No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - IP Routing 01

This is ME60 V800R010C10SPC500 Configuration Guide - IP Routing
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IPv6 IS-IS Route Selection

Configuring IPv6 IS-IS Route Selection

Configuring IS-IS route selection can achieve refined control over route selection.

Usage Scenario

After basic IPv6 IS-IS functions are configured, IS-IS routes will be generated, enabling communication between different nodes on a network.

If multiple routes are available, the route discovered by IS-IS may not be the expected one, which does not meet network planning requirements nor facilitate traffic management. To address this issue, configure IPv6 IS-IS route selection to implement refined control over route selection.

To implement refined control over IPv6 IS-IS route selection, perform the following operations:
  • Configure the costs for IPv6 IS-IS Interfaces.
    NOTE:

    Changing the IS-IS cost for an interface can control route selection, but routes on the interface need to be recalculated if a network topology changes, especially on a large-scale network. In addition, the configuration result may not meet your expectation.

    Therefore, configure IS-IS costs before configuring basic IS-IS functions.

  • Configure IPv6 IS-IS route leaking.

  • Configure rules for selecting equal-cost IPv6 IS-IS routes.

  • Filter IPv6 IS-IS routes.

  • Configure an overload bit for an IPv6 IS-IS device.

Pre-configuration Tasks

Before configuring IPv6 IS-IS route selection, complete the following tasks:

  • Configure the link layer protocol on interfaces.

  • Configure IP addresses for interfaces to ensure that neighboring nodes are reachable at the network layer.

  • Configure basic IPv6 IS-IS functions.

Configuration Procedures

Perform one or more of the following configurations as required.

Configuring IPv6 IS-IS Route Leaking

Configuring IS-IS route leaking enables you to optimize IS-IS route selection on a two-level-area network.

Context

If multiple Level-1-2 devices in a Level-1 area are connected to devices in the Level-2 area, a Level-1 LSP sent by each Level-1-2 device carries an ATT flag bit of 1. This Level-1 area will have multiple routes to the Level-2 area and other Level-1 areas.

By default, routes in a Level-1 area can leak to the Level-2 area so that Level-1-2 and Level-2 devices can learn about the topology of the entire network. Devices in a Level-1 area are unaware of the entire network topology because they only maintain LSDBs in the local Level-1 area. Therefore, a device in a Level-1 area can forward traffic to a Level-2 device only through the nearest Level-1-2 device. However, the used route may not be optimal.

To enable a device in a Level-1 area to select the optimal route, configure IPv4 IS-IS route leaking so that specified routes in the Level-2 area can leak to the local Level-1 area.

If you want the Level-2 area to know only some of the routes in the local Level-1 area, configure a policy so that only desired routes can leak to the Level-2 area.

Procedure

  • Configure route leaking from the Level-2 area to the Level-1 area.
    1. Run system-view

      The system view is displayed.

    2. Run isis [ process-id ]

      The IS-IS view is displayed.

    3. Configure the routes in the Level-2 area and other Level-1 areas that meet the specified conditions can leak to the local Level-1 area.

      Run any of the following commands as required:

      • Configure a basic ACL:
        1. Run ipv6 import-route isis level-2 into level-1 [ filter-policy { acl6-number | acl6-name acl6-name-string } | tag tag ] *

        2. Run quit

          Return to the system view.

        3. Run acl ipv6 { name basic-acl6-name { basic | [ basic ] number basic-acl6-number } | [ number ] basic-acl6-number } [ match-order { config | auto } ]

          The basic ACL view is displayed.

        4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address { prefix-length | source-wildcard } | source-ipv6-address/prefix-length | any } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] ] *

          A rule is configured for the basic ACL.

          When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

          When a filtering policy of a routing protocol is used to filter routes:
          • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

          • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

          • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

          • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

          • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

          • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

            Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

            Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

      • Based on the IP prefix:

        Run ipv6 import-route isis level-2 into level-1 [ filter-policy ipv6-prefix ipv6-prefix-name | tag tag ] *

      • Based on the Route-Policy:

        Run ipv6 import-route isis level-2 into level-1 [ filter-policy route-policy route-policy-name | tag tag ] *

      NOTE:

      The command is run on the Level-1-2 device that is connected to an external area.

    4. Run commit

      The configuration is committed.

  • Configure route leaking from the Level-1 area to the Level-2 area.
    1. Run system-view

      The system view is displayed.

    2. Run isis [ process-id ]

      The IS-IS view is displayed.

    3. Configure the routes that meet the specified conditions in the Level-1 area can leak to the Level-2 area.

      Run any of the following commands as required:

      • Configure a basic ACL:
        1. Run ipv6 import-route isis level-1 into level-2 [ filter-policy { acl6-number | acl6-name acl6-name-string } | tag tag ] *

        2. Run quit

          Return to the system view.

        3. Run acl ipv6 { name basic-acl6-name { basic | [ basic ] number basic-acl6-number } | [ number ] basic-acl6-number } [ match-order { config | auto } ]

          The basic ACL view is displayed.

        4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address { prefix-length | source-wildcard } | source-ipv6-address/prefix-length | any } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] ] *

          A rule is configured for the basic ACL.

          When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

          When a filtering policy of a routing protocol is used to filter routes:
          • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

          • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

          • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

          • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

          • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

          • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

            Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

            Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

      • Based on the IP prefix:

        Run ipv6 import-route isis level-1 into level-2 [ filter-policy ipv6-prefix ipv6-prefix-name | tag tag ] *

      • Based on the Route-Policy:

        Run ipv6 import-route isis level-1 into level-2 [ filter-policy route-policy route-policy-name | tag tag ] *

      NOTE:

      The command is run on the Level-1-2 device that is connected to an external area.

    4. Run commit

      The configuration is committed.

Configuring Rules for Selecting Equal-Cost IPv6 IS-IS Routes

If multiple equal-cost IS-IS routes are available on a network, configure the equal-cost IS-IS routes to load-balance traffic to increase the bandwidth usage of each link, or configure priorities for the equal-cost IS-IS routes to facilitate traffic management.

Context

If there are multiple IPv6 IS-IS routes with the same cost, configure load balancing for equal-cost IPv6 IS-IS routes.

Load balancing increases the link bandwidth usage and prevents network congestion caused by link overload. However, Load balancing may complicate traffic management because traffic will be randomly forwarded.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run isis [ process-id ]

    The IS-IS view is displayed.

  3. Run ipv6 maximum load-balancing number

    The maximum number of equal-cost IPv6 IS-IS routes for load balancing is set.

    NOTE:
    If the actual equal-cost routes outnumber the value specified in the ipv6 maximum load-balancing command, routes are selected for load balancing based on the following rules:
    1. Route preference: Routes with lower preference value (higher preference) are selected for load balancing.
    2. Next hop System ID: If routes have the same priorities, routes with smaller System ID are selected for load balancing.
    3. Interface index: If routes have the same priorities and System ID, routes with lower interface index values are selected for load balancing.

  4. Run commit

    The configuration is committed.

Filtering IPv6 IS-IS Routes

If some IPv6 IS-IS routes are not preferred, configure conditions to filter IS-IS routes. Only IS-IS routes meeting the specified conditions can be added to an IPv6 routing table.

Context

Only routes in an IPv6 routing table can be used to forward IPv6 packets. An IS-IS route can take effect only after it has been successfully added to an IPv6 routing table.

If an IPv6 IS-IS route does not need to be added to a routing table, configure a basic ACL, an IP prefix, or a routing policy to filter routes so that only IPv6 IS-IS routes that meet the specified conditions can be added to an IPv6 routing table. IPv6 IS-IS routes that do not meet the specified conditions cannot be added to the IPv6 routing table nor selected to forward IPv6 packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run isis [ process-id ]

    The IS-IS view is displayed.

  3. Configure conditions for filtering IS-IS routes are configured.

    Run any of the following commands as required:

    • Configure a basic ACL:
      1. Run ipv6 filter-policy { acl6-number | acl6-name acl6-name } import

      2. Run quit

        Return to the system view.

      3. Run acl ipv6 { name basic-acl6-name { basic | [ basic ] number basic-acl6-number } | [ number ] basic-acl6-number } [ match-order { config | auto } ]

        The basic ACL view is displayed.

      4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address { prefix-length | source-wildcard } | source-ipv6-address/prefix-length | any } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] ] *

        A rule is configured for the basic ACL.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:
        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • If the ACL referenced by the route-policy does not exist, all routes matching the route-policy will be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

    • Based on the IP prefix:

      Run ipv6 filter-policy ipv6-prefix ipv6-prefix-name import

    • Based on the Route-Policy:

      Run ipv6 filter-policy route-policy route-policy-name import

  4. Run commit

    The configuration is committed.

Configuring an Overload Bit for an IPv6 IS-IS Device

If an IS-IS device needs to be temporarily isolated, configure the overload state for it to prevent other devices from forwarding traffic to this IS-IS device and prevent blackhole routes.

Context

If an IS (for example, an IS to be upgraded or maintained) needs to be temporarily isolated, configure the overload state for it so that no device will forward traffic to this IS.

IS-IS routes converge more quickly than BGP routes do. To prevent blackhole routes on a network where both IS-IS and BGP are configured, set an overload bit to instruct an IS to enter the overload state during its start or restart. After BGP convergence is complete, cancel the overload bit.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run isis [ process-id ]

    The IS-IS view is displayed.

  3. Run set-overload [ on-startup [ timeout1 | start-from-nbr system-id [ timeout1 [ timeout2 ] ] | wait-for-bgp [ timeout1 ] ] [ route-delay-distribute timeout4 ] [ send-sa-bit [ timeout3 ] ] ] [ allow { interlevel | external } * ]

    The overload bit is configured.

  4. Run commit

    The configuration is committed.

Configuring IS-IS to Generate IPv6 Default Routes

This section describes how to configure IS-IS to generate IPv6 default routes to control the advertising of IS-IS routing information.

Context

The destination address and mask of a default route are all 0s. If the destination address of a packet does not match any entry in the routing table of a device, the device sends the packet along the default route. If neither the default route nor the destination address of the packet exists in the routing table, the device discards the packet and informs the source end that the destination address or network is unreachable.

IS-IS can generate default routes using either of the following mode:
  • Command-triggered default route generation mode

    You can run the default-route-advertise command on a device so that the device adds a default route to the LSP before sending the LSP to a neighbor. Therefore, the neighbor can learn this default route.

  • ATT bit 1-triggered default route generation mode

    IS-IS defines that a Level-1-2 router sets the ATT bit to 1 in the LSP to be advertised to a Level-1 area if the Level-1-2 router can reach more Level-1 areas through the Level-2 area than through the Level-1 area. After a Level-1 router in the Level-1 area receives the LSP, it generates a default route destined for the Level-1-2 router. Based on the network requirements, you can configure whether the Level-1-2 router sets the ATT bit carried in the LSP and whether a Level-1 router generates a default route after it receives the LSP carrying ATT bit 1.

    NOTE:

    This mode applies only to Level-1 routers.

Procedure

  • Configure command-triggered default route generation mode.
    1. Run system-view

      The system view is displayed.

    2. Run isis [ process-id ]

      The IS-IS view is displayed.

    3. Run ipv6 default-route-advertise [ always | match default | route-policy route-policy-name | route-filter route-filter-name ] [ [ cost cost ] | [ tag tag ] | [ level-1 | level-2 | level-1-2 ] ] * [ avoid-learning ]

      IS-IS is configured to generate default IPv6 routes.

    4. Run commit

      The configuration is committed.

  • Configure ATT bit 1-triggered default route generation mode.
    1. Run system-view

      The system view is displayed.

    2. Run isis [ process-id ]

      The IS-IS view is displayed.

    3. Run the following command as required:

      • To set the ATT bit in the LSPs sent by the Level-1-2 router, run the attached-bit advertise { always | never } command.

        • If the always parameter is specified, the ATT bit is set to 1. After receiving the LSPs carrying the ATT bit 1, the Level-1 router generates a default route.
        • If the never parameter is specified, the ATT bit is set to 0. After receiving the LSPs carrying the ATT bit 0, the Level-1 router does not generate a default route, which reduces the size of a routing table.
      • To disable the Level-1 router from generating default routes even though it receives the LSPs carrying ATT bit 1, run the attached-bit avoid-learning command.

    4. Run commit

      The configuration is committed.

Verifying the IPv6 IS-IS Route Selection Configuration

After configuring IPv6 IS-IS route selection, check the configurations.

Procedure

  • Run the display isis route [ process-id | vpn-instance vpn-instance-name ] [ ipv6 ] [ topology topology-name ] [ verbose | [ level-1 | level-2 ] | ipv6-address [ prefix-length ] ] * [ | count ] command to check IS-IS routing information.
  • Run the display isis lsdb [ { level-1 | level-2 } | verbose | { local | lsp-id | is-name symbolic-name } ] * [ process-id | vpn-instance vpn-instance-name ] command to check information in the IS-IS LSDB.

Example

On a Level-1 device, run the display isis route command to check IS-IS routing information. If the Level-1-2 device is enabled to leak IS-IS routes in the Level-2 area to Level-1 areas, the output of the display isis route command is similar to the following information. For example, the route 44:4::/64 in the Level-2 area is displayed, and Up/Down is U.

<HUAWEI> display isis route
                         Route information for ISIS(1)
                         -----------------------------

                        ISIS(1) Level-1 Forwarding Table
                        --------------------------------

IPV4 Destination     IntCost    ExtCost ExitInterface   NextHop         Flags
-------------------------------------------------------------------------------
0.0.0.0/0            10         NULL

 IPV6 Dest.      ExitInterface   NextHop                       Cost       Flags
-------------------------------------------------------------------------------
 ::/0            GE1/0/0         FE80::2E0:51FF:FE52:8100      10         A/-/-
 20:1::/64       GE1/0/0         FE80::2E0:51FF:FE52:8100      20         A/-/-
 10:1::/64       GE1/0/0         Direct                        10         D/L/-
 44:4::/64       GE1/0/0         FE80::2E0:51FF:FE52:8100      20         A/-/U

     Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
                               U-Up/Down Bit Set

On the Level-1-2 device, run the display isis lsdb verbose command to check whether the Level-1-2 device has leaked the route 44:4::/64 to Level-1 areas.

<HUAWEI> display isis lsdb verbose

Run the display isis route command to check IS-IS routing information. If equal-cost IS-IS routes are configured to work in load-balancing mode, multiple next hops will be displayed in the command output. For example, two next hops, FE80::2E0:51FF:FE52:8100 and FE80::2E0:FFFF:FE50:8200, to the 44:4::/64 network segment are displayed, and their route costs are both 20.

<HUAWEI> display isis route
                         Route information for ISIS(1)
                         -----------------------------

                        ISIS(1) Level-2 Forwarding Table
                        --------------------------------

 IPV6 Dest.      ExitInterface   NextHop                       Cost       Flags
-------------------------------------------------------------------------------
 13:1::/64       GE1/0/1         Direct                        10         D/L/-
 34:1::/64       GE1/0/1         FE80::2E0:FFFF:FE50:8200      20         A/-/-
 20:1::/64       GE1/0/0         FE80::2E0:51FF:FE52:8100      20         A/-/-
 10:1::/64       GE1/0/0         Direct                        10         D/L/-
 44:4::/64      GE1/0/0         FE80::2E0:51FF:FE52:8100      20         A/-/-
                 GE1/0/1         FE80::2E0:FFFF:FE50:8200

     Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
                               U-Up/Down Bit Set

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059437

Views: 20720

Downloads: 15

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next