Brocade FastIron Ethernet Switch Layer 3 Routing Configura Manuel d'utilisateur

53-1003087-0430 July 2014FastIron Ethernet SwitchLayer 3 RoutingConfiguration GuideSupporting FastIron Software Release 08.0.10d

Customizing BGP4 Multipath load sharing... 414Specifying a list of networks to advertise...

• The DHCP option 067 bootfile name will be used for configuration download if it does not have theextension .bin .• If the DHCP option 067 bootfile n

Step 1. Validate the IP address and lease negotiation1. At boot-up, the device automatically checks its configuration for an IP address.2. If the devi

TFTP server IP address (option 150), if it is available. If the TFTP server IP address is not available,the DHCP client requests the TFTP file from th

• 006 - domain name server• 012 - hostname (optional)• 066 - TFTP server name (only used for Client-Based Auto Configuration)• 067 - bootfile name• 15

The following example shows output from the show ip address command for a Layer 2 device.device(config)# show ip address IP Address Type L

2d01h48m21s:I: DHCPC: Found static IP Address 10.1.1.1 subnet mask 255.255.255.0 on port 0/1/52d01h48m21s:I: DHCPC: Client service found no DHCP serve

address belongs. Refer to "Designated VLAN for Telnet management sessions to a Layer 2 Switch"section in the FastIron Ethernet Switch Securi

To ABORT Trace Route, Please use stop-traceroute command. Traced route to target IP node 10.157.22.80: IP Address Round Trip Time1 Round

To modify the TTL threshold to 25, enter the following commands.device(config)# ip ttl 25device(config)# exitSyntax: ip ttlttl-thresholdDHCP Assist co

In the example figure, a host from each of the four subnets supported on a Layer 2 switch requests anIP address from the DHCP server. These requests a

Setting an administrative distance for a static BGP4 network...473Limiting advertisement of a static BGP4 network to selectedneighbors...

NOTEWhen DHCP Assist is enabled on any port, Layer 2 broadcast packets are forwarded by the CPU.Unknown unicast and multicast packets are still forwar

NOTEWhen DHCP Assist is enabled on any port, Layer 2 broadcast packets are forwarded by the CPU.Unknown unicast and multicast packets are still forwar

IPv4 GRE tunnel overviewGeneric Routing Encapsulation is described in RFC 2784. Generally, GRE provides a way toencapsulate arbitrary packets (payload

FIGURE 15 GRE header formatThe GRE header has the following fields:• Checksum - 1 bit. This field is assumed to be zero in this version. If set to 1,

• On FCX devices, only eight different MTU values can be configured over the whole system. Whenthe SX-FI48GPP module is installed in the FastIron SX d

Support for IPv4 multicast routing over GRE tunnelsPIM-DM and PIM-SM Layer 3 multicast protocols and multicast data traffic are supported over GREtunn

For FastIron SX devices only, traffic coming from a tunnel can be filtered by an ACL both before andafter the tunnel is terminated and also redirected

Configuration considerations for tunnel loopback portsNOTEThe configuration considerations for tunnel loopback ports are only required for Generation

Configuration tasks for GRE tunnelsTABLE 17 Configuration tasks Default behaviorRequired tasksCreate a tunnel interface. Not assignedConfigure the s

Creating a tunnel interfaceTo create a tunnel interface, enter the following command at the Global CONFIG level of the CLI.device(config)# interface t

Displaying BGP4+ route information...547Displaying BGP4+ route-attribute entries...

Syntax: [no] tunnel source { ip-address | ethernet portnum | venumber | loopback number }The ip-address variable is the source IP address being config

Syntax: [no] tunnel mode gre ip• gre specifies that the tunnel will use GRE encapsulation (IP protocol 47).• ip specifies that the tunneling protocol

Applying an ACL or PBR to a tunnel interface on the SX-FI48GPP interface moduleTo apply an ACL or PBR policy to a tunnel interface on the SX-FI48GPP i

You can set an MTU value for packets entering the tunnel. Packets that exceed either the default MTUvalue of 1476/9192 bytes (for jumbo case) or the v

does not have the ability to bring down the line protocol of either tunnel endpoint, if the far endbecomes unreachable. Traffic sent on the tunnel can

Syntax: [no] tunnel path-mtu-discovery disableChanging the age timer for PMTUDBy default, when PMTUD is enabled on a tunnel interface, the path MTU is

Enabling PIM-SM on a GRE tunnelTo enable PIM-SM on a GRE tunnel interface, enter commands such as the following:device(config)# interface tunnel 10dev

Configuring point-to-point GRE tunnel for FastIron Adevice (config)# interface ethernet 3/1device (config-if-e1000-3/1)# ip address 10.0.8.108/24devic

Total number of IP routes: 3, avail: 79996 (out of max 80000)B:BGP D:Connected R:RIP S:Static O:OSPF *:Candidate default Destination Net

show interface tunnel output descriptions (Continued)TABLE 18 Field DefinitionMTU The configured path maximum transmission unit.encapsulation GRE GR

VRRP-E Extension for Server Virtualization... 614Suppressing default interface-level RA messages on an interfaceconf

show ip tunnel traffic output descriptions TABLE 19 Field DescriptionTunnel Status Indicates whether the tunnel is up or down. Possible values are:•

Total number of neighbors: 1 on 1 portsPort Phy_p Neighbor Holdtime Age UpTimetn1 tn1:e2 10.1.1.20 180 60 1740Sy

To reset a dynamically-configured MTU on a tunnel Interface back to the configured value, enter acommand such as the following.device(config)#clear ip

Displaying global IP configuration informationTo display IP configuration information, enter the following command at any CLI level.device# show ipGlo

CLI display of global IP configuration information - Layer 3 switch (Continued)TABLE 20 Field DescriptionSubnet Mask The network mask for the IP add

Displaying IP interface informationTo display IP interface information, enter the following command at any CLI level.device# show ip interface Interfa

ICMP redirect: enabledproxy-arp: disabledip arp-age: 10 minutesNo Helper Addresses are configured.No inbound ip access-list is setNo outgoing ip acce

NOTEThe ip-mask parameter and mask parameter perform different operations. The ip-mask parameterspecifies the network mask for a specific IP address,

CLI display of ARP cache (Continued)TABLE 22 Field DescriptionPort The port on which the entry was learned.NOTEIf the ARP entry type is DHCP, the po

The num parameter lets you display the table beginning with a specific entry number.CLI display of static ARP table TABLE 23 Field DescriptionStatic

Step 3: Start OSPF process for each VRF...660Step 4: Assign VRFs to each ve interfaces, and configure IPaddress and

CLI display of IP forwarding cache - Layer 3 switch (Continued)TABLE 24 Field DescriptionMAC The MAC address of the destination.NOTEIf the entry is

Syntax: show ip route [ ip-addr [ip-mask ] [longer ] [none-bgp ] ] {num | bgp | direct | ospf | rip |static }The ip-addr parameter displays the route

This example shows all the routes for networks beginning with 10.159. The mask value and longerparameter specify the range of network addresses to be

Clearing IP routesIf needed, you can clear the entire route table or specific individual routes.To clear all routes from the IP route table, enter the

CLI display of IP traffic statistics - Layer 3 switch (Continued)TABLE 26 Field Descriptionfiltered The total number of IP packets filtered by the d

CLI display of IP traffic statistics - Layer 3 switch (Continued)TABLE 26 Field Descriptionirdp advertisement The number of ICMP Router Discovery Pr

CLI display of IP traffic statistics - Layer 3 switch (Continued)TABLE 26 Field Descriptionresponses sent The number of responses this device has se

CLI display of global IP configuration information - Layer 2 switchTABLE 27 Field DescriptionIP configurationSwitch IP address The management IP add

CLI display of ARP cache (Continued)TABLE 28 Syntax: show arpFieldDescriptionMac The MAC address of the device.NOTEIf the MAC address is all zeros,

CLI display of IP traffic statistics - Layer 2 switchTABLE 29 Field DescriptionIP statisticsreceived The total number of IP packets received by the

Preface● Document conventions...15● Brocade resources

CLI display of IP traffic statistics - Layer 2 switch (Continued)TABLE 29 Field Descriptiontimestamp reply The number of Timestamp Reply messages se

CLI display of IP traffic statistics - Layer 2 switch (Continued)TABLE 29 Field Descriptioninput errors This information is used by Brocade customer

NOTEThis command only functions on the IPv4 platform.IP Configuration152 FastIron Ethernet Switch Layer 3 Routing Configuration Guide53-1003087-04

Layer 3 Routing Protocols● Supported Layer 3 routing protocols features... 153● Adding a s

Adding a static IP routeTo configure an IP static route with a destination address of 192.0.0.0 255.0.0.0 and a next-hop routerIP address of 195.1.1.1

NOTEIf you specify 16, RIP considers the metric to be infinite and thus also considers the route to beunreachable.The tag num parameter specifies the

The distancenum parameter configures the administrative distance for the route. You can specify avalue from 1 - 255. The default is 1. The value 255 m

Use the following command to configure static route resolve by default route.device(config)# ip route next-hop-enable-defaultSyntax: [no] ip route nex

Layer 3 configuration notes• Changing the system parameters reconfigures the device memory. Whenever you reconfigure thememory on a Brocade device, yo

The following example shows output on a FastIron X Series with third generation modules.device#show default valuesys log buffers:50 mac age ti

Convention Descriptionvalue In Fibre Channel products, a fixed value provided as input to a commandoption is printed in plain text, for example, --sho

NOTEConsult your reseller or Brocade to understand the risks involved before disabling all Layer 2 switchingoperations.Configuration notes and feature

The following example shows the creation and deployment of a dynamic LAGthat is used for routing on a FastIron device with Layer 3 image.Brocade(confi

Configuring a Layer 3 Link Aggregration Group (LAG)162 FastIron Ethernet Switch Layer 3 Routing Configuration Guide53-1003087-04

IPv6 Configuration on FastIron X Series, FCX, and ICX SeriesSwitches● Supported IPv6 features on FastIron X Series, FCX, and ICX devices...

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750IPv6 debug 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10IPv6 ping 08.

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750DHCPv6 relay agent No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10DHCPv6 pre

FIGURE 17 IPv6 address formatAs shown in the above figure, HHHH is a 16-bit hexadecimal value, while H is a 4-bit hexadecimalvalue. The following is a

IPv6 address types TABLE 30 AddresstypeDescription Address structureUnicast An address for a singleinterface. A packet sent to aunicast address is d

IPv6 stateless auto-configurationBrocade routers use the IPv6 stateless autoconfiguration feature to enable a host on a local link toautomatically con

IPv6 CLI command support (Continued)TABLE 31 IPv6 command Description Switch code Router codeclear ipv6 route Deletes all dynamic entries in the IPv

Brocade resourcesVisit the Brocade website to locate related documentation for your product and additional Brocaderesources.You can download additiona

IPv6 CLI command support (Continued)TABLE 31 IPv6 command Description Switch code Router codeipv6 route Configures an IPv6 static route. Xipv6 route

IPv6 host address on a Layer 2 switchIn a Layer 3 (router) configuration, each port can be configured separately with an IPv6 address. This isaccompli

To override a link-local address that is automatically computed for the global interface with a manuallyconfigured address, enter a command such as th

IPv6 configuration on each router interfaceTo forward IPv6 traffic on a router interface, the interface must have an IPv6 address, or IPv6 must beexpl

You must specify the prefix-length parameter as a decimal value. A slash mark (/) must follow theipv6-prefix parameter and precede the prefix-length p

To override a link-local address that is automatically computed for an interface with a manuallyconfigured address, enter commands such as the followi

Syntax: ip address ip-address sub-net-mask [ secondary ]You must specify the ip-address parameter using 8-bit values in dotted decimal notation.You ca

Restricting SNMP access to an IPv6 nodeYou can restrict SNMP access to the device to the IPv6 host whose IP address you specify. To do so,enter a comm

To establish a Telnet connection to a remote host with the IPv6 address of 2001:DB8:3de2:c37::6,enter the following command.device#telnet 2001:DB8:3de

instead of the host name and its domain name. For example, you could enter either of the followingcommands to initiate the ping.device#ping ipv6 nyc01

• Brocade Supplemental Support augments your existing OEM support contract, providing directaccess to Brocade expertise. For more information, contact

• The timeout milliseconds parameter specifies how many milliseconds the router waits for a replyfrom the pinged device. You can specify a timeout fro

Location:Community(ro): ...Traps Warm/Cold start: Enable Link up: Enable Link down: Enable

NOTEIPv6 is disabled by default in the router code and must be configured on each interface that willsupport IPv6.IPv6 ICMP feature configurationAs wi

Enabling IPv6 ICMP redirect messagesYou can enable a Layer 3 switch to send an IPv6 ICMP redirect message to a neighboring host toinform it of a bette

‐ Prefixes advertised in router advertisement messages.‐ Flags for host stateful autoconfiguration.• Amount of time during which an IPv6 node consider

Each configured router interface on a link sends out a router advertisement message, which has a valueof 134 in the Type field of the ICMP packet head

• The number of consecutive neighbor solicitation messages that duplicate address detection sendson an interface. By default, duplicate address detect

Syntax: [no] ipv6 nd ra-interval number | min-range-value max-range-valueSyntax: [no] ipv6 nd ra-lifetime numberSyntax: ipv6 nd ra-hop-limit numbernum

For example, to advertise the prefix 2001:DB8:a487:7365::/64 in router advertisement messages sentout on Ethernet interface 3/1 with a valid lifetime

Enabling and disabling IPv6 router advertisementsIf IPv6 unicast routing is enabled on an Ethernet interface, by default, this interface sends IPv6 ro

About This Document● Supported Hardware... 19● Wha

Syntax: [no] ipv6 nd reachable-time secondsFor the seconds variable, specify a number from 0 through 3600 seconds. To restore the default time,use the

Syntax: [no] ipv6 mtu bytesFor bytes, specify a value between 1280 - 1500, or 1280 - 10218 if jumbo mode is enabled. For ICX6610 and ICX 6450 devices,

Limiting the number of hops an IPv6 packet can traverseBy default, the maximum number of hops an IPv6 packet can traverse is 64. You can change thisva

TCAM space allocation on FCX and ICX devices (except ICX 6450) (Continued)TABLE 32 Default Maximum MinimumGRE tunnels 16 64 16Allocating TCAM space

Clearing the IPv6 cacheYou can remove all entries from the IPv6 cache or specify an entry based on the following:• IPv6 prefix.• IPv6 address.• Interf

Clearing IPv6 routes from the IPv6 route tableYou can clear all IPv6 routes or only those routes associated with a particular IPv6 prefix from the IPv

4 2001:DB8:46a::1 LOCAL ethe 3/25 2001:DB8::2e0:52ff:fe99:9737

Ethernet 3/17 up/up 2017::c017:101/64Ethernet 3/19 up/up 2019::c019:101/64VE 4 down/downVE 14 up/up

Detailed IPv6 interface information fields TABLE 35 Field DescriptionInterface/line protocolstatusThe status of interface and line protocol. If you

The interface parameter restricts the display to the entries for the specified router interface. For thisparameter, you can specify the Ethernet or VE

© 2014, Brocade Communications Systems, Inc. All Rights Reserved.Brocade, the B-wing symbol, Brocade Assurance, ADX, AnyIO, DCX, Fabric OS, FastIron,

Summary of Enhancements in FastIron release 08.0.10dTABLE 1 Feature Description LocationDHCPv6 Relay Agent PrefixDelegation NotificationDHCPv6 Relay

tunnel 6 1/1C 2001:DB8:46a::/64 :: ethe 3/2 0/0C 2001:DB8::1/128

4 connected, 2 static, 0 RIP, 1 OSPF, 0 BGP Number of prefixes: /16: 1 /32: 1 /64: 3 /128: 2The following table lists the information displayed by

IPv6 local router information fields (Continued)TABLE 39 Field DescriptionLifetime The amount of time (in seconds) that the router is useful as the

General IPv6 TCP connection fields (Continued)TABLE 40 Field DescriptionTCP state The state of the TCP connection. Possible states include the follo

Receive: expected incoming sequence number = 740507227 Receive: received window = 16384 Receive: bytes in receive queue = 0 Receive: congestion w

Specific IPv6 TCP connection fields (Continued)TABLE 41 Field DescriptionReceive: expected incoming sequencenumber = numberThe incoming sequence num

Field Descriptionforwarded The total number of IPv6 packets received by the router and forwarded to other routers.delivered The total number of IPv6 p

Field DescriptionICMP6 statisticsSome ICMP statistics apply to both Received and Sent, some apply to Received only, some apply to Sent only,and some a

Field Descriptionerror The number of Error messages sent by the router.can not send error The number of times the node encountered errors in ICMP erro

Field Descriptionpassive opens The number of TCP connections opened by the router in response to connectionrequests (TCP SYNs) received from other dev

IP Configuration● Supported IP features... 21● Basic

Specify the ipv6-address as a destination address to which client messages are forwarded and whichenables DHCPv6 relay service on the interface. You c

DHCPv6 relay configured destination information (Continued)TABLE 42 Field DescriptionInterface The interface specified (ethernet, tunnel, or VE inte

DHCPv6 Relay Agent Prefix Delegation NotificationDHCPv6 Relay Agent Prefix Delegation Notification feature allows a DHCPv6 server to dynamicallydelega

• The PD notification fails when the DHCPv6 messages between a DHCPv6 server and a DHCPv6client containing the PD option are not relayed via the DHCPv

Syntax: [no] ipv6 dhcp-relay maximum-delegated-prefixes valueThe value parameter is used to limit the maximum number of prefixes that can be delegated

Output from the show ipv6 dhcp-relay delegated-prefixes command (Continued)TABLE 44 Field DescriptionClient The IPv6 address of the client.Interface

Output from the show ipv6 dhcp-relay options commandTABLE 46 Field DescriptionInterface The interface name.Interface-Id The interface ID option. Yes

Syntax: show ipv6 dhcp-relay interface interfacetypeThe interface type is interface type such as ethernet, POS, or VE and the specific port number.Tab

Syntax: clear ipv6 dhcp-relay statisticsIPv6 Configuration on FastIron X Series, FCX, and ICX Series Switches218 FastIron Ethernet Switch Layer 3 Rout

RIP● RIP feature support... 219● RIP Overview...

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750GRE tunnel counters enhancement No No 08.0.01 No 08.0.01 No 08.0.10Routing for

RIP routers, including the Brocade device, also can modify a route cost, generally by adding to it, tobias the selection of a route for a given destin

RIP global parameters (Continued)TABLE 49 Parameter Description DefaultRedistribution RIP can redistribute routes fromother routing protocols such a

RIP interface parametersRIP interface parameters TABLE 50 Parameter Description DefaultRIP state andversionThe state of the protocol and the version

To enable RIP globally, enter the router rip command.device(config)# router ripSyntax: [no] router ripAfter globally enabling the protocol, you must e

Syntax: [no] distance numberThe number variable specifies a range from 1 through 255.Configuring redistributionYou can configure the Brocade device to

If the route map contains set statements, routes that are permitted by the route map’s match statementsare modified according to the set statements.In

The no form of this command disables RIP redistribution. You can redistribute BGP4, OSPF, or staticroutes into RIP.Configuring route learning and adve

To configure a RIP neighbor filters, enter the neighbor command.device(config-rip-router)# neighbor 1 deny anyThis command configures the Brocade devi

Syntax: [no] poison-local-routesSuppressing RIP route advertisement on a VRRP or VRRPE backupinterfaceNOTEThis section applies only if you configure t

To apply a prefix list at the global level of RIP, enter commands such as the following.device(config-rip-router)# prefix-list list1 inSyntax: no pref

If you are configuring a Layer 2 switch, refer to Configuring the management IP address and specifyingthe default gateway on page 105 to add an IP add

The timeout-timer parameter sets the amount of time after which a route is considered unreachable.The possible value ranges from 9 - 65535. The defaul

CLI display of neighbor filter information (Continued)TABLE 51 Field. DefiinitionAction The action the Brocade device takes for RIP route packets to

ip ospf area 0 ip ospf priority 0 ip rip v2-only ip address 10.1.1.2/24 ipv6 address 2000::1/32 ipv6 enable!To display current running configuration

RIPng● RIPng feature support... 233● RIPng Overview...

NOTEBrocade IPv6 devices support up to 10,000 RIPng routes. ICX 6650 IPv6 devices support up to 2000RIPng routes.Configuring RIPngTo configure RIPng,

Configuring RIPng timersRIPng timersTABLE 52 Timer Description DefaultUpdate Amount of time (in seconds) between RIPng routing updates. 30 seconds.T

• Learning and advertising of RIPng default routes.• Advertising of IPv6 address summaries.• Metric of routes learned and advertised on a Brocade devi

Changing the metric of routes learned and advertised on an interfaceA device interface increases the metric of an incoming RIPng route it learns by an

device(config)# ipv6 router ripdevice(config-ripng-router)# distribute-list prefix-list routesfor2001 out To deny prefix lengths greater than 64 bits

Clearing RIPng routes from IPv6 route tableTo clear all RIPng routes from the RIPng route table and the IPv6 main route table and reset the routes,ent

Layer 3 switchesBrocade Layer 3 switches allow you to configure IP addresses on the following types of interfaces:• Ethernet ports• Virtual routing in

show ipv6 rip output descriptions (Continued)TABLE 53 Field DescriptionPeriodic updates/triggerupdatesThe number of periodic updates and triggered u

show ipv6 rip route output descriptions (Continued)TABLE 54 Field DescriptionInterface The interface name. If "null" appears, the interfac

Displaying RIPng routing table242 FastIron Ethernet Switch Layer 3 Routing Configuration Guide53-1003087-04

OSPFv2● OSPFv2 feature support... 243● OSPF overview...

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750Graceful restart No08.0.01 1008.0.01 1108.0.01 1208.0.01 08.0.01 08.0.10Gracefu

OSPF is built upon a hierarchy of network components. The highest level of the hierarchy is theAutonomous System (AS) . An autonomous system is define

FIGURE 19 OSPF operating in a networkOSPF point-to-point linksIn an OSPF point-to-point network, where a direct Layer 3 connection exists between a si

Designated routers in multi-access networksIn a network that has multiple routers attached, OSPF elects one router to serve as the designatedrouter (D

FIGURE 21 Backup designated router becomes designated routerIf two neighbors share the same priority, the router with the highest router ID is designa

OSPF RFC 1583 and 2328 complianceBrocade devices are configured, by default, to be compliant with the RFC 1583 OSPF V2 specification.Brocade devices c

IP packet flow through a Layer 3 switchFIGURE 1 IP Packet flow through a Brocade Layer 3 switch1. When the Layer 3 switch receives an IP packet, the L

FIGURE 22 AS external LSA reductionNotice that both Router D and Router E have a route to the other routing domain through Router F.OSPF eliminates th

‐ A second ASBR comes on-line‐ A second ASBR that is already on-line begins advertising an equivalent route to the samedestination.In either case abov

because the first network has 16 ones bits (255.255.0.0) whereas the second network has only 8ones bits (255.0.0.0).• ‐ For the less specific network,

The feature is useful for avoiding a loss of traffic during short periods when adjacency failures aredetected and traffic is rerouted. Using this feat

IETF RFC and internet draft supportThe implementation of OSPF Graceful Restart supports the following IETF RFC:• RFC 3623: Graceful OSPF RestartNOTEA

OSPF parametersYou can modify or set the following global and interface OSPF parameters.Global parametersThe global OSPF parameters are as follows:• M

Enable OSPF on the deviceWhen you enable OSPF on the device, the protocol is automatically activated. To enable OSPF on thedevice, use the following m

When an NSSA contains more than one ABR, OSPF elects one of the ABRs to perform the LSAtranslation for NSSA. OSPF elects the ABR with the highest rout

NSSAs are especially useful when you want to summarize Type-5 External LSAs (external routes)before forwarding them into an OSPF area. The OSPF specif

Syntax: [no] area { num | ip-addr nssa cost [ no-summary ] | default-information-originate }The num and ip-addr parameters specify the area number, wh

makes an entry in the session table or the forwarding cache, and sends the route to a queue on theoutgoing ports:• ‐ If the running-config contains an

The ip-mask parameter specifies the portions of the IP address that a route must contain to besummarized in the summary route. In the example above, a

Modifies the address range status to advertise and a Type 3 summary link-state advertisement (LSA)can be generated for this address range.device(confi

To assign interface 1/8 of Router A to area 10.5.0.0 and then save the changes, enter the followingcommands.RouterA(config)# interface e 1/8RouterA(co

default authentication-change interval is 300 seconds (5 minutes). You change the interval to a valuefrom 0 - 14400 seconds.• authentication-key strin

NOTEThis option affects all IP subnets configured on the interface. If you want to disable OSPF updatesonly on some of the IP subnets on the interface

To change the authentication-change interval, enter a command such as the following at the interfaceconfiguration level of the CLI.device(config-if-e1

The all-summary-external option directs the router to allow the following LSAs: Router, Network,Opq-Area-TE and Opq-Link-Graceful while it blocks all

FIGURE 24 Defining OSPF virtual links within a networkThe example shows an OSPF area border router, Device A, that is cut off from the backbone area (

Modify virtual link parametersOSPF has some parameters that you can modify for virtual links. Notice that these are the sameparameters as the ones you

md5-authentication keystringThe MD5 key is a number from 1 - 255 and identifies the MD5 key that is being used. Thisparameter is required to different

Here is an example of a static ARP entry. Index IP Address MAC Address Port 1 10.95.6.111 0000.003b.d210

• LAG group - The combined bandwidth of all the ports.• Virtual interface - The combined bandwidth of all the ports in the port-based VLAN that contai

ports that are currently active. The following example enables cost calculation for currently active ports.device(config-ospf-router)# auto-cost use-a

FIGURE 25 Redistributing OSPF and static routes to RIP routesYou also have the option of specifying import of just RIP, OSPF, BGP4, or static routes,

device(config-ospf-router)# redistribute staticdevice(config-ospf-router)# write memoryModify default metric for redistributionThe default metric is a

The match command in the route map matches on routes that have 5 for their metric value (cost). Theset command changes the metric in routes that match

Disable or re-enable load sharingBrocade devices can load share among up to eight equal-cost IP routes to a destination. By default, IPload sharing is

Configure external route summarizationWhen the device is an OSPF Autonomous System Boundary Router (ASBR), you can configure it toadvertise one extern

Router OSPF: EnabledNonstop Routing: DisabledGraceful Restart: DisabledGraceful Restart Helper: EnabledGraceful Restart Time: 120Graceful Restart Noti

If default route origination is enabled and you disable it, the default route originated by the device isflushed. Default routes generated by other OS

Supported match and set conditionsThe supported match and set conditions of a normal route-map configuration are as follows:Match ConditionsTABLE 55

• If the cache contains an entry with the destination IP address, the device uses the information in theentry to forward the packet out the ports list

Synchronization of critical OSPF elementsAll types of LSAs and the neighbor information are synchronized to the standby module using the NSRsynchroniz

Limitations• If a neighbor router is inactive for 30 seconds, and if the standby module takes over in another 10seconds, the neighbor router cannot be

Enabling and disabling NSRTo enable NSR for OSPF, enter the following commands:device(config)# router ospfdevice(config-ospf-router)# nonstop-routing

The following commands with any or all of the options will remove the options from the default-information-originate command if any of the options are

device still receives the routes and installs them in the OSPF database. The feature only prevents thesoftware from installing the denied OSPF routes

Syntax: [no] distribute-list { acl-name | acl-number } inThe distribute-list command is applied globally to all interfaces on the router where it is e

NOTEA Route Map used with the distribute-list command can use either the ip prefix-list command (asshown in the example) or an ACL to define the route

The default is type2.Modify administrative distanceThe device can learn about networks from various protocols, including Border Gateway Protocol versi

Configure OSPF group Link State Advertisement (LSA) pacingThe device paces LSA refreshes by delaying the refreshes for a specified time interval inste

• interface-authentication-failure-trap - [MIB object: ospfIfAuthFailure]• virtual-interface-authentication-failure-trap - [MIB object: ospfVirtIfAuth

IP multicast protocolsBrocade Layer 3 switches also support the following Internet Group Membership Protocol (IGMP) basedIP multicast protocols:• Prot

The log command has the following options:The all option causes all OSPF-related Syslog messages to be logged. If you later disable this optionwith th

On a non-broadcast interface, the routers at either end of this interface must configure non-broadcastinterface type and the neighbor IP address. Ther

Syntax: [no] graceful-restart restart-time secondsThe seconds variable sets the maximum restart wait time advertised to neighbors.Possible values are

Syntax: [no] graceful-restart helper-disableThis command disables OSPF Graceful Restart helper mode.The default behavior is to help the restarting nei

0xFFFFFFFF). The default value is 4294967295 (Hex: 0xFFFFFFFF). This parameter only applies tothe default instance of OSPF.ExamplesThe following examp

NOTEThe hold time values that you specify are rounded up to the next highest 100 ms value. For example,any value between 0 and 99 will be configured a

• ABR and ASBR information• Trap state information• OSPF Point-to-Point Links• OSPF Graceful Restart information• OSPF Router Advertisement informatio

show ip ospf config output descriptions (Continued)TABLE 57 Field DescriptionGraceful Restart Shows whether or not the graceful restart is enabled.G

show ip ospf config output descriptions (Continued)TABLE 57 Field DescriptionArea-ID Shows the area ID of the interface.Area-Type Shows the area typ

show ip ospf area output descriptions (Continued)TABLE 58 This field DisplaysSPFR The SPFR value.ABR The ABR number.ASBR The ABSR number.LSA The LSA

ContentsPreface...15Do

Basic IP parameters and defaults - Layer 3 SwitchesIP is enabled by default. The following IP-based protocols are all disabled by default:• Routing pr

show ip ospf neighbor output descriptions (Continued)TABLE 59 Field DescriptionState The state of the conversation between the device and the neighb

Displaying OSPF interface informationTo display OSPF interface information, enter the following command at any CLI level.device# show ip ospf interfac

show ip ospf interface output descriptions (Continued)TABLE 60 This field DisplaysState The state of the interface. Possible states include the foll

show ip ospf interface output descriptions (Continued)TABLE 60 This field DisplaysEvents OSPF Interface Event:• Interface_Up = 0x00• Wait_Timer = 0x

show ip ospf interface brief output descriptions (Continued)TABLE 61 This field DisplaysState The state of the conversation between the router and t

10.65.0.0 255.255.0.0 0 0 Inter Adv_Router Link_State Dest_Type State Tag Flags 10.1.1

show ip ospf routes output descriptions (Continued)TABLE 62 This field DisplaysTag The external route tag.Flags State information for the route entr

Done 6 0.0.0.200 Net 192.213.111.213 192.168.98.213 8000002d 1683 0x17bc Done Syntax: show ip ospf databaseshow ip ospf databaseoutput

The extensive option displays the LSAs in decrypted format.NOTEYou cannot use the extensive option in combination with other display options. The enti

show ip ospf database database-summary output descriptions (Continued)TABLE 65 This field DisplaysNetwork The number of network link state advertise

IP global parameters - Layer 3 Switches (Continued)TABLE 2 Parameter Description DefaultIP address andmask notationFormat for displaying an IP addre

The router-id ip-addr parameter shows the LSAs for the specified OSPF router.The sequence-number num parameter displays the LSA entries for the specif

show ip ospf border-routersoutput descriptions (Continued)TABLE 67 This field DisplaysRouter ID ID of the OSPF routerRouter type Type of OSPF router

show ip ospf interfaceoutput descriptions TABLE 68 This field DisplaysIP Address The IP address of the interface.OSPF state The OSPF state of the in

ver V2.2.1T143module 1 rx-bi-1g-24-port-fibermodule 2 rx-bi-10g-4-portmodule 6 rx-bi-10g-4-portmodule 7 rx-bi-1g-24-port-copper!!no spanning-tree!vlan

Displaying OSPF virtual neighborUse the show ip ospf virtual neighbor command to display OSPF virtual neighbor information.device# show ip ospf virtua

show ip ospf database grace-link-state output descriptionsTABLE 69 This field DisplaysArea The OSPF area that the interface configured for OSPF grac

The show ip ospf command displays LSAs that have been configured with a maximum metric.Clearing OSPF informationYou can use the clear ip ospf commands

OSPFv3● OSPFv3 feature support... 317● OSPFv3 overview...

OSPFv3 overviewOpen Shortest Path First (OSPF) is a link-state routing protocol. OSPF uses link-state advertisements(LSAs) to update neighboring route

Configuring OSPFv3To configure OSPFv3, you must perform the following steps.• Enable OSPFv3 globally.• Assign OSPF areas.• Assign device interfaces to

IP global parameters - Layer 3 Switches (Continued)TABLE 2 Parameter Description DefaultTime to Live (TTL) The maximum number of routers (hops) thro

Disabling OSPFv3 in a VRFTo disable OSPFv3 for a default Virtual Routing and Forwarding (VRF), enter a command such as thefollowing.device(config-ospf

When an NSSA contains more than one ABR, OSPFv3 elects one of the ABRs to perform the LSAtranslation for NSSA. OSPF elects the ABR with the highest ro

Assign a Not-So-Stubby Area (NSSA)The OSPF Not So Stubby Area (NSSA) feature enables you to configure OSPF areas that provide thebenefits of stub area

The following example deletes the NSSA area 100.device(config-ospf6-router)#no area 100Syntax: [no] area area-id nssa [[stub-metric] [default-informat

The ipv6-subnet-mask parameter specifies the portions of the IPv6 address that a route must containto be summarized in the summary route. In the examp

NOTEThis command does not work in incremental fashion. So both the optional parameters have to beconfigured each time. Otherwise it will take the defa

The point-to-point parameter specifies that the OSPF interface will support point-to-point networking.This is the default setting for tunnel interface

• Dead-interval: The number of seconds that a neighbor router waits for a hello packet from the devicebefore declaring the router is down. The range i

The interfaces that consist of more than one physical port is calculated as follows:• LAG group- The combined bandwidth of all the ports.• Virtual (Et

Configuring route redistribution into OSPFv3You can configure the device to redistribute routes from the following sources into OSPFv3:• IPv6 static r

IP global parameters - Layer 3 Switches (Continued)TABLE 2 Parameter Description DefaultStatic RARP entries An IP address you place in the RARP tabl

static IPv6 route to be redistributed into OSPF only if the route has a metric of 5, and changes themetric to 8 before placing the route into the OSPF

To restore the default metric to the default value, use the no form of this command.Modifying metric type for routes redistributed into OSPFv3The devi

To configure the summary address 2001:db8::/24 for routes redistributed into OSPFv3, enter thefollowing command.device(config-ospf6-router)# summary-a

To specify an IPv6 prefix list called filterOspfRoutes that denies route 2001:db8:2::/64, enter thefollowing commands.device(config)# ipv6 prefix-list

Configuring an OSPFv3 distribution list using a route map as inputThe following commands configure a route map that matches internal routes.device(con

Configuring default route originationWhen the Brocade device is an OSPFv3 Autonomous System Boundary Router (ASBR), you canconfigure it to automatical

the SPF delay to a value from 0 through 65535 seconds. If you set the SPF delay to 0 seconds, thesoftware immediately begins the SPF calculation after

• Intra-area routes• Inter-area routes• External routesThe default for all of these OSPFv3 route types is 110.NOTEThis feature does not influence the

Modifying exit overflow intervalIf a database overflow condition occurs on the Brocade device, the device eliminates the condition byremoving entries

• cost: Indicates the overhead required to send a packet across an interface. You can modify the costto differentiate between 100 Mbps and 1000 Mbps (

IP global parameters - Layer 3 Switches (Continued)TABLE 2 Parameter Description DefaultSource interface The IP address the router uses as the sourc

IPsec for OSPFv3This section describes the implementation of Internet Protocol Security (IPsec) for securing OSPFv3traffic.IPsec is available for OSPF

• ESP security protocol• Authentication• HMAC-SHA1-96 authentication algorithm• Security parameter index (SPI)• A 40-character key using hexadecimal c

If you configure IPsec for an area, all interfaces that utilize the area-wide IPsec (where interface-specific IPsec is not configured) nevertheless re

Syntax: [no] ipv6 ospf authentication ipsec key-add-remove-interval rangeThe no form of this command sets the key-add-remove-interval back to a defaul

The sha1 keyword specifies the HMAC-SHA1-96 authentication algorithm. This mandatory parametercan be only the sha1 keyword in the current release.Incl

If no-encrypt is not entered, then the key will be encrypted. This is the default. The system adds thefollowing in the configuration to indicate that

Disabling IPsec on an interfaceFor the purpose of troubleshooting, you can operationally disable IPsec on an interface by using theipv6 ospf authentic

Configuring OSPFv3 Graceful Restart Helper modeTo enable the graceful restart (GR) helper capability, use the graceful-restart helper command in theOS

Displaying OSPFv3 informationYou can display the information for the following OSPFv3 parameters:• Areas• Link state databases• Interfaces• Memory usa

Router: 1 Network: 0 Maximum of Hop count to nodes: 0Syntax: show ipv6 ospf area [area-id]You can specify the area-id parameter in the foll

IP interface parameters - Layer 3 switches (Continued)TABLE 3 Parameter Description DefaultICMP RouterDiscovery Protocol(IRDP)Locally overrides the

0.0.0.200 Rtr 0 192.168.98.213 800001c7 799 8402 56 Yes 0.0.0.200 Net 1156 192.168.98.111 80000004 823 b2d2 32

show ipv6 ospf database output descriptions (Continued)TABLE 72 This field DisplaysChksum A checksum for the LSA packet. The checksum is based on al

LSA Key - Rtr:Router Net:Network Inap:InterPrefix Inar:InterRouter Extn:ASExternal Grp:GroupMembership Typ7:Type7 Link:Link Iap:Intr

OSPFv3 detailed database information fields (Continued)TABLE 73 This field DisplaysMetric The cost of using this router interface for outbound traff

OSPFv3 detailed database information fields (Continued)TABLE 73 This field DisplaysOptions A 24-bit field that enables IPv6 OSPF routers to support

OSPFv3 detailed database information fields (Continued)TABLE 73 This field DisplaysPrefix Options An 8-bit field of capabilities that serve as input

show ipv6 interface output descriptions TABLE 74 Field DescriptionType Codes Shows the routing protocol enabled on the interface. The routing protoc

show ipv6 ospf interface brief output descriptions (Continued)TABLE 75 This field DisplaysStatus The status of the link and the protocol. Possible s

Outbound: None Inbound: None DR:192.168.98.111 BDR:192.168.98.213 Number of I/F scoped LSAs is

show ipv6 ospf interface output descriptions (Continued)TABLE 76 This field DisplaysInstance ID An identifier for an instance of OSPFv3.Router ID Th

NOTEBrocade Layer 2 switches also provide IP multicast forwarding, which is enabled by default. Forinformation about this feature, refer to chapter &q

show ipv6 ospf interface output descriptions (Continued)TABLE 76 This field DisplaysAdjacent NeighborCountThe number of neighbors with which the int

MTYPE_OSPF6_OTHER 0 0 0 0 MTYPE_THREAD_MASTER 84 1 1 0Syntax: show ipv6 ospf m

show ipv6 ospf neighbor output descriptions (Continued)TABLE 78 Field DescriptionState The state between the device and the neighbor. The state can

Number of LSAs in DbDesc retransmitting: 0 Number of LSAs in SummaryList: 0 Number of LSAs in RequestList: 0 Number o

show ipv6 ospf neighbor router-id output descriptions (Continued)TABLE 79 Field DescriptionDbDesc bit The Database Description packet, which include

Displaying routes redistributed into OSPFv3You can display all IPv6 routes or a specified IPv6 route that the device has redistributed into OSPFv3.To

Current Route count: 309 Intra: 304 Inter: 4 External: 1 (Type1 0/Type2 1) Equal-cost multi-path: 56 OSPF Type: IA- Intra, OA - Inter, E1 - E

OSPFv3 route information (Continued)TABLE 81 This field DisplaysE2 Cost The type 2 cost of this route.Tag The route tag for this route.Flags Flags a

child nodes: 192.168.98.61:5 192.168.98.190:1551 192.168.98.112:643 SPF node 192.168.98.61:5, cost: 2, hops: 2 nexthops to node: 5100::192:11

R 192.168.98.111 --V-B V6E---R- 1 fe80::768e:f8ff:fe3e:1800 ve 17 N 192.168.98.111[136] ----- V6E---R- 1 :: e 4/3/1N

IP global parameters - Layer 2 switches (Continued)TABLE 4 Parameter Description DefaultTime to Live (TTL) The maximum number of routers (hops) thro

For example, to display the SPF tree for area 0, enter the following command at any level of the CLI.device# show ipv6 ospf spf tree area 0 SPF tree

Displaying IPv6 OSPF virtual link informationTo display OSPFv3 virtual link information on a Brocade device, enter the show ipv6 ospf virtual-linkcomm

show ipv6 ospf virtual-neighbor output descriptionsTABLE 85 This field DisplaysIndex An index number associated with the virtual neighbor.Router ID

IPSEC Security Association Database(Entries:8)SPDID(vrf:if) Dir Encap SPI Destination AuthAlg EncryptAlg1:ALL in ESP 512

show ipsec policy output descriptions (Continued)TABLE 86 This field DisplaysDir The direction of traffic flow to which the IPsec policy is applied.

secAuthenticationErrors 0secReplayErrors: 0 ipsecPolicyErrors: 13secOtherReceiveErrors: 0 ipsecSendErrors: 0

show ipv6 ospf area output descriptions (Continued)TABLE 88 This field DisplaysCurrent Shows current SPI, authentication algorithm (currently ESP on

show ipv6 ospf interface output descriptions (Continued)TABLE 89 This field DisplaysKeyRolloverTime The number of seconds between each initiation of

Changing a keyIn this example, the key is changed. Note that the SPI value is changed from 300 to 310 to complywith the requirement that the SPI is ch

Area 1:Authentication: Not ConfiguredInterface attached to this area: eth 1/1Number of Area scoped LSAs is 6Sum of Area LSAs Checksum is 00046630Stati

Configuring IP parameters - Layer 3 switchesThe following sections describe how to configure IP parameters. Some parameters can be configuredglobally

Clearing OSPFv3 data in a VRFYou can use the clear ipv6 ospf vrf command to clear anything in a specific vrf as shown in thefollowing.device# clear ip

Clearing OSPF neighbors attached to a specified interfaceYou can use the clear ipv6 ospf neighbor interface command to delete and relearn the OSPFneig

Specify the interface options as shown in the following options.ethernet slot/port - clears OSPFv3 counters for OSPFv3 neighbors on the specified Ethe

Configuring BGP4 (IPv4)● Supported BGP4 features ... 383● BGP

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750BGP4 No No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10BGP4 Restart No 08.0.01 1408.

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750BGP4 AS4 Confederation ErrorCheckingNo 08.0.011408.0.01 08.0.01 08.0.01 08.0.01

communication. When you configure the device for BGP4, one of the configuration tasks you performis to identify the device’s BGP4 neighbors.Although a

4. Prefer the route that was originated locally (by this BGP4 device).5. If the local preferences are the same, prefer the path with the shortest AS-p

13.If the route is a BGP4 VRF instance, prefer the route with the smallest RD value.14.Prefer the route that comes from the lowest BGP4 neighbor addre

and the length of the network portion of the number. For example, an UPDATE message with theNLRI entry 10.215.129.0/18 indicates a route to IP network

The ospf-ignore and ospf-passive parameters modify the Layer 3 switch defaults for adjacencyformation and interface advertisement. Use one of these pa

NOTERIB-out peer grouping is not shared between different VRFs or address families.Implementation of BGP4BGP4 is described in RFC 1771 and the latest

NOTEBGP4 restart is supported in FSX 800, FSX 1600 devices with dual management modules, FCXswitches in a stack and ICX switches in a stack. If the sw

FIGURE 29 Management module switchover behavior for BGP4 peer notificationIf the active management module fails due to a fault, the management module

FIGURE 30 Example of customer connected to two ISPsIn the next example, ISP-A has purchased ISP-B. The AS associated with ISP-B changes to AS 100. IfC

1. Enable the BGP4 protocol.2. Set the local AS number.NOTEYou must specify the local AS number for BGP4 to become functional.3. Add each BGP4 neighbo

NOTETo disable BGP4 without losing the BGP4 configuration information, remove the local AS (for example,by entering the no local-as command). When you

NOTEWhen using the CLI, you set global level parameters at the BGP CONFIG level of the CLI. You canreach the BGP CONFIG level by entering the router b

Parameter changes that take effect after disabling and re-enablingredistributionThe following parameter change takes effect only after you disable and

Basic configuration tasks required for BGP4The following sections describe how to perform the configuration tasks that are required to use BGP4on the

Setting the local AS numberThe local autonomous system number (ASN) identifies the AS in which the Brocade BGP4 deviceresides.To set the local AS numb

Reverse Address Resolution Protocol configuration...79Configuring UDP broadcast and IP helper parameters...81B

The num parameter specifies the virtual interface number. You can specify from 1 to the maximumnumber of virtual interfaces supported on the device. T

Adding a loopback interfaceYou can configure the device to use a loopback interface instead of a specific port or virtual routinginterface to communic

The neighbor command has additional parameters, as shown in the following syntax:Syntax: no neighbor {ip-addr | peer-group-name} {[activate] [advertis

filters. The device applies the filters in the order in which you list them and stops applying the filters inthe distribute list when a match is found

maximum-prefix num specifies the maximum number of IP network prefixes (routes) that can belearned from the specified neighbor or peer group . You can

remove-private-as configures the device to remove private AS numbers from update messages thedevice sends to this neighbor. The device will remove AS

2 10.1.44.0/24 10.2.0.1 1 101 32768 BLS AS_PATH: In this example, the aggregate-address command configures an aggreg

When encryption of the authentication string is enabled, the string is encrypted in the CLI regardless ofthe access level you are using.When you save

By default, password is encrypted. If you want the password to be in clear text, insert a 0 betweenpassword and string.device(config-bgp)# neighbor 10

The ip-address parameter is the neighbor IP address. The following sub-parameters are available forthe ip-address parameter:[advertised routes} [flap-

explicitly configured for the neighbor. If you do not set a neighbor parameter in the peer group and theparameter also is not set for the individual n

Configuration limitations and feature limitations for IP Follow on a virtual routinginterface• When configuring IP Follow, the primary virtual routing

The peer-group-name parameter specifies the name of the group and can be up to 80 characters long.The name can contain special characters and internal

The software also contains an option to end the session with a BGP4 neighbor and clear the routeslearned from the neighbor. Unlike this clear option,

Changing the BGP4 next-hop update timerBy default, the device updates the BGP4 next-hop tables and affected BGP4 routes five seconds afterIGP route ch

• Enable IP load sharing if it is disabled.• Set the maximum number of BGP4 load sharing paths. The default maximum number is 1, whichmeans no BGP4 lo

Changing the maximum number of shared BGP4 pathsTo change the maximum number of BGP4 shared paths, enter commands such as the following.device(config)

To set the number of equal-cost multipath IBGP routes or paths that will be selected, enter commandssuch as the following.device(config)# router bgpde

To configure a route map, and use it to set or change route attributes for a network you define forBGP4 to advertise, enter commands such as the follo

Changing the default MED (Metric) used for route redistributionThe Brocade device can redistribute directly connected routes, static IP routes, RIP ro

Enabling recursive next-hop lookupsThe recursive next-hop lookups feature is disabled by default. To enable recursive next-hop lookups,enter the follo

3 10.40.0.0/24 10.1.0.2 0 100 0 BI AS_PATH: 65001 4355 701 1 1894 10.0.0.0/24 10.0.0.1 1

broadcast support because any packet that is transmitted by one host is always received by the otherhost at the receiving end. Therefore, directed bro

When selecting a route from among different sources (BGP4, OSPF, RIP, static routes, and so on),the software compares the routes on the basis of the a

group. If neither configuration exists, enforcement is simply that of the global configuration (which isdisabled by default).To enable this feature gl

This command disables comparison of the AS-Path lengths of otherwise equal paths. When youdisable AS-Path length comparison, the BGP4 algorithm shown

NOTEMED comparison is not performed for internal routes originated within the local AS or confederationunless the compare-med-empty-aspath command is

cluster must be in the same AS. The cluster ID can be any number from 1 - 4294967295, or an IPaddress. The default is the device ID expressed as a 32-

Support for RFC 4456Route reflection on Brocade devices is based on RFC 4456. This updated RFC helps eliminate routingloops that are possible in some

Disabling or re-enabling client-to-client route reflectionBy default, the clients of a route reflector are not required to be fully meshed. Routes fro

FIGURE 33 Example BGP4 confederationIn this example, four devices are configured into two sub-autonomous systems, each containing two ofthe devices. T

Commands for device AdeviceA(config)# router bgpdeviceA(config-bgp-router)# local-as 64512deviceA(config-bgp-router)# confederation identifier 10devic

Aggregating routes advertised to BGP4 neighborsBy default, the device advertises individual routes for all networks. The aggregation feature allows yo

Routers B and C are connected by a regular 24-bit subnet. Router C can either be a switch with manyhosts belonging to the 10.2.2.2/24 subnet connected

Configuring BGP4 Restart for a VRFUse the following command to enable the BGP4 Restart feature for a specified VRF.device(config)# router bgpdevice(co

BGP4 null0 routingBGP4 considers the null0 route in the routing table (for example, static route) as a valid route, and canuse the null0 route to reso

6. To configure a route-map perform the following step.• On device 1, (the device facing the Internet), configure a null0 route matching the next-hopa

The following configuration defines a null0 route to the specific next hop address. The next hop address10.199.1.1 points to the null0 route, which ge

The show ip route output for device 1 and device 2 shows "drop" under the Port column for thenetwork prefixes you configured with null0 rout

Redistributing connected routesTo configure BGP4 to redistribute directly connected routes, enter the following command.device(config-bgp-router)# red

NOTEIf you do not enter a value for the match parameter, (for example, you enter redistribute ospf only)then only internal OSPF routes will be redistr

FilteringThis section describes the following:• AS-path filtering• Route-map continue clauses for BGP4 routes• Defining and applying IP prefix lists•

The software interprets the entries in an AS-path list in numerical order, beginning with the lowestsequence number.The deny and permit parameters spe

BGP4 special characters for regular expressions (Continued)TABLE 91 Character Operation+ The plus sign matches on one or more sequences of a pattern

FIGURE 3 DNS resolution with one domain nameDefining DNS server addressesYou can configure the Brocade device to recognize up to four DNS servers. The

BGP4 special characters for regular expressions (Continued)TABLE 91 Character Operation| A vertical bar (sometimes called a pipe or a "logical

NOTEOnce you define a filter or ACL, the default action for communities that do not match a filter or ACL isdeny . To change the default action to per

These commands configure an IP prefix list named Routesfor20, which permits routes to network10.20.0.0/24. The neighbor command configures the device

To configure a distribute list that uses ACL 1, enter a command such as the following.device(config-bgp)# neighbor 10.10.10.1 distribute-list 1 inThis

• Prepend AS numbers to the front of the route AS-path. By adding AS numbers to the AS-path, youcan cause the route to be less preferred when compared

Specifying the match conditionsUse the following command to define the match conditions for instance 1 of the route map GET_ONE.This instance compares

The string parameter specifies an AS-path ACL and can be a number from 1 through 199. You canspecify up to five AS-path ACLs.Matching based on communi

device(config)# route-map bgp1 permit 1device(config-routemap bgp1)# match ip route-source 10The first command configures an IP ACL that matches on ro

The match protocol bgp external option will match the eBGP routes.The match protocol bgp internal option will match the iBGP routes.The match protocol

The comm-list parameter deletes a community from the community attributes field for a BGP4 route.The community parameter sets the community attribute

Using a DNS name to initiate a trace routeSuppose you want to trace the route from a BrocadeLayer 3 switch to a remote server identified asNYC02 on do

device(config)# route-map bgp4 permit 1device(config-routemap bgp4)# match ip address 1device(config-routemap bgp4)# set metric-type internalThe first

Using a table map to set the tag valueRoute maps that contain set statements change values in routes when the routes are accepted by theroute map. For

as outbound filters when it sends routes to the device. Likewise, the device uses the ORFs itreceives from the neighbor as outbound filters when sendi

NOTEMake sure cooperative filtering is enabled on the device and on the neighbor before you send the filters.To reset a neighbor session and send ORFs

seq 5 permit 10.10.0.0/16 ge 18 le 28 seq 10 permit 10.20.10.0/24 seq 15 permit 10.0.0.0/8 le 32 seq 20 permit 10.10.0.0/16 ge 18Synt

You can enable AS4s on a device, a peer group, and a neighbor. For global configuration, thecapability command in the BGP4 configuration context enabl

Specifying the local AS numberThe local autonomous system number (ASN) identifies the autonomous system where the BGP4device resides.Normally, AS4s ar

The peer-group-name specifies all neighbors in a specific peer group. The as-num parameter specifiesall neighbors within the specified AS. After choos

NOTERemember that autonomous system path matching that uses regular expression is based on theconfigured autonomous system format.The following comman

NOTELogging of errors is rate-limited to not more than one message for every two minutes. Some errors maybe lost due to this rate-limiting.Sample log

The entire IP packet, including the source and destination address and other control information andthe data, is placed in the data portion of the Lay

The route flap dampening mechanism is based on penalties. When a route exceeds a configuredpenalty value, the device stops using that route and stops

This example shows how to change the dampening parameters.device(config-bgp-router)# dampening 20 200 2500 40This command changes the half-life to 20

to neighbor 10.10.10.1. Since the second route map does not contain match clauses for specificroutes, the route map enables dampening for all routes r

The as-path-filternum parameter specifies one or more filters. Only the routes that have beendampened and that match the specified filter or filters a

Generating traps for BGP4You can enable and disable SNMP traps for BGP4. BGP4 traps are enabled by default.To enable BGP4 traps after they have been d

IPv4 BGP4 commands for different configuration levels (Continued)TABLE 93 Command Global (iPv4 and IPv6) IPv4 address family unicastdampening xdefau

IPv4 BGP4 commands for different configuration levels (Continued)TABLE 93 Command Global (iPv4 and IPv6) IPv4 address family unicastupdate-time xEnt

NOTEThe always-propagate command and the rib-route-limit command are supported.Configuring BGP route reflectorThe always-propagate command enables a d

If the rib-route-limit command is configured to a value that is below the number of BGP4 routesalready installed in the RTM, the following warning mes

NOTETraffic loss on a BGP4 route occurs when a device is advertising preferred BGP4 routes not installed inthe RTM as part of the forwarding path.Beca

• You cannot use this command to set Layer 2 maximum frame sizes per interface. The global jumbocommand causes all interfaces to accept Layer 2 frames

If a route from a peer exceeds the configured Maximum AS path limit, the device also removes thesame route from that peer, if it exists, from its own

To configure a peer group named "PeerGroup1" and set a maximum AS path value of 7, enter thefollowing commands:device(config-bgp)# neighbor

Changing the default metric used for route costBy default, BGP4 uses the BGP MED value as the route cost when adding the route to the RTM.However, you

Setting an administrative distance for a static BGP4 networkWhen a static BGP4 network route is configured, its type is local BGP4 route and has a def

This feature supports a more programmable route map configuration and route filtering scheme forBGP4 peering. It can also execute additional instances

The num parameter specifies the instance of the route map defined in the route-map context that theCLI enters. Routes are compared to the instances in

When a route filter is changed (created, modified or deleted) by a user, the filter change notificationwill be sent to all relevant protocols, so that

BGP4 policy processing orderThe order of application of policies when processing inbound and outbound route advertisements on thedevice is:1. lp prefi

• Active route maps (the route map configuration information in the running configuration)• BGP4 graceful restart neighbor Information• AS4 support an

show ip bgp summary output descriptions (Continued)TABLE 95 This field DisplaysNumber of NeighborsConfiguredThe number of BGP4 neighbors configured

‐ 10,200 bytes - The maximum for Ethernet II encapsulation (Default MTU: 9216)‐ 10,174 bytes - The maximum for SNAP encapsulation (Default MTU: 9216)•

show ip bgp summary output descriptions (Continued)TABLE 95 This field DisplaysState The state of device sessions with each neighbor. The states are

show ip bgp summary output descriptions (Continued)TABLE 95 This field DisplaysFiltered The routes or prefixes that have been filtered out:• If soft

BEST Routes not Installed in IP Forwarding Table:0 Unreachable Routes (no IGP Route for NEXTHOP):0 History Routes:0 NLRIs Received in Upda

show ip bgp neighbors route-summary output descriptions (Continued)TABLE 96 This field DisplaysRoutes Advertised The number of routes the device has

Received: 1 8 1 0 0 Last Update Time: NLRI Withdraw NLRI Withdraw Tx:

The routes-summary option displays a summary of the following information:• Number of routes received from the neighbor• Number of routes accepted by

show ip bgp neighbor output descriptions (Continued)TABLE 97 This field Displays.State The state of the session with the neighbor. The states are fr

show ip bgp neighbor output descriptions (Continued)TABLE 97 This field Displays.Multihop-EBGP Whether this option is enabled for the neighbor.Route

show ip bgp neighbor output descriptions (Continued)TABLE 97 This field Displays.Last Connection Reset Reason The reason the previous session with t

show ip bgp neighbor output descriptions (Continued)TABLE 97 This field Displays.Notification Sent If the device receives a NOTIFICATION message fro

addresses configured on the Layer 3 switch, regardless of the interfaces that connect the Layer 3switches. This IP address is the router ID.NOTERoutin

show ip bgp neighbor output descriptions (Continued)TABLE 97 This field Displays.TCP Connection state The state of the connection with the neighbor.

show ip bgp neighbor output descriptions (Continued)TABLE 97 This field Displays.ReTrans The number of sequence numbers that the device retransmitte

You also can enter a specific route.device# show ip bgp neighbors 192.168.4.211 advertised 10.1.1.0/24Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST I

Displaying peer group informationTo display peer-group information, enter a command such as the following at the Privileged EXEC levelof the CLI.devic

show ip bgp routes output descriptions (Continued)TABLE 98 This field DisplaysBEST routes not installed in IPforwarding tableNumber of BGP4 routes t

The ip-addr option displays routes for a specific network. The network keyword is optional. You canenter the network address without entering network

Prefix Next Hop MED LocPrf Weight Status1 10.3.0.0/8 192.168.4.106 100 0 BE

Displaying information for a specific routeTo display BGP4 network information by specifying an IP address within the network, enter a commandsuch as

show ip bgp route output descriptions (Continued)TABLE 99 This field DisplaysLocPrf The degree of preference for this route relative to other routes

show ip bgp route output descriptions (Continued)TABLE 99 This field DisplaysStatus The route status, which can be one or more of the following:• A

IPv6 CLI command support ...168IPv6 host address on a Layer 2 switch...

• TFTP• RADIUS• Syslog• SNTP• SSH• SNMP trapsYou can configure the Layer 3 switch to always use the lowest-numbered IP address on a specificEthernet,

show ip bgp routes detail output descriptionsTABLE 100 This field DisplaysTotal number ofBGP4 RoutesThe number of BGP4 routes.Status codes A list of

show ip bgp routes detail output descriptions (Continued)TABLE 100 This field DisplaysLocal_Pref The degree of preference for this route relative to

Displaying BGP4 route-attribute entriesThe route-attribute entries table lists the sets of BGP4 attributes stored in device memory. Each set ofattribu

show ip bgp attribute-entries output descriptions (Continued)TABLE 101 This field DisplaysAtomic Whether the network information in this set of attr

Displaying route flap dampening statisticsTo display route dampening statistics or all the dampened routes, enter the following command at anylevel of

show ip bgp flap-statistics output descriptions (Continued)TABLE 102 This field DisplaysPath The AS-path information for the route.You can display a

...Displaying AS4 detailsThis section describes the use of the following show commands, which produce output that includesinformation about AS4s.• sh

TTL check: 0, value: 0, rcvd: 64 Byte Sent: 148, Received: 203 Local host: 192.168.1.2, Local Port: 179 Remote host: 192.168

show ip bgp neighbors output descriptions (Continued)TABLE 103 Field DescriptionState Shows the state of the device session with the neighbor. The s

show ip bgp neighbors output descriptions (Continued)TABLE 103 Field DescriptionMessages Sent andReceivedShows the number of messages this device ha

TACACS/TACACS+ packetsTo specify the lowest-numbered IP address configured on a virtual interface as the device source for allTACACS/TACACS+ packets,

show ip bgp neighbors output descriptions (Continued)TABLE 103 Field DescriptionLast Connection ResetReason(continued)• Reasons described in the BGP

show ip bgp neighbors output descriptions (Continued)TABLE 103 Field DescriptionNotification Sent Shows an error code corresponding to one of the fo

show ip bgp neighbors output descriptions (Continued)TABLE 103 Field DescriptionNeighbor AS4 CapabilityNegotiationShows the state of the device’s AS

show ip bgp neighbors output descriptions (Continued)TABLE 103 Field DescriptionISentSeq Shows the initial send sequence number for the session.Send

Address: 0x10e4e062 Hash:545 (0x0301e8f6), PeerIdx 0 Links: 0x00000000, 0x00000000, nlri: 0x10f47ff0 Reference Counts: 1:0:1, M

This example is a simple illustration of route-map continue clauses. If the match clause of either routemap instance 5 or 10 matches, the route map tr

set metric 20 continue 3route-map test permit 3 set community 10:20 continue 4route-map test permit 4 set community 30:40 continue 5route-map test pe

Updating route information and resetting a neighbor sessionThe following sections describe how to update route information with a neighbor, reset a se

NOTEThe syntax related to soft reconfiguration is shown.Placing a policy change into effectTo place policy changes into effect, enter a command such a

The prefix-list string parameter specifies an IP prefix list. Only routes permitted by the prefix list aredisplayed.If you also use the optional longe

Syslog packetsTo specify the lowest-numbered IP address configured on a virtual interface as the device source forall Syslog packets, enter commands s

• RFC 2842. This RFC specifies the Capability Advertisement, which a BGP4 device uses todynamically negotiate a capability with a neighbor.• RFC 2858

NOTEThe soft-outbound parameter updates all outbound routes by applying the new or changed filters, butsends only the existing routes affected by the

Notification Sent: Unspecified Notification Received: Unspecified TCP Connection state: ESTABLISHED Byte Sent: 115, Recei

Clearing traffic countersYou can clear the counters (reset them to 0) for BGP4 messages.To clear the BGP4 message counter for all neighbors, enter the

The The all , ip-addr , peer-group-name , and as-num parameters specify the neighbor. The ip-addrparameter specifies a neighbor by its IP interface wi

Configuring BGP4+● Supported BGP4+ features...525● BGP4+ overv

NOTEThe implementation of BGP4+ supports the advertising of routes among different address families.However, it supports BGP4+ unicast routes only; it

For more information on performing these configuration tasks, refer to FastIron Ethernet SwitchAdministration Guide.To configure BGP4+, you must do th

Configuring BGP4+ neighbors using global or site-local IPv6addressesTo configure BGP4+ neighbors using global or link-local IPv6 addresses, you must a

Identifying a neighbor interfaceTo specify Ethernet interface 3/1 as the neighbor interface over which the neighbor and local device willexchange pref

The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to theinterface, then designate the interface as the source

Syntax: set ipv6 next-hop ipv6-addressThe ipv6-address parameter specifies the IPv6 global address of the next-hop router. You mustspecify the ipv6-ad

The as-number parameter indicates the number of the autonomous system in which the neighborresides.To delete the neighbor from the BGP4+ neighbor tabl

You can enable the BGP4+ device to advertise the default BGP4+ route by specifying the default-information-originate command at the BGP4+ unicast addr

• Static IPv6 routes• Directly connected IPv6 networks• OSPFv3• RIPngYou can redistribute routes in the following ways:• By route types, for example,

The advertise-map map-name parameter configures the device to advertise the more specific routesin the specified route map.The attribute-map map-name

IPv6 route table. Otherwise, the device performs another lookup on the next-hop IPv6 address of thenext-hop for the next-hop gateway, and so on, until

AS_PATH:2 2001:db8::/64 2001:ab::1 100 0 BI AS_PATH: 65000 650013 2007:7002:17::/64 2071:

In some cases, such as when the device is acting as an edge device, you can allow the device to usethe default route as a valid next-hop. To do so, en

NOTEClearing the dampening statistics for a route does not change the dampening status of the route.To clear all the route dampening statistics, enter

To clear these buffers for neighbor 2000:db8::1, enter the following commands at the Privileged EXEClevel or any of the Config levels of the CLI.devic

network route if the IP route table does not contain a route to the packet destination. In each case, theLayer 3 switch must encapsulate the packet an

applies the filters and route maps you have configured to the list of routes. If the filters or route mapsresult in changes to the list of routes, the

To clear all of the route flap dampening statistics for a neighbor, enter a command such as the followingat the Privileged EXEC level or any of the Co

NOTEThe show commands implemented for BGP4+ correspond to the show commands implemented forIPv4 BGP. For example, you can specify the show ipv6 bgp co

show ipv6 bgp routes output descriptions (Continued)TABLE 104 Field DescriptionWeight The value that this device associates with routes from a speci

The as-path-access-list name parameter filters the display using the specified AS-path ACL.The as-path-filter number parameter filters the display usi

LOCAL_PREF: 400, MED: 0, ORIGIN: incomplete, Weight: 0 AS_PATH: 65005 65010 Adj_RIB_out count: 1, Admin distance 2004 Prefix: 2

show ipv6 bgp route detail output descriptions (Continued)TABLE 105 Field DescriptionOrigin The source of the route information. The origin can be o

in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slash mark (/) mustfollow the ipv6-prefix parameter and precede the pr

Status codes: s suppressed, d damped, h history, * valid, > best, i internal, SstaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network

show ipv6 bgp output descriptions (Continued)TABLE 106 This field... Displays...Number of BGP Routesmatching display condition(appears in display th

To limit the number of ARP packets the device will accept each second, enter the rate-limit-arpcommand at the global CONFIG level of the CLI.device(co

NOTEPortions of this display are truncated for brevity. The purpose of this display is to show all possiblefields that might display rather than to sh

show ipv6 bgp attribute-entries output descriptions (Continued)TABLE 107 This field... Displays...AS Path The ASs through which routes with this set

show ipv6 bgp dampened-paths output descriptions TABLE 108 This field... Displays...Status codes A list of the characters the display uses to indica

colons as documented in RFC 2373. You must specify the prefix-length parameter as a decimal value.A slash mark (/) must follow the ipv6-prefix paramet

show ipv6 bgp filtered-routes output descriptions (Continued)TABLE 109 This field... Displays...Status The route’s status, which can be one or more

LOCAL_PREF: 100, MED: 0, ORIGIN: incomplete, Weight: 0 AS_PATH: 100 Syntax: show ipv6 bgp filtered-routes detail [ ipv6-prefix/prefix-length [

show ipv6 bgp filtered-routes detail output descriptions (Continued)TABLE 110 This field... Displays...Origin The source of the route information. T

documented in RFC 2373. You must specify the prefix-length parameter as a decimal value. A slashmark (/) must follow the ipv6-prefix parameter and pre

• Router advertisements.• Route-attribute entries.• Route flap dampening statistics.• The last packet containing an error.• Received Outbound Route Fi

The ipv6-address parameter allows you to display information for a specified neighbor only. You mustspecify the ipv6-address parameter in hexadecimal

10.10.10.0/24 subnet cannot reach a device in the 10.20.20.0 subnet if the subnets are on differentnetwork cables, and thus is not answered.NOTEAn ARP

show ipv6 bgp neighbor output descriptions (Continued)TABLE 112 This field... Displays...State The state of the device’s session with the neighbor.

show ipv6 bgp neighbor output descriptions (Continued)TABLE 112 This field... Displays...Messages Sent andReceivedThe number of messages this device

show ipv6 bgp neighbor output descriptions (Continued)TABLE 112 This field... Displays...Last Connection ResetReason (cont.)• Reasons specific to th

show ipv6 bgp neighbor output descriptions (Continued)TABLE 112 This field... Displays...Notification Received See above.Neighbor NLRINegotiationThe

show ipv6 bgp neighbor output descriptions (Continued)TABLE 112 This field... Displays...ISentSeq The initial send sequence number for the session.S

The ipv6-address parameter displays routes advertised to a specified neighbor. You must specify thisaddress in hexadecimal using 16-bit values between

For example, to display details about all routes a device has advertised to neighbor 2001:db8::110,enter the following command at any level of the CLI

show ipv6 bgp neighbor advertised-routes detail output descriptions (Continued)TABLE 114 This field... Displays...AS-PATH The AS-path information fo

You also can display all the dampened routes by using the show ipv6 bgp dampened-pathscommand. For more information, refer to Displaying dampened BGP4

For example, to display a summary of the route information received in route updates from neighbor2001:db8::10, enter the following command at any lev

Static entries are useful in cases where you want to pre-configure an entry for a device that is notconnected to the Layer 3 switch, or you want to pr

show ipv6 bgp neighbor received-routes output descriptions (Continued)TABLE 117 This field... Displays...Status The advertised route’s status, which

show ipv6 bgp neighbor received-routes detail output descriptionsTABLE 118 This field... Displays...Number of BGP4+routes received from aneighborFor

The RIB contains the routes that the device either has most recently sent to the neighbor or is about tosend to the neighbor.For example, to display a

show ipv6 bgp neighbor rib-out-routesoutput descriptions (Continued)TABLE 119 This field... Displays...Weight The value that this device associates

show ipv6 bgp neighbor rib-out-routes detail output descriptions (Continued)TABLE 120 This field... Displays...LOCAL_PREF For information about this

The detail keyword displays detailed information about the routes. If you do not specify this parameter,a summary of the routes displays.This display

show ipv6 bgp neighbor routes best output descriptions (Continued)TABLE 121 This field... Displays...Status The route’s status, which can be one or

show ipv6 bgp neighbor routes detail bestoutput descriptions (Continued)TABLE 122 This field... Displays...Status codes For information about this f

Receiving Update Messages:0, Accepting Routes(NLRI):0 Attributes:0, Outbound Routes(RIB-out):0 Outbound Routes Holder:0Syntax: show ipv6 bgp neig

show ipv6 bgp neighbor routes-summary output descriptions (Continued)TABLE 123 This field... Displays...NLRIs Sent inUpdate MessageThe number of NLR

Static ARP entry support (Continued)TABLE 6 Default maximum Configurable minimum Configurable maximumICX 6430 and ICX 6450 devices256 64 1024ICX 661

Displaying BGP4+ summaryTo view summary BGP4+ information for the device, enter the following command at any level of theCLI.device# show ipv6 bgp sum

show ipv6 bgp summary output descriptions (Continued)TABLE 124 This field... Displays...State The state of this neighbor session with each neighbor.

show ipv6 bgp summary output descriptions (Continued)TABLE 124 This field... Displays...ToSend The number of routes the has queued to send to this n

Configuring BGP4+ graceful restart stale routes timerUse the following command to specify the maximum amount of time a helper device will wait for an

Displaying BGP4+ graceful restart neighbor information584 FastIron Ethernet Switch Layer 3 Routing Configuration Guide53-1003087-04

VRRP and VRRP-E● VRRP and VRRP-E Feature Table... 585● Overview...

OverviewThis chapter describes how to configure Brocade Layer 3 switch with the following router redundancyprotocols:• Virtual Router Redundancy Proto

FIGURE 35 Switch 1 is the Host1 default gateway but is a single point of failureSwitch 1 is the host default gateway out of the subnet. If this interf

FIGURE 36 Switch 1 and Switch 2 configured as VRRP virtual routers for redundant network accessfor Host1The dashed box represents a VRRP virtual route

192.53.5.1. Hosts use the virtual router MAC address in routed traffic they send to their default IPgateway (in this example, 192.53.5.1).Virtual rout

The source MAC address in the Ethernet header and the sender hardware address in the ARPbody must be the same. This validation is performed for the AR

Hello messagesVirtual routers use Hello messages for negotiation to determine the Master router. Virtual routers sendHello messages to IP Multicast ad

feature, make sure the track priorities are always lower than the VRRP priorities. The default trackpriority for the router that owns the VRID IP addr

‐ VRRP has an Owner and one or more Backup routers for each VRID. The Owner is therouter on which the VRID's IP address is also configured as a r

FIGURE 37 Switch 1 and Switch 2 are configured to provide dual redundant network access for the hostIn this example, Switch 1 and Switch 2 use VRRP-E

Comparison of VRRP and VRRP-EThis section compares router redundancy protocols.VRRPVRRP is a standards-based protocol, described in RFC 2338. The Broc

Master and Backup routers• VRRP - The "Owner" of the IP address of the VRID is the default Master and has the highest priority(255). The pre

VRRP and VRRP-E parameters (Continued)TABLE 125 Parameter Description DefaultAuthenticationtypeThe type of authentication the VRRP or VRRP-E interfa

VRRP and VRRP-E parameters (Continued)TABLE 125 Parameter Description DefaultDead interval The number of seconds or milliseconds a Backup waits for

VRRP and VRRP-E parameters (Continued)TABLE 125 Parameter Description DefaultBackup preemptmodePrevents a Backup with a higher VRRP priority from ta

Basic VRRP parameter configurationTo implement a simple VRRP configuration using all the default values, enter the commands shown inthe following sect

Displaying global IPv6 information...195Displaying IPv6 cache information...

Changing the TTL thresholdThe time to live (TTL) threshold prevents routing loops by specifying the maximum number of routerhops an IP packet originat

The track-priority value option changes the track-port priority for this interface and the VRID from thedefault (255) to a value from 1 through 254.Th

Syntax: [no] ip-address ip-addressSyntax: [no] ip vrrp vrrp vrid numSyntax: [no] backup [ priority value] [ track-priority value ]Syntax: [no] hello-i

By default, Backup routers do not send Hello messages to advertise themselves to the Master. Theadvertise backup command is used to enable a Backup ro

Enabling accept mode in VRRP non-Owner Master routerTo configure a non-Owner Master router to respond to ping, traceroute, and Telnet packets destined

• The Hello interval must be set to the same value with in the same VRID.• The dead interval must be set to the same value with in the same VRID.• The

Brocade(config)# ipv6 router vrrp-extendedBrocade(config-ipv6-VRRP-E-router)# interface ethernet 1/5Brocade(config-if-e10000-1/5)# ipv6-address 2001:D

• Backup preempt mode• Timer scale• VRRP-E slow start timer• VRRP-E extension for server virtualization (short-path forwarding)VRRP and VRRP-E authent

Syntax: ip vrrp-extended auth-type no-auth | simple-text-auth auth-data | md5-auth [ 0 |1 ] keyFor IPv6 VRRP-E:Syntax: ipv6 vrrp-extended auth-type no

NOTEThe Owner type is not applicable to VRRP-E.NOTEFor VRRP, the IP address you associate with the Owner must be real IP address on the interfacewhere

Suppression of RIP advertisementsNOTESuppression of RIPng advertisements on Backup routers for the backup interface is not supported byIPv6 VRRP v3 an

Disabling forwarding of IP source-routed packetsA source-routed packet specifies the exact router path for the packet. The packet specifies the path b

The milliseconds variable can be 100 milliseconds interval only. The default is 1000 milliseconds, andthe range is 100 to 40900 milliseconds.To change

device(config)#interface ethernet 1/6device(config-if-1/6)#ip vrrp vrid 1device(config-if-1/6-vrid-1)#backup-hello-interval 180Syntax: [no] backup-hel

Backup preempt configurationBy default, a Backup that has a higher priority than another Backup that has become the Master canpreempt the Master, and

Time scale values (Continued)TABLE 126 Timer Timer scale Timer value2 1.5 secondsBackup Hello interval 1 60 seconds2 30 secondsHold-down interval 1

If the Master subsequently comes back up again, the amount of time specified by the VRRP-E slowstart timer elapses (in the IPv4 example, 30 seconds) b

FIGURE 38 VRRP-E Extension for short-path forwardingVRRP-E Extension for short-path forwarding exampleUnder the VRRP-E VRID configuration level, there

lowered by the number specified in the track-port command. When the current priority is lower thanthe threshold, the SPF behavior is temporarily suspe

To avoid this, you can disable the default interface-level IPv6 RA messages on an interface configuredwith IPv6 VRRP or VRRP-E.To disable the default

To change the Master priority, enter commands such as the following.device(config)# interface ethernet 1/6device(config-if-1/6)# ip vrrp vrid 1device(

Syntax: show ipv6 vrrp [ brief | [ stat | [ statistics ] [ vrid num ] ] [ ethernet stack/slotnum/portnum |ve num ] ]Syntax for IPv4 and IPv6 VRRP-E:Sy

To enable the Layer 3 switch for zero-based IP subnet broadcasts in addition to ones-based IP subnetbroadcasts, enter the following command.device(con

The table shows a description of the output for the show ip vrrp brief and show ip vrrp-extendedbrief commands.Output description for VRRP or VRRP-E s

version v3 mode owner priority 255 current priority 255 track-priority 150 hello-interval 1000 msec ip-address 172.21.3.1 virtual mac address 0000-5

current dead-interval 3100 msec preempt-mode true virtual ip address 10.201.201.5 virtual mac address 0000.00d7.82c9 advertise backup: enabled next h

Output description for VRRP-E detailed information (Continued)TABLE 128 Field Descriptionstate This Layer 3 switch VRRP, VRRP v3, VRRP-E, or IPv6 VR

Output description for VRRP-E detailed information (Continued)TABLE 128 Field Descriptiondead interval The configured value for the dead interval. T

Output description for VRRP-E detailed information (Continued)TABLE 128 Field Descriptionbackup router ip-addr expires in timeThe IP addresses of Ba

dead-interval 0 msec current dead-interval 3600 msec preempt-mode true ip-address 10.1.1.5 virtual mac address 0000.0000.0102 advertise backup: disab

show ip vrrp vrid output description (Continued)TABLE 129 Field Descriptioncurrent deadintervalThe current value of the dead interval. This value is

total number of vrrp packets sent = 105backup advertisements sent = 10The following example displays the output of the show ipv6 vrrp-extended stat ve

Output field descriptions (Continued)TABLE 130 Field Descriptionrxed vrrp priority zero from mastercountIndicates that the current Master has resign

• Port - The destination host does not have the destination TCP or UDP port specified in the packet. Inthis case, the host sends the ICMP Port Unreach

0v226 0 VR226 0 46772

Output field descriptions (Continued)TABLE 131 Field DescriptionTX master adv The number of VRRP or VRRP-E advertisement packets sent by this router

VRRP exampleTo implement the VRRP configuration shown in "VRRP Overview," use the following method.Configuring Switch 1To configure VRRP Swi

Syntax: ip vrrp vridvridSyntax: owner [ track-priorityvalue]Syntax: backup [ priorityvalue][track-priorityvalue]Syntax: track-port ethernet [slotnum/]

The backup command specifies that this router is a VRRP-E Backup for virtual router VRID1. The IPaddress entered with the ip-address command is the sa

Configuring Multi-VRF● Supported Multi-VRF features ...635● Support

Feature ICX 6430 ICX 6450 FCX ICX 6610 ICX 6650 FSX 800FSX 1600ICX 7750PIM-SM/DM for IPv4 No 08.0.01 08.0.01 08.0.01 08.0.01 08.0.01 08.0.10PIM-SM for

FSX interface modules supporting Multi-VRF (Continued)TABLE 132 FSX Interface Modules Multi-VRF SupportSX-FI-24HF YesSX-FI-2XG YesSX-FI-8XG YesSX-FI

FIGURE 39 Typical Multi-VRF topologyNOTESome vendors also use the terms Multi-VRF CE or VRF-Lite for this technology.Configuring Multi-VRFA Multi-VRF

Configuring VRF-related system-max valuesBefore configuring a VRF instance, VRF-related system-max values must be modified. The defaultFastIron config

NOTESome FSX devices do not generate ICMP redirect and network unreachable messages.NOTEThe device forwards misdirected traffic to the appropriate rou

ip-route and ip6-route values changed.ip-route: 10000ip6-route: 1408Warning: Please reconfigure system-max for ip-route-default-vrf and ip-route-vrf (

Configuration limits for system-max (Continued)TABLE 134 Configuration SX FCX/ICX 6610Min Default Max Min Default Maxip-route-default-vrf (system-ma

For example:Brocade(config)# vrf blue6Brocade(config-vrf-blue6)# rd 1:106Brocade(config-vrf-blue6)# address-family ipv4Error: has reached maximum syst

While configuring an AF, you can optionally configure the maximum routes that are associated with theAF. If the max-route is not configured, the defau

When configuring a VRF, a warning message is generated specifying that any configuration existingon the interface is deleted.When assigning a VRF inst

Example:Brocade(config)# no vrf customer1Warning: All IPv4 and IPv6 addresses (including link-local) from all interfaces in VRF customer1 have been re

Supported management applicationsThis section explains the management VRF support provided by the management applications.SNMP serverWhen the manageme

To configure the VRF name in outbound Telnet sessions, enter the following command at the privilegedEXEC level:device(config)# telnet vrf red 10.157.2

SyslogWhen the management VRF is configured, the Syslog module sends log messages only through theports belonging to the management VRF and the out-of

Configuration notesConsider the following configuration notes:• If there is a management VRF already configured, you must remove the existing manageme

• Standard - the static route consists of the destination network address and network mask, and the IPaddress of the next-hop gateway. You can configu

show vrf output descriptions (Continued)TABLE 135 This field DisplaysIP Router-Id The 32-bit number that uniquely identifies the router.Number of Un

Traps - 0 SysLogs - 0 TCP Connection rejects:

To distinguish collected packets in different VRFs, refer to the in vlan and out vlan data fields foreach captured ingress packet. For example, in the

Configuring static-ARP on default VRFsThis command is used to configure static-ARP entries on default VRFs. The command is backwardcompatible, and all

Configuring DAI to support a Multi-VRF instanceDynamic ARP Inspection (DAI) enables the Brocade device to intercept and examine all ARP requestand res

Configuring static-neighbor on non-default VRFsThis command configures static-neighbor entries on a VRF interface. The command is specific to VRFAF mo

View all configured VRFs in summary modeTo see all configured VRFs in summary mode, enter the show vrf command. The following is anexample of the outp

View DHCPv6 snooping status and portsTo see DHCPv6 snooping status and ports, enter the show ipv6 dhcp6 snooping vlan command. Thefollowing is an exam

FIGURE 40 Multi-VRF topology exampleThis topology is a network owned by an enterprise. Normal corporate traffic must pass through thefirewall so that

ip arp age:10 min bootp relay max hops:4 ip ttl:64 hopsip addr per intf:24 : :System Parameters Default M

This feature allows the Layer 3 switch to adjust to changes in network topology. The Layer 3 switchdoes not continue trying to use routes on unavailab

Step 2: Configuring VRFsThe following illustrates configuring the VRF R1.R1(config)#vrf corporateR1(config-vrf-corporate)#rd 11:11R1(config-vrf-corpor

been removedR1(config-vif-30)#ip add 192.168.3.1/30R1(config-vif-30)#ip ospf area 0R1(config-vif-30)#exitR1(config)#interface ve 31R1(config-vif-31)#v

192.168.5.0/30 192.168.4.2 ve 40 110/2 O 5m3s7 192.168.6.0/30 192.168.4.2 ve 40 110/2

Layer 3 Routing Commands● arp-internal-priority...

arp-internal-priorityConfigures the priority of ingress ARP packets.Syntaxarp-internal-priority priority-valueCommand DefaultThe default priority of i

ipv6 nd router-preferenceEnables IPv6 router advertisement preferenceEnables IPv6 router advertisement (RA) messages to communicate default router pre

ipv6-address auto-gen-link-localGenerates a virtual link-local IPv6 address and assigns it as the virtual IPv6 address for a VRRPv3instance. The no fo

use-v2-checksumEnables the v2 checksum computation method for VRRPv3. The no form of this command enables thedefault v3 checksum computation method in

accept-modeEnables the non-Owner Master router to respond to ping, traceroute, and Telnet packets destined forthe virtual IPv4 or IPv6 address of a VR

ipv6 nd skip-interface-raDisables the default interface-level IPv6 RA messages on an interface configured with IPv6 VRRP orVRRP-E. The no form of this

The dest-ip-addr is the route destination. The dest-mask is the network mask for the route destination IPaddress. Alternatively, you can specify the n

hello-intervalSpecifies the hello-interval configuration.Specifies the hello-interval in milliseconds or seconds for IPv4 VRRP and IPv6 VRRP.Syntaxhel

versionAllows you to select either version 2 or version 3 of VRRP.Allows you to select either version 2 or version 3 of the VRRP.Syntaxversion {v2 |v3

ip arp inspection validateValidates the ARP packet destination MAC, ARP Packet IP address and source MAC address.Syntaxip arp inspection validate [dst

To display the maximum value for your device, enter the show default values command. Themaximum number of static IP routes the system can hold is list

The show run command displays the entire name of the static IP route. The show ip static routecommand displays an asterisk (*) after the first twelve

OSPFv2 feature support... 243OSPF overview...

distance than other types of routes, unless you want those other types to be preferred over the staticroute.The steps for configuring the static route

metric than the standard static route. The Layer 3 switch always prefers the static route with the lowermetric. In this example, the Layer 3 switch al

FIGURE 6 Standard and interface routes to the same destination networkTo configure a standard static IP route and a null route to the same network, en

When the software uses the default network route, it also uses the default network route's next hopgateway as the gateway of last resort.This fea

Configuring IP load sharingThe IP route table can contain more than one path to a given destination. When this occurs, the Layer3 switch selects the p

route table. For example, if the Layer 3 switch has a path learned from OSPF and a path learned fromRIP for a given destination, only the path with th

with a given cost for a given destination, the BGP4 route table cannot contain equal-cost paths to thedestination. Consequently, the IP route table wi

Changing the maximum number of ECMP (load sharing) pathsYou can change the maximum number of paths the Layer 3 switch supports to a value from 2 throu

• Packet type - The Layer 3 switch can send Router Advertisement messages as IP broadcasts or asIP multicasts addressed to IP multicast group 224.0.0.

Advertisement message from the Layer 3 switch, the host resets the hold time for the Layer 3 switch tothe hold time specified in the new advertisement

Specify types of OSPF Syslog messages to log...289Configuring an OSPF network type...

‐ RARP requires the IP host to be directly attached to the Layer 3 switch.‐ An IP host and the BootP/DHCP server can be on different networks and on d

If your Layer 3 switch allows you to increase the maximum number of RARP entries, you can use aprocedure in the same section to do so.NOTEYou must sav

Enabling forwarding for a UDP applicationIf you want the Layer 3 switch to forward client requests for UDP applications that the Layer 3 switchdoes no

You can configure up to 16 helper addresses on each interface. You can configure a helper address onan Ethernet port or a virtual interface.To configu

field). When the server responds to the request, the server sends the response as a unicast packetto the IP address in the Gateway Address field. (If

Syntax: ip bootp-gatewayip-addrChanging the maximum number of hops to a BootP relay serverEach BootP or DHCP request includes a field Hop Count field.

the requested time and tries to return the same network address each time the client makes a request.The period of time for which a network address is

• Vendor Specific Information - Allows clients and servers to exchange vendor-specific information.• Boot File - Specifies a boot image to be used by

1. Enable DHCP Server by entering a command similar to the following.device(config)# ip dhcp-server enable2. Create a DHCP Server address pool by ente

DHCP server optional parameters commands (Continued)TABLE 10 Command Descriptionoption merit-dump Specifies the path name of a file into which the c

Displaying OSPFv3 area information... 348Displaying OSPFv3 database information...

DHCP Server CLI commands (Continued)TABLE 11 Command Descriptionshow ip dhcp-server flash Displays the lease binding database that is stored in flas

Disabling DHCP Server on the management portBy default, when DHCP Server is enabled, it responds to DHCP client requests received on themanagement por

Enabling relay agent echo (Option 82)The ip dhcp-server relay-agent-echo enable command activates DHCP Option 82, and enables theDHCP server to echo r

Configuring the domain name for the clientThe domain-name command configures the domain name for the client.device(config-dhcp-cabo)# domain-name sier

Configuring the TFTP serverThe tftp-server command specifies the address or name of the TFTP server to be used by the DHCPclients.To configure a TFTP

show ip dhcp-server binding output descriptions (Continued)TABLE 12 Field DescriptionClient ID/Hardware address The hardware address for the clientL

show ip dhcp-server address pools output descriptions (Continued)TABLE 13 Field Descriptiondhcp-server-router The address of the DHCP server routerd

Displaying summary DHCP server informationThe show ip dhcp-server summary command displays information about active leases, deployedaddress-pools, und

DHCP Client-Based Auto-Configuration and Flash image updateNOTEThe DHCP Client-Based Auto-Configuration and Flash image update are platform independen

FIGURE 8 DHCP Client-Based Auto-ConfigurationConfiguration notes and feature limitations for DHCP client-based auto-configuration• For Layer 3 devices