes
No
VPNv6 (per
VRF)
No
No
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
271
Routing
BGP PIC Core
BGP PIC IPv4 Unicast IPv6 Unicast VPNv4 (per prefix)
Yes Yes No Core with
Multipath equal
Edge Multipath equal (multiple active ECMP, only one backup)
Yes Yes No
VPNv6 (per prefix)
No
No
VPNv4 (per
VRF)
Yes
No
VPNv6 (per
VRF)
No
No
BGP PIC Core
The BGP PIC core feature is supported by Cisco NX-OS Release 5.2 and later. The feature allows for faster convergence for traffic destined to BGP prefixes that share the same remote next hop in case of a failure in the core of the network. Both MPLS and pure IP traffic can benefit from this feature. It is enabled by default and cannot be disabled.
IPv4, VPNv4, 6PE, and VPNv6 (6VPE) support PIC core with the following constraints:
• For both IP and MPLS core, convergence for internet routes is prefix-independent on the order of BGP next hops.
• With per-VRF label allocation, VPN route convergence is also prefix-independent on the order of BGP next hops. That is, when a path to a remote PE changes, the number of VRFs on that PE determines convergence.
• With per-prefix label allocation, route convergence is not prefix-independent. Convergence moves to the order of VPN routes that are advertised by a remote PE if a failure or change occurs in the reachability to that PE.
For additional considerations when using BGP PIC core in MPLS networks, see the Cisco Nexus 7000 Series
NX-OS MPLS Configuration Guide .
BGP PIC Edge
The BGP PIC for Edge feature improves BGP convergence after a network failure. This convergence is applicable to edge failures in an IP network. The BGP PIC Edge feature creates and stores a backup path in the routing information base (RIB) and forwarding information base (FIB) so that when a failure on an eBGP link to SP is detected (the primary path fails), the backup path can immediately take over, enabling fast fail over in the forwarding plane.
Note From Cisco NX-OS Release 7.3(0)D1(1) onwards BGP PIC Edge feature supports both IPv4 and IPv6 address families.
If BGP PIC edge is configured, BGP calculates an additional second best-path (the backup path) along with the primary best-path. BGP installs both best and backup paths for the prefixes with PIC support into the BGP
RIB. BGP also downloads the backup path along with the RNH via APIs to the URIB, which then updates the FIB with the next hop marked as a backup. The backup path provides a fast reroute mechanism to counter a singular network failure.
272
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
BGP PIC Edge Unipath
This feature detects both the local interface failure and remote interface/link failure and triggers the use of the backup path.
BGP PIC Edge Unipath
A BGP PIC edge unipath topology is shown in the figure below:
Figure 32: BGP PIC Edge Unipath
In the above figure:
• eBGP sessions are between S2-S4 and S3-S5
• iBGP session is between S2-S3
• Traffic from S1 uses S2 and uses the e1 interface to reach prefixes Z1..Zn.
• S2 has two paths to reach Z1…Zn
• Primary path via S4
• Backup/alternate via S5
In this example, S3 advertises to S2 the prefixes Z1…Zn to reach with itself as the next hop. BGP on S2, with
BGP PIC feature enabled, installs both bestpath (via S4) and backup path (via S3/S5) towards the AS6500 into the RIB and then the RIB downloads both routes to the FIB.
When the S2-S4 link goes down, the FIB on S2 detects the link failure. It automatically switches from the primary path to the backup/alternate and points to the new next hop S3. Traffic is quickly rerouted due to the local fast re-convergence in FIB. After learning the link failure event, BGP on S2 recomputes the bestpath
(which is the previous backup path), removing the next hop S4 from RIB and reinstalling S3 as the primary next hop into RIB. It also computes a new backup/alternate path, if any, and notifies RIB. With the support of the BGP PIC feature, the FIB can switch to the available backup route instantly upon detection of link
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
273
Routing
BGP PIC Edge with Multipaths failure on the primary route without waiting for BGP to select new bestpath and converge, and achieve a fast reroute.
BGP PIC Edge with Multipaths
In the presence of Equal Cost Multipath (ECMP), none of the multipaths can be selected as the backup path when BGP PIC Edge support is enabled.
Figure 33: BGP PIC Edge with Multipaths
In the above topology, there are six paths for a given prefix as follows:
• eBGP paths: e1, e2, e3
• iBGP paths: i1, i2, i3
The order of preference is e1 > e2 > e3 > i1 > i2 > i3.
The potential multipath situations are:
No multipaths configured
• bestpath = e1
• multipath-set = []
• backup path = e2
• PIC behavior: When e1 fails, e2 is activated.
Two-way eBGP multipaths configured:
• bestpath = e1
274
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
BGP Virtualization
• multipath-set = [e1, e2]
• backup path = e3
• PIC behavior: Active multipaths are mutually backed up. When all multipaths fail, e3 is activated.
Three-way eBGP multipaths configured:
• bestpath = e1
• multipath-set = [e1, e2, e3]
• backup path = i1
• PIC behavior: Active multipaths are mutually backed up. When all multipaths fail, i1 is activated.
Four-way eiBGP multipaths configured:
• bestpath = e1
• multipath-set = [e1, e2, e3, i1]
• backup path = i2
• PIC behavior: Active multipaths are mutually backed up. When all multipaths fail, i2 is activated.
BGP Virtualization
BGP supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts
(VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual
Device Context Configuration Guide .
Prerequisites for BGP
BGP has the following prerequisites:
• You must enable BGP.
• You should have a valid router ID configured on the system.
• You must have an AS number, either assigned by a Regional Internet Registry (RIR) or locally administered.
• You must configure at least one IGP that is capable of recursive next-hop resolution.
• You must configure an address family under a neighbor for the BGP session establishment.
Guidelines and Limitations for BGP
BGP has the following configuration guidelines and limitations:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
275
Routing
Default Settings
• Cisco NX-OS does not support "fast-external-fallover" for the multi-hop eBGP peering. The BGP differentiates the single-hop (directly connected) and the multi-hop eBGP neighbors using the ebgp-multihop command. When you use the ebgp-multihop 2 command for an eBGP peer, the BGP treats it as multi-hop session and does not trigger the "fast-external-fallover". This is a known behaviour.
• The dynamic AS number prefix peer configuration overrides the individual AS number configuration inherited from a BGP template.
• If you configure a dynamic AS number for prefix peers in an AS confederation, BGP establishes sessions with only the AS numbers in the local confederation.
• BGP sessions created through a dynamic AS number prefix peer ignore any configured eBGP multihop time-to-live (TTL) value or a disabled check for directly connected peers.
• Configure a router ID for BGP to avoid automatic router ID changes and session flaps.
• Use the maximum-prefix configuration option per peer to restrict the number of routes received and system resources used.
• Configure the update source to establish a session with BGP/eBGP multihop sessions.
• Specify a BGP policy if you configure redistribution.
• Define the BGP router ID within a VRF.
• If you decrease the keepalive and hold timer values, you might experience BGP session flaps.
• You can configure a minimum route advertisement interval (MRAI) between the sending of BGP routing updates by using the advertisement-interval command.
• The BGP Prefix-Independent Convergence (PIC) Edge feature only supports IPv4 address family.
• Only one repair path (backup path) is supported with the BGP PIC Edge feature.
Default Settings
Table 24: Default BGP Parameters
Parameters
BGP feature
Keep alive interval
Hold timer
BGP PIC core
BGP PIC edge
Auto-summary
Synchronization
Default
Disabled
60 seconds
180 seconds
Enabled
Disabled
Always disabled
Always disabled
276
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
CLI Configuration Modes
CLI Configuration Modes
The following sections describe how to enter each of the CLI configuration modes for BGP. From a mode, you can enter the ? command to display the commands available in that mode.
Global Configuration Mode
Use global configuration mode to create a BGP process and configure advanced features such as AS confederation and route dampening.
This example shows how to enter router configuration mode: switch# configuration switch(config)# router bgp 64496 switch(config-router)#
BGP supports Virtual Routing and Forwarding (VRF). You can configure BGP within the appropriate VRF if you are using VRFs in your network.
This example shows how to enter VRF configuration mode: switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)#
Address Family Configuration Mode
You can optionally configure the address families that BGP supports. Use the address-family command in router configuration mode to configure features for an address family. Use the address-family command in neighbor configuration mode to configure the specific address family for the neighbor.
You must configure the address families if you are using route redistribution, address aggregation, load balancing, and other advanced features.
The following example shows how to enter address family configuration mode from the router configuration mode: switch(config)# router bgp 64496 switch(config-router)# address-family ipv6 unicast switch(config-router-af)#
The following example shows how to enter VRF address family configuration mode if you are using VRFs: switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)# address-family ipv6 unicast switch(config-router-vrf-af)#
Neighbor Configuration Mode
Cisco NX-OS provides the neighbor configuration mode to configure BGP peers. You can use neighbor configuration mode to configure all parameters for a peer.
The following example shows how to enter neighbor configuration mode:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
277
Routing
Neighbor Address Family Configuration Mode switch(config)# router bgp 64496 switch(config-router)# neighbor 192.0.2.1
switch(config-router-neighbor)#
The following example shows how to enter VRF neighbor configuration mode: switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)# neighbor 192.0.2.1
switch(config-router-vrf-neighbor)#
Neighbor Address Family Configuration Mode
An address family configuration submode inside the neighbor configuration submode is available for entering address family-specific neighbor configuration and enabling the address family for the neighbor. Use this mode for advanced features such as limiting the number of prefixes allowed for this neighbor and removing private AS numbers for eBGP.
The following example shows how to enter neighbor address family configuration mode: switch(config)# router bgp 64496 switch(config-router # neighbor 192.0.2.1
switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
This example shows how to enter VRF neighbor address family configuration mode: switch(config)# router bgp 64497 switch(config-router)# vrf vrf_A switch(config-router-vrf)# neighbor 209.165.201.1
switch(config-router-vrf-neighbor)# address-family ipv4 unicast switch(config-router-vrf-neighbor-af)#
Configuring Basic BGP
To configure a basic BGP, you must enable BGP and configure a BGP peer. Configuring a basic BGP network consists of a few required tasks and many optional tasks. You must configure a BGP routing process and BGP peers.
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling BGP
You must enable BGP before you can configure BGP.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
278
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Creating a BGP Instance
Step 3
Step 4
2.
switch(config)# feature bgp
3.
(Optional) switch(config)# show feature
4.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# feature bgp
(Optional) switch(config)# show feature
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enables BGP.
Use the no feature bgp command to disable BGP and remove all associated configuration.
(Optional) Displays enabled and disabled features.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Creating a BGP Instance
You can create a BGP instance and assign a router ID to the BGP instance. Cisco NX-OS supports 2-byte or
4-byte autonomous system (AS) numbers in plain-text notation or as.dot notation.
Before you begin
• You must enable BGP.
• BGP must be able to obtain a router ID (for example, a configured loopback address).
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgpautonomous-system-number
3.
switch(config-router)# router-id ip-address
4.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 }{ unicast | multicast }
5.
switch(config-router-af)# network ip-prefix [ route-map map-name ]
6.
switch(config-router-af)# show bgp all
7.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router bgpautonomous-system-number
Purpose
Enters global configuration mode.
Enables BGP and assigns the AS number to the local BGP speaker. The AS number can be a 16-bit integer or a 32-bit
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
279
Routing
Restarting a BGP Instance
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action Purpose integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
Use the no form of this command to disable this feature.
switch(config-router)# router-id ip-address (Optional) Configures the BGP router ID. This IP address identifies this BGP speaker.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4
| vpnv6 }{ unicast | multicast }
Enters global address family configuration mode for the IP or VPN address family.
switch(config-router-af)# network ip-prefix [ route-map map-name ]
(Optional) Specifies a network as local to this autonomous system and adds it to the BGP routing table.
For exterior protocols, the network command controls which networks are advertised. Interior protocols use the network command to determine where to send updates.
switch(config-router-af)# show bgp all (Optional) Displays information about all BGP address families.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to enable BGP with the IPv4 unicast address family and manually add one network to advertise: switch# configure terminal switch(config)# router bgp 64496 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# network 192.0.2.0
switch(config-router-af)# copy running-config startup-config
Restarting a BGP Instance
You can restart a BGP instance and clear all peer sessions for the instance.
To restart a BGP instance and remove all associated peers, use the following command:
SUMMARY STEPS
1.
switch(config)# restart bgp instance-tag
DETAILED STEPS
Step 1
Command or Action switch(config)# restart bgp instance-tag
Purpose
Restarts the BGP instance and resets or reestablishes all peering sessions.
280
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Shutting Down BGP
Shutting Down BGP
You can shut down the BGP protocol and gracefully disable BGP and retain the configuration.
To shut down BGP, use the following command in router configuration mode:
SUMMARY STEPS
1.
switch(config-router)# shutdown
DETAILED STEPS
Step 1
Command or Action switch(config-router)# shutdown
Purpose
Gracefully shuts down BGP.
Configuring BGP Peers
You can configure a BGP peer within a BGP process. Each BGP peer has an associated keepalive timer and hold timers. You can set these timers either globally or for each BGP peer. A peer configuration overrides a global configuration.
Note You must configure the address family under neighbor configuration mode for each peer.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp autonomous-system-number
3.
switch(config-router)# neighbor { ip-address | ipv6-address } remote-as as-number
4.
switch(config-router-neighbor)# description text
5.
switch(config-router-neighbor)# timers keepalive-time hold-time
6.
switch(config-router-neighbor)# shutdown
7.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
8.
switch(config-router-neighbor)# weight value
9.
(Optional) switch(config-router-neighbor)# show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } neighbors
10.
(Optional) switch(config)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
281
Routing
Configuring BGP Peers
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Purpose
Enters global configuration mode.
switch(config)# router bgp autonomous-system-number Enables BGP and assigns the AS number to the local BGP speaker. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
switch(config-router)# neighbor { ip-address | ipv6-address } remote-as as-number switch(config-router-neighbor)# description text
Configures the IPv4 or IPv6 address and AS number for a remote BGP peer. The ip-address format is x.x.x.x. The ipv6-address format is A:B::C:D.
(Optional) Adds a description for the neighbor. The description is an alphanumeric string up to 80 characters.
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10 switch(config-router-neighbor)# hold-time switch(config-router-neighbor)#
timers keepalive-time shutdown
(Optional) Adds the keepalive and hold time BGP timer values for the neighbor. The range is from 0 to 3600 seconds. The default is 60 seconds for the keepalive time and 180 seconds for the hold time.
(Optional). Administratively shuts down this BGP neighbor. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
Enters neighbor address family configuration mode for the unicast IPv4 address family.
switch(config-router-neighbor)# weight value (Optional) Sets the default weight for routes from this neighbor. The range is from 0 to 65535.
All routes learned from this neighbor have the assigned weight initially. The route with the highest weight is chosen as the preferred route when multiple routes are available to a particular network. The weights assigned with the set weight route-map command override the weights assigned with this command.
If you specify a BGP peer policy template, all the members of the template inherit the characteristics configured with this command.
(Optional) switch(config-router-neighbor)# show bgp
{ ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } neighbors
(Optional) Displays information about BGP peers.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example shows how to configure a BGP peer:
282
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring AS-4 Dot Notation switch# configure terminal switch(config)# router bgp 64496 switch(config-router)# neighbor 192.0.2.1 remote-as 64497 switch(config-router-neighbor)# description Peer Router B switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor)# weight 100 switch(config-router-neighbor-af)# copy running-config startup-config
Configuring AS-4 Dot Notation
You can configure 4-byte autonomous system (AS) numbers in asdot notation. The default value is asplain.
Before you begin
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# as-format asdot
3.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# as-format asdot
Step 3 (Optional) switch(config)# startup-config copy running-config
Purpose
Enters global configuration mode.
Configures the ASN notation to asdot.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example configures AS numbers in asdot notation.
switch # configure terminal switch (config) # as-format asdot switch (config) # copy running-config startup-config
Configuring Dynamic AS Numbers for Prefix Peers
You can configure multiple BGP peers within a BGP process. You can limit BGP session establishment to a single AS number or multiple AS numbers in a route map.
BGP sessions configured through dynamic AS numbers for prefix peers ignore the ebgp-multihop command and the disable-connected-check command.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
283
Routing
Configuring Dynamic AS Numbers for Prefix Peers
You can change the list of AS numbers in the route map, but you must use the no neighbor command to change the route-map name. Changes to the AS numbers in the configured route map affect only new sessions.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp autonomous-system-number
3.
switch(config-router)# neighbor prefix remote-as route-map map-name
4.
switch(config-router-neighbor-af)# show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } neighbors
5.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# router bgp autonomous-system-number Enables BGP and assigns the AS number to the local BGP speaker. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
Step 3
Step 4
Step 5 switch(config-router)#
route-map map-name
neighbor prefix remote-as Configures the IPv4 or IPv6 prefix and a route map for the list of accepted AS numbers for the remote BGP peers. The prefix format for IPv4 is x.x.x.x/length. The length range is from 1 to 32. The prefix format for IPv6 is
A:B::C:D/length. The length range is from 1 to 128.
The map-name can be any case-sensitive, alphanumeric string up to 63 characters.
switch(config-router-neighbor-af)# show bgp { ipv4 | ipv6
| vpnv4 | vpnv6 } { unicast | multicast } neighbors
(Optional) Displays information about BGP peers.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure dynamic AS numbers for a prefix peer: switch# configure terminal switch(config)# route-map BGPPeers switch(config-route-map)# match as-number 64496, 64501-64510 switch(config-route-map)# match as-number as-path-list List1, List2
284
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring BGP PIC Edge switch(config-route-map)# exit switch(config)# router bgp 64496 switch(config-router)# neighbor 192.0.2.0/8 remote-as route-map BGPPeers switch(config-router-neighbor)# description Peer Router B switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# copy running-config startup-config
Configuring BGP PIC Edge
Note The BGP PIC Edge feature only supports IPv4 address families.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
Step 1
Step 2
Step 3
Step 4
Step 5
Enter configuration mode: switch# configure terminal
Enable BGP and assign the autonomous system number to the local BGP speaker: switch(config)# router bgp autonomous-system-number
Enter router address family configuration mode for the IPv4 unicast address family: switch(config-router)# address-family ipv4 unicast
Enable BGP to install the backup path to the routing table: switch(config-router-af)# additional-paths install backup
Exit router address family configuration mode: switch(config-router-af)# exit
Example
This example shows how to configure the device to support BGP PIC Edge in IPv4 network: interface Ethernet2/2 ip address 1.1.1.5/24 no shutdown interface Ethernet2/3 ip address 2.2.2.5/24 no shutdown router bgp 100 address-family ipv4 unicast
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
285
Routing
Configuring BGP PIC Edge additional-paths install backup neighbor 1.1.1.6 remote-as 200 address-family ipv4 unicast neighbor 2.2.2.6 remote-as 100 address-family ipv4 unicast
If BGP receives the same prefix (for example, 99.0.0.0/24) from the two neighbors 1.1.1.6 and 2.2.2.6, both paths will be installed in the URIB—one as the primary path and the other as the backup path.
BGP output: switch(config)# show ip bgp 99.0.0.0/24
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 99.0.0.0/24, version 4
Paths: (2 available, best #2)
Flags: (0x00001a) on xmit-list, is in urib, is best urib route
Path type: internal, path is valid, not best reason: Internal path, backup path
AS-Path: 200 , path sourced external to AS
2.2.2.6 (metric 0) from 2.2.2.6 (2.2.2.6)
Origin IGP, MED not set, localpref 100, weight 0
Advertised path-id 1
Path type: external, path is valid, is best path
AS-Path: 200 , path sourced external to AS
1.1.1.6 (metric 0) from 1.1.1.6 (99.0.0.1)
Origin IGP, MED not set, localpref 100, weight 0
Path-id 1 advertised to peers:
2.2.2.6
URIB output:
URIB output: switch(config)# show ip route 99.0.0.0/24
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
99.0.0.0/24, ubest/mbest: 1/0
*via 1.1.1.6, [20/0], 14:34:51, bgp-100, external, tag 200 via 2.2.2.6, [200/0], 14:34:51, bgp-100, internal, tag 200 (backup)
UFIB output: switch# show forwarding route 123.1.1.0 detail module 8
Prefix 123.1.1.0/24, No of paths: 1, Update time: Fri Feb 7 19:00:12 2014
Vobj id: 141 orig_as: 65002 peer_as: 65100 rnh: 10.3.0.2
10.4.0.2
Ethernet8/4 DMAC: 0018.bad8.4dfd
bytes: 3484 Repair path 10.3.0.2
packets: 2
DMAC: 0018.bad8.4dfd
packets: 0 bytes: 1
Ethernet8/3
286
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Clearing BGP Information
Clearing BGP Information
To clear BGP information, use the following commands:
Command clear bgp all { neighbor | * | as-number |
peer-template name | prefix } [ vrf vrf-name ]
Purpose
Clears one or more neighbors from all address families. * clears all neighbors in all address families.
The arguments are as follows:
• neighbor —IPv4 or IPv6 address of a neighbor.
• as-number — Autonomous system number. The
AS number can be a 16-bit integer or a 32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
• name —Peer template name. The name can be any case-sensitive, alphanumeric string up to 64 characters.
• prefix —IPv4 or IPv6 prefix. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear bgp all dampening [ clear bgp all flap-statistics
vrf vrf-name
[
]
vrf vrf-name ]
Clears route flap dampening networks in all address families. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
Clears route flap statistics in all address families. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
clear bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } dampening [ vrf vrf-name ]
Clears route flap dampening networks in the selected address family. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
clear bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } flap-statistics [ vrf vrf-name ]
Clears route flap statistics in the selected address family. The vrf-name can be any case-sensitive, alphanumeric string up to 64 characters.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
287
Routing
Clearing BGP Information
Command clear bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { neighbor
| * | as-number | peer-template name | prefix } [ vrf vrf-name ]
Purpose
Clears one or more neighbors from the selected address family. * clears all neighbors in the address family. The arguments are as follows:
• neighbor —IPv4 or IPv6 address of a neighbor.
• as-number — Autonomous system number. The
AS number can be a 16-bit integer or a 32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
• name —Peer template name. The name can be any case-sensitive, alphanumeric string up to 64 characters.
• prefix —IPv4 or IPv6 prefix. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear bgp { ip { unicast | multicast }} { neighbor | *
| as-number | peer-template name | prefix } [ vrf vrf-name ]
Clears one or more neighbors. * clears all neighbors in the address family. The arguments are as follows:
• neighbor —IPv4 or IPv6 address of a neighbor.
• as-numbe — Autonomous system number. The
AS number can be a 16-bit integer or a 32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
• name —Peer template name. The name can be any case-sensitive, alphanumeric string up to 64 characters.
• prefix —IPv4 or IPv6 prefix. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
288
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Clearing BGP Information
Command clear bgp dampening [ ip-neighbor | ip-prefix ] [ vrf vrf-name ]
Purpose
Clears route flap dampening in one or more networks.
The arguments are as follows:
• ip-neighbor —IPv4 address of a neighbor.
• ip-prefix —IPv4. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear bgp flap-statistics [ ip-neighbor | ip-prefix ] [ vrf vrf-name ]
Clears route flap statistics in one or more networks.
The arguments are as follows:
• ip-neighbor —IPv4 address of a neighbor.
• ip-prefix —IPv4. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear ip mbgp { ip { unicast | multicast }} { neighbor
| * | as-number | peer-template name | prefix } [ vrf vrf-name ]
• neighbor —IPv4 or IPv6 address of a neighbor.
• as-number — Autonomous system number. The
AS number can be a 16-bit integer or a 32-bit integer in the form of higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
• name —Peer template name. The name can be any case-sensitive, alphanumeric string up to 64 characters.
• prefix —IPv4 or IPv6 prefix. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
clear ip mbgp dampening [ ip-neighbor | ip-prefix ]
[ vrf vrf-name ]
Clears route flap dampening in one or more networks.
The arguments are as follows:
• ip-neighbor —IPv4 address of a neighbor.
• ip-prefix —IPv4. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
289
Routing
Verifying the Basic BGP Configuration
Command Purpose clear ip mbgp flap-statistics [ ip-neighbor | ip-prefix ]
[ vrf vrf-name ]
Clears route flap statistics one or more networks. The arguments are as follows:
• ip-neighbor —IPv4 address of a neighbor.
• ip-prefix —IPv4. All neighbors within that prefix are cleared.
• vrf-name —VRF name. All neighbors in that VRF are cleared. The name can be any case-sensitive, alphanumeric string up to 64 characters.
Verifying the Basic BGP Configuration
To display the BGP configuration, perform one of the following tasks:
Command show bgp all [ summary ] [ vrf vrf-name ]
Purpose
Displays the BGP information for all address families.
show bgp convergence [ vrf vrf-name ] Displays the BGP information for all address families.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix community
[ regexp expression | [ community ] [ no-advertise ]
[ no-export ] [ no-export-subconfed ]} [ vrf vrf-name ]
Displays the BGP routes that match a BGP community.
show bgp [ vrf vrf-name ] { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] community-list list-name [ vrf vrf-name ]
Displays the BGP routes that match a BGP community list.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix extcommunity
[ regexp expression | [ generic [ non-transitive | transitive ] aa4:nn [ exact-match ]} [ vrf vrf-name ]
Displays the BGP routes that match a BGP extended community.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix
extcommunity-list list-name [ exact-match ]} [ vrf vrf-name ]
Displays the BGP routes that match a BGP extended community list.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix { dampening dampened-paths [ regexp expression ]} [ vrf vrf-name ]
Displays the information for BGP route dampening.
Use the clear bgp dampening command to clear the route flap dampening information.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix history-paths
[ regexp expression ] [ vrf vrf-name ]
Displays the BGP route history paths.
290
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Verifying the Basic BGP Configuration
Command show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix filter-list list-name [ vrf vrf-name ]
Purpose
Displays the information for the BGP filter list.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] neighbors
[ ip-address | ipv6-prefix ] [ vrf vrf-name ]
Displays the information for BGP peers. Use the clear bgp neighbors command to clear these neighbors.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] neighbors
[ ip-address | ipv6-prefix ] { nexthop | nexthop-database } [ vrf vrf-name ]
Displays the information for the BGP route next hop.
show bgp paths Displays the BGP path information.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] policy name [ vrf vrf-name ]
Displays the BGP policy information. Use the clear bgp policy command to clear the policy information.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] prefix-list list-name [ vrf vrf-name ]
Displays the BGP routes that match the prefix list.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] received-paths
[ vrf vrf-name ]
Displays the BGP paths stored for soft reconfiguration.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] regexp expression [ vrf vrf-name ]
Displays the BGP routes that match the AS_path regular expression.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] route-map map-name [ vrf vrf-name ]
Displays the BGP routes that match the route map.
show bgp peer-policy name [ vrf vrf-name ] Displays the information about BGP peer policies.
show bgp peer-session name [ vrf vrf-name ]
show bgp peer-template name [ vrf vrf-name ] show bgp process show { ipv | ipv6 } bgp options
Displays the information about BGP peer sessions.
Displays the information about BGP peer templates.
Use the clear bgp peer-template command to clear all neighbors in a peer template.
Displays the BGP process information.
Displays the BGP status and configuration information. This command has multiple options. See the Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference , for more information.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
291
Routing
Monitoring BGP Statistics
Command show { ipv | ipv6 } mbgp options show running-configuration bgp
Purpose
Displays the BGP status and configuration information. This command has multiple options. See the Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference , for more information.
Displays the current running BGP configuration.
Monitoring BGP Statistics
To display BGP statistics, use the following commands:
Command show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] flap-statistics
[ vrf vrf-name ]
Purpose
Displays the BGP route flap statistics. Use the clear bgp flap-statistics command to clear these statistics.
show bgp sessions [ vrf vrf-name ] show bgp statistics
Displays the BGP sessions for all peers. Use the clear bgp sessions command to clear these statistics.
Displays the BGP statistics.
Configuration Examples for Basic BGP
This example shows a basic BGP configuration: switch (config) # feature bgp switch (config) # router bgp 64496 switch (config-router) # neighbor 2001:ODB8:0:1::55 remote-as 64496 switch (config-router) # address-family ipv6 unicast switch (config-router-af) # next-hop-self
This example shows a basic BGP configuration: switch (config) # address-family switch (config) # router bgp 64496 switch (config-router) # address-family ipv4 unicast switch (config-router) # network 1.1.10 mask 255.255.255.0
switch (config-router) # neighbor 10.1.1.1 remote-as 64496 switch (config-router) # address-family ipv4 unicast
Related Documents for Basic BGP
Related Topics
BGP CLI commands
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
292
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
MIBs
Related Topics
MPLS configuration
VDCs and VRFs
Document Title
Cisco Nexus 7000 Series NX-OS MPLS Configuration
Guide
Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide, Release 5.x
MIBs
MIBs
BGP4-MIB
CISCO-BGP4-MIB
CISCO-BGP-MIBv2
MIBs Link
To locate and download MIBs, go to the following
URL: https://cfnng.cisco.com/mibs .
Feature History for BGP
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 25: Feature History for BGP
Feature Name
ECMP
Releases
8.4(2)
ECMP
BGP PIC Edge
BGP
4-byte AS number
BGP
BGP
8.4(1)
6.2(8)
6.2(8)
6.2(2)
6.1(1)
6.1(1)
Feature Information
Added support for up to 64 paths to a destination. Supported on
F4-Series I/O modules.
Added support for up to 64 paths to a destination. Supported on M3and F3-Series I/O modules.
Introduced this feature.
Added support for
CISCO-BGP-MIBv2
Added the ability to configure
4-byte AS numbers in asdot notation.
Added support for additional BGP paths.
Added the ability to set the default weigh for routes from a neighbor using the weight command in the neighbor address family configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
293
Feature History for BGP
Feature Name
BGP
VPN address families
BFD
ISSU
IPv6
4-Byte AS numbers
Conditional advertisement
4.2(3)
4.2(1)
4.2(1)
4.2(1)
Dynamic AS number for prefix peers
4.1(2)
BGP 4.0(1)
Releases
5.2(1)
5.2(1)
5.0(2)
Routing
Feature Information
Added support for the BGP PIC core feature.
Added support for VPN address families.
Added support for BFD. See the
Cisco Nexus 7000 Series NX-OS
Interfaces Configuration Guide,
Release 6.x
for more information.
Lowered BGP minimum hold-time check to eight seconds.
Added support for IPv6.
Added support for 4-byte AS numbers in plaintext notation.
Added support for conditionally advertising BGP routes based on the existence of other routes in the
BGP table.
Added support for a range of AS numbers for BGP prefix peer configuration.
This feature was introduced.
294
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
12
Configuring Advanced BGP
This chapter contains the following sections:
•
Finding Feature Information, on page 295
•
Information About Advanced BGP, on page 295
•
Prerequisites for Advanced BGP, on page 307
•
Guidelines and Limitations for Advanced BGP, on page 307
•
•
Configuring Advanced BGP, on page 309
•
Verifying the Advanced BGP Configuration, on page 347
•
Displaying Advanced BGP Statistics, on page 349
•
Related Documents, on page 349
•
•
•
Feature History for Advanced BGP , on page 350
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About Advanced BGP
BGP is an interdomain routing protocol that provides loop-free routing between organizations or autonomous systems. Cisco NX-OS supports BGP version 4. BGP version 4 includes multiprotocol extensions that allow
BGP to carry routing information for IP multicast routes and multiple Layer 3 protocol address families. BGP uses TCP as a reliable transport protocol to create TCP sessions with other BGP-enabled devices called BGP peers. When connecting to an external organization, the router creates external BGP (eBGP) peering sessions.
BGP peers within the same organization exchange routing information through internal BGP (iBGP) peering sessions.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
295
Routing
Peer Templates
Peer Templates
BGP peer templates allow you to create blocks of common configuration that you can reuse across similar
BGP peers. Each block allows you to define a set of attributes that a peer then inherits. You can choose to override some of the inherited attributes as well, making it a very flexible scheme for simplifying the repetitive nature of BGP configurations.
Cisco NX-OS implements three types of peer templates:
• The peer-session template defines BGP peer session attributes, such as the transport details, remote autonomous system number of the peer, and session timers. A peer-session template can also inherit attributes from another peer-session template (with locally defined attributes that override the attributes from an inherited peer-session).
• A peer-policy template defines the address-family dependent policy aspects for a peer including the inbound and outbound policy, filter-lists, and prefix-lists. A peer-policy template can inherit from a set of peer-policy templates. Cisco NX-OS evaluates these peer-policy templates in the order specified by the preference value in the inherit configuration. The lowest number is preferred over higher numbers.
• The peer template can inherit the peer-session and peer-policy templates to allow for simplified peer definitions. It is not mandatory to use a peer template but it can simplify the BGP configuration by providing reusable blocks of configuration.
Authentication
You can configure authentication for a BGP neighbor session. This authentication method adds an MD5 authentication digest to each TCP segment sent to the neighbor to protect BGP against unauthorized messages and TCP security attacks.
Note The MD5 password must be identical between BGP peers.
Route Policies and Resetting BGP Sessions
You can associate a route policy to a BGP peer. Route policies use route maps to control or modify the routes that BGP recognizes. You can configure a route policy for inbound or outbound route updates. The route policies can match on different criteria, such as a prefix or AS_path attribute, and selectively accept or deny the routes. Route policies can also modify the path attributes.
When you change a route policy applied to a BGP peer, you must reset the BGP sessions for that peer. Cisco
NX-OS supports the following three mechanisms to reset BGP peering sessions:
• Hard reset—A hard reset tears down the specified peering sessions, including the TCP connection, and deletes routes coming from the specified peer. This option interrupts packet flow through the BGP network. Hard reset is disabled by default.
• Soft reconfiguration inbound—A soft reconfiguration inbound triggers routing updates for the specified peer without resetting the session. You can use this option if you change an inbound route policy. Soft reconfiguration inbound saves a copy of all routes received from the peer before processing the routes through the inbound route policy. If you change the inbound route policy, Cisco NX-OS passes these stored routes through the modified inbound route policy to update the route table without tearing down
296
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing eBGP existing peering sessions. Soft reconfiguration inbound can use significant memory resources to store the unfiltered BGP routes. Soft reconfiguration inbound is disabled by default.
• Route Refresh—A route refresh updates the inbound routing tables dynamically by sending route refresh requests to supporting peers when you change an inbound route policy. The remote BGP peer responds with a new copy of its routes that the local BGP speaker processes with the modified route policy. Cisco
NX-OS automatically sends an outbound route refresh of prefixes to the peer.
• BGP peers advertise the route refresh capability as part of the BGP capability negotiation when establishing the BGP peer session. Route refresh is the preferred option and enabled by default.
BGP also uses route maps for route redistribution, route aggregation, route dampening, and other features.
eBGP
External BGP (eBGP) allows you to connect BGP peers from different autonomous systems to exchange routing updates. Connecting to external networks enables traffic from your network to be forwarded to other networks and across the Internet.
You should use loopback interfaces for establishing eBGP peering sessions because loopback interfaces are less susceptible to interface flapping. An interface flap occurs when the interface is administratively brought up or down because of a failure or maintenance issue.
BGP Next Hop Unchanged
In an eBGP session, by default, the router changes the next-hop attribute of a BGP route to its own address when the router sends out a route. The BGP next-hop unchanged feature allows BGP to send an update to an eBGP multihop peer with the next-hop attribute unchanged.
By default, BGP puts itself as the next hop when announcing to an eBGP peer. When you enter the set ip next-hop unchanged command for an outbound route map that is configured for an eBGP peer, it propagates the received next hop to the eBGP peer.
iBGP
Internal BGP (iBGP) allows you to connect BGP peers within the same autonomous system. You can use iBGP for multihomed BGP networks (networks that have more than one connection to the same external autonomous system).
The figure shows an iBGP network within a larger BGP network.
Figure 34: iBGP Network
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
297
Routing
AS Confederations iBGP networks are fully meshed. Each iBGP peer has a direct connection to all other iBGP peers to prevent network loops.
For single-hop iBGP peers with update-source configured under neighbor configuration mode, the peer supports fast external fall-over.
Note You should configure a separate interior gateway protocol in the iBGP network.
AS Confederations
A fully meshed iBGP network becomes complex as the number of iBGP peers grows. You can reduce the iBGP mesh by dividing the autonomous system into multiple subautonomous systems and grouping them into a single confederation. A confederation is a group of iBGP peers that use the same autonomous system number to communicate to external networks. Each subautonomous system is fully meshed within itself and has a few connections to other subautonomous systems in the same confederation.
The figure shows the BGP network, split into two subautonomous systems and one confederation.
Figure 35: AS Confederation
In this example, AS10 is split into two subautonomous systems, AS1 and AS2. Each subautonomous system is fully meshed, but there is only one link between the subautonomous systems. By using AS confederations, you can reduce the number of links compared to the fully meshed autonomous system.
Route Reflector
You can alternately reduce the iBGP mesh by using a route reflector configuration where route reflectors pass learned routes to neighbors so that all iBGP peers do not need to be fully meshed.
The figure below shows a simple iBGP configuration with four meshed iBGP speakers (routers A,B,C, and
D.) Without these route reflectors, when router A receives a route from an external neighbor, it advertise the route to all three iBGP neighbors.
When you configure an iBGP peer to be a route reflector, it becomes responsible for passing iBGP learned routes to a set of iBGP neighbors.
In the figure, router B is the route reflector. When the route reflector receives routes advertised from router
A, it advertises (reflects) the routes to routers C and D. Router A no longer has to advertise to both routers C and D.
298
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Figure 36: Route Reflector
Capabilities Negotiation
The route reflector and its client peers form a cluster. You do not have to configure all iBGP peers to act as client peers of the route reflector. You must configure any nonclient peer as fully meshed to guarantee that complete BGP updates reach all peers.
Capabilities Negotiation
A BGP speaker can learn about BGP extensions that are supported by a peer by using the capabilities negotiation feature. Capabilities negotiation allows BGP to use only the set of features supported by both BGP peers on a link.
If a BGP peer does not support capabilities negotiation, Cisco NX-OS attempts a new session to the peer without capabilities negotiation if you have configured the address family as IPv4. Any other multiprotocol configuration (such as IPv6) requires capabilities negotiation.
Route Dampening
Route dampening is a BGP feature that minimizes the propagation of flapping routes across an internetwork.
A route flaps when it alternates between the available and unavailable states in rapid succession.
For example, consider a network with three BGP autonomous systems: AS1, AS2, and AS3. Suppose that a route in AS1 flaps (it becomes unavailable). Without route dampening, AS1 sends a withdraw message to
AS2. AS2 propagates the withdrawal message to AS3. When the flapping route reappears, AS1 sends an advertisement message to AS2, which sends the advertisement to AS3. If the route repeatedly becomes unavailable, and then available, AS1 sends many withdrawal and advertisement messages that propagate through the other autonomous systems.
Route dampening can minimize flapping. Suppose that the route flaps. AS2 (in which route dampening is enabled) assigns the route a penalty of 1000. AS2 continues to advertise the status of the route to neighbors.
Each time that the route flaps, AS2 adds to the penalty value. When the route flaps so often that the penalty exceeds a configurable suppression limit, AS2 stops advertising the route, regardless of how many times that it flaps. The route is now dampened.
The penalty placed on the route decays until the reuse limit is reached. At that time, AS2 advertises the route again. When the reuse limit is at 50 percent, AS2 removes the dampening information for the route.
Note The router does not apply a penalty to a resetting BGP peer when route dampening is enabled, even though the peer reset withdraws the route.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
299
Routing
Load Sharing and Multipath
Load Sharing and Multipath
BGP can install multiple equal-cost eBGP or iBGP paths into the routing table to reach the same destination prefix. Traffic to the destination prefix is then shared across all the installed paths.
The BGP best-path algorithm considers the paths as equal-cost paths if the following attributes are identical:
• Weight
• Local preference
• AS_path
• Origin code
• Multi-exit discriminator (MED)
• IGP cost to the BGP next hop
In Cisco NX-OS releases prior to 6.1, BGP selects only one of these multiple paths as the best path and advertises the path to the BGP peers. Beginning with Cisco NX-OS Release 6.1, BGP supports sending and receiving multiple paths per prefix and advertising such paths.
Note Paths that are received from different AS confederations are considered as equal-cost paths if the external
AS_path values and the other attributes are identical.
Note When you configure a route reflector for iBGP multipath, and the route reflector advertises the selected best path to its peers, the next hop for the path is not modified.
BGP Additional Paths
In Cisco NX-OS releases prior to 6.1, only one BGP best path is advertised, and the BGP speaker accepts only one path for a given prefix from a given peer. If a BGP speaker receives multiple paths for the same prefix within the same session, it uses the most recent advertisement.
Beginning with Cisco NX-OS Release 6.1, BGP supports the additional paths feature, which allows the BGP speaker to propagate and accept multiple paths for the same prefix without the new paths replacing any previous ones. This feature allows BGP speaker peers to negotiate whether they support advertising and receiving multiple paths per prefix and advertising such paths. A special 4-byte path ID is added to the network layer reachability information (NLRI) to differentiate multiple paths for the same prefix sent across a peer session.
The following figure illustrates the BGP additional paths capability.
300
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Figure 37: BGP Route Advertisement with the Additional Paths Capability
Route Aggregation
Route Aggregation
You can configure aggregate addresses. Route aggregation simplifies route tables by replacing a number of more specific addresses with an address that represents all the specific addresses. For example, you can replace these three more specific addresses, 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one aggregate address,
10.1.0.0/16.
Aggregate prefixes are present in the BGP route table so that fewer routes are advertised.
Note Cisco NX-OS does not support automatic route aggregation.
Route aggregation can lead to forwarding loops. To avoid this problem, when BGP generates an advertisement for an aggregate address, it automatically installs a summary discard route for that aggregate address in the local routing table. BGP sets the administrative distance of the summary discard to 220 and sets the route type to discard. BGP does not use discard routes for next-hop resolution.
Summary entry is created in the BGP table when aggregate-address command is configured, though it will not be eligible for advertisement until a subset of the aggregate is found in the table.
BGP Conditional Advertisement
BGP conditional advertisement allows you to configure BGP to advertise or withdraw a route based on whether or not a prefix exists in the BGP table. This feature is useful, for example, in multihomed networks, in which you want BGP to advertise some prefixes to one of the providers only if information from the other provider is not present.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
301
Routing
BGP Next-Hop Address Tracking
Consider an example network with three BGP autonomous systems: AS1, AS2, and AS3, where AS1 and
AS3 connect to the Internet and to AS2. Without conditional advertisement, AS2 propagates all routes to both
AS1 and AS3. With conditional advertisement, you can configure AS2 to advertise certain routes to AS3 only if routes from AS1 do not exist (if for example, the link to AS1 fails).
BGP conditional advertisement adds an exist or not-exist test to each route that matches the configured route map.
BGP Next-Hop Address Tracking
BGP monitors the next-hop address of installed routes to verify next-hop reachability and to select, install, and validate the BGP best path. BGP next-hop address tracking speeds up this next-hop reachability test by triggering the verification process when routes change in the Routing Information Base (RIB) that may affect
BGP next-hop reachability.
BGP receives notifications from the RIB when the next-hop information changes (event-driven notifications).
BGP is notified when any of the following events occurs:
• Next hop becomes unreachable.
• Next hop becomes reachable.
• Fully recursed Interior Gateway Protocol (IGP) metric to the next hop changes.
• First hop IP address or first hop interface changes.
• Next hop becomes connected.
• Next hop becomes unconnected.
• Next hop becomes a local address.
• Next hop becomes a nonlocal address.
Note Reachability and recursed metric events trigger a best-path recalculation.
Event notifications from the RIB are classified as critical and noncritical. Notifications for critical and noncritical events are sent in separate batches. However, a noncritical event is sent with the critical events if the noncritical event is pending and there is a request to read the critical events.
• Critical events are related to next-hop reachability, such as the loss of next hops resulting in a switchover to a different path. A change in the IGP metric for a next hop resulting in a switchover to a different path can also be considered a critical event.
• Non-critical events are related to next hops being added without affecting the best path or changing the
IGP metric to a single next hop.
Note Critical and non-critical events can be configured individually on a per address family basis. For more information on address families, see the "Configuring MPLS Layer 3 VPNs" chapter in the Cisco Nexus 7000
Series NX-OS MPLS Configuration Guide .
302
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Route Redistribution
Route Redistribution
You can configure BGP to redistribute static routes or routes from other protocols. You must configure a route map with the redistribution to control which routes are passed into BGP. A route map allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on.
Prior to Cisco NX-OS Release 5.2(1), when you redistribute BGP to IGP, iBGP is redistributed as well. To override this behavior, you must insert an additional deny statement into the route map. Beginning with Cisco
NX-OS Release 5.2(1), redistribution varies as follows:
• In a non-MPLS VPN scenario, iBGP is not redistributed to IGP by default.
• In an MPLS VPN scenario (route distinguisher configured under a VRF), iBGP is redistributed to IGP by default.
You can use route maps to override the default behavior in both scenarios, but be careful when doing so as incorrect use of route maps can result in network loops. The following examples show how to use route maps to change the default behavior.
You can change the default behavior for scenario 1 by modifying the route map as follows: route-map foo permit 10 match route-type internal router ospf 1 redistribute bgp 100 route-map foo
Similarly, you can change the default behavior for scenario 2 by modifying the route map as follows: route-map foo deny 10 match route-type internal router ospf 1 vrf bar redistribute bgp 100 route-map foo
The default route should be redistributed into BGP or advertised to peers only when default-information originate is configured for an Address Family where the command is supported.
BGP should withdraw the default route on removal of default-information originate if it was already advertised.
Also, the redistributed path should be removed for the default route.
You can delete the redistributed path for default route using the following command: no default-information originate
BGP Support for Importing Routes from Default VRF
You can import IP prefixes from the global routing table (the default VRF) into any other VRF by using an import policy. The VRF import policy uses a route map to specify the prefixes to be imported into a VRF.
The policy can import IPv4 and IPv6 unicast prefixes.
You can configure the maximum number of prefixes that can be imported from the default VRF.
Note Routes in the BGP default VRF can be imported directly. Any other routes in the global routing table should be redistributed into BGP first.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
303
Routing
BGP Support for Exporting Routes to Default VRF
BGP Support for Exporting Routes to Default VRF
You can export IP prefixes to the default VRF (global routing table) from any other VRF using an export policy. The VRF export policy leaks a VRF route into default VRF BGP table, which will then be installed in the IPv4/IPv6 routing table. The VRF export policy uses a route map to specify the prefixes to be exported to the default VRF. The policy can export IPv4 and IPv6 unicast prefixes.
You can configure the maximum number of prefixes that can be exported to the default VRF to prevent the routing table from being overloaded.
BFD
This feature supports bidirectional forwarding detection (BFD) for IPv4 only. BFD is a detection protocol designed to provide fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules.
BFD for BGP is supported on eBGP peers and iBGP single-hop peers. Configure the update-source option in neighbor configuration mode for iBGP single-hop peers using BFD.
Note BFD is not supported on other iBGP peers or for multihop eBGP peers.
See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide for more information.
Tuning BGP
You can modify the default behavior of BGP through BGP timers and by adjusting the best-path algorithm.
BGP Timers
BGP uses different types of timers for neighbor session and global protocol events. Each established session has a minimum of two timers for sending periodic keepalive messages and for timing out sessions when peer keepalives do not arrive within the expected time. In addition, there are other timers for handling specific features. Typically, you configure these timers in seconds. The timers include a random adjustment so that the same timers on different BGP peers trigger at different times.
Tuning the Best-Path Algorithm
You can modify the default behavior of the best-path algorithm through optional configuration parameters, including changing how the algorithm handles the multi-exit discriminator (MED) attribute and the router
ID.
Multiprotocol BGP
BGP on Cisco NX-OS supports multiple address families. Multiprotocol BGP (MP-BGP) carries different sets of routes depending on the address family. For example, BGP can carry one set of routes for IPv4 unicast routing, one set of routes for IPv4 multicast routing, and one set of routes for IPv6 multicast routing. You can use MP-BGP for reverse-path forwarding (RPF) checks in IP multicast networks.
304
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Graceful Restart and High Availability
Note Because Multicast BGP does not propagate multicast state information, you need a multicast protocol, such as Protocol Independent Multicast (PIM).
Use the router address-family and neighbor address-family configuration modes to support multiprotocol
BGP configurations. MP-BGP maintains separate RIBs for each configured address family, such as a unicast
RIB and a multicast RIB for BGP.
A multiprotocol BGP network is backward compatible but BGP peers that do not support multiprotocol extensions cannot forward routing information, such as address family identifier information, that the multiprotocol extensions carry.
Note Beginning with Cisco NX-OS Release 6.2(8), BGP supports RFC 5549 which allows an IPv4 prefix to be carried over an IPv6 next hop. Because BGP is running on every hop and all routers are capable of forwarding
IPv4 and IPv6 traffic, there is no need to support IPv6 tunnels between any routers. BGP installs IPv4 over an IPv6 route to the Unicast Route Information Base (URIB).
Graceful Restart and High Availability
Cisco NX-OS supports nonstop forwarding and graceful restart for BGP.
You can use nonstop forwarding (NSF) for BGP to forward data packets along known routes in the Forward
Information Base (FIB) while the BGP routing protocol information is being restored following a failover.
With NSF, BGP peers do not experience routing flaps. During a failover, the data traffic is forwarded through intelligent modules while the standby supervisor becomes active.
If a Cisco NX-OS router experiences a cold reboot, the network does not forward traffic to the router and removes the router from the network topology. In this scenario, BGP experiences a nongraceful restart and removes all routes. When Cisco NX-OS applies the startup configuration, BGP reestablishes peering sessions and relearns the routes.
A Cisco NX-OS router that has dual supervisors can experience a stateful supervisor switchover. During the switchover, BGP uses nonstop forwarding to forward traffic based on the information in the FIB, and the system is not removed from the network topology. A router whose neighbor is restarting is referred to as a
"helper." After the switchover, a graceful restart operation begins. When it is in progress, both routers reestablish their neighbor relationship and exchange their BGP routes. The helper continues to forward prefixes pointing to the restarting peer, and the restarting router continues to forward traffic to peers even though those neighbor relationships are restarting. When the restarting router has all route updates from all BGP peers that are graceful restart capable, the graceful restart is complete, and BGP informs the neighbors that it is operational again.
When a router detects that a graceful restart operation is in progress, both routers exchange their topology tables. When the router has route updates from all BGP peers, it removes all the stale routes and runs the best-path algorithm on the updated routes.
After the switchover, Cisco NX-OS applies the running configuration, and BGP informs the neighbors that it is operational again.
For single-hop iBGP peers with update-source configured under neighbor configuration mode, the peer supports fast external fall-over.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
305
Routing
Low Memory Handling
With the additional BGP paths feature, if the number of paths advertised for a given prefix is the same before and after restart, the choice of path ID guarantees the final state and removal of stale paths. If fewer paths are advertised for a given prefix after a restart, stale paths can occur on the graceful restart helper peer.
Low Memory Handling
BGP reacts to low memory for the following conditions:
• Minor alert—BGP does not establish any new eBGP peers. BGP continues to establish new iBGP peers and confederate peers. Established peers remain, but reset peers are not re-established.
• Severe alert—BGP shuts down select established eBGP peers every two minutes until the memory alert becomes minor. For each eBGP peer, BGP calculates the ratio of total number of paths received to the number of paths selected as best paths. The peers with the highest ratio are selected to be shut down to reduce memory usage. You must clear a shutdown eBGP peer before you can bring the eBGP peer back up to avoid oscillation.
Note You can exempt important eBGP peers from this selection process.
• Critical alert—BGP gracefully shuts down all the established peers. You must clear a shutdown BGP peer before you can bring the BGP peer back up.
ISSU
Cisco NX-OS supports in-service software upgrades (ISSU). ISSU allows you to upgrade software without impacting forwarding.
The following conditions are required to support ISSU:
• Graceful restart must be enabled (default)
• Keepalive and hold timers must not be smaller than their default values
If either of these requirements is not met, Cisco NX-OS issues a warning. You can proceed with the upgrade or downgrade, but service might be disrupted.
Note Cisco NX-OS cannot guarantee ISSU for non-default timer values if the negotiated hold time between BGP peers is less than the system switchover time.
Virtualization Support
Cisco NX-OS supports multiple instances of BGP that run on the same system. BGP supports virtual routing and forwarding (VRF) instances that exist within virtual device contexts (VDCs). You can configure one BGP instance in a VDC, but you can have multiple VDCs on the system.
By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF.
306
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Prerequisites for Advanced BGP
Prerequisites for Advanced BGP
Advanced BGP has the following prerequisites:
• You must enable BGP.
• You should have a valid router ID configured on the system.
• You must have an AS number, either assigned by a Regional Internet Registry (RIR) or locally administered.
• You must have reachability (such as an interior gateway protocol [IGP], a static route, or a direct connection) to the peer that you are trying to make a neighbor relationship with.
• You must explicitly configure an address family under a neighbor for the BGP session establishment.
Guidelines and Limitations for Advanced BGP
Advanced BGP has the following configuration guidelines and limitations:
• The dynamic AS number prefix peer configuration overrides the individual AS number configuration inherited from a BGP template.
• If you configure a dynamic AS number for prefix peers in an AS confederation, BGP establishes sessions with only the AS numbers in the local confederation.
• Command ttl-security hops is visible but not supported for Nexus 7K platform, it is supported only for
Nexus 9K platform.
• BGP sessions created through a dynamic AS number prefix peer ignore any configured eBGP multihop time-to-live (TTL) value or a disabled check for directly connected peers.
• Configure a router ID for BGP to avoid automatic router ID changes and session flaps.
• Use the maximum-prefix configuration option per peer to restrict the number of routes received and system resources used.
• Configure the update source to establish a session with eBGP multihop sessions.
• Specify a BGP route map if you configure a redistribution.
• Configure the BGP router ID within a VRF.
• If you decrease the keepalive and hold timer values, the network might experience session flaps.
• When you redistribute BGP to IGP, iBGP is redistributed as well. To override this behavior, you must insert an additional deny statement into the route map.
• Cisco NX-OS does not support multi-hop BFD. BFD for BGP has the following limitations:
• BFD is supported only for BGP IPv4.
• BFD is supported only for eBGP peers and iBGP single-hop peers.
• To enable BFD for iBGP single-hop peers, you must configure the update-source option on the physical interface.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
307
Routing
Default Settings
• BFD is not supported for multi-hop iBGP peers and multi-hop eBGP peers.
• For single-hop iBGP peers with update-source configured under neighbor configuration mode, the peer supports fast external fall-over.
• The following guidelines and limitations apply to the remove-private-as command:
• It applies only to eBGP peers.
• It can be configured only in neighbor configuration mode and not in neighbor-address-family mode.
• If the AS-path includes both private and public AS numbers, the private AS numbers are not removed.
• If the AS-path contains the AS number of the eBGP neighbor, the private AS numbers are not removed.
• Private AS numbers are removed only if all AS numbers in that AS-path belong to a private AS number range. Private AS numbers are not removed if a peer's AS number or a non-private AS number is found in the AS-path segment.
• BGP conditional route injection is available only for IPv4 and IPv6 unicast address families in all VRF instances.
• The match interface command is only supported for redistribute command route-maps .
• When sending a route advertisement to an iBGP peer, NXOS sets the interface IP address through which the announced network is reachable for the peer as the next hop instead of preserving the original next hop of the non locally originated route.
This occurs with the 'network' statement and route 'redistribution' configurations in BGP.
The knobs 'set ip next-hop redist-unchanged' or 'set ipv6 next-hop redist-unchanged' available under route-map configuration mode helps to resolve this issue. These knobs are available from Cisco NX-OS
Release 6.2(12) onwards.
Default Settings
Parameters
BGP feature
BGP additional paths
Hold timer
Keep alive interval
Dynamic capability
Default
Disabled
Disabled
180 seconds
60 seconds
Enabled
308
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Advanced BGP
Configuring Advanced BGP
Configuring BGP Session Templates
You can use BGP session templates to simplify the BGP configuration for multiple BGP peers with similar configuration needs. BGP templates allow you to reuse common configuration blocks. You configure BGP templates first and then apply these templates to BGP peers.
With BGP session templates, you can configure session attributes such as inheritance, passwords, timers, and security.
A peer-session template can inherit from one other peer-session template. You can configure the second template to inherit from a third template. The first template also inherits this third template. This indirect inheritance can continue for up to seven peer-session templates.
Any attributes configured for the neighbor take priority over any attributes inherited by that neighbor from a
BGP template.
Note Use the show bgp neighbor command to see the template applied. See the Cisco Nexus 7000 Series NX-OS
Unicast Routing Command Reference , for details on all commands available in the template.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
Note When editing a template, you can use the no form of a command at either the peer or template level to explicitly override a setting in a template. You must use the default form of the command to reset that attribute to the default state.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp autonomous-system-number
3.
switch(config-router)# template peer-session template-name
4.
switch(config-router-stmp)# password number password
5.
switch(config-router-stmp)# timers keepalive hold
6.
switch(config-router-stmp)# exit
7.
switch(config-router)# neighbor ip-address remote-as as-number
8.
switch(config-router-neighbor)# inherit peer-session template-name
9.
switch(config-router-neighbor)# description text
10.
switch(config-router-neighbor)# show bgp peer-session template-name
11.
switch(config-router-neighbor)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
309
Routing
Configuring BGP Session Templates
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Purpose
Enters configuration mode.
switch(config)# router bgp autonomous-system-number Enables BGP and assigns the autonomous system number to the local BGP speaker.
Step 3
Step 4
Step 5 switch(config-router)# template peer-session template-name
Enters peer-session template configuration mode.
switch(config-router-stmp)# password number password (Optional) Adds the clear text password test to the neighbor. The password is stored and displayed in type 3 encrypted form (3DES).
switch(config-router-stmp)# timers keepalive hold (Optional) Adds the BGP keepalive and holdtimer values to the peer-session template.
The default keepalive interval is 60. The default hold time is 180.
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11 switch(config-router-stmp)# exit switch(config-router)# neighbor ip-address remote-as as-number
Exits peer-session template configuration mode.
Places the router in the neighbor configuration mode for
BGP routing and configures the neighbor IP address.
Applies a peer-session template to the peer.
switch(config-router-neighbor)# inherit peer-session template-name switch(config-router-neighbor)# description text (Optional) Adds a description for the neighbor.
switch(config-router-neighbor)# show bgp peer-session template-name
(Optional) Displays the peer-policy template.
switch(config-router-neighbor)# copy running-config startup-config
(Optional) Saves this configuration change.
Example
This example shows how to configure a BGP peer-session template and apply it to a BGP peer: switch# configure terminal switch(config)# router bgp 65535 switch(config-router)# template peer-session BaseSession switch(config-router-stmp)# timers 30 90 switch(config-router-stmp)# exit switch(config-router)# neighbor 192.168.1.2 remote-as 65535 switch(config-router-neighbor)# inherit peer-session BaseSession switch(config-router-neighbor)# description Peer Router A switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor)# copy running-config startup-config
310
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring BGP Peer-Policy Templates
Configuring BGP Peer-Policy Templates
You can configure a peer-policy template to define attributes for a particular address family. You assign a preference to each peer-policy template and these templates are inherited in the order specified, for up to five peer-policy templates in a neighbor address family.
Cisco NX-OS evaluates multiple peer policies for an address family using the preference value. The lowest preference value is evaluated first. Any attributes configured for the neighbor take priority over any attributes inherited by that neighbor from a BGP template.
Peer-policy templates can configure address family-specific attributes such as AS-path filter lists, prefix lists, route reflection, and soft reconfiguration.
Note Use the show bgp neighbor command to see the template applied. See the Cisco Nexus 7000 Series NX-OS
Unicast Routing Command Reference , for details on all commands available in the template.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
Note When editing a template, you can use the no form of a command at either the peer or template level to explicitly override a setting in a template. You must use the default form of the command to reset that attribute to the default state.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp autonomous-system-number
3.
switch(config-router)# template peer-policy template-name
4.
switch(config-router-ptmp)# advertise-active-only
5.
switch(config-router-ptmp)# maximum-prefix number
6.
switch(config-router-ptmp)# exit
7.
switch(config-router)# neighbor ip-address remote-as as-number
8.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { multicast | unicast }
9.
switch(config-router-neighbor-af)# inherit peer-policy template-name preference
10.
switch(config-router-neighbor-af)# show bgp peer-policy template-name
11.
switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action switch# configure terminal
Purpose
Enters configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
311
Routing
Configuring BGP Peer Templates
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Command or Action Purpose switch(config)# router bgp autonomous-system-number Enables BGP and assigns the autonomous system number to the local BGP speaker.
switch(config-router)# template peer-policy template-name switch(config-router-ptmp)# advertise-active-only switch(config-router-ptmp)# maximum-prefix number
Creates a peer-policy template.
(Optional) Advertises only active routes to the peer.
(Optional) Sets the maximum number of prefixes allowed from this peer.
Exits peer-policy template configuration mode.
switch(config-router-ptmp)# exit switch(config-router)# as-number
neighbor ip-address remote-as Places the router in the neighbor configuration mode for
BGP routing and configures the neighbor IP address.
Enters global address family configuration mode.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { multicast | unicast } switch(config-router-neighbor-af)# inherit peer-policy template-name preference
Applies a peer-policy template to the peer address family configuration and assigns the preference value for this peer policy.
switch(config-router-neighbor-af)# show bgp peer-policy template-name
(Optional) Displays the peer-policy template.
switch(config-router-neighbor-af)# copy running-config startup-config
(Optional) Saves this configuration change.
Example
This example shows how to configure a BGP peer-policy template and apply it to a BGP peer: switch# configure terminal switch(config)# router bgp 65535 switch(config-router)# template peer-session BasePolicy switch(config-router-ptmp)# maximum-prefix 20 switch(config-router-ptmp)# exit switch(config-router)# neighbor 192.168.1.1 remote-as 65535 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# inherit peer-policy BasePolicy switch(config-router-neighbor-af)# copy running-config startup-config
Configuring BGP Peer Templates
You can configure BGP peer templates to combine session and policy attributes in one reusable configuration block. Peer templates can also inherit peer-session or peer-policy templates. Any attributes configured for the neighbor take priority over any attributes inherited by that neighbor from a BGP template. You configure only one peer template for a neighbor, but that peer template can inherit peer-session and peer-policy templates.
Peer templates support session and address family attributes, such as eBGP multihop time-to-live, maximum prefix, next-hop self, and timers.
312
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring BGP Peer Templates
Note Use the show bgp neighbor command to see the template applied. See the Cisco Nexus 7000 Series NX-OS
Unicast Routing Command Reference , for details on all commands available in the template.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
Note When editing a template, you can use the no form of a command at either the peer or template level to explicitly override a setting in a template. You must use the default form of the command to reset that attribute to the default state.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp autonomous-system-number
3.
switch(config-router)# template peer template-name
4.
switch(config-router-neighbor)# inherit peer-session template-name
5.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { multicast | unicast }
6.
switch(config-router-neighbor-af)# inherit peer template-name
7.
switch(config-router-neighbor-af)# exit
8.
switch(config-router-neighbor)# timers keepalive hold
9.
switch(config-router-neighbor)# exit
10.
switch(config-router)# neighbor ip-address remote-as as-number
11.
switch(config-router-neighbor)# inherit peer template-name
12.
switch(config-router-neighbor)# timers keepalive hold
13.
switch(config-router-neighbor-af)# show bgp peer-template template-name
14.
switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Purpose
Enters global configuration mode.
switch(config)# router bgp autonomous-system-number Enables BGP and assigns the autonomous system number to the local BGP speaker.
Enter peer template configuration mode.
switch(config-router)# template peer template-name switch(config-router-neighbor)# inherit peer-session template-name
(Optional) Inherits a peer-session template in the peer template.
Step 5 switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { multicast | unicast }
(Optional) Configures the global address family configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
313
Routing
Configuring Prefix Peering
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Step 14
Command or Action switch(config-router-neighbor-af)# inherit peer template-name
Purpose
(Optional) Applies a peer template to the neighbor address family configuration.
switch(config-router-neighbor-af)# switch(config-router-neighbor)# exit
timers keepalive hold
Exits BGP neighbor address family configuration mode.
(Optional) Adds the BGP timer values to the peer.
These values override the timer values in the peer-session template, BaseSession.
Exits BGP peer template configuration mode.
switch(config-router-neighbor)# exit switch(config-router)# as-number
neighbor ip-address remote-as Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address.
Inherits the peer template.
switch(config-router-neighbor)# inherit peer template-name switch(config-router-neighbor)# timers keepalive hold (Optional) Adds the BGP timer values to this neighbor.
These values override the timer values in the peer template and the peer-session template.
switch(config-router-neighbor-af)# show bgp
peer-template template-name
(Optional) Displays the peer template.
switch(config-router-neighbor-af)# copy running-config startup-config
(Optional) Saves this configuration change.
Example
This example shows how to configure a BGP peer template and apply it to a BGP peer: switch# configure terminal switch(config)# router bgp 65535 switch(config-router)# template peer BasePeer switch(config-router-neighbor)# inherit peer-session BaseSession switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# inherit peer-policy BasePolicy 1 switch(config-router-neighbor-af)# exit switch(config-router-neighbor)# exit switch(config-router)# neighbor 192.168.1.2 remote-as 65535 switch(config-router-neighbor)# inherit peer BasePeer switch(config-router-neighbor)# copy running-config startup-config
Configuring Prefix Peering
BGP supports the definition of a set of peers using a prefix for both IPv4 and IPv6. This feature allows you to not have to add each neighbor to the configuration.
When defining a prefix peering, you must specify the remote AS number with the prefix. BGP accepts any peer that connects from that prefix and autonomous system if the prefix peering does not exceed the configured maximum peers allowed.
314
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Prefix Peering
Note Use the show ip bgp neighbor command to show the details of the configuration for that prefix peering with a list of the currently accepted instances and the counts of active, maximum concurrent, and total accepted peers.
Use the show bgp covergence private command to display details of the prefix peer wait timer.
SUMMARY STEPS
DETAILED STEPS
Step 1
Command or Action
(Optional) switch(config-router-neighbor)# timers
prefix-peer-timeout interval
Step 2
1.
(Optional) switch(config-router-neighbor)# timers prefix-peer-timeout interval
2.
(Optional) switch(config-router-neighbor)# timers prefix-peer-wait interval
3.
(Optional) switch(config-router-neighbor)# maximum-peers value
(Optional) switch(config-router-neighbor)#
prefix-peer-wait interval timers
Purpose
Configures the BGP prefix peering timeout value. When a
BGP peer that is part of a prefix peering disconnects, the peer structures are held for a defined prefix peer timeout value which enables the peer to reset and reconnect without danger of being blocked. The timeout range is from 0 to
1200 seconds. The default value is 30.
Configures the BGP prefix peering wait timer on a per-VRF basis or on the default VRF. You can use the timers prefix-peer-wait command to disable the peer prefix wait time so that there is no delay before BGP prefixes are inserted into the routing information base (RIB). The range of the interval is from 0 to 1200 seconds. The default value is 90.
Note The timer is only applicable for BGP dynamic neighbors. It is only set when BGP is restarted or is coming up for the first time for the dynamic
BGP neighbors.
Step 3 (Optional) switch(config-router-neighbor)#
maximum-peers value
Configures the maximum number of peers for this prefix peering in neighbor configuration mode. The range is from
1 to 1000.
Example
This example shows how to configure a prefix peering that accepts up to 10 peers: switch(config)# router bgp 65535 switch(config-router)# timers prefix-peer-timeout 120 switch(config-router)# neighbor 10.100.200.0/24 remote-as 65535 switch(config-router-neighbor)# maximum-peers 10 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)#
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
315
Routing
Configuring BGP Authentication
Configuring BGP Authentication
You can configure BGP to authenticate route updates from peers using MD5 digests.
To configure BGP to use MD5 authentication, use the following command in neighbor configuration mode:
SUMMARY STEPS
1.
switch(config-router-neighbor)# password { 0 | 3 | 7 } string
DETAILED STEPS
Step 1
Command or Action Purpose switch(config-router-neighbor)# password { 0 | 3 | 7 } string Configures an MD5 password (for authentication) for BGP neighbor sessions in neighbor configuration mode.
Resetting a BGP Session
If you modify a route policy for BGP, you must reset the associated BGP peer sessions. If the BGP peers do not support route refresh, you can configure a soft reconfiguration for inbound policy changes. Cisco NX-OS automatically attempts a soft reset for the session.
To configure soft reconfiguration inbound, use the following command in neighbor address-family configuration mode.
SUMMARY STEPS
1.
switch(config-router-neighbor-af)# soft-reconfiguration inbound
2.
switch# clear bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast ip-address soft { in | out }
DETAILED STEPS
Step 1
Step 2
Command or Action switch(config-router-neighbor-af)# soft-reconfiguration inbound
Purpose
This command in neighbor address-family configuration mode, enables soft reconfiguration to store the inbound
BGP route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
switch# clear bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast
| multicast ip-address soft { in | out }
This command in any mode resets the BGP session without tearing down the TCP session.
Modifying the Next-Hop Address
You can modify the next-hop address used in a route advertisement in the following ways:
• Disable next-hop calculation and use the local BGP speaker address as the next-hop address.
• Set the next-hop address as a third-party address. Use this feature in situations where the original next-hop address is on the same subnet as the peer that the route is being sent to. Using this feature saves an extra hop during forwarding.
316
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring BGP Next-Hop Address Tracking
To modify the next-hop address, use the following commands in address-family configuration mode:
SUMMARY STEPS
1.
switch(config-router-neighbor-af)# next-hop-self
2.
switch(config-router-neighbor-af)# next-hop-third-party
DETAILED STEPS
Step 1
Step 2
Command or Action switch(config-router-neighbor-af)# next-hop-self
Purpose
Uses the local BGP speaker address as the next-hop address in route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
switch(config-router-neighbor-af)# next-hop-third-party Sets the next-hop address as a third-party address. Use this command for single-hop EBGP peers that do not have next-hop-self configured.
Configuring BGP Next-Hop Address Tracking
BGP next-hop address tracking is enabled by default and cannot be disabled.
You can modify the delay interval between RIB checks to increase the performance of BGP next-hop tracking.
To modify the BGP next-hop address tracking, use the following commands in address-family configuration mode:
SUMMARY STEPS
1.
switch(config-router-af)# nexthop trigger-delay { critical | non-critical } milliseconds
2.
switch(config-router-af)# nexthop route-map name
DETAILED STEPS
Step 1
Step 2
Command or Action Purpose switch(config-router-af)# nexthop trigger-delay { critical
| non-critical } milliseconds
Specifies the next-hop address tracking delay timer for critical next-hop reachability routes and for noncritical routes. The range is from 1 to 4294967295 milliseconds.
The critical timer default is 3000. The noncritical timer default is 10000.
switch(config-router-af)# nexthop route-map name Specifies a route map to match the BGP next-hop addresses to. The name can be any case-sensitive, alphanumeric string up to 63 characters.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
317
Routing
Configuring Next-Hop Filtering
Configuring Next-Hop Filtering
BGP next-hop filtering allows you to specify that when a next-hop address is checked with the RIB, the underlying route for that next-hop address is passed through the route map. If the route map rejects the route, the next-hop address is treated as unreachable.
BGP marks all next hops that are rejected by the route policy as invalid and does not calculate the best path for the routes that use the invalid next-hop address.
To configure BGP next-hop filtering, use the following command in address-family configuration mode:
SUMMARY STEPS
1.
switch(config-router-af)# nexthop route-map name
DETAILED STEPS
Step 1
Command or Action switch(config-router-af)# nexthop route-map name
Purpose
Specifies a route map to match the BGP next-hop route to.
The name can be any case-sensitive, alphanumeric string up to 63 characters.
Disabling Capabilities Negotiation
You can disable capabilities negotiations to interoperate with older BGP peers that do not support capabilities negotiation.
To disable capabilities negotiation, use the following command in neighbor configuration mode:
SUMMARY STEPS
1.
switch(config-router-neighbor)# dont-capability-negotiate
DETAILED STEPS
Step 1
Command or Action Purpose switch(config-router-neighbor)# dont-capability-negotiate Disables capabilities negotiation. You must manually reset the BGP sessions after configuring this command.
Configuring BGP Additional Paths
Beginning with Cisco NX-OS Release 6.1, BGP supports sending and receiving multiple paths per prefix and advertising such paths.
Advertising the Capability of Sending and Receiving Additional Paths
You can configure BGP to advertise the capability of sending and receiving additional paths to and from the
BGP peers.
318
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring the Sending and Receiving of Additional Paths
SUMMARY STEPS
1.
switch(config-router-neighbor-af)# [ no ] capability additional paths send [ disable ]
2.
switch (config-router-neighbor-af)# [ no ] capability additional paths receive [ disable ]
3.
switch(config-router-neighbor-af)# show bgp neighbor
4.
switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action switch(config-router-neighbor-af)# [ no ] capability additional paths send [ disable ] switch (config-router-neighbor-af)# [ additional paths receive [ disable switch(config-router-neighbor-af)#
] no ] capability show bgp neighbor
Purpose
Advertises the capability to send additional paths to the
BGP peer. The disable option disables the advertising capability of sending additional paths.
The no form of this command disables the capability of sending additional paths.
Advertises the capability to send additional paths to the
BGP peer. The disable option disables the advertising capability of sending additional paths.
The no form of this command disables the capability of sending additional paths.
Displays whether the local peer has advertised the additional paths send or receive capability to the remote peer.
switch(config-router-neighbor-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure BGP to advertise the capability to send and receive additional paths to the BGP peer: switch(config)# router bgp 100 switch(config-router)# neighbor 10.131.31.2 remote-as 100 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# capability additional-paths send switch(config-router-neighbor-af)# capability additional-paths receive switch(config-router-neighbor-af)# show bgp neighbor switch(config-router-neighbor-af)# copy running-config startup-config
Configuring the Sending and Receiving of Additional Paths
You can configure the capability of sending and receiving additional paths to and from the BGP peers.
SUMMARY STEPS
1.
switch(config-router-neighbor-af)# [ no ] additional-paths send
2.
switch (config-router-neighbor-af)# [ no ] additional-paths receive [ disable ]
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
319
Routing
Configuring Advertised Paths
3.
switch(config-router-neighbor-af)# show bgp neighbor
4.
switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action Purpose switch(config-router-neighbor-af)# [ no ] additional-paths send
Enables the send capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled.
The no form of this command disables the send capability.
Step 2
Step 3
Step 4 switch (config-router-neighbor-af)# [ no ] additional-paths receive [ disable ]
Enables the receive capability of additional paths for all of the neighbors under this address family for which the capability has not been disabled.
The no form of this command disables the capability of sending additional paths.
switch(config-router-neighbor-af)# show bgp neighbor Displays whether the local peer has advertised the additional paths send or receive capability to the remote peer.
switch(config-router-neighbor-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to enable the additional paths send and receive capability for neighbors under the specified address family for which this capability has not been disabled.: switch(config)# router bgp 100 switch(config-router)# neighbor 10.131.31.2 remote-as 100 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# additional-paths send switch(config-router-neighbor-af)# additional-paths receive switch(config-router-neighbor-af)# show bgp neighbor switch(config-router-neighbor-af)# copy running-config startup-config
Configuring Advertised Paths
You can specify the paths that are advertised for BGP.
SUMMARY STEPS
1.
switch(config-route-map)# [ no ] set path-selection all advertise
2.
switch(config-route-map)# show bgp neighbor { ipv4 | ipv6 } unicastip-address | ipv6-prefix [ vrfvrf-name ]
3.
switch(config-route-map)# copy running-config startup-config
320
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Additional Path Selection
DETAILED STEPS
Step 1
Step 2
Step 3
Command or Action switch(config-route-map)# [ no ] set path-selection all advertise switch(config-route-map)# show bgp neighbor { ipv4 | ipv6 } unicastip-address | ipv6-prefix [ vrfvrf-name ] switch(config-route-map)# copy running-config startup-config
Purpose
Specifies that all paths be advertised for a given prefix.
The no form of this command specifies that only the best path be advertised.
Displays whether the local peer has advertised the additional paths send or receive capability to the remote peer.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to specify that all paths be advertised for the specified prefix: switch(config)# route-map PATH_SELECTION_RMAP switch(config-route-map)# match ip address prefeix-list pl switch(config-route-map)# show bgp ip4 unicast switch(config-route-map)# copy running-config startup-config
Configuring Additional Path Selection
You can configure the capability of selecting additional paths for a prefix.
SUMMARY STEPS
1.
switch(config-router-af)# [ no ] additional-paths selection route-mapmap-name
2.
switch(config-router-af)# show bgp { ipv4 | ipv6 } unicastip-address | ipv6-prefix [ vrfvrf-name ]
3.
(Optional) switch(config-router-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Command or Action Purpose switch(config-router-af)# [ no ] additional-paths selection
route-mapmap-name
Specifies that all paths be advertised for a given prefix.
The no form of this command specifies that only the best path be advertised.
Step 2
Step 3 switch(config-router-af)# show bgp { ipv4 | ipv6 }
unicastip-address | ipv6-prefix [ vrfvrf-name ]
Displays whether the local peer has advertised the additional paths send or receive capability to the remote peer.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
321
Routing
Configuring eBGP
Example
This example shows how to specify that all paths be advertised for the specified prefix: switch(config)# router bgp 100 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# additional-paths selection route-map PATH_SELECTION_RMAP switch(config-router-af)# copy running-config startup-config
Configuring eBGP
Disabling eBGP Single-Hop Checking
You can configure eBGP to disable checking whether a single-hop eBGP peer is directly connected to the local router. Use this option for configuring a single-hop loopback eBGP session between directly connected switches.
To disable checking whether or not a single-hop eBGP peer is directly connected, use the following command in neighbor configuration mode:
SUMMARY STEPS
1.
switch(config-router-neighbor)# disable-connected-check
DETAILED STEPS
Step 1
Command or Action Purpose switch(config-router-neighbor)# disable-connected-check Disables checking whether or not a single-hop eBGP peer is directly connected. You must manually reset the BGP sessions after using this command.
Configuring eBGP Multihop
You can configure the eBGP time-to-live (TTL) value to support eBGP multihop. In some situations, an eBGP peer is not directly connected to another eBGP peer and requires multiple hops to reach the remote eBGP peer. You can configure the eBGP TTL value for a neighbor session to allow these multihop sessions.
To configure eBGP multihop, use the following command in neighbor configuration mode:
SUMMARY STEPS
1.
switch(config-router-neighbor)# ebgp-multihop ttl-value
DETAILED STEPS
Step 1
Command or Action Purpose switch(config-router-neighbor)# ebgp-multihop ttl-value Configures the eBGP TTL value for eBGP multihop. The range is from 2 to 255. You must manually reset the BGP sessions after using this command.
322
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Disabling a Fast External Fallover
Disabling a Fast External Fallover
By default, the Cisco Nexus 7000 Series device supports fast external fallover for neighbors in all VRFs and address-families (IPv4 or IPv6).
Typically, when a BGP router loses connectivity to a directly connected eBGP peer, BGP triggers a fast external fallover by resetting the eBGP session to the peer. You can disable this fast external fallover to limit the instability caused by link flaps.
To disable fast external fallover, use the following command in router configuration mode:
SUMMARY STEPS
1.
switch(config-router)# no fast-external-fallover
DETAILED STEPS
Step 1
Command or Action switch(config-router)# no fast-external-fallover
Purpose
Disables a fast external fallover for eBGP peers. This command is enabled by default.
Limiting the AS-path Attribute
You can configure eBGP to discard routes that have a high number of AS numbers in the AS-path attribute.
To discard routes that have a high number of AS numbers in the AS-path attribute, use the following command in router configuration mode:
SUMMARY STEPS
1.
switch(config-router)# maxas-limit number
DETAILED STEPS
Step 1
Command or Action switch(config-router)# maxas-limit number
Purpose
Discards eBGP routes that have a number of AS-path segments that exceed the specified limit. The range is from
1 to 2000.
Configuring Local AS Support
The local-AS feature allows a router to appear to be a member of a second autonomous system (AS), in addition to its real AS. Local AS allows two ISPs to merge without modifying peering arrangements. Routers in the merged ISP become members of the new autonomous system but continue to use their old AS numbers for their customers.
This feature can only be used for true eBGP peers. You cannot use this feature for two peers that are members of different confederation sub-autonomous systems.
To configure eBGP local AS support, use the following command in neighbor configuration mode:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
323
Routing
Configuring AS Confederations
SUMMARY STEPS
1.
switch(config-router-neighbor)# local-as number [ no-prepend [ replace-as [ dual-as ]]]
DETAILED STEPS
Step 1
Command or Action switch(config-router-neighbor)# local-as number
[ no-prepend [ replace-as [ dual-as ]]]
Purpose
Configures eBGP to prepend the local AS number to the
AS_PATH attribute. The AS number can be a 16-bit integer or a 32-bit integer in the form of a higher 16-bit decimal number and a lower 16-bit decimal number in xx.xx format.
Example
The local-AS feature under VRF configuration mode is supported for both IBGP and EBGP neighbor relationships.
This following example shows how to configure the feature for the IBGP neighbor 10.1.2.1: router bgp 65001 vrf BGP1 local-as 65002 address-family ipv4 unicast neighbor 10.1.2.1 remote-as 65002
The local-as command must be configured in the neighbor configuration mode for eBGP or a warning message is displayed stating that the local AS cannot be same as the remote AS. The following example shows how to configure the local-AS feature for eGBP: router bgp 65001 vrf BGP1 neighbor 20.1.2.1 remote-as 65003 local-as 65001
Configuring AS Confederations
To configure an AS confederation, you must specify a confederation identifier. To the outside world, the group of autonomous systems within the AS confederation look like a single autonomous system with the confederation identifier as the autonomous system number.
SUMMARY STEPS
1.
switch(config-router)# confederation identifier as-number
2.
switch(config-router)# bgp confederation peers as-number [ as-number2...
]
DETAILED STEPS
Step 1
Command or Action Purpose switch(config-router)# confederation identifier as-number In router configuration mode, this command configures a
BGP confederation identifier.
The command triggers an automatic notification and session reset for the BGP neighbor sessions.
324
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Route Reflector
Step 2
Command or Action Purpose switch(config-router)# bgp confederation peers as-number
[ as-number2...
]
In router configuration mode, this command configures the autonomous systems that belong to the AS confederation.
The command specifies a list of autonomous systems that belong to the confederation and it triggers an automatic notification and session reset for the BGP neighbor sessions.
Configuring Route Reflector
You can configure iBGP peers as route reflector clients to the local BGP speaker, which acts as the route reflector. Together, a route reflector and its clients form a cluster. A cluster of clients usually has a single route reflector. In such instances, the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid a single point of failure in the network, you can configure a cluster with more than one route reflector. You must configure all route reflectors in the cluster with the same 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
Step 3
1.
switch# configure terminal
2.
switch(config)# router bgp as-number
3.
switch(config-router)# cluster-id cluster-id
4.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
5.
switch(config-router-af)# client-to-client reflection
6.
switch(config-router-neighbor)# exit
7.
switch(config-router)# neighbor ip-address remote-as as-number
8.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
9.
switch(config-router-neighbor-af)# route-reflector-client
10.
(Optional) switch(config-router-neighbor-af)# show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } neighbors
11.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router bgp as-number switch(config-router)# cluster-id cluster-id
Purpose
Enters global configuration mode.
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Configures the local router as one of the route reflectors that serve the cluster. You specify a cluster ID to identify
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
325
Routing
Configuring Next-Hops on Reflected Routes Using an Outbound Route-Map
Step 6
Step 7
Step 8
Step 9
Step 4
Step 5
Step 10
Step 11
Command or Action switch(config-router)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } switch(config-router-af)# client-to-client reflection
Purpose the cluster. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Enters router address family configuration mode for the specified address family.
switch(config-router-neighbor)# exit switch(config-router)# neighbor ip-address remote-as as-number
(Optional) Configures client-to-client route reflection. This feature is enabled by default. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Exits router address configuration mode.
Configures the IP address and AS number for a remote
BGP peer.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
Enters neighbor address family configuration mode for the unicast IPv4 address family.
switch(config-router-neighbor-af)# route-reflector-client Configures the device as a BGP route reflector and configures the neighbor as its client. This command triggers an automatic notification and session reset for the
BGP neighbor sessions.
(Optional) switch(config-router-neighbor-af)# show bgp
{ ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } neighbors
Displays the BGP peers.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
Saves this configuration change.
Example
This example shows how to configure the router as a route reflector and add one neighbor as a client: switch(config)# router bgp 65535 switch(config-router)# neighbor 192.0.2.10 remote-as 65535 switch(config-router-neighbor)# address-family ip unicast switch(config-router-neighbor-af)# route-reflector-client switch(config-router-neighbor-af)# copy running-config startup-config
Configuring Next-Hops on Reflected Routes Using an Outbound Route-Map
You can change the next-hop on reflected routes on a BGP route reflector using an outbound route-map. You can configure the outbound route-map to specify the peer’s local address as the next-hop address.
Note The next-hop-self command does not enable this functionality for routes being reflected to clients by a route reflector. This functionality can only be enabled using an outbound route-map.
326
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Next-Hops on Reflected Routes Using an Outbound Route-Map
Before you begin
You must enable BGP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
You must enter the set next-hop command to configure an address family specific next-hop address. For example, for the IPv6 address family, you must enter the set ipv6 next-hop peer-address command.
• When setting IPv4 next-hops using route-maps—If set ip next-hop peer-address matches the route-map, the next-hop is set to the peer’s local address. If no next-hop is set in the route-map, the next-hop is set to the one stored in the path.
• When setting IPv6 next-hops using route-maps—If set ipv6 next-hop peer-address matches the route-map, the next-hop is set as follows:
• For IPv6 peers, the next-hop is set to the peer’s local IPv6 address.
• For IPv4 peers, if update-source is configured, the next-hop is set to the source interface’s IPv6 address, if any. If no IPv6 address is configured, no next-hop is set
• For IPv4 peers, if update-source is not configured, the next-hop is set to the outgoing interface’s
IPv6 address, if any. If no IPv6 address is configured, no next-hop is set.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp as-number
3.
switch(config-router)# neighbor ip-address remote-as as-number
4.
switch(config-router-neighbor)# update-source interface number
5.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
6.
switch(config-router-neighbor-af)# route-reflector-client
7.
switch(config-router-neighbor-af)# route-map map-name out
8.
(Optional) switch(config-router-neighbor-af)# show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] route-map map-name [ vrf vrf-name ]
9.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Step 5
Purpose
Enters global configuration mode.
switch(config)# router bgp as-number switch(config-router)# neighbor ip-address remote-as as-number
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Configures the IP address and AS number for a remote BGP peer.
switch(config-router-neighbor)# update-source interface number
(Optional) Specifies and updates the source of the BGP session.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
Enters router address family configuration mode for the specified address family.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
327
Routing
Configuring Route Dampening
Step 6
Step 7
Step 8
Step 9
Command or Action Purpose switch(config-router-neighbor-af)# route-reflector-client Configures the device as a BGP route reflector and configures the neighbor as its client. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
switch(config-router-neighbor-af)# route-map map-name out
Applies the configured BGP policy to outgoing routes.
Displays the BGP routes that match the route map.
(Optional) switch(config-router-neighbor-af)# show bgp
{ ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] route-map map-name [ vrf vrf-name ]
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
Saves this configuration change.
Example
This example shows how to configure the next-hop on reflected routes on a BGP route reflector using an outbound route-map: switch(config)# interface loopback 300 switch(config-if)# ip address 192.0.2.11/32 switch(config-if)# ipv6 address 2001::a0c:1a65/64 switch(config-if)# ip router ospf 1 area 0.0.0.0
switch(config-if)# exit switch(config)# route-map setrrnh permit 10 switch(config-route-map)# set ip next-hop peer-address switch(config-route-map)# exit switch(config)# route-map setrrnhv6 permit 10 switch(config-route-map)# set ipv6 next-hop peer-address switch(config-route-map)# exit switch(config)# router bgp 200 switch(config-router)# neighbor 192.0.2.12 remote-as 200 switch(config-router-neighbor)# update-source loopback 300 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# route-reflector-client switch(config-router-neighbor-af)# route-map setrrnh out switch(config-router-neighbor-af)# exit switch(config-router-neighbor)# address-family ipv6 unicast switch(config-router-neighbor-af)# route-reflector-client switch(config-router-neighbor-af)# route-map setrrnhv6 out
Configuring Route Dampening
You can configure route dampening to minimize route flaps propagating through your iBGP network.
To configure route dampening, use the following command in address-family or VRF address family configuration mode.
328
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Load Sharing and ECMP
SUMMARY STEPS
1.
switch (config-router-af)# dampening [ half-life reuse-limit suppress-limit max-suppress-time | route-map map-name }]
DETAILED STEPS
Step 1
Command or Action Purpose switch (config-router-af)# dampening [ half-life reuse-limit suppress-limit max-suppress-time | route-map map-name }]
Disables capabilities negotiation. The parameter values are as follows:
• half-life—The range is from 1 to 45
• reuse-limit—The range is from 1 to 20000.
• suppress-limit—The range is from 1 to 20000.
• max-suppress-time—The range is from 1 to 255
Configuring Load Sharing and ECMP
You can configure the maximum number of paths that BGP adds to the route table for equal-cost multipath load balancing.
To configure the maximum number of paths, use the following command in router address-family configuration mode:
Command switch(config-router-af)# maximum-paths [ ibgp ] maxpaths
Purpose
Configures the maximum number of equal-cost paths for load sharing.
The range is from 1 to 16. The default is 1. Starting from Cisco NX-OS
Release 8.4(1), the range is from 1 to 64 on M3- and F3-Series I/O modules. Starting from Cisco NX-OS Release 8.4(2), the range is from
1 to 64 on F4-Series I/O modules.
Configuring Maximum Prefixes
You can configure the maximum number of prefixes that BGP can receive from a BGP peer. If the number of prefixes exceeds this value, you can optionally configure BGP to generate a warning message or tear down the BGP session to the peer.
To configure the maximum allowed prefixes for a BGP peer, use the following command in neighbor address-family configuration mode:
SUMMARY STEPS
1.
switch(config-router-neighbor-af)# maximum-prefix maximum [ threshold ] [ restarttime | warning-only ]
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
329
Routing
Configuring Dynamic Capability
DETAILED STEPS
Step 1
Command or Action switch(config-router-neighbor-af)# maximum-prefix maximum [ threshold ] [ restarttime | warning-only ]
Purpose
Configure the maximum number of prefixes from a peer.
The parameter ranges are as follows:
• maximum —The range is from 1 to 300000.
• threshold —The range is from 1 to 100 percent. The default is 75 percent.
• time —The range is from 1 to 65535 minutes.
This command triggers an automatic notification and session reset for the BGP neighbor sessions if the prefix limit is exceeded.
Configuring Dynamic Capability
You can configure dynamic capability for a BGP peer.
To configure dynamic capability, use the following command in neighbor configuration mode:
Command switch(config-router-neighbor)# dynamic-capability
Purpose
Enables dynamic capability. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
Configuring Aggregate Addresses
You can configure aggregate address entries in the BGP route table.
To configure an aggregate address, use the following command in router address-family configuration mode:
Command Purpose aggregate-address ip-prefix/length [ as-set ]
[ summary-only ] [ advertise-map map-name ] [ attribute-map map-name ] [ suppress-map map-name ]
Creates an aggregate address. The path advertised for this route is an autonomous system set that consists of all elements contained in all paths that are being summarized:
• The as-set keyword generates autonomous system set path information and community information from contributing paths.
• The summary-only keyword filters all more specific routes from updates.
• The advertise-map map-name keyword and argument specify the route map used to select attribute information from selected routes.
• The attribute-map map-name keyword and argument specify the route map used to select attribute information from the aggregate.
• The suppress-map map-name keyword and argument conditionally filter more specific routes.
330
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Unsuppressing the Advertisement of Aggregated Routes
Unsuppressing the Advertisement of Aggregated Routes
You can configure BGP to advertise routes that are suppressed by the aggregate-address command.
To unsuppress the advertising of aggregated routes, use the following command in router neighbor address-family configuration mode:
SUMMARY STEPS
1.
switch(config-route-neighbor-af)# unsuppress-map map-name
DETAILED STEPS
Step 1
Command or Action switch(config-route-neighbor-af)# unsuppress-map map-name
Purpose
Advertises selective routes that are suppressed by the aggregate-address command.
Configuring BGP Conditional Route Injection
You can configure BGP conditional route injection to inject specific routes based on the administrative policy or traffic engineering information and control the packets being forwarded to these specific routes, which are injected into the BGP routing table only if the configured conditions are met. This feature allows you to improve the accuracy of common route aggregation by conditionally injecting or replacing less specific prefixes with more specific prefixes. Only prefixes that are equal to or more specific than the original prefix can be injected.
Note The injected prefixes inherit the attributes of the aggregated route.
Before you begin
• You must enable BGP
• Ensure that you are in the correct VDC (or use the switchto vdc command.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp as-number
3.
switch(config-router)# address-family { ipv4 | ipv6 } unicast
4.
switch(config-router-af)# inject-map inject-map-name exist-map exist-map-name [ copy-attributes ]
5.
switch(config-router-af)# exit
6.
switch(config-router)# exit
7.
switch(config)# ip prefix-list list-name seq sequence-number permitnetwork-length
8.
switch(config)# route-map map-name permit sequence-number
9.
switch(config-route-map)# match ip address prefix-list prefix-list-name
10.
switch(config-route-map)# match ip route-source prefix-list prefix-list-name
11.
switch(config-route-map)# exit
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
331
Routing
Configuring BGP Conditional Route Injection
12.
switch(config)# ip prefix-list list-name seq sequence-number permit network-length
13.
switch(config)# route-map map-name permit sequence-number
14.
switch(config-route-map)# set ip address prefix-list
15.
(Optional) switch(config-route-map)# show bgp { ipv4 | ipv6 } unicast injected-routes
16.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Step 11
Step 12
Step 13
Step 14
Command or Action switch# configure terminal switch(config)# router bgp as-number switch(config-router-af)# exit switch(config-router)# exit switch(config)# ip prefix-list list-name seq
sequence-number permitnetwork-length switch(config)# route-map map-name permit sequence-number
Purpose
Enters global configuration mode.
Enters BGP configuration mode and assigns the autonomous system number to the local BGP speaker.
Enters address family configuration mode.
switch(config-router)# address-family { ipv4 | ipv6 } unicast switch(config-router-af)# inject-map inject-map-name
exist-map exist-map-name [ copy-attributes ]
Specifies the inject-map and exist-map routes for conditional route injection. These maps install one or more prefixes intoa BGP routing table. The exist-map route map specifies the prefixes that BGP tracks, and the inject-map route map defines the prefixes that are created and installed into the local BGP table.
Use the copy-attributes keyword to specify that the injected route inherits the attributes of the aggregate route.
Exits address family configuration mode.
Exits BGP configuration mode.
Configures a prefix list. Repeat this step for every prefix list to be created.
Configures a route-map and enters route-map configuration mode.
switch(config-route-map)# match ip address prefix-list prefix-list-name
Specifies the aggregate route to which a more specific route will be injected.
Specifies the match conditions for the source fo the route.
switch(config-route-map)# match ip route-source
prefix-list prefix-list-name switch(config-route-map)# exit Exits route-map configuration mode.
Configures a prefix list. Repeat this step for every prefix list to be created.
switch(config)# ip prefix-list list-name seq
sequence-number permit network-length switch(config)# route-map map-name permit sequence-number switch(config-route-map)# set ip address prefix-list
Configures a route map and enters route-map configuration mode.
Specifies the routes to be injected.
332
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring BGP Conditional Advertisement
Step 15
Step 16
Command or Action
(Optional) switch(config-route-map)# show bgp { ipv4 | ipv6 } unicast injected-routes
(Optional) switch(config)# copy running-config startup-config
Purpose
Displays injected routes in the routing table.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Configuring BGP Conditional Advertisement
You can configure BGP conditional advertisement to limit the routes that BGP propagates. You define the following two route maps:
• Advertise map—Specifies the conditions that the route must match before BGP considers the conditional advertisement. This route map can contain any appropriate match statements.
• Exist map or nonexist map—Defines the prefix that must exist in the BGP table before BGP propagates a route that matches the advertise map. The nonexist map defines the prefix that must not exist in the
BGP table before BGP propagates a route that matches the advertise map. BGP processes only the permit statements in the prefix list match statements in these route maps.
If the route does not pass the condition, BGP withdraws the route if it exists in the BGP table.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router bgp as-number
Step 3
1.
switch# configure terminal
2.
switch(config)# router bgp as-number
3.
switch(config-router)# neighbor ip-address remote-as as-number
4.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
5.
switch(config-router-neighbor-af)# advertise-map adv-map { exist-map exist-rmap | non-exist-map nonexist-rmap }
6.
(Optional) switch(config-router-neighbor-af)# show ip bgp neighbor
7.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config switch(config-router)# as-number
neighbor ip-address remote-as
Purpose
Enters configuration mode.
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
333
Routing
Configuring BGP Conditional Advertisement
Step 4
Step 5
Step 6
Step 7
Command or Action switch(config-router-neighbor)# address-family
{ ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
Purpose
Enters address family configuration mode.
switch(config-router-neighbor-af)# advertise-map adv-map
{ exist-map exist-rmap | non-exist-map nonexist-rmap }
Configures BGP to conditionally advertise routes based on the two configured route maps:
• adv-map —Specifies a route map with match statements that the route must pass before BGP passes the route to the next route map. The adv-map is a case-sensitive, alphanumeric string up to 63 characters.
• exist-rmap —Specifies a route map with match statements for a prefix list. A prefix in the BGP table must match a prefix in the prefix list before BGP advertises the route. The exist-rmap is a case-sensitive, alphanumeric string up to 63 characters.
• nonexist-rmap —Specifies a route map with match statements for a prefix list. A prefix in the BGP table must not match a prefix in the prefix list before BGP advertises the route. The nonexist-rmap is a case-sensitive, alphanumeric string up to 63 characters.
(Optional) switch(config-router-neighbor-af)# show ip bgp neighbor
Displays information about BGP and the configured conditional advertisement route maps.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
Saves this configuration change.
Example
This example shows how to configure BGP conditional advertisement: switch# configure terminal switch(config)# router bgp 65535 switch(config-router)# neighbor 192.0.2.2 remote-as 65537 switch(config-router-neighbor)# address-family ipv4 unicast switch(config-router-neighbor-af)# advertise-map advertise exist-map exist switch(config-router-neighbor-af)# exit switch(config-router-neighbor)# exit switch(config-router)# exit switch(config)# route-map advertise switch(config-route-map)# match as-path pathList switch(config-route-map)# exit switch(config)# route-map exit switch(config-route-map)# match ip address prefix-list plist switch(config-route-map)# exit switch(config)# ip prefix-list plist permit 209.165.201.0/27
334
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Route Redistribution
Configuring Route Redistribution
You can configure BGP to accept routing information from another routing protocol and redistribute that information through the BGP network. Optionally, you can assign a default metric for redistributed routes.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp as-number
3.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
4.
switch(config-router-af)# redistribute { direct | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | static }
route-map map-name
5.
(Optional) switch(config-router-af)# default-metric value
6.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router bgp as-number
Step 3
Step 4
Step 5
Step 6
Purpose
Enters global configuration mode.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4
| vpnv6 } { unicast | multicast }
Enters address family configuration mode.
switch(config-router-af)# redistribute { direct | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
Redistributes routes from other protocols into BGP.
(Optional) switch(config-router-af)# default-metric value Generates a default metric into BGP.
Saves this configuration change.
Example
This example shows how to redistribute EIGRP into BGP: switch# configure terminal switch(config)# router bgp 65535 switch(config-router)# address-family ipv4 unicast switch(config-router-af)# redistribute eigrp 201 route-map Eigrpmap switch(config-router-af)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
335
Routing
Advertising the Default Route
Advertising the Default Route
You can configure BGP to advertise the default route (network 0.0.0.0).
Before you begin
You must enable BGP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# route-map allow permit
3.
switch(config-route-map)# exit
4.
switch(config)# ip route ip-address network-mask null null-interface-number
5.
switch(config)# router bgp as-number
6.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } unicast
7.
switch(config-router-af)# default-information originate
8.
switch(config-router-af)# redistribute static route-map allow
9.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Command or Action switch# configure terminal switch(config)# route-map allow permit
Purpose
Enters global configuration mode.
Enters router map configuration mode and defines the conditions for redistributing routes switch(config-route-map)# exit switch(config)# ip route ip-address network-mask null null-interface-number switch(config)# router bgp as-number
Exits router map configuration mode.
Configures the IP address.
Enters BGP mode and assigns the AS number to the local
BGP speaker.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4
| vpnv6 } unicast
Enters address family configuration mode.
switch(config-router-af)# default-information originate Advertises the default route.
switch(config-router-af)# redistribute static route-map allow
(Optional) switch(config)# copy running-config startup-config
Redistributes the default route.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
336
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Route Import from Default VRF to any other VRF
Configuring Route Import from Default VRF to any other VRF
Perform the following steps to import routes from default VRF to any other non-default VRF.
Before you begin
• Enable BGP.
• Ensure that you are in the correct VDC.
Step 1
Step 2
Step 3
Step 4
Step 5
Enter the global configuration mode: switch# configure terminal
Enable BGP: switch(config)# feature bgp
Create a new VRF and enter VRF configuration mode: switch(config)# vrf context vrf-name
Enter the IPv4 / IPv6 unicast address family configuration mode: switch(config-vrf)# address-family { ipv4 | ipv6 } unicast
Configure an import policy for a VRF to import prefixes from the default VRF: switch(config-vrf-af)# import vrf default [ prefix-limit ] map route-map prefix-limit limits the number of routes that can be imported. Default value is 1000.
route-map specifies the route-map to be imported and can be case-sensitive, alphanumeric string up to 63 characters.
Configuring Route Export from BGP VRF to Default VRF
Perform the following steps to export routes from non-default VRF to Default VRF.
Before you begin
• Enable BGP.
• Ensure that you are in the correct VDC.
Step 1
Step 2
Step 3
Enter the global configuration mode: switch# configure terminal
Enable BGP: switch(config)# feature bgp
Create a new VRF and enter VRF configuration mode:
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
337
Routing
Configuring Route Export from BGP VRF to Default VRF
Step 4
Step 5 switch(config)# vrf context vrf-name
Enter the IPv4 / IPv6 unicast address family configuration mode: switch(config-vrf)# address-family { ipv4 | ipv6 } unicast
Export IPv4 or IPv6 prefixes from non-default VRF to default VRF, filtered by route-map.
: switch(config-vrf-af)# export vrf default [ prefix-limit ] map route-map prefix-limit limits the number of routes that can be exported, in order to avoid the global table being overloaded. Default value is 1000.
route-map can be case-sensitive, alphanumeric string up to 63 characters. It specifies the route-map.
If the route map does not exist, the command will be accepted but processed at a later time when the route map is created.
Example
The following example shows how to export the route map, BgpMap, to default VRF, and verify the configuration.
switch# configure terminal switch(config)# feature bgp switch(config)# vrf context vpn1 switch(config-vrf)# address-family ipv4 unicast switch(config-vrf-af)# export vrf default 3 map BgpMap switch(config-vrf-af)# exit switch(config)# show bgp process vrf vpn1
Information regarding configured VRFs:
BGP Information for VRF vpn1
VRF Id
VRF state
Router-ID
Configured Router-ID
Confed-ID
Cluster-ID
No. of configured peers
No. of pending config peers
No. of established peers
VRF RD
: 3
: UP
: 20.0.0.1
: 0.0.0.0
: 0
: 0.0.0.0
: 2
: 0
: 2
: 100:1
Information for address family IPv4 Unicast in VRF vpn1
Table Id
Table state
: 3
: UP
Peers
1
Active-peers
1
Routes
6
Paths
6
Networks Aggregates
0 0
Redistribution static, route-map allow
Export RT list:
100:1
1000:1
Import RT list:
100:1
Label mode: per-prefix
Aggregate label: 492287
338
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Multiprotocol BGP
Import default limit : 1000
Import default prefix count : 2
Import default map
Export default limit
: allow
: 1000
Export default prefix count : 3
Export default map : allow
Configuring Multiprotocol BGP
You can configure MP-BGP to support multiple address families, including IPv4 and IPv6 unicast and multicast routes.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
Step 5 as-number
1.
switch# configure terminal
2.
switch(config)# router bgp as-number
3.
switch(config-router)# neighbor ip-address remote-as as-number
4.
switch(config-router-neighbor)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
5.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# router bgp as-number
Step 3
Step 4 switch(config-router)# neighbor ip-address remote-as switch(config-router-neighbor)# address-family
{ ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
Purpose
Enters configuration mode.
Enters BGP mode and assigns the autonomous system number to the local BGP speaker.
Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address.
Enters address family configuration mode.
Saves this configuration change.
Example
This example shows how to enable advertising and receiving IPv4 and IPv6 routes for multicast RPF for a neighbor: switch# configure terminal switch(config)# interface ethernet 2/1 switch(config-if)# ipv6 address 2001:0DB8::1 switch(config-if)# router bgp 65535
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
339
Routing
Configuring Policy-Based Administrative Distance switch(config-router)# neighbor 192.168.1.2 remote-as 35537 switch(config-router-neighbor)# address-family ipv4 multicast switch(config-router-neighbor-af)# exit switch(config-router-neighbor)# address-family ipv6 multicast switch(config-router-neighbor-af)# copy running-config startup-config
Configuring Policy-Based Administrative Distance
You can configure a distance for external BGP (eBGP) and internal BGP (iBGP) routes that match a policy described in the configured route map. The distance configured in the route map is downloaded to the unicast
RIB along with the matching routes. BGP uses the best path to determine the administrative distance when downloading next hops in the unicast RIB table. If there is no match or a deny clause in the policy, BGP uses the distance configured in the distance command or the default distance for routes.
The policy-based administrative distance feature is useful when there are two or more different routes to the same destination from two different routing protocols.
Before you begin
You must enable BGP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# ip prefix-list name seq number permit prefix-length
3.
switch(config)# route-map map-tag permit sequence-number
4.
switch(config-route-map)# match ip address prefix-list prefix-list-name
5.
switch(config-route-map)# set distance <value1> <value2> <value3>
6.
switch(config-route-map)# exit
7.
switch(config)# router bgp as-number
8.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } unicast
9.
switch(config-router-af)# table-map map-name
10.
(Optional) switch(config-router-af)# show forwarding distribution
11.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# prefix-length
ip prefix-list name seq number permit
Purpose
Enters global configuration mode.
Creates a prefix list to match IP packets or routes with the permit keyword.
Step 3 switch(config)# route-map map-tag permit sequence-number
Creates a route map and enters route-map configuration mode with the permit keyword. If the match criteria for the route is met in the policy, the packet is policy routed.
340
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Tuning BGP
Step 6
Step 7
Step 8
Step 9
Step 4
Step 5
Step 10
Step 11
Command or Action Purpose switch(config-route-map)# match ip address prefix-list prefix-list-name
Matches IPv4 network routes based on a prefix list. The prefix-list name can be any alphanumeric string up to 63 characters.
switch(config-route-map)# set distance <value1>
<value2> <value3>
Specifies the administrative distance for interior BGP
(iBGP) or exterior BGP (eBGP) routes and BGP routes originated in the local autonomous system. The range is from 1 to 255.
After you enter the value for the external administrative distance, you must enter the value for the administrative distance for the internal routes or/and the value for the administrative distance for the local routes depending on your requirement; so that the internal/local routes are also considered in the route administration.
switch(config-route-map)# exit switch(config)# router bgp as-number
Exits route-map configuration mode.
Enters BGP mode and assigns the AS number to the local
BGP speaker.
switch(config-router)# address-family { ipv4 | ipv6 | vpnv4 | vpnv6 } unicast switch(config-router-af)# table-map map-name
Enters address family configuration mode.
Configures the selective administrative distance for a route map for BGP routes before forwarding them to the RIB table. The table-map name can be any alphanumeric string up to 63 characters.
Note You can also configure the table-map command under the VRF address-family configuration mode.
Displays forwarding information distribution.
(Optional) switch(config-router-af)# show forwarding distribution
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Tuning BGP
You can tune BGP characteristics through a series of optional parameters.
SUMMARY STEPS
1.
switch(config-router)# bestpath [ always-compare-med | as-path multipath-relax | compare-routerid
| cost-community ignore | med { confed | missing-as-worst | non-deterministic }]
2.
switch(config-router)# enforce-first-as
3.
switch(config-router)# log-neighbor-changes
4.
switch(config-router)# router-id id
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
341
Routing
Tuning BGP
5.
switch(config-router)# timers [ bestpath-delay delay | bgp keepalive holdtime | prefix-peer-timeout timeout ]
6.
switch(config-router-af)# distance ebgp-distance ibgp-distance local-distance
7.
switch(config-router-neighbor)# description string
8.
switch(config-router-neighbor)# low-memory exempt
9.
switch(config-router-neighbor)# transport connection-mode passive
10.
remove-private-as
11.
switch(config-router-neighbor)# update-source interface-type number
12.
switch(config-router-neighbor)# suppress-inactive
13.
switch(config-router-neighbor)# default-originate [ route-map map-name ]
14.
switch(config-router-neighbor)# filter-list list-name { in | out }
15.
switch(config-router-neighbor)# prefix-list list-name { in | out }
16.
switch(config-router-neighbor)# send-community
17.
switch(config-router-neighbor)# send-community extended
DETAILED STEPS
Step 1
Command or Action
Required: switch(config-router)# bestpath
[ always-compare-med | as-path multipath-relax | compare-routerid | cost-community ignore | med
{ confed | missing-as-worst | non-deterministic }]
Purpose
Modifies the best-path algorithm. The optional parameters are as follows:
• always-compare-med —Compares MED on paths from different autonomous systems.
• as-path multipath-relax —Allows load sharing across the providers with different (but equal-length)
AS paths. Without this option, the AS paths must be identical for load sharing.
• compare-routerid —Compares the router IDs for identical eBGP paths.
• cost-community ignore —Ignores the cost community for BGP best-path calculations. For more information on the BGP cost community, see the
“Configuring MPLS Layer 3 VPN Load Balancing” chapter of the Cisco Nexus 7000 Series NX-OS
MPLS Configuration Guide.
• med confed —Forces bestpath to do a MED comparison only between paths originated within a confederation.
• med missing-as-worst —Treats a missing MED as the highest MED.
• med non-deterministic —Does not always pick the best MED path from among the paths from the same autonomous system.
342
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Tuning BGP
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Step 10
Command or Action switch(config-router)# enforce-first-as
Purpose
Enforces the neighbor autonomous system to be the first
AS number listed in the AS_path attribute for eBGP.
switch(config-router)# log-neighbor-changes Generates a system message when a neighbor changes state.
Manually configures the router ID for this BGP speaker.
switch(config-router)# router-id id switch(config-router)# timers [ bestpath-delay delay | bgp keepalive holdtime | prefix-peer-timeout timeout ]
Sets the BGP timer values. The optional parameters are as follows:
• delay —Initial best-path timeout value after a restart.
The range is from 0 to 3600 seconds. The default value is 300.
• keepalive —BGP session keepalive time. The range is from 0 to 3600 seconds. The default value is 60.
• holdtime —BGP session hold time.The range is from
0 to 3600 seconds. The default value is 180.
• timeout —Prefix peer timeout value. The range is from 0 to 1200 seconds. The default value is 30.
switch(config-router-af)# distance ebgp-distance ibgp-distance local-distance
Sets the administrative distance for BGP. The range is from 1 to 255. The defaults are as follows:
• ebgp-distance —20.
• ibgp-distance —200.
• local-distance —220. Local-distance is the administrative distance used for aggregate discard routes when they are installed in the RIB.
switch(config-router-neighbor)# switch(config-router-neighbor)# low-memory exempt switch(config-router-neighbor)# connection-mode passive remove-private-as
description string transport
Sets a descriptive string for this BGP peer. The string can be up to 80 alphanumeric characters.
Exempts this BGP neighbor from a possible shutdown due to a low memory condition.
Allows a passive connection setup only. This BGP speaker does not initiate a TCP connection to a BGP peer. You must manually reset the BGP sessions after configuring this command.
Removes private AS numbers from outbound route updates to an eBGP peer. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Note See the “Guidelines and Limitations for
Advanced BGP” section for more information on this command.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
343
Routing
Configuring a Graceful Restart
Step 11
Step 12
Step 13
Step 14
Step 15
Step 16
Step 17
[
Command or Action switch(config-router-neighbor)# update-source interface-type number switch(config-router-neighbor)# switch(config-router-neighbor)#
{
route-map map-name in | out }
] switch(config-router-neighbor)# suppress-inactive default-originate
filter-list list-name switch(config-router-neighbor)# prefix-list list-name
{ in | out } switch(config-router-neighbor)# switch(config-router-neighbor)# extended send-community send-community
Purpose
Configures the BGP speaker to use the source IP address of the configured interface for BGP sessions to the peer.
This command triggers an automatic notification and session reset for the BGP neighbor sessions. Single-hop iBGP peers support fast external failover when update-source is configured.
Advertises the best (active) routes only to the BGP peer.
This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Generates a default route to the BGP peer.
Applies an AS path filter list to this BGP peer for inbound or outbound route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Applies a prefix list to this BGP peer for inbound or outbound route updates. This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Sends the community attribute to this BGP peer. This command triggers an automatic soft clear or refresh of
BGP neighbor sessions.
Sends the extended community attribute to this BGP peer.
This command triggers an automatic soft clear or refresh of BGP neighbor sessions.
Configuring a Graceful Restart
You can configure a graceful restart and enable the graceful restart helper feature for BGP.
Before you begin
You must enable BGP.
Create the VDCs and VRFs.
Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router bgp as-number
3.
switch(config-router)# graceful-restart
4.
switch(config-router)# graceful-restart { restart-time time | stalepath-time time }
5.
switch(config-router)# graceful-restart-helper
6.
(Optional) switch(config-router)# show running-config bgp
344
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Graceful Restart
7.
(Optional) switch(config-router)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action switch# configure terminal switch(config)# router bgp as-number switch(config-router)# switch(config-router)# time | graceful-restart graceful-restart
stalepath-time time }
{ restart-time
Purpose
Enters configuration mode.
Creates a new BGP process with the configured autonomous system number.
Enables a graceful restart and the graceful restart helper functionality. This command is enabled by default.
This command triggers an automatic notification and session reset for the BGP neighbor sessions.
Configures the graceful restart timers.
The optional parameters are as follows:
• restart-time —Maximum time for a restart sent to the
BGP peer. The range is from 1 to 3600 seconds. The default is 120.
• stalepath-time —Maximum time that BGP keeps the stale routes from the restarting BGP peer. The range is from 1 to 3600 seconds. The default is 300.
switch(config-router)# graceful-restart-helper
This command triggers an automatic notification and session reset for the BGP neighbor sessions.
Enables the graceful restart helper functionality. Use this command if you have disabled graceful restart but you still want to enable graceful restart helper functionality. This command triggers an automatic notification and session reset for the BGP neighbor sessions.
Displays the BGP configuration.
(Optional) switch(config-router)# show running-config bgp
(Optional) switch(config-router)# copy running-config startup-config
Saves this configuration change.
Example
This example shows how to enable a graceful restart: switch# configure terminal switch(config)# router bgp 65535 switch(config-router)# graceful-restart switch(config-router)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
345
Routing
Configuring Virtualization
Configuring Virtualization
You can configure one BGP process in each VDC. You can create multiple VRFs within each VDC and use the same BGP process in each VRF.
Before you begin
• You must enable BGP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# vrf context vrf-name
3.
switch(config-vrf)# exit
4.
switch(config)# router bgp as-number
5.
switch(config-router)# vrf vrf-name
6.
switch(config-router-vrf)# neighbor ip-address remote-as as-number
7.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4 switch(config)# vrf context vrf-name switch(config-vrf)# exit switch(config)# router bgp as-number
Step 5
Step 6
Step 7
Purpose
Enters configuration mode.
Creates a new VRF and enters VRF configuration mode.
Exits VRF configuration mode.
switch(config-router)# vrf vrf-name
Creates a new BGP process with the configured autonomous system number.
Enters the router VRF configuration mode and associates this BGP instance with a VRF.
switch(config-router-vrf)# neighbor ip-address remote-as as-number
Configures the IP address and AS number for a remote BGP peer.
(Optional) switch(config-router-neighbor-af)# copy running-config startup-config
Saves this configuration change.
Example
This example shows how to create a VRF and configure the router ID in the VRF: switch# configure terminal switch(config)# vrf context NewVRF switch(config-vrf)# exit switch(config)# router bgp 65535 switch(config-router)# vrf NewVRF
346
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Verifying the Advanced BGP Configuration switch(config-router-vrf)# neighbor 209.165.201.1 remote-as 65535 switch(config-router-vrf-neighbor)# copy running-config startup-config
Verifying the Advanced BGP Configuration
To display the BGP configuration, perform one of the following tasks:
Command show bgp all [ summary ] [ vrf vrf-name ]
show bgp convergence vrf vrf-name
Purpose
Displays the BGP information for all address families.
Displays the BGP information for all address families.
[ show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] community { regexp expression | [ community ]
[ no-advertise ] [ no-export ] [ no-export-subconfed ]} [ vrf vrf-name]
Displays the BGP routes that match a BGP community.
show bgp [ vrf vrf-name ] { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast } [ ip-address | ipv6-prefix ] community-list list-name [ vrf vrf-name ]
Displays the BGP routes that match a BGP community list.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] extcommunity { regexp expression | generic
[ non-transitive | transitive ] aa4:nn [ exact-match ]} [ vrf vrf-name ]
Displays the BGP routes that match a BGP extended community.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] extcommunity-list list-name [ exact-match ]}
[ vrf vrf-name]
Displays the BGP routes that match a BGP extended community list.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] { dampening dampened-paths [ regexp expression ]} [ vrf vrf-name] show bgp ip-address vrf-name ]
{
| ipv4 | ipv6 ipv6-prefix
|
] vpnv4 | vpnv6 history-paths
} {
[ unicast | multicast
regexp expression ] [
} vrf
Displays the information for BGP route dampening. Use the clear bgp dampening command to clear the route flap dampening information.
Displays the BGP route history paths.
[ show bgp ip-address
{
| ipv4 | ipv6 ipv6-prefix
|
] vpnv4 | vpnv6 } { unicast
filter-list list-name [
| multicast
vrf vrf-name ]
} show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] neighbors [ ip-address | ipv6-prefix ] [ vrf vrf-name ]
Displays the information for the
BGP filter list.
Displays the information for BGP peers. Use the clear bgp neighbors command to clear these neighbors.
show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] { nexthop | nexthop-database } [ vrf vrf-name ] show bgp {ipv4 | ipv6 | vpnv4 | vpnv6} {unicast | multicast}
[ip-address | ipv6-prefix] {nexthop
| nexthop-database} [vrf vrf-name]
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
347
Routing
Verifying the Advanced BGP Configuration show bgp paths show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] policy name [ vrf vrf-name ] show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] prefix-list list-name [ vrf vrf-name ] show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] received-paths [ vrf vrf-name ] show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] regexp expression [ vrf vrf-name ] show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast | multicast }
[ ip-address | ipv6-prefix ] route-map map-name [ vrf vrf-name ]
show bgp peer-policy name [ vrf vrf-name ]
show bgp peer-session name [ vrf vrf-name ]
show bgp peer-template name [ vrf vrf-name ] show bgp process show show
{
{ ipv4 ipv4
|
| ipv6 ipv6
|
| vpnv4 vpnv4
|
| vpnv6 vpnv6 show running-configuration bgp
}
}
bgp options
mbgp options
Displays the BGP path information.
Displays the BGP policy information. Use the clear bgp policy command to clear the policy information.
Displays the BGP routes that match the prefix list.
Displays the BGP paths stored for soft reconfiguration.
Displays the BGP routes that match the AS_path regular expression.
Displays the BGP routes that match the route map.
Displays the information about
BGP peer policies.
Displays the information about
BGP peer sessions.
Displays the information about
BGP peer templates. Use the clear bgp peer-template command to clear all neighbors in a peer template.
Displays the BGP process information.
Displays the BGP status and configuration information. This command has multiple options. See the Cisco Nexus 7000 Series
NX-OS Unicast Routing Command
Reference , for more information.
Displays the BGP status and configuration information. This command has multiple options. See the Cisco Nexus 7000 Series
NX-OS Unicast Routing Command
Reference , for more information.
Displays the current running BGP configuration.
348
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Displaying Advanced BGP Statistics
Displaying Advanced BGP Statistics
To display advanced BGP statistics, use the following commands:
Command Purpose show bgp { ipv4 | ipv6 | vpnv4 | vpnv6 } { unicast
| multicast } [ ip-address | ipv6-prefix ] flap-statistics [ vrf vrf-name ]
Displays the BGP route flap statistics. Use the clear bgp flap-statistics command to clear these statistics.
show bgp sessions [ vrf vrf-name ] Displays the BGP sessions for all peers. Use the clear bgp sessions command to clear these statistics.
show bgp statistics Displays the BGP statistics.
Related Documents
Related Topic
BGP CLI commands
VDCs and VRFs
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing Command Reference
Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide
RFCs
RFC
RFC
2918
Title
Route Refresh Capability for BGP-4 http://www.faqs.org/rfcs/rfc2918.html
MIBs
MIBs MIBs Link
BGP4-MIB
CISCO-BGP4-MIB
To locate and download MIBs, go to the following URL: https://cfnng.cisco.com/mibs .
CISCO-BGP-MIBv2
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
349
Routing
Feature History for Advanced BGP
Feature History for Advanced BGP
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 26: Feature History for Advanced BGP
Feature Name
ECMP
Release
8.4(2)
ECMP
BGP
BGP
BGP
8.4(1)
7.3(0)D1(1)
BGP
BGP
BGP Next Hop Unchanged
BGP
6.2(8)
6.2(8)
6.2(8)
6.2(2)
6.2(2)
6.2(2)
Policy-based administrative distance
6.2(2)
BGP conditional route injection
6.2(2)
BGP AS-path multipath relax 6.0(1)
Feature Information
Added support for up to 64 paths to a destination. Supported on F4-Series I/O modules.
Added support for up to 64 paths to a destination. Supported on M3- and F3-Series
I/O modules.
Added support for exporting routes to Default
VRF
Added support for CISCO-BGP-MIBv2
Added support for RFC 5549
Introduced this feature.
Added BFD support for the IPv6 address family.
Added the ability to configure BGP to advertise the default route and introduced the default-information originate command.
Added the ability to advertise routes that are suppressed by the aggregate-address command.
Introduced this feature.
Introduced this feature.
BGP outbound route-maps 6.0(1)
BGP cost community ignore 5.2(1)
VPN address families 5.2(1)
Added the as-path multipath-relax option to the bestpath command.
Added support for setting next-hops on reflected routes using an outbound route-map.
Added the cost-community ignore option to the bestpath command.
Added support for VPN address families.
350
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Feature Name
BGP
BFD
Release
5.1(1)
5.0(2)
ISSU
Next-hop addressing
4.2(3)
4.2(1)
4-Byte AS numbers 4.2(1)
Conditional advertisement 4.2(1)
Dynamic AS number for prefix peers
BGP
4.1(2)
4.0(1)
Feature History for Advanced BGP
Feature Information
No change from Release 5.0.
Added support for BFD. See the Cisco Nexus
7000 Series NX-OS Interfaces Configuration
Guide for more information.
Lowered the BGP minimum hold-time check to eight seconds.
Added support for the BGP next-hop address tracking and filtering.
Added support for 4-byte AS numbers in plaintext notation.
Added support for conditionally advertising
BGP routes based on the existence of other routes in the BGP table.
Added support for a range of AS numbers for the BGP prefix peer configuration.
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
351
Feature History for Advanced BGP
Routing
352
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
13
Configuring RIP
This chapter contains the following sections:
•
Finding Feature Information, on page 353
•
Information About RIP, on page 353
•
Prerequisites for RIP, on page 356
•
Guidelines and Limitations for RIP, on page 356
•
Default Settings for RIP Parameters, on page 356
•
•
Verifying the RIP Configuration, on page 369
•
Displaying RIP Statistics, on page 369
•
Configuration Examples for RIP, on page 369
•
Related Documents for RIP, on page 370
•
Standards for RIP, on page 370
•
Feature History for RIP, on page 370
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About RIP
RIP uses User Datagram Protocol (UDP) data packets to exchange routing information in small internetworks.
RIPv2 supports IPv4. RIPv2 uses an optional authentication feature supported by the RIPv2 protocol.
Note Cisco NX-OS does not support IPv6 for RIP.
RIP uses the following two message types:
• Request—Sent to the multicast address 224.0.0.9 to request route updates from other RIP-enabled routers.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
353
Routing
RIPv2 Authentication
• Response—Sent every 30 seconds by default. The router also sends response messages after it receives a request message. The response message contains the entire RIP route table. RIP sends multiple response packets for a request if the RIP routing table cannot fit in one response packet.
RIP uses a hop count for the routing metric. The hop count is the number of routers that a packet can traverse before reaching its destination. A directly connected network has a metric of 1; an unreachable network has a metric of 16. This small range of metrics makes RIP an unsuitable routing protocol for large networks.
RIPv2 Authentication
You can configure authentication on RIP messages to prevent unauthorized or invalid routing updates in your network.Cisco NX-OSsupports a simple password or an MD5 authentication digest.
You can configure the RIP authentication per interface by using key-chain management for the authentication keys. Key-chain management allows you to control changes to the authentication keys used by an MD5 authentication digest or simple text password authentication. See the Cisco Nexus 7000 Series NX-OS Security
Configuration Guide , for more details about creating key-chains.
To use an MD5 authentication digest, you configure a password that is shared at the local router and all remote
RIP neighbors. Cisco NX-OS creates an MD5 one-way message digest based on the message itself and the encrypted password and sends this digest with the RIP message (Request or Response). The receiving RIP neighbor validates the digest by using the same encrypted password. If the message has not changed, the calculation is identical and the RIP message is considered valid.
An MD5 authentication digest also includes a sequence number with each RIP message to ensure that no message is replayed in the network.
Split Horizon
You can use split horizon to ensure that RIP never advertises a route out of the interface where it was learned.
Split horizon is a method that controls the sending of RIP update and query packets. When you enable split horizon on an interface, Cisco NX-OS does not send update packets for destinations that were learned from this interface. Controlling update packets in this manner reduces the possibility of routing loops.
You can use split horizon with poison reverse to configure an interface to advertise routes learned by RIP as unreachable over the interface that learned the routes.
Figure 38: Sample RIP Network with Split Horizon Poison Reverse Enabled
Router C learns about route X and advertises that route to Router B. Router B in turn advertises route X to
Router A, but sends a route X unreachable update back to Router C.
By default, split horizon is enabled on all interfaces.
354
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Route Filtering
Route Filtering
You can configure a route policy on a RIP-enabled interface to filter the RIP updates. Cisco NX-OS updates the route table with only those routes that the route policy allows.
Route Summarization
You can configure multiple summary aggregate addresses for a specified interface. Route summarization simplifies route tables by replacing a number of more-specific addresses with an address that represents all the specific addresses. For example, you can replace 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 with one summary address, 10.1.0.0/16.
If more specific routes are in the routing table, RIP advertises the summary address from the interface with a metric equal to the maximum metric of the more specific routes.
Note Cisco NX-OS does not support automatic route summarization.
Route Redistribution
You can use RIP to redistribute static routes or routes from other protocols. You must configure a route map with the redistribution to control which routes are passed into RIP. A route policy allows you to filter routes based on attributes such as the destination, origination protocol, route type, route tag, and so on. For more information, see
Configuring Route Policy Manager, on page 413 .
Whenever you redistribute routes into a RIP routing domain, Cisco NX-OS does not, by default, redistribute the default route into the RIP routing domain. You can generate a default route into RIP, which can be controlled by a route policy.
You also configure the default metric that is used for all imported routes into RIP.
Load Balancing
You can use load balancing to allow a router to distribute traffic over all the router network ports that are the same distance from the destination address. Load balancing increases the usage of network segments and increases effective network bandwidth.
Cisco NX-OS supports the Equal Cost Multiple Paths (ECMP) feature with up to 16 equal-cost paths in the
RIP route table and the unicast RIB. You can configure RIP to load balance traffic across some or all of those paths.
High Availability for RIP
Cisco NX-OS supports stateless restarts for RIP. After a reboot or supervisor switchover, Cisco NX-OS applies the running configuration and RIP immediately sends request packets to repopulate its routing table.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
355
Routing
Virtualization Support
Virtualization Support
Cisco NX-OS supports multiple instances of the RIP protocol that run on the same system. RIP supports virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts (VDCs).
You can configure up to four RIP instances on a VDC. By default, Cisco NX-OS places you in the default
VDC and default VRF unless you specifically configure another VDC and VRF.
See the Cisco Nexus 7000 Series NX-OS Virtual Device Context Configuration Guide .
Prerequisites for RIP
• You must enable RIP.
Guidelines and Limitations for RIP
• Cisco NX-OS does not support RIPv1. if Cisco NX-OS receives a RIPv1 packet, it logs a message and drops the packet.
• Cisco NX-OS does not establish adjacencies with RIPv1 routers.
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings for RIP Parameters
Default RIP Parameters
Parameters
Maximum paths for load balancing
RIP feature
Split horizon
Default
8
Disabled
Enabled
Configuring RIP
Enabling RIP
Before you begin
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
356
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Creating a RIP Instance
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# [no] feature rip
3.
(Optional) switch(config)# copy running-config startup-config
4.
(Optional) switch(config)# show feature
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# [no] feature rip
Step 3
Step 4
(Optional) switch(config)# startup-config
(Optional) switch(config)# copy running-config show feature
Purpose
Enters global configuration mode.
Enables the RIP feature.
Use the no form of this command to disable this feature.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Displays enables and disabled features.
Example
The following example enables RIP: switch # configure terminal switch(config)# feature rip switch(config)# copy running-config startup-config
Creating a RIP Instance
You can create a RIP instance and configure the address family for that instance.
Step 1
Step 2
Before you begin
You must enable RIP.
Ensure that you are in the correct VDC (or use the switchto vdc command).
Procedure
Command or Action switch# configure terminal switch(config)# [ no ] router rip instance-tag
Purpose
Enters global configuration mode.
Creates a new RIP instance with the configured instance-tag.
Use the no form of this command to disable this feature.
Note You must also remove any RIP commands configured in interface mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
357
Routing
Restarting a RIP Instance
Step 3
Step 4
Step 5
Step 6
Step 7
Command or Action switch(config-router)# address-family ipv4 unicast
Purpose
Configures the address family for this RIP instance and enters address-family configuration mode.
(Optional) switch(config-router-af)# show ip rip [ instance instance-tag ] [ vrf vrf-name ]
Displays a summary of RIP information for all RIP instances.
(Optional) switch(config-router-af)# distance value
(Optional) switch(config-router-af)# number maximum-paths
Sets the administrative distance for RIP, in address-family configuration mode. The range is from 1 to 255.
Configures the maximum number of equal-cost paths that
RIP maintains in the route table, in address-family configuration mode. The range is from 1 to 16.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example creates a RIP instance for IPv4 and sets the number of equal-cost paths for load balancing: switch# configure terminal switch(config)# router rip Enterprise switch(config-router)# address-family ipv4 unicast switch(config-router-af)# max-paths 10 switch(config-router-af)# copy running-config startup-config
Restarting a RIP Instance
You can restart a RIP instance and remove all associated neighbors for the instance.
Step 1
Step 2
Step 3
Procedure
Command or Action switch# configure terminal switch(config)# restart rip instance-tag
(Optional) switch(config)# copy running-config startup-config
Purpose
Enters global configuration mode.
Restarts the RIP instance and removes all neighbors.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example restarts a RIP instance:
358
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring RIP on an Interface switch # configure terminal switch(config)# restart rip Enterprise switch(config)# copy running-config startup-config
Configuring RIP on an Interface
Before you begin
• You must enable RIP.
• Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
Step 5
1.
switch# configure terminal
2.
switch(config)# interface interface-type slot / port
3.
switch(config-if)# ip router rip instance-tag
4.
(Optional) switch(config-if)# copy running-config startup-config
5.
(Optional) switch(config-if)# show ip rip [ instance instance-tag ] interface [ interface-type slot / port ] [ vrf vrf-name ] [ detail ]
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4 switch(config)# interface interface-type slot / port switch(config-if)# ip router rip instance-tag
(Optional) switch(config-if)# startup-config copy running-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Associates this interface with a RIP instance.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Displays RIP information for an interface.
(Optional) switch(config-if)# show ip rip [ instance instance-tag ] interface [ interface-type slot / port ] [ vrf vrf-name ] [ detail ]
Example
The following example configures RIP on an Ethernet interface: switch # configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# no switchport switch(config-if)# ip router rip Enterprise switch(config-if)# show ip rip Enterprise ethernet 1/2 switch(config-if)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
359
Routing
Configuring RIP Authentication
Configuring RIP Authentication
You can configure authentication for RIP packets on an interface.
Before you begin
• You must enable RIP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
• Configure a keychain if necessary before enabling authentication. For details about implementing key chains, see the Cisco Nexus 7000 Series NX-OS Security Configuration Guide .
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# interface interface-type slot / port
3.
switch(config-if)# ip rip authentication mode { text | md5 }
4.
switch(config-if)# ip rip authentication keychain key
5.
(Optional) switch(config-if)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Purpose
Enters global configuration mode.
switch(config)# interface interface-type slot / port Enters interface configuration mode.
switch(config-if)# ip rip authentication mode { text | md5 } Sets the authentication type for RIP on this interface as cleartext or MD5 authentication digest.
Step 4 switch(config-if)# ip rip authentication keychain key
Step 5 (Optional) switch(config-if)# startup-config copy running-config
Configures the authentication key used for RIP on this interface.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example creates a key chain and configures MD5 authentication on a RIP interface: switch# configure terminal switch(config)# key chain RIPKey switch(config)# key-string myrip switch(config)# accept-lifetime 00:00:00 Jan 01 2000 infinite switch(config)# send-lifetime 00:00:00 Jan 01 2000 infinite switch(config)# interface ethernet 1/2 switch(config-if)# ip rip authentication mode md5 switch(config-if)# ip rip authentication keychain RIPKey switch(config-if)# copy running-config startup-config
360
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Passive Interface
Configuring a Passive Interface
You can configure a RIP interface to receive routes but not send route updates by setting the interfaces to passive mode. You can configure a RIP interface in passive mode in the interface configuration mode.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# interface interface-type slot / port
3.
switch(config-if)# ip rip passive-interface
4.
(Optional) switch(config-if)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4 switch(config)# interface interface-type slot / port switch(config-if)# ip rip passive-interface
(Optional) switch(config-if)# startup-config copy running-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Sets the interface into passive mode.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example configures a RIP interface in passive mode: switch # configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip rip passive-interface switch(config-if)# copy running-config startup-config
Configuring Split Horizon with Poison Reverse
You can configure an interface to advertise routes learned by RIP as unreachable over the interface that learned the routes by enabling poison reverse. You can configure split horizon with poison reverse on an interface using the interface configuration mode.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# interface interface-type slot / port
3.
switch(config-if)# ip rip poison-reverse
4.
(Optional) switch(config-if)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
361
Routing
Configuring Route Summarization
DETAILED STEPS
Step 1
Step 2
Step 3
Command or Action switch# configure terminal switch(config)# interface interface-type slot switch(config-if)# ip rip poison-reverse
/ port
Step 4 (Optional) switch(config-if)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Enables split horizon with poison reverse. Split horizon with poison reverse is disabled by default.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
The following example restarts a RIP instance: switch # configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip rip poison-reverse switch(config-if)# copy running-config startup-config
Configuring Route Summarization
You can create aggregate addresses that are represented in the routing table by a summary address. Cisco
NX-OS advertises the summary address metric that is the smallest metric of all the more-specific routes. To configure a summary address on an interface, use the interface configuration mode.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# interface interface-type slot / port
3.
switch(config-if)# ip rip summary-address ip-prefix/mask-len
4.
(Optional) switch(config-if)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action switch# configure terminal switch(config)# interface interface-type slot / port switch(config-if)# ip rip summary-address ip-prefix/mask-len
(Optional) switch(config-if)# copy running-config startup-config
Purpose
Enters global configuration mode.
Enters interface configuration mode.
Configured a summary address for RIP for IPv4 addresses.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
362
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Route Redistribution
Example
The following example restarts a RIP instance: switch# configure terminal switch(config)# interface ethernet 1/2 switch(config-if)# ip router rip summary-address 192.0.2.0/24 switch(config-if)# copy running-config startup-config
Configuring Route Redistribution
You can configure RIP to accept routing information from another routing protocol and redistribute that information through the RIP network. Redistributed routes can optionally be assigned a default route.
Before you begin
• You must enable RIP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
• Configure a route map before configuring redistribution.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router rip instance-tag
3.
switch(config-router)# address-family ipv4 unicast
4.
switch(config-router-af)# redistribute { bgp as | direct | eigrp | isis | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
5.
(Optional) switch(config-router-af)# default-information originate [ always ] [ route-map map-name ]
6.
(Optional) switch(config-router-af)# default-metric value
7.
(Optional) switch(config-router-af)# copy running-config startup-config
8.
(Optional) switch(config-router-af)# show ip rip route [ ip-prefix [ longer-prefixes | shorter-prefixes ]]
[ vrf vrf-name ] [ summary ]
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3 switch(config)# router rip instance-tag switch(config-router)# address-family ipv4 unicast
Step 4
Step 5
Purpose
Enters global configuration mode.
Creates a new RIP instance with the configured instance-tag.
Enters address family configuration mode.
switch(config-router-af)# redistribute { bgp as | direct | eigrp | isis | ospf | ospfv3 | rip } instance-tag | static }
route-map map-name
Redistributes routes from other protocols into RIP.
(Optional) switch(config-router-af)# default-information originate [ always ] [ route-map map-name ]
Generates a default route into RIP, optionally controlled by a route map.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
363
Routing
Configuring Cisco NX-OS RIP for Compatibility with Cisco IOS RIP
Step 6
Step 7
Step 8
Command or Action Purpose
(Optional) switch(config-router-af)# default-metric value Sets the default metric for all redistributed routes. The range is from 1 to 15. The default is 1.
(Optional) switch(config-router-af)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
(Optional) switch(config-router-af)# show ip rip route
[ ip-prefix [ longer-prefixes | shorter-prefixes ]] [ vrf vrf-name ] [ summary ]
Shows the routes in RIP.
Example
The following example shows how to redistribute EIGRP into RIP: switch# configure terminal switch(config)# router rip Enterprise switch(config-router)# address-family ipv4 unicast switch(config-router-af)# redistribute eigrp 201 route-map RIPmap switch(config-router-af)# copy running-config startup-config
Configuring Cisco NX-OS RIP for Compatibility with Cisco IOS RIP
Beginning with Cisco NX-OS Release 6.1, you can configure Cisco NX-OS RIP to behave like Cisco IOS
RIP in the way that routes are advertised and processed.
Directly connected routes are treated with cost 1 in Cisco NX-OS RIP and with cost 0 in Cisco IOS RIP.
When routes are advertised in Cisco NX-OS RIP, the receiving device adds a minimum cost of +1 to all received routes and installs the routes in its routing table. In Cisco IOS RIP, this cost increment is done on the sending router, and the receiving router installs the routes without any modification. This difference in behavior can cause issues when both Cisco NX-OS and Cisco IOS devices are working together. You can prevent these compatibility issues by configuring Cisco NX-OS RIP to advertise and process routes like Cisco
IOS RIP
Before you begin
• You must enable RIP.
• Ensure that you are in the correct VDC (or use the switchto vdc command).
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# router rip instance-tag
3.
switch(config-router)# [ no ] metric direct 0
4.
(Optional) switch(config-router)# show running-config rip
5.
(Optional) switch(config-router)# copy running-config startup config
364
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Virtualization
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action switch# configure terminal switch(config)# router rip instance-tag switch(config-router)# [ no ] metric direct 0
Purpose
Enters global configuration mode.
Creates a new RIP instance with the configured instance-tag.
You can enter 100, 201, or up to 20 alphanumeric chapters for the instance tag.
Configures all directly connected routes with cost 0 instead of the default of cost 1 in order to make Cisco NX-OS RIP compatible with Cisco IOS RIP in the way that routes are advertised and processed.
Note This command must be configured on all Cisco
NX-OS devices that are present in any RIP network that also contains Cisco IOS devices.
(Optional) switch(config-router)# show running-config rip
(Optional) switch(config-router)# copy running-config startup config
Displays the current running RIP configuration.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration
Example
The following example shows how to disable NX-OS RIP compatibility with Cisco IOS RIP by returning all direct routes from cost 0 to cost 1: switch# configure terminal switch(config)# router rip 100 switch(config-router)# no metric direct 0 switch(config-router)# show running-config rip switch(config-router)# copy running-config startup-config
Configuring Virtualization
You can configure multiple RIP instances in each VDC. You can also create multiple VRFs within each VDC and use the same or multiple RIP instances in each VRF. You assign a RIP interface to a VRF.
Note Configure all other parameters for an interface after you configure the VRF for an interface. Configuring a
VRF for an interface deletes all the configurations for an interface.
Before you begin
• You must enable RIP.
• Create the VDCs.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
365
Routing
Configuring Virtualization
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# vrf vrf-name
3.
switch(config-vrf)# exit
4.
switch(config)# router rip instance-tag
5.
switch(config-router)# vrf vrf-name
6.
(Optional) switch(config-router-vrf)# address-family ipv4 unicast
7.
(Optional) switch(-router-vrf-af)# redistribute { bgp as | direct | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
8.
switch(config-router-vrf-af)# interface ethernet slot / port
9.
switch(config-if)# no switchport
10.
switch(config-if)# vrf member vrf-name
11.
switch(config-if)# ip-address ip-prefix / length
12.
switch(config-if)# ip router rip instance-tag
13.
(Optional) switch(config-if)# copy running-config startup-config
14.
(Optional) switch(config-if)# show ip rip [ instance instance-tag ] interface [ interface-type slot / port ]
[ vrf vrf-name ]
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Step 5
Step 6
Purpose
Enters global configuration mode.
switch(config)# vrf vrf-name switch(config-vrf)# exit
Creates a new VRF.
switch(config)# router rip instance-tag
Exits VRF configuration mode.
Creates a new RIP instance with the configured instance tag.
Creates a new VRF and enters VRF configuration mode.
switch(config-router)# vrf vrf-name
(Optional) switch(config-router-vrf)# address-family ipv4 unicast
(Optional) Configures the VRF address family for this RIP instance.
Step 7
Step 8
(Optional) switch(-router-vrf-af)# redistribute { bgp as | direct | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | static } route-map map-name
Redistributes routes from other protocols into RIP.
See
Configuring Route Policy Manager, on page 413
.
switch(config-router-vrf-af)# interface ethernet slot / port Enters interface configuration mode.
Step 9
Step 10
Step 11 switch(config-if)# switch(config-if)# switch(config-if)# no switchport
vrf member vrf-name
ip-address ip-prefix / length
Configures the interface as a Layer 3 routed interface.
Adds this interface to a VRF.
Configures an IP address for this interface. You must perform this step after you assign this interface to a VRF.
Step 12 switch(config-if)# ip router rip instance-tag Associates this interface with a RIP instance.
366
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Tuning RIP
Step 13
Step 14
Command or Action
(Optional) switch(config-if)# copy running-config startup-config
(Optional) switch(config-if)# show ip rip [ instance instance-tag ] interface [ interface-type slot / port ] [ vrf vrf-name ]
Purpose
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Displays RIP information for an interface in a VRF.
Example
The following example shows how to create a VRF and add an interface to the VRF: switch# configure terminal switch(config)# vrf context RemoteOfficeVRF switch(config-vrf)# exit switch(config)# router rip Enterprise switch(config-router)# vrf RemoteOfficeVRF switch(config-router-vrf)# address-family ipv4 unicast switch(config-router-vrf-af)# redistribute eigrp 201 route-map RIPmap switch(config-router-vrf-af)# interface ethernet 1/2 switch(config-if)# vrf member RemoteOfficeVRF switch(config-if)# ip address 192.0.2.1/16 switch(config-if)# ip router rip Enterprise switch(config-if)# copy running-config startup-config
Tuning RIP
You can tune RIP to match your network requirements. RIP uses several timers that determine the frequency of routing updates, the length of time before a route becomes invalid, and other parameters. You can adjust these timers to tune routing protocol performance to better suit your internet work needs.
Note You must configure the same values for the RIP timers on all RIP-enabled routers in your network.
SUMMARY STEPS
1.
(Optional) switch(config-router-af)# timers basic update timeout holddown garbage-collection
2.
switch(config-router-af)# exit
3.
switch(config-router)# exit
4.
switch(config)# interface type number
5.
(Optional) switch(config-if)# ip rip metric-offset value
6.
(Optional) switch(config-if)# ip rip route-filter { prefix-list list-name | route-map map-name | [ in | out ]
DETAILED STEPS
Step 1
Command or Action
(Optional) switch(config-router-af)# timers basic update timeout holddown garbage-collection
Purpose
Note This is set in the address-family configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
367
Routing
Tuning RIP
Step 2
Step 3
Step 4
Step 5
Step 6
Command or Action Purpose
Sets the RIP timers in seconds. The parameters are as follows:
• update —The range is from 5 to any positive integer.
The default is 30.
• timeout —The time that Cisco NX-OS waits before declaring a route as invalid. If Cisco NX-OS does not receive route update information for this route before the timeout interval ends, Cisco NX-OS declares the route as invalid. The range is from 1 to any positive integer. The default is 180.
• holddown —The time during which Cisco NX-OS ignores better route information for an invalid route.
The range is from 0 to any positive integer. The default is 180.
• garbage-collection —The time from when Cisco
NX-OS marks a route as invalid until Cisco NX-OS removes the route from the routing table. The range is from 1 to any positive integer. The default is 120.
switch(config-router-af)# exit switch(config-router)# exit switch(config)# interface type number
(Optional) switch(config-if)# ip rip metric-offset value
Exits address-family configuration mode.
Exits router configuration mode.
Enters interface configuration mode.
Note This is set in the interface configuration mode.
Adds a value to the metric for every router received on this interface. The range is from 1 to 15. The default is 1.
(Optional) switch(config-if)# ip rip route-filter { prefix-list list-name | route-map map-name | [ in | out ]
Note This is set in the interface configuration mode.
Specifies a route map to filter incoming or outgoing RIP updates.
Example
The following optional examples show how to tune RIP: switch(config-router-af)# timers basic 40 120 120 100 switch(config-router-af)# exit switch(config-router)# exit switch(config)# exit switch(config)# interface ethernet 1/2 switch(config-if)# ip rip metric-offset 10 switch(config-if)# ip rip route-filter route-map InputMap in
368
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Verifying the RIP Configuration
Verifying the RIP Configuration
Use one of the following commands to verify the configuration:
Command Purpose show ip rip instance [ instance-tag ] [ vrf vrf-name ] Displays the status for an instance of RIP.
show ip rip [ instance instance-tag ] interface
slot/port detail [ vrf vrf-name ] show ip rip [ instance instance-tag ] neighbor
[ interface-type number ] [ vrf vrf-name ]
Displays the RIP status for an interface
Displays the RIP neighbor table show ip rip [ instance instance-tag ] route
[ ip-prefix/length [ longer-prefixes | shorter-prefixes ]]
[ summary ] [ vrf vrf-name ]
Displays the RIP route table show running-configuration rip Displays the current running RIP configuration.
Displaying RIP Statistics
Use one of the following commands to display RIP statistics:
Command Purpose show ip rip [ instance instance-tag ] policy statistics redistribute { bgp as | direct | { eigrp | isis | ospf | ospfv3 | rip } instance-tag | static } [ vrf vrf-name ]
Displays the RIP policy status.
Use the clear ip rip policy command to clear policy statistics.
show ip rip [ instance instance-tag ] statistics interface-type number ] [ vrf vrf-name ]
Displays the RIP statistics.
Use the clear ip rip statistics command to clear RIP statistics.
Use the clear ip rip policy command to clear policy statistics.
Use the clear ip rip statistics command to clear RIP statistics.
Configuration Examples for RIP
This example creates the Enterprise RIP instance in a VRF and adds Ethernet interface 1/2 to this RIP instance.
The example also configures authentication for Ethernet interface 1/2 and redistributes EIGRP into this RIP domain.
vrf context NewVRF
!
feature rip router rip Enterprise vrf NewVRF address-family ip unicast
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
369
Routing
Related Documents for RIP redistribute eigrp 201 route-map RIPmap max-paths 10
!
interface ethernet 1/2 vrf NewVRF ip address 192.0.2.1/16 ip router rip Enterprise ip rip authentication mode md5 ip rip authentication keychain RIPKey
•
Related Documents for RIP
Related Topic
RIP CLI
VDCs and VRFs
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide
Standards for RIP
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
Feature History for RIP
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Feature Name Releases Feature Information
RIP
RIP
6.1(1)
4.0(1)
Added the ability to configure Cisco NX-OS
RIP to be behaviorally compatible with Cisco
IOS RIP in the way that routes are advertised and processed.
This feature was introduced.
370
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
14
Configuring Static Routing
This chapter contains the following sections:
•
Finding Feature Information, on page 371
•
Information About Static Routing, on page 371
•
Prerequisites for Static Routing, on page 374
•
Guidelines and Limitations for Static Routing, on page 374
•
Default Settings for Static Routing Parameters, on page 374
•
Configuring Static Routing, on page 374
•
Verifying the Static Routing Configuration, on page 381
•
Related Documents for Static Routing, on page 381
•
Feature History for Static Routing, on page 381
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About Static Routing
Routers forward packets using either route information from route table entries that you manually configure or the route information that is calculated using dynamic routing algorithms.
Static routes, which define explicit paths between two routers, cannot be automatically updated; you must manually reconfigure static routes when network changes occur. Static routes use less bandwidth than dynamic routes. No CPU cycles are used to calculate and analyze routing updates.
You can supplement dynamic routes with static routes where appropriate. You can redistribute static routes into dynamic routing algorithms but you cannot redistribute routing information calculated by dynamic routing algorithms into the static routing table.
You should use static routes in environments where network traffic is predictable and where the network design is simple. You should not use static routes in large, constantly changing networks because static routes cannot react to network changes. Most networks use dynamic routes to communicate between routers but
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
371
Routing
Administrative Distance might have one or two static routes configured for special cases. Static routes are also useful for specifying a gateway of last resort (a default router to which all unroutable packets are sent).
Administrative Distance
An administrative distance is the metric used by routers to choose the best path when there are two or more routes to the same destination from two different routing protocols. An administrative distance guides the selection of one routing protocol (or static route) over another, when more than one protocol adds the same route to the unicast routing table. Each routing protocol is prioritized in order of most to least reliable using an administrative distance value.
Static routes have a default administrative distance of 1. A router prefers a static route to a dynamic route because the router considers a route with a low number to be the shortest. If you want a dynamic route to override a static route, you can specify an administrative distance for the static route. For example, if you have two dynamic routes with an administrative distance of 120, you would specify an administrative distance that is greater than 120 for the static route if you want the dynamic route to override the static route.
Directly Connected Static Routes
You must specify only the output interface (the interface on which all packets are sent to the destination network) in a directly connected static route. The router assumes the destination is directly attached to the output interface and the packet destination is used as the next-hop address. The next hop can be an interface, only for point-to-point interfaces. For broadcast interfaces, the next hop must be an IPv4or IPv6 address.
Fully Specified Static Routes
You must specify either the output interface (the interface on which all packets are sent to the destination network) or the next-hop address in a fully specified static route. You can use a fully specified static route when the output interface is a multi-access interface and you need to identify the next-hop address. The next-hop address must be directly attached to the specified output interface.
Floating Static Routes
A floating static route is a static route that the router uses to back up a dynamic route. You must configure a floating static route with a higher administrative distance than the dynamic route that it backs up. In this instance, the router prefers a dynamic route to a floating static route. You can use a floating static route as a replacement if the dynamic route is lost.
Note By default, a router prefers a static route to a dynamic route because a static route has a smaller administrative distance than a dynamic route.
Remote Next-Hops for Static Routes
You can specify the next-hop address of a neighboring router which is not directly connected to the router for static routes with remote (non-directly attached) next-hops. If a static route has remote next-hops during
372
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Reliable Static Routing Backup Using Object Tracking Deployment data-forwarding, the next-hops are recursively used in the unicast routing table to identify the corresponding directly attached next-hop(s) that have reachability to the remote next-hops.
Reliable Static Routing Backup Using Object Tracking Deployment
You can configure Cisco NX-OS to initiate a backup connection from an alternative port if the circuit to the primary gateway is interrupted. You can ensure reliable deployment backups in the case of certain catastrophic events, such as an Internet circuit failure or peer device failure.
Reliable static routing backup using object tracking can determine the state of the primary connection without having to enable a dynamic routing protocol. It also provides a reliable backup solution that can be used for critical circuits that must not go down without automatically engaging a backup circuit.
In a typical scenario, the primary interface of the remote router forwards traffic from the remote LAN to the main office. If the router loses the connection to the main office, the status of the tracked object changes from up to down. When this change occurs, the router removes the routing table entry for the primary interface and installs the preconfigured floating static route on the secondary interface. The router’s secondary interface then forwards traffic to the preconfigured destination. The backup circuit can be configured to use the Internet.
When the state of the tracked object changes from down to up, the router reinstalls the routing table entry for the primary interface and removes the floating static route for the secondary interface.
IP Service Level Agreements
This feature uses IP service level agreements (IP SLAs), a network monitoring feature set, to generate ICMP pings to monitor the state of the connection to the primary gateway. An IP SLA is configured to ping a target, such as a publicly routable IP address or a target inside the corporate network. The pings are routed from the primary interface only. A track object is created to monitor the status of the IP SLA configuration. The track object informs the client, the static route, if a state change occurs. The preconfigured floating static route on the secondary interface is installed when the state changes from up to down.
Note User Datagram Protocol (UDP) echo, or any other protocol supported by IP SLAs, can be used instead of
ICMP pings.
For more information on IP SLAs, see the Cisco Nexus 7000 Series NX-OS IP SLAs Configuration Guide .
BFD
This feature supports bidirectional forwarding detection (BFD). BFD is a detection protocol designed to provide fast forwarding-path failure detection times. BFD provides subsecond failure detection between two adjacent devices and can be less CPU-intensive than protocol hello messages because some of the BFD load can be distributed onto the data plane on supported modules. See the , for more information.
Virtualization Support
Static routes support virtual routing and forwarding (VRF) instances. VRFs exist within virtual device contexts
(VDCs). By default, Cisco NX-OS places you in the default VDC and default VRF unless you specifically configure another VDC and VRF. For more information, see the Cisco Nexus 7000 Series NX-OS Virtual
Device Context Configuration Guide .
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
373
Routing
Prerequisites for Static Routing
Prerequisites for Static Routing
If the next-hop address for a static route is unreachable, the static route will not be added to the unicast routing table.
Guidelines and Limitations for Static Routing
• You can specify an interface as the next-hop address for a static route only for point-to-point interfaces such as generic routing encapsulation (GRE) tunnels.
• Starting from Cisco NX-OS Release 8.2(4), static IPv6 route with next-hop as the VxLAN route is supported.
• The forward referencing of static routes is not supported for track objects.
• Starting from Cisco NX-OS Release 8.4(1), IPv6 static routes with next-hops that are learnt over a
VXLAN tunnel can be added to the Unicast Routing Information Base (URIB). This feature was supported on IPv4 since Cisco NX-OS Release 4.0(1).
• If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Default Settings for Static Routing Parameters
Default Static Routing Parameters
Parameters
Administrative distance
RIP feature
Default
1
Disabled
Configuring Static Routing
Configuring a Static Route for IPv4
Before you begin
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# ip route { ip-prefix | ip-addr/ip-mask } {[ next-hop | nh-prefix ] | [ interface next-hop | nh-prefix ]} [ tag tag-value ] [ pref ]
374
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Static Route for IPv6
3.
(Optional) switch(config)# copy running-config startup-config
4.
(Optional) switch(config)# show ip static-route
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# ip route { ip-prefix | ip-addr/ip-mask }
{[ next-hop | nh-prefix ] | [ interface next-hop | nh-prefix ]}
[ tag tag-value ] [ pref ]
Step 3
Step 4
(Optional) switch(config)# startup-config
(Optional) switch(config)# copy running-config show ip static-route
Purpose
Enters global configuration mode.
Configures a static route and the interface for this static route. Use ? to display a list of supported interfaces. You can specify a null interface by using null 0. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Displays information about static routes.
Configuration Example
Configuring a Static Route for a null interface.
switch# configure terminal switch(config)# ip static-route 1.1.1.1/32 null 0 switch(config)# copy running-config startup-config
Use the no ip static-route command to remove the static route.
Configuring a Static Route for IPv6
Before you begin
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# ipv6 route ip6-prefix { nh-prefix | link-local-nh-prefix } | { nh-prefix [ interface ] | link-local-nh-prefix [ interface ]} [ name nexthop-name ] [ tag tag-value ] [ pref ]
3.
(Optional) switch(config)# copy running-config startup-config
4.
(Optional) switch(config)# show ipv6 static-route
DETAILED STEPS
Step 1
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
375
Routing
Configuring a Static Route over a VLAN
Step 2
Step 3
Step 4
Command or Action Purpose switch(config)# ipv6 route ip6-prefix { nh-prefix | link-local-nh-prefix } | { nh-prefix [ interface ] | link-local-nh-prefix [ interface ]} [ name nexthop-name ] [ tag tag-value ] [ pref ]
Configures a static route and the interface for this static route. Use ? to display a list of supported interfaces. You can specify a null interface by using null 0. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1.
(Optional) switch(config)# copy running-config startup-config
(Optional) switch(config)# show ipv6 static-route
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Displays information about static routes.
Example
The following example configures a static route for IPv6: switch# configure terminal switch(config)# ipv6 route 2001:0DB8::/48 6::6 null 0
Configuring a Static Route over a VLAN
You can configure a static route without next hop support over a VLAN, also known as a switch virtual switch
(SVI).
Before you begin
Ensure that the access port is part of the VLAN.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# feature interface-vlan
3.
switch(config)# interface vlan vlan-id
4.
switch(config-if)# ip address ip-addr/length
5.
switch(config-if)# ip route ip-addr/length vlan-id
6.
(Optional) switch(config-if)# ip route ip-addr/length vlan-id next-hop-ip-address
7.
(Optional) switch(config-if)# show ip route
8.
(Optional) switch(config)# copy running-config startup-config
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal switch(config)# feature interface-vlan
Purpose
Enters global configuration mode.
Enables VLAN interface mode.
376
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring a Static Route over a VLAN
Step 3
Step 4
Step 5
Step 7
Step 8
Command or Action switch(config)# interface vlan vlan-id switch(config-if)# switch(config-if)#
(Optional) switch(config-if)# show ip route
(Optional) switch(config)# copy running-config startup-config
ip address ip-addr/length
ip route ip-addr/length vlan-id
Step 6 (Optional) switch(config-if)# ip route ip-addr/length vlan-id next-hop-ip-address
Purpose
Creates a switch virtual inteface (SVI) and enters interface configuration mode.
The range for the vlan-id argument is from 1 to 4094, except for the VLANs reserved for the internal switch.
Configures an IP address for the VLAN.
Adds an interface static route without a next hop on the
SVI.
The IP address is the address that is configured on the interface that is connected to the switch.
Configures explicit next hop address when you set up a /32 static route over an interface VLAN.
The IP address is the address that is configured on the interface that is connected to the switch.
Displays routes from the Unicast Route Information Base
(URIB).
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Example
This example shows how to configure a static route without a next hop over an SVI: switch# configure terminal switch(config)# feature interface-vlan swicth(config)# interface vlan 10 switch(config-if)# ip address 192.0.2.1/8 switch(config-if)# ip route 209.165.200.224/27 vlan 10 <===209,165.200.224 is the IP address of the interface that is configured on the interface that is directly connected to the switch.
switch(config-if)# copy running-config startup-config
Note When you set up a /32 static route over an interface VLAN, you have to configure an explicit next hop by using the ip route ip-addr/length vlan-id next-hop-ip-address command.
This example shows how to configure an explicit next hop when you set up a /32 static route over an interface VLAN: switch# configure terminal switch(config)# feature interface-vlan swicth(config)# interface vlan 10 switch(config-if)# ip address 209.165.202.128/27 switch(config-if)# ip route 209.165.202.130/32 vlan 10 209.165.202.130
switch(config-if)# copy running-config startup-config
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
377
Routing
Configuring Reliable Static Routing Backup Using Object Tracking
What to do next
Use the no ip static-route command to remove the static route.
Configuring Reliable Static Routing Backup Using Object Tracking
You can configure Cisco NX-OS to use Internet Control Message Protocol (ICMP) pings to identify when a connection goes down and initiate a backup connection from any alternative port.
Before you begin
• Configure both a primary interface and a backup interface to used for reliable static routing backup.
• Configure an IP SLA with policy-based routing object tracking to be used for reliable static routing backup.
• Configure a routing policy for static routing to be used for reliable static routing backup.
• Create a track object to be associated with the static route using the track object-id interface command
• Ensure that you are in the correct VDC (or use the switchto vdc command).
Note If you attempt to configure a static route associated with a track object before you create the track object, the static route command is not accepted by the switch.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# { ip | ipv6 } route ip-prefix ip-mask ip-addr track object-number
3.
switch(config)# show { ip | ipv6 } static-route track-table
4.
switch(config)# show track track-number
5.
switch(config)# { ip | ipv6 } route network-number network-mask { ip-address | interface } [ distance ]
[ name name ]
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# { ip | ipv6 } route ip-prefix ip-mask ip-addr
track object-number
Configures a static route associated with the track object.
The object-number argument specifies that the static route is installed only if the configured track object is up.
switch(config)# show { ip | ipv6 } static-route track-table Displays information about the IPv4 or IPv6 static-route track table.
switch(config)# show track track-number Displays information about a specific tracked object.
378
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Configuring Virtualization for IPv4
Step 5
Command or Action switch(config)# { ip | ipv6 } route network-number network-mask { ip-address | interface } [ distance ] [ name name ]
Purpose
Configures a floating IPv4 or IPv6 static route on the secondary interface.
The network prefix and mask length must be the same as the static route previously configured for the primary interface associated with a track object. The floating static route should have a higher value of preference than the route associated with the track object.
Configuring Virtualization for IPv4
Before you begin
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# vrf context vrf-name
3.
switch(config-vrf)# ip route { ip-prefix | ip-addr ip-mask } { next-hop | nh-prefix | interface [ sub-intf-separtor sub-intf-num ] next-hop } [ tag tag-value ] [ pref ]
4.
(Optional) switch(config-vrf)# copy running-config startup-config
5.
(Optional) switch(config-vrf)# show ip static-route vrf vrf-name
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
Step 5
Command or Action switch# configure terminal
Purpose
Enters global configuration mode.
switch(config)# vrf context vrf-name
(Optional) switch(config-vrf)# copy running-config startup-config
Creates a VRF and enters VRF configuration mode.
switch(config-vrf)# ip route { ip-prefix | ip-addr ip-mask }
{ next-hop | nh-prefix | interface [ sub-intf-separtor sub-intf-num ] next-hop } [ tag tag-value ] [ pref ]
Configures a static route and the interface for this static route. Use ? to display a list of supported interfaces. You can specify a null interface by using null 0. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1.
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
(Optional) switch(config-vrf)# show ip static-route vrf vrf-name
Displays information on static routes.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
379
Routing
Configuring Virtualization for IPv6
Example
The following example configures VRF for IPv4.
switch # configure terminal switch(config)# vrf context StaticVrf switch(config-vrf)# ip route 192.0.2.0/8 ethernet 1/2 10.0.0.2
switch(config-vrf)# show running-config startup-config
Configuring Virtualization for IPv6
Before you begin
Confirm that you are in the correct VDC. To change the VDC, use the switchto vdc command.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# vrf context vrf-name
3.
switch(config-vrf)# ipv6 route ip6-prefix { nh-prefix | link-local-nh-prefix } | { next-hop | link-local-net-hop
| interface [ sub-intf-separtor sub-intf-num ] next-hop } [ name nexthop-name ] [ tag tag-value ] [ pref ]
4.
(Optional) switch(config-vrf)# copy running-config startup-config
5.
(Optional) switch(config-vrf)# show ipv6 static-route vrf vrf-name
DETAILED STEPS
Step 1
Step 2
Command or Action switch# configure terminal
Step 3
Step 4
Purpose
Enters global configuration mode.
switch(config)# vrf context vrf-name Creates a VRF and enters VRF configuration mode.
switch(config-vrf)# ipv6 route ip6-prefix { nh-prefix | link-local-nh-prefix } | { next-hop | link-local-net-hop | interface [ sub-intf-separtor sub-intf-num ] next-hop } [ name nexthop-name ] [ tag tag-value ] [ pref ]
Configures a static route and the interface for this static route. Use ? to display a list of supported interfaces. You can specify a null interface by using null 0. You can optionally configure the next-hop address. The preference value sets the administrative distance. The range is from 1 to 255. The default is 1.
(Optional) switch(config-vrf)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Step 5 (Optional) switch(config-vrf)# show ipv6 static-route vrf vrf-name
Displays information on static routes.
Example
The following example configures virtualization for IPv6:
380
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Verifying the Static Routing Configuration switch # configure terminal switch(config)# vrf context StaticVrf switch(config-vrf)# ipv6 route 2001:0DB8::/48 6::6 ethernet 2/1 2b11::2f01:4c switch(config-vrf)# copy running-config startup-config
Verifying the Static Routing Configuration
Use one of the following commands to verify the configuration:
Command Purpose show { ip | ipv6 } static-route
show ipv6 static-route vrf vrf-name show { ip | ipv6 } static-route track-table
show track track-number
Displays the configured static routes.
Displays static route information for each VRF.
Displays information about the IPv4 or IPv6 static-route track table.
Displays information about a specific tracked object.
Related Documents for Static Routing
Related Topic
Static Routing CLI
VDCs
Document Title
Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide
Feature History for Static Routing
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Feature Name
Static IPv6 Route
Static Route over VLAN
Releases
8.2(4)
6.2(2a)
Feature Information
Added support for static IPv6 route with next-hop as the VxLAN route.
This feature was introduced.
Reliable static routing backup using object tracking
6.2(2)
Static routing 6.0(1)
Layer 3 routing using a mixed chassis
5.1(1)
This feature was introduced.
Updated for F2 Series modules.
This feature was introduced.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
381
Feature History for Static Routing
Feature Name
Static routing
BFD
Static routing
Releases
5.1(1)
5.0(2)
4.0(1)
Routing
Feature Information
Added the name option to the ip route command.
Added support for BFD. See the Cisco Nexus
7000 Series NX-OS Interfaces Configuration
Guide , for more information.
This feature was introduced.
382
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
15
Configuring the Interoperability of Modules for
Unicast Routing
This chapter contains the following sections:
•
Finding Feature Information, on page 383
•
Configuring the Interoperability of Modules for Unicast Routing, on page 383
•
Information About the Interoperability of Modules for Unicast Routing, on page 384
•
Guidelines and Limitations for the Interoperability of Modules for Unicast Routing, on page 384
•
Configuring the Interoperability of Modules for Unicast Routing, on page 384
•
Verifying the Configuration for the Interoperability of Modules for Unicast Routing, on page 385
•
Configuration Examples for the Interoperability of Modules for Unicast Routing, on page 385
•
Related Documents for the Interoperability of Modules for Unicast Routing , on page 386
•
Feature History for the Interoperability of Modules for Unicast Routing, on page 386
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Configuring the Interoperability of Modules for Unicast Routing
This chapter describes how to configure the interoperability of F1 Series modules with M Series modules for unicast routing on the Cisco NX-OS device.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
383
Routing
Information About the Interoperability of Modules for Unicast Routing
Information About the Interoperability of Modules for Unicast
Routing
A mixed chassis is a Cisco Nexus 7000 Series chassis that contains at least one F1 Series module and at least one M Series module. Because the F1 Series module processes only Layer 2 traffic, you must configure it to pass Layer 3 traffic through the chassis.
Guidelines and Limitations for the Interoperability of Modules for Unicast Routing
The interoperability of modules for unicast routing has the following configuration guidelines and limitations:
• You cannot use F2, F2e, or F3 Series modules in the Cisco Nexus 7000 Series chassis to perform proxy
Layer 3 routing for F1 series modules.
• To support the coexistence of an F2e Series module with an M Series module in the same VDC, the F2e
Series module operates in a proxy mode so that all Layer 3 traffic is sent to an M Series module in the same VDC. For F2e proxy mode, having routing adjacencies connected through F2e interfaces with an
M1 Series module is not supported. However, routing adjacencies connected through F2e interfaces with an M2 Series module is supported.
Configuring the Interoperability of Modules for Unicast Routing
To configure a Layer 3 gateway in a mixed chassis, you use the proxy routing functionality. You enable routing on a specific VLAN by configuring a VLAN interface, and the system automatically provides load-balanced routing functionality. See the Cisco Nexus 7000 Series NX-OS Interfaces Configuration Guide for more information about Layer 3 routing and VLAN interfaces.
For interoperability between F1 Series and M Series modules, use the following procedure to specify which physical interfaces on the M Series modules you want to use for Layer 3 routing.
Before you begin
You must configure a VLAN interface for each VLAN on the F1 Series module that you want to use with the proxy-routing functionality in a mixed chassis.
You must have interfaces from both the M Series modules and the F1 Series modules in the same VDC.
SUMMARY STEPS
1.
switch# configure terminal
2.
switch(config)# hardware proxy layer-3 routing { use | exclude } { module mod-number | interface slot/port } [ module-type f1 ]
3.
(Optional) switch(config)# show hardware proxy layer-3 detail
4.
(Optional) switch(config)# copy running-config startup-config
384
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Verifying the Configuration for the Interoperability of Modules for Unicast Routing
DETAILED STEPS
Step 1
Step 2
Step 3
Step 4
[
Command or Action switch# configure terminal switch(config)# hardware proxy layer-3 routing { use | exclude } { module mod-number | interface slot/port } module-type f1 ]
Purpose
Enters global configuration mode.
Configures specific modules and physical interfaces on the
M Series module to provide the proxy routing on the F1
Series module.
(Optional) switch(config)# show hardware proxy layer-3 detail
Displays information about the proxy Layer 3 functionality.
(Optional) switch(config)# copy running-config startup-config
Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.
Verifying the Configuration for the Interoperability of Modules for Unicast Routing
To display the interoperability of modules for unicast routing configuration, perform one of the following tasks:
Command show hardware proxy layer-3 counters { brief | detail }
Purpose
Displays the number of packets sent by F1 Series modules to each M Series module for proxy forwarding.
Note Enter the clear hardware proxy layer-3 counters command to clear the counters.
show hardware proxy layer-3 detail Displays information about proxy routing from an F1
Series module to an M Series module in a chassis that contains both types of modules.
Configuration Examples for the Interoperability of Modules for
Unicast Routing
This example shows how to specify physical interfaces on M Series modules to perform proxy routing on F1
Series modules in a mixed chassis: switch# configure terminal switch(config)# hardware proxy layer-3 routing use module 1, 7 switch(config)# show hardware proxy layer-3 detail
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
385
Routing
Related Documents for the Interoperability of Modules for Unicast Routing
Related Documents for the Interoperability of Modules for
Unicast Routing
Related Topic Document Title
Interoperability of modules for unicast routing CLI Cisco Nexus 7000 Series NX-OS Unicast Routing
Command Reference
VDCs Cisco Nexus 7000 Series NX-OS Virtual Device
Context Configuration Guide
Feature History for the Interoperability of Modules for Unicast
Routing
This table includes only the updates for those releases that have resulted in additions or changes to the feature.
Table 27: Feature History for the Interoperability of Modules for Unicast Routing
Feature Name
Interoperability of modules for unicast routing
Interoperability of modules for unicast routing
Release
6.1(1)
5.1(1)
Feature Information
Added support for M2 Series modules.
This feature was introduced.
386
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
C H A P T E R
16
Configuring Layer 3 Virtualization
This chapter contains the following sections:
•
Finding Feature Information, on page 387
•
Information About Layer 3 Virtualization, on page 387
•
Guidelines and Limitations for VRF, on page 391
•
Default Settings for VRF, on page 392
•
•
Verifying the VRF Configuration, on page 396
•
Configuration Examples for VRF, on page 396
•
Related Documents for VRF, on page 397
•
Standards for VRF, on page 398
•
Feature History for VRF, on page 398
Finding Feature Information
Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "New and Changed Information"chapter or the
Feature History table in this chapter.
Information About Layer 3 Virtualization
Cisco NX-OS supports a hierarchy of virtualization that can divide the physical system resources into multiple virtual device contexts (VDCs). Each VDC acts as a standalone device with both Layer 2 and Layer 3 services available. You can configure up to 4 VDCs, including the default VDC. See the Cisco Nexus 7000 Series
NX-OS Virtual Device Context Configuration Guide, Release 5.x
, for more information on VDCs.
Cisco NX-OS further virtualizes each VDC to support virtual routing and forwarding instances (VRFs). You can configure multiple VRFs in a VDC. Each VRF contains a separate address space with unicast and multicast route tables for IPv4 and IPv6 and makes routing decisions independent of any other VRF.
The figure shows multiple independent VRFs in two different VDCs.
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
387
Routing
Information About Layer 3 Virtualization
Figure 39: Multiple VRFs in VDCs
A VRF name is local to a VDC, so you can configure two VRFs with the same name if the VRFs exist in different VDCs. In Figure 14-1, VRF A in VDC 2 is independent of VRF B and VRF A in VDC n.
Each router has a default VRF and a management VRF. All Layer 3 interfaces and routing protocols exist in the default VRF until you assign them to another VRF. The mgmt0 interface exists in the management VRF and is shared among multiple VDCs. Each VDC has a unique IP address for the mgmt0 interface (see the
Cisco Nexus 7000 Series NX-OS Fundamentals Configuration Guide, Release 6.x
).
Management VRF
• The management VRF is for management purposes only.
• Only the mgmt 0 interface can be in the management VRF.
• The mgmt 0 interface cannot be assigned to another VRF.
• The mgmt 0 interface is shared among multiple VDCs.
• No routing protocols can run in the management VRF (static only).
Default VRF
• All Layer 3 interfaces exist in the default VRF until they are assigned to another VRF.
• Routing protocols run in the default VRF context unless another VRF context is specified.
• The default VRF uses the default routing context for all show commands.
• The default VRF is similar to the global routing table concept in Cisco IOS.
388
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
VRF and Routing
VRF and Routing
All unicast and multicast routing protocols support VRFs. When you configure a routing protocol in a VRF, you set routing parameters for the VRF that are independent of routing parameters in another VRF for the same routing protocol instance.
You can assign interfaces and route protocols to a VRF to create virtual Layer 3 networks. An interface exists in only one VRF. Figure 9-1 shows one physical network split into two virtual networks with two VRFs.
Routers Z, A, and B exist in VRF Red and form one address domain. These routers share route updates that do not include router C because router C is configured in a different VRF.
Figure 40: VRFs in a Network
By default, Cisco NX-OS uses the VRF of the incoming interface to select which routing table to use for a route lookup. You can configure a route policy to modify this behavior and set the VRF that Cisco NX-OS uses for incoming packets.
Note Do not use the export map command in the VRF mode for prefix filtering. When a route-target export is configured, all routes are exported and then imported to VRFs with a matching route-target import. In this case, the export map does not filter routes, but it can be used to set attributes for the selected routes. If you need to export only the selected routes, remove the route-target export and use the export map to filter routes; and set the route-target-ext-community so that the VRFs with the matching route-target import imports these routes.
VRF-Aware Services
A fundamental feature of the Cisco NX-OS architecture is that every IP-based feature is VRF aware.
The following VRF-aware services can select a particular VRF to reach a remote server or to filter information based on the selected VRF:
• AAA
• Call Home
• DNS
• GLBP
• HSRP
• HTTP
• NetFlow
• NTP
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
389
Routing
Reachability
• RADIUS
• Ping and Traceroute
• SSH
• SNMP
• Syslog
• TACACS+
• TFTP
• VRRP
• XML
See the appropriate configuration guide for each service for more information on configuring VRF support in that service.
Reachability
Reachability indicates which VRF contains the routing information necessary to get to the server providing the service. For example, you can configure an SNMP server that is reachable on the management VRF. When you configure that server address on the router, you also configure which VRF that Cisco NX-OS must use to reach the server.
Th figure shows an SNMP server that is reachable over the management VRF. You configure router A to use the management VRF for SNMP server host 192.0.2.1.
Figure 41: Service VRF Reachability
Filtering
Filtering allows you to limit the type of information that goes to a VRF-aware service based on the VRF. For example, you can configure a syslog server to support a particular VRF. The figure shows two syslog servers with each server supporting one VRF. syslog server A is configured in VRF Red, so Cisco NX-OS sends only system messages generated in VRF Red to syslog server A.
390
Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide
Routing
Figure 42: Service VRF Filtering
Combining Reachability and Filtering
Combining Reachability and Filtering
You can combine reachability and filtering for VRF-aware services. You configure the VRF that Cisco NX-OS uses to connect to that service as well as the VRF that the service supports. If you configure a service in the default VRF, you can optionally configure the service to support all VRFs.
The figure shows an SNMP server that is reachable on the management VRF. You can configure the SNMP server to support only the SNMP notifications from VRF Red, for example.
Figure 43: Service VRF Reachability Filtering
Guidelines and Limitations for VRF
• To completely disable selective VRF download in F3 modules in all VDCs, use the no hardware forwarding selective-vrf command in global configuration mode. You must reload the device after applying this command.
• When you make an interface a member of an existing VRF, Cisco NX-OS removes all Layer 3 configurations. You should configure all Layer 3 parameters after adding an interface to a VRF.
• You should add the mgmt0 interface to the management VRF and configure the mgmt0 IP address and other parameters after you add it to the management VRF.
• If you configure an interface for a VRF before the VRF exists, the interface is operationally down until you create the VRF.
• Cisco NX-OS creates the default and management VRFs by default. You should make the mgmt0 interface a member of the management VRF.
• The write erase boot command does not remove the management VRF configurations. You must use the write erase command and then the write erase boot command.
&bu