No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
NE40E-M2H and M2K V800R011C10 Configuration Guide - IP Services 02
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring IPv6 Neighbor Discovery

Configuring IPv6 Neighbor Discovery

IPv6 neighbor discovery (ND) uses a group of messages and processes that identify relationships between neighboring nodes. IPv6 ND contains the same functions of ARP and ICMP router discovery, as well as the additional neighbor reachability detection function.

Pre-configuration Tasks

Before configuring IPv6 neighbor discovery, complete the following tasks:

  • Connect interfaces and configure physical parameters for the interfaces to ensure that the physical status of the interfaces is Up.

  • Configure link layer protocol parameters for the interfaces to ensure that the link layer protocol status of the interfaces is Up.

  • Enable IPv6 in the interface view.

  • Configure IPv6 addresses for interfaces.

Configuring Static Neighbors

You can obtain the mappings between IPv6 addresses and MAC addresses of neighbors after configuring static neighbors. Neighbor entries represent the mappings between IPv6 addresses and MAC addresses of neighbors. If a device is not enabled to send ND protocol packets, it cannot obtain neighbor entries. In this case, you can configure static neighbors on the device to obtain neighbor entries.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run any of the following commands:

    • To configure a static neighbor on a common Layer 3 interface, run the ipv6 neighbor ipv6-address mac-address command.

    • To configure a static neighbor on a VLANIF interface, run the ipv6 neighbor ipv6-address mac-address vid vlan-id interface-type interface-number command.

    • To configure a static neighbor on a sub-interface for QinQ VLAN tag termination or dot1q VLAN tag termination, run the ipv6 neighbor ipv6-address mac-address vid vid[ cevid cevid ] command.

    After the function of sending ND protocol packets is enabled on a device, a common interface like a GE interface either automatically sends multicast NS packets to learn ND entries actively or respond to NS packets to learn ND entries passively. However, a sub-interface for QinQ VLAN tag termination or dot1q VLAN tag termination cannot send multicast NS packets but discards the multicast NS packets instead. Therefore, to enable a sub-interface for QinQ VLAN tag termination or dot1q VLAN tag termination to send multicast NS packets, run the ipv6 nd ns multicast-enable command on the sub-interface for QinQ VLAN tag termination or dot1q VLAN tag termination. This configuration enables the sub-interface for QinQ VLAN tag termination or dot1q VLAN tag termination to learn ND entries.

  4. Run commit

    The configuration is committed.

(Optional) Setting the Aging Time for Neighbor Entries in the Stale State

You can set a shorter aging time for neighbor entries in the Stale state to speed up the aging of neighbor entries.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 nd stale-timeout seconds

    The aging time is set for the neighbor entries in the Stale state.

  3. Run interface interface-type interface-number

    The interface view is displayed.

  4. Run ipv6 nd stale-timeout seconds

    The aging time is set for neighbor entries in the Stale state on the interface.

  5. Run commit

    The configuration is committed.

(Optional) Setting the Neighbor Reachability Detection Interval

A device can send NS messages to detect whether its neighbors are reachable. Therefore, you can set the NS message transmission interval to control the neighbor reachability detection frequency. Frequent NS message transmissions help rapidly determine whether neighbors are reachable, but also affect system performance. Therefore, it is recommended that the interval not be set too short.

Procedure

  1. Run system-view

    The system view is displayed.

  2. (Optional) Run ipv6 nd pre-detect

    The neighbor reachability detection interval is set.

  3. (Optional) Run ipv6 nd auto-detect enable

    The neighbor reachability detection interval is set.

  4. Run interface interface-type interface-number

    The interface view is displayed.

  5. Run ipv6 nd ns retrans-timer interval

    The neighbor reachability detection interval is set.

  6. Run commit

    The configuration is committed.

(Optional) Configuring the Maximum Number of Dynamic Neighbor Entries

Configuring the maximum number of dynamic neighbor entries defends against RA flooding attacks.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 nd neighbor-limit max-number

    The maximum number of dynamic neighbor entries allowed by an interface is configured.

  4. Run commit

    The configuration is committed.

(Optional) Configuring Strict Prefix Learning for Dynamic Neighbor Entries

You can configure the strict prefix learning function for dynamic neighbor entries to determine whether an interface learns valid NS messages carrying different network prefixes.

Context

When a device receives a valid NS message on an interface, the device checks whether IPv6 addresses with the same network prefix exist on the interface. If so, the device replies with an NA message and generates dynamic neighbor entries. If not, the device performs the following operations:
  • If the strict prefix learning function for dynamic neighbor entries is enabled on the interface, the device simply discards the NS message and does not generate dynamic neighbor entries.
  • If the strict prefix learning function for dynamic neighbor entries is disabled on the interface, the device replies with an NA message and generates dynamic neighbor entries.

In the system view, the strict prefix learning function works on all device interfaces. In the interface view, the strict prefix learning function works only for the specified interface. The configuration of this function in the interface view has a higher priority than that in the system view.

By default, an interface is not enabled with the strict prefix learning function for dynamic neighbor entries. The interface behavior is consistent with the configuration in the system view.

Perform the following operations as required:

Procedure

  • To disable the strict prefix learning function for dynamic neighbor entries on interfaces in batches, perform the following operations:
    1. Run system-view

      The system view is displayed.

    2. Run ipv6 nd learning prefix strict disable

      The strict prefix learning function for dynamic neighbor entries is disabled on all interfaces.

      The interfaces (such as the Dot1q termination sub-interface, QinQ termination sub-interface, VLANIF interface, and VBDIF interface) that need to generate host routes do not support disabling of the strict prefix learning function for dynamic neighbor entries. The configuration in the system view does not take effect for such interfaces.

    3. Run interface interface-type interface-number

      The interface view is displayed.

    4. Run ipv6 nd learning prefix strict enable

      The strict prefix learning function for dynamic neighbor entries is enabled.

    5. Run commit

      The configuration is committed.

  • To enable the strict prefix learning function for dynamic neighbor entries on interfaces in batches, perform the following operations:
    1. Run system-view

      The system view is displayed.

    2. Run undo ipv6 nd learning prefix strict disable

      The strict prefix learning function for dynamic neighbor entries is enabled on all interfaces.

    3. Run interface interface-type interface-number

      The interface view is displayed.

    4. Run ipv6 nd learning prefix strict disable

      The strict prefix learning function for dynamic neighbor entries is disabled.

    5. Run commit

      The configuration is committed.

(Optional) Configuring Probe Parameters for ND Entries in the PROBE State

This section describes how to configure probe parameters for ND entries in the PROBE state to enhance probe reliability.

Context

If an ND entry is in the PROBE state, the neighbor is no longer known to be reachable. The device sends unicast NS messages to detect the validity of the ND entry. If a response is received from the neighbor, the ND entry enters the REACH state, indicating that the neighbor is known to have been reachable. If no response is received from the neighbor, the ND entry is deleted.

You are advised to set probe parameters to larger values for ND entries in the PROBE state in the following situations:
  • The link reliability on the network is poor, and packet loss may occur during packet transmission.
  • The peer device is busy processing services and cannot process NS messages in time.

This prevents ND entries from being mistakenly deleted, hence negatively affecting packet forwarding efficiency if no response is received from the neighbor within the specified period (calculated as Default number of probe retransmissions x Default interval of probe retransmissions).

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 nd nud attempts attempts

    The number of probe retransmissions for ND entries in the PROBE state is set.

  4. Run ipv6 nd nud interval interval

    The probe interval for ND entries in the PROBE state is set.

  5. Run commit

    The configuration is committed.

(Optional) Configuring Generation of Neighbor Entries Upon Receipt of NA Packets

The generation of neighbor entries upon receipt of NA packets enhances network reliability.

Context

By default, a device perform the following operations upon receipt of legitimate NS/NA packets:
  • When an interface where neighbor entries exist receives legitimate NS packets, the values of neighbor entries are updated. When an interface where neighbor entries do not exist receives legitimate NS packets, neighbor entries are generated on the interface.
  • When an interface where neighbor entries exist receives legitimate NA packets, the values of neighbor entries are updated. When an interface where neighbor entries do not exist receives legitimate NA packets, the NA packets are simply discarded.

When an interface has no neighbor entries configured, to avoid the device from simply discarding legitimate NA packets and prevent packet loss, configure the interface to generate neighbor entries upon receipt of NA packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run interface interface-type interface-number

    The interface view is displayed.

  3. Run ipv6 nd na glean

    The interface is configured to generate neighbor entries upon receipt of legitimate NA packets when neighbor entries do not exist on the interface.

  4. Run commit

    The configuration is committed.

(Optional) Configuring Rate Limit of Sending NS Messages for Address Resolution or Probing

This section describes how to configure rate limit of sending NS messages for address resolution or probing in order to enhance network reliability.

Context

If the peer device is limited by the capability of receiving NS messages or the local device is limited by the capability of processing NA response messages, run the ipv6 nd ns send rate-limit command to configure the rate limit of sending NS messages for address resolution or parsing. This prevents a failure to learn ND entries or incorrect deletion of ND entries due to discarding of NA packets.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 nd ns send rate-limit rate-limit

    The rate limit for sending NS messages of address resolution or probing is configured.

  3. Run commit

    The configuration is committed.

(Optional) Setting a Limit on the Rate at Which NA Messages Are Sent

To improve network reliability, set a limit on the rate at which NA messages are sent.

Context

If the remote device has a limited capability of receiving NA messages or the local device has a limited capability of processing neighbor solicitation (NS) messages, run the ipv6 nd na send rate-limit command on the local device to set a limit on the rate at which NA messages are sent. This prevents a failure to learn ND entries or incorrect deletion of ND entries caused by NA message discarding.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 nd na send rate-limit rate-limit

    A limit on the rate at which NA messages are sent is set.

  3. Run commit

    The configuration is committed.

(Optional) Setting a Limit on the Rate at Which RA Messages Are Sent

To improve network reliability, set a limit on the rate at which RA messages are sent.

Context

If the remote device has a limited capability of receiving RA messages or the local device has a limited capability of processing router solicitation (RS) messages, run the ipv6 nd ra send rate-limit command on the local device to set a limit on the rate at which RA messages are sent. This prevents a host from failing to update the default routing information.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 nd ra send rate-limit rate-limit

    A limit on the rate at which RA messages are sent is set.

  3. Run commit

    The configuration is committed.

(Optional) Setting a Limit on the Rate at Which RS Messages Are Sent

To improve network reliability, set a limit on the rate at which RS messages are sent.

Context

If the remote device has a limited capability of receiving RS messages, run the ipv6 nd rs send rate-limit command on the local device to set a limit on the rate at which RS messages are sent. This prevents the remote device from discarding RS messages due to its limited processing capability.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 nd rs send rate-limit rate-limit

    A limit on the rate at which RS messages are sent is set.

  3. Run commit

    The configuration is committed.

(Optional) Configuring Manually Triggered Dual-Device ND Hot Backup

Dual-device ND hot backup can be enabled to achieve backup of ND entries between devices. This allows fast service switching in case of a network node or link failure, enhancing service reliability.

Prerequisites

Before configuring manually triggered dual-device ND hot backup, ensure that the same ND configuration has been performed on both the master and backup devices. Otherwise, downstream traffic may be interrupted after a master/backup switchover.

Background

As shown in Figure 13-1, a user device is connected to Device A and Device B over a switch. A VRRP6 backup group is configured between Device A and Device B to establish the master/backup relationship, with Device A as the master device and Device B as the backup device.

In normal circumstances, Device A forwards both upstream and downstream traffic. If Device A or the link between Device A and the switch fails, a master/backup VRRP6 switchover is triggered and Device B becomes the master device. Then, Device B needs to advertise network segment routes to devices on the network side so that downstream traffic is directed from the network side to Device B. If Device B has not learned ND entries from user-side devices, the downstream traffic is interrupted. Device B can properly forward downstream traffic only after it learns ND entries from user-side devices.

If ND entries are not synchronized from Device A to Device B and a master/backup switchover occurs, downstream traffic may be interrupted because Device B does not learn ND entries from users-side devices in time. To address this problem, deploy dual-device ND hot backup on Device A and Device B.

Figure 13-1 Networking of dual-device ND hot backup

Perform the following steps on the devices that back up ND entries from each other:

Procedure

  1. Configure basic VRRP6 backup group functions.
    1. Run: system-view

      The system view is displayed.

    2. Run: interface interface-type interface-number [.subinterface-number ]

      The interface view for a VRRP6 backup group is displayed.

    3. Run: vrrp6 vrid virtual-router-id virtual-ip virtual-address

      A VRRP6 backup group is created and assigned a virtual IPv6 address.

    4. Run: vrrp6 vrid virtual-router-id preempt-mode timer delay delay-time

      A preemption delay is set for devices in the VRRP6 backup group.

      Set the preemption delay value to 0 on the backup device to allow it to become a master device immediately after its priority changes; set the preemption delay to a non-0 value on the master device so that it can preempt the Master state after a specified delay if a master/backup VRRP6 switchover is performed.

    5. Run: vrrp6 vrid virtual-router-id priority priority-value

      A priority is configured for the VRRP6 backup group.

    6. (Optional) Run: vrrp6 vrid virtual-router-id timer advertise advertise-interval

      The interval for sending VRRP6 Advertisement packets is configured.

      The interval for sending VRRP6 Advertisement packets cannot be less than the time required for a master/backup switchover. Otherwise, VRRP intermittently goes Down. You are advised to set the interval for sending VRRP6 Advertisement packets to more than 1 second.

    7. Run: commit

      The configuration is committed.

    8. Run: quit

      Exit the interface view.

  2. Configure an RBS.
    1. Run: remote-backup-service service-name

      An RBS is created, and the RBS view is displayed.

    2. (Optional) Run: batch-backup service-type nd now

      The user service configured for the RBS is backed up instantly.

    3. Run: commit

      The configuration is committed.

    4. Run: quit

      Exit the RBS view.

  3. Configure an RBP.
    1. Run: remote-backup-profile profile-name

      An RBP is created, and the RBP view is displayed.

    2. Run: peer-backup hot

      A backup mode is configured for user information backup between devices.

    3. Run: vrrp6-id vrid interface interface-type interface-number

      The RBP is bound to the VRRP6 backup group.

      The vrid parameter specifies the ID of a VRRP6 backup group. The ID must be the same as the VRRP6 backup group's ID that was configured using the vrrp6 vrid virtual-router-id [ virtual-ip virtual-address ] command in the interface view.

    4. Run: backup-id backup-id remote-backup-service service-name

      A backup ID is set for the RBP, and the RBP is associated with the RBS.

      The backup-id parameter specifies a backup ID for the RBP. You can use a backup ID and an RBS to determine an RBP. The backup IDs configured for the same RBP must be the same on the master and backup devices and can no longer be configured for other RBPs.

    5. Run: commit

      The configuration is committed.

    6. Run: quit

      Exit the RBP view.

  4. Enable the remote backup function for ND.
    1. Run: remote-backup-profile profile-name

      The RBP view is displayed.

    2. Run: service-type nd

      The remote backup function for ND is enabled.

    3. Run: commit

      The configuration is committed.

    4. Run: quit

      Exit the RBP view.

  5. Bind the RBP to an interface.
    1. Run: interface interface-type interface-number [.subinterface-number ]

      The interface view for the VRRP6 backup group is displayed.

    2. Run: remote-backup-profile profile-name

      The interface is bound to the RBP.

      The name of the RBP to be bound to an interface must be the same as the name of the RBP created using the remote-backup-profile command in the system view.

    3. Run: commit

      The configuration is committed.

(Optional) Configuring MAC Address Check for ND

Context

To enable the system to proactively detect source MAC address consistency to improve network reliability, run the ipv6 nd mac-check enable command to enable MAC address check for ND so that MAC address consistency is performed on four different types of ICMPv6 packets.

  • NS: The system checks whether the source MAC address is the same as the MAC address in the SLLA. If not, the NS message is discarded.

  • NA: The system checks whether the source MAC address is the same as the MAC address in the TLLA. If not, the NA message is discarded.

  • RS: The system checks whether the source MAC address is the same as the MAC address in the SLLA. If not, the RS message is discarded.

  • RA: The system checks whether the source MAC address is the same as the MAC address in the SLLA. If not, the RA message is discarded.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ipv6 nd mac-check enable

    MAC address check for ND is enabled.

  3. Run commit

    The configuration is committed.

Verifying the Configuration of IPv6 Neighbor Discovery

After configuring IPv6 neighbor discovery, verify the configuration.

Prerequisites

IPv6 neighbor discovery has been configured.

Procedure

  • Run the display ipv6 neighbors [ interface-type interface-number | ipv6-address | vid vlan-id interface-type interface-number | vpn-instance vpn-instance-name ] command to check IPv6 neighbor entries.
  • Run the display ipv6 interface [ interface-type interface-number | brief ] command to check IPv6 configurations on an interface.
  • Run the display ipv6 nd packet statistics [ slot slot-id | interface interface-type interface-number ] command display statistics about ND messages.
Translation
简体中文
Download
Updated: 2020-02-11

Document ID: EDOC1100126119

Views: 41730

Downloads: 99

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Huawei e+ App Huawei e+

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :