No relevant resource is found in the selected language.
MENU
Support Documentation
NE20E-S2 V800R011C10 Configuration Guide - IP Services 02
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Proxy ND

Configuring Proxy ND

A device can function as the proxy of a target host to reply to unreachable requests in special scenarios.

Usage Scenarios

ND applies only to the communication of hosts on the same network segment and physical network. When a router receives an NS packet from a host, the router checks whether the destination IPv6 address in the NS packet is the local IPv6 address. This helps to determine whether the NS packet requests for the local MAC address. If yes, an NA packet is sent as a reply. If not, the NS packet is discarded.

For the hosts on the same network segment but different physical networks or the hosts that are on the same network segment and physical network but fail in Layer 2 interworking, proxy ND can be deployed on the router between the hosts to allow such hosts to communicate with each other. After proxy ND is deployed and the router receives an NS packet, the router finds that the destination address in the NS packet is not its own IPv6 address and then replies the source host with an NA packet carrying its own MAC address and the IPv6 address of the destination host. Specifically, the router takes the place of the destination host to reply with an NA packet.

Table 13-2 describes the usage scenarios for different types of proxy ND.
Table 13-2 Usage scenarios of proxy ND

Proxy ND Mode

Usage Scenario

Routed proxy ND

Hosts that need to communicate reside on the same network segment but different physical networks, and the gateways connecting to the two hosts are configured with different IP addresses.

Any proxy ND

Hosts that need to communicate reside on the same network segment but different physical networks, and the gateways connected to the hosts have the same gateway address.

Intra-VLAN proxy ND

Hosts that need to communicate reside on the same network segment and belong to the same VLAN, but user isolation is configured in the VLAN.

Inter-VLAN proxy ND

Hosts that need to communicate reside on the same network segment but belong to different VLANs.

Local proxy ND

Hosts that need to communicate reside on the same network segment and BD, but user isolation is configured in the BD.

Pre-configuration Tasks

Before configuring proxy ND, complete the following tasks:

  • Connect interfaces and set their physical parameters to ensure that the physical interface status is Up.

  • Configure the link layer protocol parameters for interfaces.

  • Enable IPv6 in the interface view.

  • Configure IPv6 addresses for interfaces.

Configuring Routed Proxy ND

Routed proxy ND can be deployed if two hosts are on the same network segment but different physical networks and the gateway connecting to the two hosts are configured with two different IP addresses.

Context

If hosts that need to communicate are on the same network segment but different physical networks and the gateway connected to the hosts are configured with different IP addresses, enable routed proxy ND on the interfaces connecting the router and hosts.

As shown in Figure 13-2, Device A and Device B are connected to the same network, and the IPv6 addresses of interface 1 and interface 2 belong to different network segments. In this example, Host A wants to communicate with Host B, and the destination IPv6 address and local IPv6 address are on the same network segment. Host A sends an NS packet to request for Host B's MAC address. However, Host B cannot receive the NS packet and therefore fails to send a reply because Host A and Host B are on different physical networks.
Figure 13-2 Typical networking of routed proxy ND

To address this problem, enable routed ND proxy on Device A's interface 1 and Device B's interface 2.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled on the interface.

  4. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

    A global unicast address is configured for the interface.

  5. Run ipv6 nd proxy route enable

    Routed ND proxy is enabled.

    • Proxy ND cannot be enabled on an interface configured with a CGA address. Otherwise, the replied NA packets that carry the CGA/RSA option may be discarded.

    • Multiple types of proxy ND can be configured in the interface view. The priorities of these proxy ND types are as follows in descending order: any proxy ND > intra-VLAN proxy ND/inter-VLAN proxy ND/local proxy ND > routed proxy ND.

    • Proxy ND is not supported for the following types of packets:
      • NS packets with a link-local address as the target address
      • DAD NS packets with the source address of all 0s
      • NS packets with the IP address of the local host as the target address.

  6. Run commit

    The configuration is committed.

Configuring Any Proxy ND

Any proxy ND can be deployed if two hosts are on the same network segment but different physical networks and the gateways connecting to the two hosts have the same IP address.

Context

In scenarios where servers are partitioned into VMs, to allow flexible deployment and migration of VMs on multiple servers or gateways, the common solution is to configure Layer 2 interworking between multiple gateways. However, this approach may lead to larger Layer 2 domains on the network and risks of broadcast storms. To resolve this problem, a common way is to enable any proxy ND on a VM gateway so that the gateway sends its own MAC address to the source VM and the traffic sent from the source VM to other VMs is transmitted over routes.

As shown in Figure 13-3, the IPv6 address of VM1 is 2001:db8:300:400::1/64, the IPv6 address of VM2 is 2001:db8:300:400::2/64, and VM1 and VM2 are on the same network segment. Device A and Device B are connected to two networks using two interface 1s with the same IPv6 address and MAC address. Because the destination IPv6 address and local IPv6 address are on the same network segment, if VM1 wants to communicate with VM2, VM1 will send an NS packet to request for VM2's MAC address. However, because VM1 and VM2 are on different physical networks, VM2 cannot receive the NS packet and therefore fails to send a reply.
Figure 13-3 Typical networking of any proxy ND

To address the problem, enable any proxy ND on Device A's interface 1 and Device B's interface 1.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled on the interface.

  4. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

    A global unicast address is configured for the interface.

  5. Run ipv6 nd proxy anyway enable

    Any proxy ND is enabled.

    • Proxy ND cannot be enabled on an interface configured with a CGA address. Otherwise, the replied NA packets that carry the CGA/RSA option may be discarded.

    • Multiple types of proxy ND can be configured in the interface view. The priorities of these proxy ND types are as follows in descending order: any proxy ND > intra-VLAN proxy ND/inter-VLAN proxy ND/local proxy ND > routed proxy ND.

    • Proxy ND is not supported for the following types of packets:
      • NS packets with a link-local address as the target address
      • DAD NS packets with the source address of all 0s
      • NS packets with the IP address of the local host as the target address.

  6. Run commit

    The configuration is committed.

Configuring Intra-VLAN Proxy ND

Intra-VLAN proxy ND can be deployed if two hosts are on the same VLAN but the VLAN is configured with Layer 2 port isolation.

Context

If hosts belong to the same VLAN but the VLAN is configured with Layer 2 port isolation, intra-VLAN proxy ND needs to be enabled on the associated VLAN interfaces to enable host interworking.

As shown in Figure 13-4, Host A and Host B are connected to Device, and the interfaces connecting Device to Host A and Host B belong to the same VLAN. Because intra-VLAN Layer 2 port isolation is configured on Device, Host A and Host B cannot communicate with each other at Layer 2.
Figure 13-4 Typically networking of intra-VLAN proxy ND

To address this problem, enable intra-VLAN proxy ND on Device's interface 1.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface vlanif vlan-id or interface interface-type interface-number.sub-number

    The VLANIF interface view or Layer 3 sub-interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled on the interface.

  4. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

    A global unicast address is configured for the interface.

  5. Run ipv6 nd proxy inner-access-vlan enable

    Intra-VLAN proxy ND is enabled.

    • The IPv6 address of the interface enabled with proxy ND must be on the same network segment as the IPv6 address of the host connected to the interface.

    • Proxy ND cannot be enabled on an interface configured with a CGA address. Otherwise, the replied NA packets that carry the CGA/RSA option may be discarded.

    • Multiple types of proxy ND can be configured in the interface view. The priorities of these proxy ND types are as follows in descending order: any proxy ND > intra-VLAN proxy ND/inter-VLAN proxy ND/local proxy ND> routed proxy ND.

    • Proxy ND is not supported for the following types of packets:
      • NS packets with a link-local address as the target address
      • DAD NS packets with the source address of all 0s
      • NS packets with the target address and interface address on different network segments
      • NS packets with the IP address of the local host as the target address.

  6. Run commit

    The configuration is committed.

Configuring Inter-VLAN Proxy ND

Inter-VLAN proxy ND can be deployed if two hosts that are on the same network segment and physical network but belong to different VLANs need to communicate with each other at Layer 3.

Context

If hosts are on the same network segment and physical network but belong to different VLANs, inter-VLAN proxy ND must be enabled on the associated VLAN interfaces to enable Layer 3 interworking between the hosts.

In a VLAN aggregation scenario shown in Figure 13-5, Host A and Host B are on the same network segment, but Host A belongs to sub-VLAN 2 and Host B belongs to sub-VLAN 3. Host A and Host B cannot implement Layer 2 interworking.
Figure 13-5 Typical networking of inter-VLAN proxy ND in a VLAN aggregation scenario

To address this problem, enable inter-VLAN proxy ND on Device's interface 1.

On the L2VPN+L3VPN IP RAN shown in Figure 13-6, the CSG is connected to the ASG through L2VE sub-interfaces, and the ASG terminates L2VPN packets and are connected to the BGP/MPLS IPv6 VPN through L3VE sub-interfaces. BTS1 belongs to VLAN 2 and BTS2 belongs to VLAN3. Therefore, users who are connected to BTSs and belong to the same network segment cannot implement Layer 2 interworking.
Figure 13-6 Typical networking of inter-VLAN proxy ND in an L2VPN+L3VPN IP RAN

To address this problem, enable inter-VLAN proxy ND on the L3VE sub-interfaces of the ASG.
  1. CSG1 sends an NS packet to request for the MAC address of CSG2.
  2. Upon receipt of the NS packet, the ASG finds that the destination IPv6 address in the packet is not its own IPv6 address and therefore determines that the NS packet does not request for its MAC address. The ASG then checks whether ND entries destined for CSG2 exist.
    • If such ND entries exist and the VLAN information in the ND entries is inconsistent with the VLAN information configured on the interface receiving the NS packet, the ASG determines whether inter-VLAN proxy ND is enabled on the associated VLAN interface.

      • If inter-VLAN proxy ND is enabled, the ASG sends the MAC address of the L3VE sub-interface to CSG1.

        Upon receipt of the NA packet, CSG1 considers that this packet is sent by CSG2. CSG1 learns the MAC address of the ASG's L3VE sub-interface in the NA packet and sends data packets to CSG2 using this MAC address.

      • If inter-VLAN proxy ND is not enabled, the NS packet is discarded.
    • If such ND entries do not exist, the NS packet sent by CSG1 is discarded and CSG2 checks whether inter-VLAN proxy ND is enabled on the associated L3VE sub-interface.
      • If inter-VLAN proxy ND is enabled, the NS packet is forwarded in VLAN 3 as a multicast packet and the destination IPv6 address of the NS packet is CSG2's IPv6 address. The corresponding ND entries are generated after the NA packet sent by CSG2 is received.
      • If inter-VLAN proxy ND is not enabled, no action is required.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled on the interface.

  4. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

    A global unicast address is configured for the interface.

  5. Run ipv6 nd proxy inter-access-vlan enable

    Inter-VLAN proxy ND is enabled.

    • The IPv6 address of the interface enabled with proxy ND must be on the same network segment as the IPv6 address of the host connected to the interface.

    • Proxy ND cannot be enabled on an interface configured with a CGA address. Otherwise, the replied NA packets that carry the CGA/RSA option may be discarded.

    • Multiple types of proxy ND can be configured in the interface view. The priorities of these proxy ND types are as follows in descending order: any proxy ND > intra-VLAN proxy ND/ inter-VLAN proxy ND/local proxy ND > routed proxy ND.

    • Inter-VLAN proxy ND is not supported for the devices that do not support configuration of VLAN segments.

    • Proxy ND is not supported for the following types of packets:
      • NS packets with a link-local address as the target address
      • DAD NS packets with the source address of all 0s
      • NS packets with the target address and interface address on different network segments
      • NS packets with the IP address of the local host as the target address.

  6. Run commit

    The configuration is committed.

Configuring Local Proxy ND

Local proxy ND can be deployed if two hosts on the same network segment and in the same BD want to communicate with each other but the BD is configured with split horizon.

Context

Local proxy ND can be deployed if two hosts on the same network segment and in the same BD want to communicate with each other but the BD is configured with split horizon.

On the network shown in Figure 13-7, Host A and Host B are connected to Device. The interfaces connecting Host A and Host B belong to the same BD as Device. Because split horizon is configured on Device for the BD, Host A and Host B cannot communicate with each other at Layer 2.
Figure 13-7 Typical networking of local proxy ND

To address this problem, enable local proxy ND on Device's interface 1.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface vbdif bd-id

    The VBDIF interface view is displayed.

  3. Run ipv6 enable

    IPv6 is enabled on the interface.

  4. Run ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

    A global unicast address is configured for the interface.

  5. Run ipv6 nd proxy local enable

    Local proxy ND is enabled.

    • After local proxy ND is enabled, all users in the BD can communicate with each other.

    • The IPv6 address of the interface enabled with proxy ND must be on the same network segment as the IPv6 address of the host connected to the interface.

    • Proxy ND cannot be enabled on an interface configured with a CGA address. Otherwise, the replied NA packets that carry the CGA/RSA option may be discarded.

    • Multiple types of proxy ND can be configured in the interface view. The priorities of these proxy ND types are as follows in descending order: any proxy ND > intra-VLAN proxy ND/inter-VLAN proxy ND/local proxy ND > routed proxy ND.

    • Proxy ND is not supported for the following types of packets:
      • NS packets with a link-local address as the target address
      • DAD NS packets with the source address of all 0s
      • NS packets with the target address and interface address on different network segments
      • NS packets with the IP address of the local host as the target address.

  6. Run commit

    The configuration is committed.

Translation
简体中文
Download
Updated: 2020-02-07

Document ID: EDOC1100125470

Views: 6315

Downloads: 4

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Enterprise APP

Copyright © 2021 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :