No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Dynamic BGP VPNv6 Flow Specification

Configuring Dynamic BGP VPNv6 Flow Specification

Dynamic BGP VPNv6 Flow Specification allows BGP VPNv6 Flow Specification routes to be transmitted and traffic filtering policies to be generated. The policies improve security of devices in VPNs.

Usage Scenario

When deploying dynamic BGP VPNv6 Flow Specification, a BGP VPNv6 Flow Specification peer relationship needs to be established between the traffic analysis server and each ingress of the network to transmit BGP VPNv6 Flow Specification routes.

In an AS with multiple ingresses, a BGP Flow route reflector (Flow RR) can be deployed to reduce the number of BGP VPNv6 Flow Specification peer relationships and save CPU resources.

Pre-configuration Tasks

Before configuring dynamic BGP VPNv6 Flow Specification, configure BGP peers.

Procedure

  1. Establish a BGP VPNv6 Flow Specification peer relationship.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run peer ipv4-address as-number as-number

      An IP address and AS number are specified for the peer.

    4. Run ipv6-flow vpnv6

      The BGP-Flow VPNv6 address family is enabled, and its view is displayed.

    5. Run peer ipv4-address enable

      A BGP VPNv6 Flow Specification peer relationship is established.

    6. Run commit

      The configuration is committed.

  2. (Optional) Configure a Flow RR.
    1. Run system-view

      The system view is displayed.

    2. Run bgp as-number

      The BGP view is displayed.

    3. Run ipv6-flow vpnv6

      The BGP-Flow VPNv6 address family is enabled, and its view is displayed.

    4. Run peer ipv4-address reflect-client

      The device is configured as a flow RR, and the specified peer is configured as a client.

      The router on which the peer reflect-client command is run functions as a flow RR. The network ingress and traffic analysis server need to be configured as clients of the flow RR.

    5. (Optional) Run undo reflect between-clients

      Route reflection between clients through the flow RR is disabled.

      If the clients of a flow RR have established full-mesh connections with each other, you can run the undo reflect between-clients command on the flow RR to disable route reflection between clients through the RR to reduce the cost.

    6. (Optional) Run reflector cluster-id cluster-id

      A cluster ID is configured for the flow RR.

      If a cluster has multiple flow RRs, you need to run this command to set the same cluster ID for these RRs.

      NOTE:

      The reflector cluster-id command is applicable only to flow RRs.

    7. Run commit

      The configuration is committed.

Checking the Configurations

Run the following commands to check the previous configuration.

  • Run the display bgp flow vpnv6 all peer [ [ ipv4-address ] verbose ] command to check information about all BGP VPN IPv6 Flow Specification and BGP VPNv6 Flow Specification peers.

  • Run the display bgp flow vpnv6 { all | route-distinguisher route-distinguisher } routing-table [ reindex ] command to check information about all BGP VPN IPv6 Flow Specification and BGP VPNv6 Flow Specification routes or about the BGP VPN IPv6 Flow Specification and BGP VPNv6 Flow Specification routes with a specified RD.

  • Run the display bgp flow vpnv6 { all | route-distinguisher route-distinguisher } routing-table statistics command to check statistics about all BGP VPN IPv6 Flow Specification and BGP VPNv6 Flow Specification routes or about the BGP VPN IPv6 Flow Specification and BGP VPNv6 Flow Specification routes with a specified RD.

# Run the display bgp flow vpnv6 all peer [ [ ipv4-address ] verbose ] command to check whether the BGP VPNv6 Flow Specification peer relationship is established.

<HUAWEI> display bgp flow vpnv6 all peer
 
 BGP local router ID : 10.2.1.2
 Local AS number : 200
 Total number of peers : 1                 Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  10.2.1.1        4         200     1042     1051     0 15:07:49 Established        0

# Run the display bgp flow vpnv6 { all | route-distinguisher route-distinguisher } routing-table [ reindex ] command to check information about BGP VPNv6 Flow Specification routes.

<HUAWEI> display bgp flow vpnv6 all routing-table 536870913
 
 BGP local router ID : 10.2.1.2
 Local AS number : 200
 ReIndex : 536870913
 Order   : 0
 Dissemination Rules :
   Src. Port      : eq 159
 
 BGP flow-vpnv6 routing table entry information of 536870913:
 Route Distinguisher: 200:1
 Match action :
   apply deny
 From: 0.0.0.0 (0.0.0.0) 
 Route Duration: 0d00h02m53s
 Ext-Community: RT <111 : 1>
 AS-path Nil, origin igp, MED 0, pref-val 0, valid, local, best, pre 255
 Advertised to such 1 peers:
    10.2.1.1

# Run the display bgp flow vpnv6 { all | route-distinguisher route-distinguisher } routing-table statistics command on the network ingress to check statistics about the BGP VPNv6 Flow Specification routes received from the specified BGP VPNv6 Flow Specification peer.

<HUAWEI> display bgp flow vpnv6 route-distinguisher 200:1 routing-table statistics
 Route Distinguisher: 200:1
 
 Total Number of Routes: 1
Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 19792

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next