HP FlexNetwork HSR6800 Comware 7 Layer 3—IP Services Configuration Guide

HPE FlexNetwork HSR6800 Routers

Comware 7 Layer 3—IP Services Configuration Guide

Part number: 5200-3510 Software version: HSR6800-CMW710-R7607 Document version: 6W100-20170412

Enterprise products and services are set forth in the express warranty statements acco mpanying such products and services. Nothing herein should be construe d as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions co ntained herein.

Confidential computer software. V alid license from Hewlett Packard Enterprise required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and T e chnical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license.

Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise website.

Acknowledgments

Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the United States and other countries.

Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Adobe® and Acrobat® are trademarks of Adobe Systems In corporated. Java and Oracle are registered trademarks of Oracle and/or its affiliates. UNIX® is a registered trademark of The Open Group.

Configuring ARP ·············································································· 1

Overview ·································································································································· 1

ARP message format ··········································································································· 1 ARP operating mechanism ···································································································· 1

ARP table ·························································································································· 2 Configuring a static ARP entry ······································································································ 3 Setting the maximum number of dynamic ARP entries for a device ······················································· 3 Setting the maximum number of dynamic ARP entries for an interface ·················································· 4 Setting the aging timer for dynamic ARP entries ··············································································· 4 Enabling dynamic ARP entry check ······························································································· 5 Enabling ARP logging ················································································································· 5 Displaying and maintaining ARP ··································································································· 5 Static ARP entry configuration example ·························································································· 6

Network requirements ·········································································································· 6

Configuration procedure ······································································································· 7

Verifying the configuration ····································································································· 7

Configuring gratuitous ARP ································································ 8

Overview ·································································································································· 8

Gratuitous ARP packet learning ······························································································ 8

Periodic sending of gratuitous ARP packets ·············································································· 8 Configuration procedure ·············································································································· 9 Enabling IP conflict notification ···································································································· 10

Configuring proxy ARP ···································································· 11

Enabling common proxy ARP ····································································································· 11 Enabling local proxy ARP ·········································································································· 11 Displaying proxy ARP ··············································································································· 11 Common proxy ARP configuration example ··················································································· 12

Network requirements ········································································································ 12

Configuration procedure ····································································································· 12

Verifying the configuration ··································································································· 13

Configuring ARP suppression ··························································· 14

Overview ································································································································ 14 Configuration procedure ············································································································ 14 Displaying and maintaining ARP suppression ················································································ 15 ARP suppression configuration example ······················································································· 15

Network requirements ········································································································ 15

Configuration procedure ····································································································· 15

Verifying the configuration ··································································································· 16

Configuring ARP direct route advertisement ········································· 17

Overview ································································································································ 17 Configuration procedure ············································································································ 17

Configuring IP addressing ································································ 18

Overview ································································································································ 18

IP address classes ············································································································ 18

Special IP addresses ········································································································· 19

Subnetting and masking ····································································································· 19 Assigning an IP address to an interface ························································································ 19

Configuration guidelines ····································································································· 20

Configuration procedure ····································································································· 20 Configuring IP unnumbered ········································································································ 20

Configuration prerequisites ·································································································· 21

Configuration procedure ····································································································· 21 Displaying and maintaining IP addressing ····················································································· 21 Configuration examples ············································································································· 21

IP address configuration example ························································································· 21

IP unnumbered configuration example ··················································································· 23

DHCP overview ············································································· 25

DHCP address allocation ··········································································································· 25

Allocation mechanisms ······································································································· 25

IP address allocation process ······························································································ 26

IP address lease extension ·································································································· 26 DHCP message format ············································································································· 27 DHCP options ························································································································· 28

Common DHCP options ······································································································ 28

Custom DHCP options ······································································································· 28 Protocols and standards ············································································································ 30

Configuring the DHCP server ···························································· 31

Overview ································································································································ 31

DHCP address pool ··········································································································· 31

IP address allocation sequence ···························································································· 33 DHCP server configuration task list ······························································································ 33 Configuring an address pool on the DHCP server ··········································································· 34

Configuration task list ········································································································· 34

Creating a DHCP address pool ···························································································· 34

Specifying IP address ranges for a DHCP address pool ····························································· 34

Specifying gateways for DHCP clients ··················································································· 37

Specifying a domain name suffix for DHCP clients ···································································· 38

Specifying DNS servers for DHCP clients ··············································································· 38

Specifying WINS servers and NetBIOS node type for DHCP clients ············································· 39

Specifying BIMS server for DHCP clients ················································································ 39

Specifying the configuration file for DHCP client auto-configuration ·············································· 40

Specifying a server for DHCP clients ····················································································· 40

Configuring Option 184 parameters for DHCP clients ································································ 41

Customizing DHCP options ································································································· 41

Configuring the DHCP user class whitelist ·············································································· 43 Enabling DHCP ······················································································································· 43 Enabling the DHCP server on an interface ···················································································· 44 Applying an address pool on an interface ······················································································ 44 Configuring a DHCP policy for dynamic address assignment ····························································· 44 Configuring IP address conflict detection ······················································································· 45 Enabling handling of Option 82 ··································································································· 46 Configuring DHCP server compatibility ························································································· 46

Configuring the DHCP server to broadcast all responses ··························································· 46

Configure the DHCP server to ignore BOOTP requests ····························································· 47

Configuring the DHCP server to send BOOTP responses in RFC 1048 format ······························· 47

Disabling Option 60 encapsulation in DHCP replies ·································································· 47 Setting the DSCP value for DHCP packets sent by the DHCP server ·················································· 48 Configuring DHCP binding auto backup ························································································ 48 Configuring address pool usage alarming ······················································································ 49 Binding gateways to DHCP server's MAC address ·········································································· 49 Advertising subnets assigned to clients ························································································· 50 Applying a DHCP address pool to a VPN instance ·········································································· 51 Enabling client offline detection on the DHCP server ······································································· 51 Enabling DHCP logging on the DHCP server ················································································· 51 Displaying and maintaining the DHCP server ················································································· 52 DHCP server configuration examples ··························································································· 52

Static IP address assignment configuration example ································································· 53

Dynamic IP address assignment configuration example ····························································· 54

DHCP user class configuration example ················································································· 56

DHCP user class whitelist configuration example ····································································· 58

Primary and secondary subnets configuration example ····························································· 59

DHCP option customization configuration example ··································································· 60 Troubleshooting DHCP server configuration ·················································································· 61

Symptom ························································································································· 61

Analysis ·························································································································· 61

Solution ··························································································································· 62

Configuring the DHCP relay agent ····················································· 63

Overview ································································································································ 63

Operation ························································································································ 63

DHCP relay agent support for Option 82 ················································································· 64 DHCP relay agent configuration task list ······················································································· 64 Enabling DHCP ······················································································································· 65 Enabling the DHCP relay agent on an interface ·············································································· 65 Specifying DHCP servers on a relay agent ···················································································· 66 Configuring the DHCP relay agent security features ········································································ 66

Enabling the DHCP relay agent to record relay entries ······························································ 66

Enabling periodic refresh of dynamic relay entries ···································································· 66

Enabling DHCP starvation attack protection ············································································ 67 Configuring the DHCP relay agent to release an IP address ······························································ 68 Configuring Option 82 ··············································································································· 68 Setting the DSCP value for DHCP packets sent by the DHCP relay agent ············································ 69 Enabling DHCP server proxy on a DHCP relay agent ······································································ 69 Configuring a DHCP relay address pool ························································································ 70 Specifying a gateway address for DHCP clients ············································································· 71 Enabling client offline detection on the DHCP relay agent ································································· 71 Configuring the DHCP smart relay feature ····················································································· 71 Specifying the source IP address for relayed DHCP requests ···························································· 73 Configuring the DHCP relay agent to forward DHCP replies based on Option 82 ··································· 73 Displaying and maintaining the DHCP relay agent ·········································································· 74 DHCP relay agent configuration examples ···················································································· 75

DHCP relay agent configuration example ··············································································· 75

Option 82 configuration example ·························································································· 76 Troubleshooting DHCP relay agent configuration ············································································ 76

Symptom ························································································································· 76

Analysis ·························································································································· 77

Solution ··························································································································· 77

Configuring the DHCP client ····························································· 78

Enabling the DHCP client on an interface ······················································································ 78 Configuring a DHCP client ID for an interface ················································································· 78 Enabling duplicated address detection ·························································································· 79 Setting the DSCP value for DHCP packets sent by the DHCP client ··················································· 79 Displaying and maintaining the DHCP client ·················································································· 79 DHCP client configuration example ······························································································ 80

Network requirements ········································································································ 80

Configuration procedure ····································································································· 80

Verifying the configuration ··································································································· 81

Configuring the BOOTP client ··························································· 83

BOOTP application··················································································································· 83 Obtaining an IP address dynamically ···························································································· 83 Protocols and standards ············································································································ 83 Configuring an interface to use BOOTP for IP address acquisition ······················································ 83 Displaying and maintaining BOOTP client ····················································································· 84 BOOTP client configuration example ···························································································· 84

Network requirements ········································································································ 84

Configuration procedure ····································································································· 84

Verifying the configuration ··································································································· 84

Configuring DNS ············································································ 85

Overview ································································································································ 85

Static domain name resolution ····························································································· 85

iii

Dynamic domain name resolution ························································································· 85

DNS proxy ······················································································································· 86

DNS spoofing ··················································································································· 87 DNS configuration task list ········································································································· 88 Configuring the IPv4 DNS client ·································································································· 88

Configuring static domain name resolution ·············································································· 88

Configuring dynamic domain name resolution ·········································································· 89 Configuring the IPv6 DNS client ·································································································· 90

Configuring static domain name resolution ·············································································· 90

Configuring dynamic domain name resolution ·········································································· 90 Configuring the DNS proxy ········································································································· 91 Configuring DNS spoofing ·········································································································· 92 Configuring network mode tracking for an output interface ································································ 92 Specifying the source interface for DNS packets ············································································· 93 Configuring the DNS trusted interface ·························································································· 93 Setting the DSCP value for outgoing DNS packets ·········································································· 94 Displaying and maintaining DNS ································································································· 94 IPv4 DNS configuration examples ······························································································· 94

Static domain name resolution configuration example ······························································· 94

Dynamic domain name resolution configuration example ··························································· 95

DNS proxy configuration example ························································································· 98 IPv6 DNS configuration examples ······························································································· 99

Static domain name resolution configuration example ······························································· 99

Dynamic domain name resolution configuration example ························································· 100

DNS proxy configuration example ······················································································· 102 Troubleshooting IPv4 DNS configuration ····················································································· 104

Symptom ······················································································································· 104

Solution ························································································································· 104 Troubleshooting IPv6 DNS configuration ····················································································· 104

Solution ························································································································· 104

Configuring DDNS ········································································ 105

Overview ······························································································································ 105

DDNS application ············································································································ 105 DDNS client configuration task list ····························································································· 106 Configuring a DDNS policy ······································································································· 106

Configuration prerequisites ································································································ 107

Configuration procedure ··································································································· 107 Applying the DDNS policy to an interface ···················································································· 108  Setting the DSCP value for outgoing DDNS packets ······································································ 108 Displaying DDNS ··················································································································· 109 DDNS configuration examples ·································································································· 109

DDNS configuration example with www.3322.org ··································································· 109

DDNS configuration example with PeanutHull server ······························································ 110

Configuring NAT ·········································································· 112

Overview ······························································································································ 112

Terminology ··················································································································· 112

NAT types ······················································································································ 112

NAT control ···················································································································· 113 NAT implementations·············································································································· 113

Static NAT ····················································································································· 113

Dynamic NAT ················································································································· 113

NAT Server ···················································································································· 114

NAT444 ························································································································· 115

DS-Lite NAT444 ·············································································································· 117 NAT entries ·························································································································· 117

NAT session entry ··········································································································· 117

EIM entry ······················································································································· 117

NO-PAT entry ················································································································· 118

NAT444 entry ················································································································· 118

Using NAT with other features ·································································································· 118

VRF-aware NAT ·············································································································· 118

NAT with DNS mapping ···································································································· 118

NAT with ALG ················································································································· 119 NAT configuration task list ······································································································· 120 NAT configuration restrictions and guidelines ··············································································· 120 Configuring static NAT ············································································································ 120

Configuration prerequisites ································································································ 120

Configuring outbound one-to-one static NAT ········································································· 121

Configuring outbound net-to-net static NAT ··········································································· 121

Configuring object group-based outbound static NAT ······························································ 122

Configuring inbound one-to-one static NAT ··········································································· 123

Configuring inbound net-to-net static NAT ············································································· 123

Configuring object group-based inbound static NAT ································································ 124 Configuring dynamic NAT ········································································································ 124

Configuration restrictions and guidelines ·············································································· 124

Configuration prerequisites ································································································ 125

Configuring outbound dynamic NAT ···················································································· 125

Configuring inbound dynamic NAT ······················································································ 126 Configuring NAT Server ·········································································································· 127

Configuring common NAT Server ······················································································· 127

Configuring load sharing NAT Server ··················································································· 128

Configuring ACL-based NAT Server ···················································································· 129 Configuring NAT444 ··············································································································· 129

Configuring static NAT444 ································································································· 129

Configuring dynamic NAT444 ···························································································· 130

Enabling global mapping sharing for dynamic NAT444 ···························································· 131 Configuring DS-Lite NAT444 ···································································································· 131 Configuring NAT with DNS mapping ·························································································· 132 Configuring NAT hairpin ·········································································································· 132 Configuring NAT with ALG ······································································································· 133 Configuring NAT logging ·········································································································· 133

Configuring NAT session logging ························································································ 133

Configuring NAT444 user logging ······················································································· 134

Configuring NAT alarm logging ··························································································· 135

Configuring port block usage threshold for dynamic NAT444 ···················································· 135 Enabling sending ICMP error messages for NAT failures ································································ 135 Enabling NAT reply redirection ·································································································· 136 Enabling the deletion of timestamps in TCP SYN and SYN ACK packets ··········································· 136 Displaying and maintaining NAT ································································································ 137 NAT configuration examples ····································································································· 138

Outbound one-to-one static NAT configuration example ·························································· 138

Outbound dynamic NAT configuration example (non-overlapping addresses) ······························· 139

Outbound bidirectional NAT configuration example ································································· 142

NAT Server for external-to-internal access configuration example ·············································· 144

NAT Server for external-to-internal access through domain name configuration example ················ 147

Bidirectional NAT for external-to-internal NAT Server access through domain name configuration example

··································································································································· 149

NAT hairpin in C/S mode configuration example ···································································· 153

NAT hairpin in P2P mode configuration example ···································································· 155

Twice NAT configuration example ······················································································· 157

Load sharing NAT Server configuration example ···································································· 160

NAT with DNS mapping configuration example ······································································ 162

Static NAT444 configuration example ·················································································· 164

Dynamic NAT444 configuration example ·············································································· 166

DS-Lite NAT444 configuration example ················································································ 168

NAT444 gateway unified with BRAS device configuration example ············································ 170

Basic IP forwarding on the device ···················································· 172



FIB table ······························································································································ 172 Displaying FIB table entries ······································································································ 172

Configuring load sharing ································································ 174

Configuring per-packet or per-flow load sharing ············································································ 174 Configuring load sharing based on bandwidth ·············································································· 174

Configuring fast forwarding ····························································· 176

Overview ······························································································································ 176 Configuring the aging time for fast forwarding entries ····································································· 176 Configuring fast forwarding load sharing ····················································································· 176 Displaying and maintaining fast forwarding ·················································································· 177

Configuring flow classification ························································· 178

Specifying a flow classification policy ························································································· 178

Displaying the adjacency table ························································ 179 Configuring IRDP ········································································· 181

Overview ······························································································································ 181

IRDP operation ··············································································································· 181

Basic concepts ··············································································································· 181

Protocols and standards ··································································································· 182 Configuration procedure ·········································································································· 182 IRDP configuration example ····································································································· 183

Network requirements ······································································································ 183

Configuration procedure ··································································································· 183

Verifying the configuration ································································································· 184

Optimizing IP performance ····························································· 185

Enabling an interface to receive and forward directed broadcasts destined for the directly connected network

·········································································································································· 185

Configuration procedure ··································································································· 185

Configuration example ······································································································ 185 Setting MTU for an interface ····································································································· 186 Setting TCP MSS for an interface ······························································································ 187 Configuring TCP path MTU discovery ························································································· 187 Enabling TCP SYN Cookie ······································································································· 188 Setting the TCP buffer size ······································································································ 188 Setting TCP timers ················································································································· 189 Enabling sending ICMP error messages ····················································································· 189 Disabling forwarding ICMP fragments ························································································· 191 Configuring rate limit for ICMP error messages············································································· 191 Specifying the source address for ICMP packets ·········································································· 191 Enabling IPv4 local fragment reassembly ···················································································· 192 Displaying and maintaining IP performance optimization ································································ 192

Configuring UDP helper ································································· 194

Overview ······························································································································ 194 Configuration restrictions and guidelines ····················································································· 194 Configuring UDP helper to convert broadcast to unicast ································································· 194 Configuring UDP helper to convert broadcast to multicast ······························································· 195 Configuring UDP helper to convert multicast to broadcast or unicast ················································· 196 Displaying and maintaining UDP helper ······················································································ 196 UDP helper configuration examples ··························································································· 197

Configuring UDP helper to convert broadcast to unicast ·························································· 197

Configuring UDP helper to convert broadcast to multicast ························································ 197

Configuring UDP helper to convert multicast to broadcast ························································ 199

Configuring basic IPv6 settings ······················································· 200



Overview ······························································································································ 200

IPv6 features ·················································································································· 200

IPv6 addresses ··············································································································· 201

IPv6 ND protocol ············································································································· 203

IPv6 path MTU discovery ·································································································· 205 IPv6 transition technologies ······································································································ 206

Dual stack ······················································································································ 206

Tunneling ······················································································································ 206

6PE ······························································································································ 207 Protocols and standards ·········································································································· 207 IPv6 basics configuration task list ······························································································ 207 Assigning IPv6 addresses to interfaces ······················································································· 208

Configuring an IPv6 global unicast address ··········································································· 208

Configuring an IPv6 link-local address ················································································· 211

Configuring an IPv6 anycast address ··················································································· 212 Configuring IPv6 ND ··············································································································· 212

Configuring a static neighbor entry ······················································································ 212

Setting the maximum number of dynamic neighbor entries ······················································· 213

Setting the aging timer for ND entries in stale state ································································· 213

Minimizing link-local ND entries ·························································································· 213

Setting the hop limit ········································································································· 214

Configuring parameters for RA messages ············································································· 214

Setting the maximum number of attempts to send an NS message for DAD ································· 216

Enabling ND proxy ··········································································································· 217

Configuring IPv6 ND suppression ······················································································· 218

Configuring IPv6 ND direct route advertisement ····································································· 219 Configuring path MTU discovery ······························································································· 220

Setting the interface MTU ·································································································· 220

Setting a static path MTU for an IPv6 address ······································································· 221

Setting the aging time for dynamic path MTUs ······································································· 221 Controlling sending ICMPv6 messages ······················································································· 221

Configuring the rate limit for ICMPv6 error messages ······························································ 221

Enabling replying to multicast echo requests ········································································· 222

Enabling sending ICMPv6 destination unreachable messages ·················································· 222

Enabling sending ICMPv6 time exceeded messages ······························································ 223

Enabling sending ICMPv6 redirect messages ········································································ 223

Specifying the source address for ICMPv6 packets ································································· 223 Enabling IPv6 local fragment reassembly ···················································································· 224 Configuring IPv6 load sharing based on bandwidth ······································································· 224 Enabling a device to discard IPv6 packets that contain extension headers ········································· 225 Displaying and maintaining IPv6 basics ······················································································ 225 IPv6 configuration examples ····································································································· 227

Basic IPv6 configuration example ······················································································· 227

IPv6 ND suppression configuration example ········································································· 231 Troubleshooting IPv6 basics configuration ··················································································· 232

Symptom ······················································································································· 232

Solution ························································································································· 232

DHCPv6 overview ········································································ 233

DHCPv6 address/prefix assignment ··························································································· 233

Rapid assignment involving two messages ··········································································· 233

Assignment involving four messages ··················································································· 233 Address/prefix lease renewal ···································································································· 234 Stateless DHCPv6 ················································································································· 235 Protocols and standards ·········································································································· 235

Configuring the DHCPv6 server ······················································ 236

Overview ······························································································································ 236

IPv6 address assignment ·································································································· 236

IPv6 prefix assignment ····································································································· 236

Concepts ······················································································································· 237

DHCPv6 address pool ······································································································ 237

IPv6 address/prefix allocation sequence ··············································································· 238 Configuration task list·············································································································· 239 Configuring IPv6 prefix assignment ···························································································· 239

Configuration guidelines ··································································································· 239

vii

Configuration procedure ··································································································· 240 Configuring IPv6 address assignment ························································································ 240

Configuration guidelines ··································································································· 241

Configuration procedure ··································································································· 241 Configuring network parameters assignment ··············································································· 242

Configuring network parameters in a DHCPv6 address pool ····················································· 242

Configuring network parameters in a DHCPv6 option group ····················································· 243 Configuring a DHCPv6 policy for IPv6 address and prefix assignment ··············································· 244 Configuring the DHCPv6 server on an interface ············································································ 245

Configuration guidelines ··································································································· 245

Configuration procedure ··································································································· 245 Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 server ·········································· 246 Configuring DHCPv6 binding auto backup ··················································································· 246 Advertising subnets assigned to clients ······················································································· 247 Applying a DHCPv6 address pool to a VPN instance ····································································· 247 Enabling DHCPv6 logging on the DHCPv6 server ········································································· 248 Displaying and maintaining the DHCPv6 server ············································································ 248 DHCPv6 server configuration examples ······················································································ 249

Dynamic IPv6 prefix assignment configuration example ··························································· 249

Dynamic IPv6 address assignment configuration example ······················································· 251

Configuring the DHCPv6 relay agent ················································ 254

Overview ······························································································································ 254 DHCPv6 relay agent configuration task list ·················································································· 255 Enabling the DHCPv6 relay agent on an interface ········································································· 255 Specifying DHCPv6 servers on the relay agent ············································································ 255 Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 relay agent ··································· 256 Specifying a padding mode for the Interface-ID option ··································································· 256 Configuring a DHCPv6 relay address pool ··················································································· 257 Specifying a gateway address for DHCPv6 clients ········································································ 257 Displaying and maintaining the DHCPv6 relay agent ····································································· 258 DHCPv6 relay agent configuration example ················································································· 258

Network requirements ······································································································ 258

Configuration procedure ··································································································· 259

Verifying the configuration ································································································· 259

Configuring the DHCPv6 client ························································ 261

Overview ······························································································································ 261 Configuration restrictions and guidelines ····················································································· 261 DHCPv6 client configuration task list ·························································································· 261 Configuring IPv6 address acquisition ·························································································· 261 Configuring IPv6 prefix acquisition ····························································································· 262 Configuring IPv6 address and prefix acquisition ············································································ 262 Configuring stateless DHCPv6 ·································································································· 262 Configuring the DHCPv6 client DUID ························································································· 263 Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 client ··········································· 263 Displaying and maintaining DHCPv6 client ·················································································· 263 DHCPv6 client configuration examples ······················································································· 264

IPv6 address acquisition configuration example ····································································· 264

IPv6 prefix acquisition configuration example ········································································ 265

IPv6 address and prefix acquisition configuration example ······················································· 267

Stateless DHCPv6 configuration example ············································································· 269

Configuring IPv6 fast forwarding ······················································ 272

Overview ······························································································································ 272 Configuring the aging time for IPv6 fast forwarding entries ······························································ 272 Configuring IPv6 fast forwarding load sharing ·············································································· 272 Displaying and maintaining IPv6 fast forwarding ··········································································· 273

Configuring tunneling ···································································· 274

Overview ······························································································································ 274

IPv6 over IPv4 tunneling ··································································································· 274

viii

IPv4 over IPv4 tunneling ··································································································· 276

IPv4 over IPv6 tunneling ··································································································· 277

IPv6 over IPv6 tunneling ··································································································· 281

Protocols and standards ··································································································· 281 Tunneling configuration task list ································································································ 282 Configuring a tunnel interface ··································································································· 282 Configuring an IPv6 over IPv4 manual tunnel ··············································································· 283

Configuration example ······································································································ 284 Configuring an automatic IPv4-compatible IPv6 tunnel ··································································· 286

Configuration example ······································································································ 287 Configuring a 6to4 tunnel ········································································································· 288

6to4 tunnel configuration example ······················································································· 289

6to4 relay configuration example ························································································ 291 Configuring an ISATAP tunnel ·································································································· 293

Configuration example ······································································································ 293 Configuring an IPv4 over IPv4 tunnel ························································································· 296

Configuration example ······································································································ 297 Configuring an IPv4 over IPv6 manual tunnel ··············································································· 298

Configuration example ······································································································ 299 Configuring a DS-Lite tunnel ····································································································· 301

Configuration example ······································································································ 303 Configuring an IPv6 over IPv6 tunnel ························································································· 305

Configuration example ······································································································ 306 Displaying and maintaining tunneling configuration ······································································· 307 Troubleshooting tunneling configuration ······················································································ 308

Symptom ······················································································································· 308

Analysis ························································································································ 308

Solution ························································································································· 308

Configuring GRE ·········································································· 309

Overview ······························································································································ 309

GRE encapsulation format ································································································ 309

GRE tunnel operating principle ··························································································· 309

GRE security mechanisms ································································································ 310

GRE application scenarios ································································································ 310

Protocols and standards ··································································································· 312 Configuring a GRE/IPv4 tunnel ································································································· 313

Configuration guidelines ··································································································· 313

Configuration procedure ··································································································· 313 Configuring a GRE/IPv6 tunnel ································································································· 315

Configuration guidelines ··································································································· 315

Configuration procedure ··································································································· 315 Displaying and maintaining GRE ······························································································· 316 GRE configuration examples ···································································································· 317

Configuring an IPv4 over IPv4 GRE tunnel ············································································ 317

Configuring an IPv4 over IPv6 GRE tunnel ············································································ 319 Troubleshooting GRE ············································································································· 321

Symptom ······················································································································· 322

Analysis ························································································································ 322

Solution ························································································································· 322

Configuring ADVPN ······································································ 323

Overview ······························································································································ 323

ADVPN structures ··········································································································· 323

How ADVPN operates ······································································································ 325

NAT traversal ················································································································· 328

QoS for ADVPN tunnel traffic ····························································································· 328 Feature and hardware compatibility ··························································································· 328 ADVPN configuration task list ··································································································· 328 Configuring AAA ···················································································································· 329 Configuring the VAM server ····································································································· 329

Creating an ADVPN domain ······························································································ 329

Enabling the VAM server ·································································································· 329

Configuring a pre-shared key for the VAM server ··································································· 330

Configuring hub groups ···································································································· 330

Setting the port number of the VAM server ············································································ 332

Specifying authentication and encryption algorithms for the VAM server ····································· 332

Configuring an authentication method ·················································································· 333

Configuring keepalive parameters ······················································································· 333

Setting the retry timer ······································································································· 334 Configuring the VAM client ······································································································· 334

Creating a VAM client ······································································································· 334

Enabling VAM clients ······································································································· 335

Specifying VAM servers ···································································································· 335

Specifying an ADVPN domain for a VAM client ······································································ 335

Configuring a pre-shared key for a VAM client ······································································· 335

Setting the retry interval and retry number for a VAM client ······················································ 336

Setting the dumb timer for a VAM client················································································ 336

Configuring a username and password for a VAM client ·························································· 336 Configuring an ADVPN tunnel interface ······················································································ 337 Configuring routing ················································································································· 339 Configuring IPsec for ADVPN tunnels ························································································· 339 Displaying and maintaining ADVPN ··························································································· 339 ADVPN configuration examples ································································································ 341

IPv4 full-mesh ADVPN configuration example ······································································· 341

IPv6 full-mesh ADVPN configuration example ······································································· 348

IPv4 hub-spoke ADVPN configuration example ······································································ 356

IPv6 hub-spoke ADVPN configuration example ······································································ 363

IPv4 multi-hub-group ADVPN configuration example ······························································· 371

IPv6 multi-hub-group ADVPN configuration example ······························································· 384

IPv4 full-mesh NAT traversal ADVPN configuration example ···················································· 399

Configuring AFT ··········································································· 407

Overview ······························································································································ 407 AFT implementations ·············································································································· 407

Static AFT ······················································································································ 407

Dynamic AFT ················································································································· 407

Prefix translation ············································································································· 408

AFT internal server ·········································································································· 409 AFT translation process ··········································································································· 409

IPv6-initiated communication ····························································································· 409

IPv4-initiated communication ····························································································· 410 AFT with ALG ······················································································································· 411 AFT configuration task list ········································································································ 411

IPv6-initiated communication ····························································································· 411

IPv4-initiated communication ····························································································· 412 Enabling AFT ························································································································ 412 Configuring an IPv6-to-IPv4 destination address translation policy ···················································· 412 Configuring an IPv6-to-IPv4 source address translation policy ························································· 413 Configuring an IPv4-to-IPv6 destination address translation policy ···················································· 414 Configuring an IPv4-to-IPv6 source address translation policy ························································· 415 Configuring AFT logging ·········································································································· 416 Setting the ToS field to 0 for translated IPv4 packets ····································································· 416 Setting the Traffic Class field to 0 for translated IPv6 packets ·························································· 416 Displaying and maintaining AFT ································································································ 416 AFT configuration examples ····································································································· 417

Allowing IPv4 Internet access from an IPv6 network ······························································· 417

Providing FTP service from an IPv6 network to the IPv4 Internet ··············································· 420

Allowing mutual access between IPv4 and IPv6 networks ························································ 421

Allowing IPv6 Internet access from an IPv4 network ······························································· 423

Providing FTP service from an IPv4 network to the IPv6 Internet ··············································· 426

Configuring WAAS ······································································· 429

TFO ···································································································································· 429

Slow start optimization ······································································································ 429

Increased buffering ·········································································································· 429

Congestion algorithm optimization······················································································· 429

Selective acknowledgement ······························································································ 430 DRE ···································································································································· 430

DRE compression process ································································································ 430

DRE decompression process ····························································································· 430 LZ compression ····················································································································· 431 Protocols and standards ·········································································································· 431 Configuration restrictions and guidelines ····················································································· 431 WAAS configuration task list ····································································································· 431 Configuring a WAAS class ······································································································· 431 Configuring a WAAS policy ······································································································ 432 Applying a WAAS policy to an interface ······················································································ 432 Configuring TFO parameters ···································································································· 433 Configuring the TFO blacklist autodiscovery feature ······································································ 434 Deleting all WAAS settings ······································································································· 434 Restoring predefined WAAS settings ·························································································· 434 Displaying and maintaining WAAS ····························································································· 435 WAAS configuration examples ·································································································· 435

Predefined WAAS policy configuration example ····································································· 435

User-defined WAAS policy configuration example ·································································· 437

Document conventions and icons ···················································· 441

Conventions ························································································································· 441 Network topology icons ··········································································································· 442

Support and other resources ·························································· 443

Accessing Hewlett Packard Enterprise Support ············································································ 443 Accessing updates ················································································································· 443

Websites ······················································································································· 444

Customer self repair ········································································································· 444

Remote support ·············································································································· 444

Documentation feedback ·································································································· 444

Index ························································································· 446

Configuring ARP

Overview

ARP resolves IP addresses into MAC addresses on Ethernet networks.

ARP message format

ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP request/reply messages. Numbers in the figure refer to field lengths.

Figure 1 ARP message format

• Hardware type—Hardware address type. The value 1 represents Ethernet.

• Protocol type—Type of the protocol address to be mapped. The hexadecimal value 0x0800

represents IP.

• Hardware address length and protocol address length— Length, in bytes, of a hardware address and a protocol address. For an Ethernet address, the value of the hardware address length field is 6. For an IPv4 address, the value of the protocol address length field is 4.

• OP—Operation code, which describes the type of ARP message. The value 1 represents an ARP request, and the value 2 represents an ARP reply.

• Sender hardware address—Hardware address of the device sending the message.

• Sender protocol address—Protocol address of the device sendin g the message.

• Target hardware address—Hardware address of the device to which the message is being

sent.

• Target protocol address—Protocol address of the device to which the messag e is being sent.

ARP operating mechanism

As shown in Figure 2, Host A and Host B are on the same subnet. Host A sends a packet to Host B as follows:

1. Host A looks through the ARP table for an ARP entry for Host B. If one entry is found, Host A uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame. Then Host A sends the frame to Host B.

2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request. The payload of the ARP request contains the following information:

{ Sender IP address and sender MAC address—Host A's IP address and MAC address. { Target IP address—Host B's IP address. { Target MAC address—An all-zero MAC address.

All hosts on this subnet can receive the broadcast request, but only the requested host (Host B) processes the request.

3. Host B compares its own IP address with the target IP address in the ARP request. If they are the same, Host B operates as follows:

a. Adds the sender IP address and sender MAC address into its ARP table. b. Encapsulates its MAC add ress into an ARP reply. c. Unicasts the ARP reply to Host A.

4. After receiving the ARP reply, Host A operates as follows: a. Adds the MAC address of Host B into its ARP table. b. Encapsulates the MAC add ress into the packet and sends the packet to Host B.

Figure 2 ARP address resolution process

If Host A and Host B are on different subnets, Host A sends a packet to Host B as follows:

5. Host A broadcasts an ARP request where the target IP address is the IP address of the gateway.

6. The gateway responds with its MAC address in an ARP reply to Host A.

7. Host A uses the gateway's MAC address to encapsulate the packet, and then sen ds the packet

to the gateway.

8. If the gateway has an ARP entry for Host B, it forwards the packet to Host B directly. If not, the gateway broadcasts an ARP request, in which the target IP address is the IP address of Host B.

9. After the gateway gets the MAC address of Host B, it sends the packet to Host B.

ARP table

An ARP table stores dynamic, static, OpenFlow, and Rule ARP entries.

Dynamic ARP entry

ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its aging timer expires or the output interface goes down. In addition, a dynamic ARP entry can be overwritten by a static ARP entry.

Static ARP entry

A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry.

Static ARP entries protect communication between devices because attack packets cannot modify the IP-to-MAC mapping in a static ARP entry.

A static ARP entry contains only the IP address and MAC address.

• If the output interface is a Layer 3 Ethernet interface, the ARP entry can be directly used to forward packets.

• If the output interface is a VLAN interface, the device sends an ARP request whose target IP address is the IP address in the entry . If the sender IP and MAC addresses in the received ARP reply match the static ARP entry, the device performs the following operations:

{ Adds the interface that received the ARP reply to the static ARP entry. { Uses the resolved static A RP entry to forward IP packets.

T o communicate with a ho st by using a fixed IP-to-MAC mapping, configure a static ARP entry on the device.

OpenFlow ARP entry

ARP creates OpenFlow ARP entries by learning from the OpenFlow module. An OpenFlow ARP entry does not age out, and it cannot be updated. It can be overwritten by a static ARP entry. An OpenFlow ARP entry can be used directly to forwar d packets. For more information about Op enFlow , see OpenFlow Configuration Guide.

Rule ARP entry

ARP creates Rule ARP entries by learning from the IPoE, portal, and VXLAN modules. A Rule ARP entry does not age out, and it cannot be updated. It can be overwritten by a static ARP entry. A Rule ARP entry can be used directly to forward packets.

For more information about IPoE, see Layer 2—WAN Access Configuration Guide. For more information about portal, see Security Configuration Guide. For more information about VXLAN, see VXLAN Configuration Guide.

Configuring a static ARP entry

Static ARP entries are effective when the device functions correctly. To configure a static ARP entry:

Step Command Remarks

1. Enter system view.

2. Configure a static ARP

entry.

system-view arp static

vpn-instance

[

ip-address mac-address

vpn-instance-name ]

N/A By default, no static ARP entries

exist.

Setting the maximum number of dynamic ARP entries for a device

A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the device can learn. When the maximum number is reached, the device stops learning ARP entries.

If you set a value lower than the number of existing dynamic ARP entries, the device does not remove the existing entries unless they are aged out.

To set the maximum number of dynamic ARP entries for a device:

Step Command Remarks

1. Enter system view.

system-view

N/A

Step Command Remarks

By default, the maximum number of dynamic ARP entries that a device can learn is the upper limit of the allowed value range.

To disable the device from learning dynamic ARP entries, set the number to 0.

2. Set the maximum number of dynamic ARP entries for the device.

• In standalone mode: arp max-learning-number max-number slot slot-number

• In IRF mode: arp max-learning-number

max-number chassis chassis-number slot slot-number

Setting the maximum number of dynamic ARP entries for an interface

An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When the maximum number is reached, the interface stops learning ARP entries.

You can set limits for both a Layer 2 interface and the VLAN interface for a permitted VLAN on the Layer 2 interface. The Layer 2 interface learns an ARP entry only when neither limit is reached.

The total number of dynamic ARP entries that all interfaces learn will not be larger than the maximum number of dynamic A RP entries set for the device.

To set the maximum number of dynamic ARP entries for an interface:

Step Command Remarks

1. Enter system view.

2. Enter interface view.

3. Set the maximum number

of dynamic ARP entries for the interface.

system-view interface

interface-number

arp max-learning-num

max-number

interface-type

N/A

By default, the maximum number of dynamic ARP entries that an interface can learn is the upper limit of the allowed value range.

To disable the interface from learning dynamic ARP entries, set the number to 0.

Setting the aging timer for dynamic ARP entries

Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. A dynamic ARP entry that is not updated before its aging timer expires is deleted from the ARP table.

To set the aging timer for dynamic ARP entrie s:

Step Command Remarks

1. Enter system view.

2. Set the aging timer for dynamic

ARP entries.

system-view

arp timer aging

N/A

aging-time The default setting is 20 minutes.

Enabling dynamic ARP entry check

The dynamic ARP entry check feature disables the de vice from supporting dynamic ARP entries that contain multicast MAC addresses. The device cannot learn dynamic ARP entries containing multicast MAC addresses. You cannot manually add static ARP entries containing multicast MAC addresses.

When dynamic ARP entry check is disabled, ARP entries containing multicast MAC addresses are supported. The device can learn dynamic ARP entries containing multicast MAC addresses obtained from the ARP packets sourced from a unicast MAC address. You can also manually add static ARP entries containing multicast MAC addresses.

To enable dynamic ARP entry check:

Step Command Remarks

1. Enter system view.

2. Enable dynamic ARP entry

check.

system-view

arp check enable

N/A By default, dynamic ARP entry check is

enabled.

Enabling ARP logging

This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly. The device can log the following ARP events:

• On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of the following IP addresses:

{ The IP address of the receiving interface. { The virtual IP address of the VRRP group. { The public IP address after NAT.

• The sender IP address of a received ARP reply conflicts with on e of the following IP addresses:

{ The IP address of the receiving interface. { The virtual IP address of the VRRP group. { The public IP address after NAT.

The device sends ARP log messages to the informatio n center . You can use the info-center source command to specify the log output rules for the information center. For more information about information center, see Network Management and Monitoring Configuration Guide.

To enable the ARP logging feature:

Step Command Remarks

1. Enter system view.

2. Enable the ARP logging

feature.

system-view

arp check log enable

N/A By default, ARP logging is disabled.

Displaying and maintaining ARP

IMPORTANT:

Clearing ARP entries from the ARP table might cause communication failures. Make sure the entries to be cleared do not affect current communications.

Execute display commands in any view and reset commands in user view.

Task Command

Display ARP entries (in standalone mode).

display arp

vlan-id |

verbose ]

all

[ [

interface

dynamic

interface-type interface-number ] [

static

] [

slot

slot-number ] |

count

vlan

Display ARP entries (in IRF mode).

Display the ARP entry for an IP address (in standalone mode).

Display the ARP entry for an IP address (in IRF mode).

Display the ARP entries for a VPN instance.

Display the aging timer of dynamic ARP entries.

Clear ARP entries from the ARP table (in standalone mode).

Clear ARP entries from the ARP table (in IRF mode).

display arp slot

slot-number ] |

interface-number ] [

display arp

slot-number ] [

display arp vpn-instance

display arp timer aging

reset arp

interface-number |

reset arp dynamic

all

[ [

ip-address [

verbose ]

all

dynamic

{

all

chassis

{

interface

dynamic | static

vlan

vlan-id |

count

slot

interface-type interface-number |

verbose ]

slot

slot-number ] [

chassis

vpn-instance-name [

interface

slot-number |

chassis-number

chassis

] [

interface

chassis-number

interface-type

static }

Static ARP entry configuration example

Network requirements

chassis-number

interface-type

verbose ]

slot

count ]

slot

slot-number |

static }

As shown in Figure 3, hosts are connected to Router B. Router B is connected to Router A through interface GigabitEthernet 2/1/2.

To ensure secure communications between Router B and Router A, configure a static ARP entry for Router A on Router B.

Figure 3 Network diagram

Configuration procedure

# Configure an IP address for GigabitEthernet 2/1/2.

<RouterB> system-view [RouterB] interface gigabitethernet 2/1/2 [RouterB-GigabitEthernet2/1/2] ip address 192.168.1.2 24 [RouterB-GigabitEthernet2/1/2] quit

# Configure a static ARP entry that has IP address 192.168.1.1 and MAC address 00e0-fc01-001f.

[RouterB] arp static 192.168.1.1 00e0-fc01-001f

Verifying the configuration

# Verify that Router B has a static ARP entry for Router A.

[RouterB] display arp static Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid IP address MAC address SVID Interface Aging Type

192.168.1.1 00e0-fc01-001f -- -- -- S

Configuring gratuitous ARP

Overview

In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the sending device.

A device sends a gratuitous ARP packet for either of the following purposes:

• Determine whether its IP address is already used by another device. If the IP address is already used, the device is informed of the conflict by an ARP reply.

• Inform other devices of a MAC address change.

Gratuitous ARP packet learning

This feature enables a device to create or update ARP entries by using the sender IP and MAC addresses in received gratuitous ARP packets.

When this feature is disabled, the device uses received gratuitous ARP packets to update existing ARP entries only. ARP entries are not created based on the received gratuitous ARP packets, which saves ARP table space.

Periodic sending of gratuitous ARP packets

Enabling periodic sending of gratuitous ARP packets help s downstream devices update ARP entries or MAC entries in a timely manner.

This feature can implement the following functions:

• Prevent gateway spoofing. Gateway spoofing occurs when an attacker uses the gateway address to send gratuitous ARP

packets to the hosts on a network. The traffic destined for the gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the external network.

To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARP packets at intervals. Gratuitous ARP packets contain the primary IP address and manually configured secondary IP addresses of the gateway, so hosts can learn correct gateway information.

• Prevent ARP entries from aging out. If network traffic is heavy or if the host CPU usage is high, received ARP packets can be

discarded or are not promptly processed. Eventually, the dynamic ARP entries on the receiving host age out. The traffic between the host and the corresponding d evices is interrupted until the host re-creates the ARP entries.

To prevent this problem, you can enable the gateway to send gratuitous ARP packets periodically. Gratuitous ARP packets contain the primary IP address and manually configured secondary IP addresses of the gateway, so the receiving hosts can update ARP entries in a timely manner.

• Prevent the virtual IP address of a VRRP group from being used by a host. The master router of a VRRP group can periodically send gratuitous ARP packets to the hosts

on the local network. The hosts can then update local ARP entries and avoid using the virtual IP address of the VRRP group. The sender MAC address in the gratuitous ARP packet is the virtual MAC address of the virtual router. For more information about VRRP, see High Availability Configuration Guide.

• Update MAC entries of devices in the VLANs having ambiguous Dot1q or QinQ termination configured.

In VRRP configuration, if ambiguous Dot1q or QinQ termination is configured for multiple VLANs and VRRP groups, interfaces configured with VLAN termination must be disabled from transmitting broadcast/multicast packets. Also, a VRRP control VLAN must be configured so that VRRP advertisements can be transmitted within the control VLAN only. In such cases, you can enable periodic sending of gratuitous ARP packets containing the following addresses:

{ The VRRP virtual IP address. { The primary IP address or a manually configured secondary IP address of the sending

interface on the subinterfaces.

When a VRRP f a il ov er o cc urs, d ev i ces in the VLANs can use the gratuito u s ARP packets to update their corresponding MAC entries in a timely manner. For more information about ambiguous Dot1q or QinQ termination, see Layer 2—LAN Switching Configuration Guide.

Configuration procedure

When you configure gratuitous ARP, follow these restrictions and guidelines:

• You can enable periodic sending of gratuitous ARP packets on a maximum of 1024 interfaces.

• Periodic sending of gratuitous ARP packets takes ef fect on an interface only when the following

conditions are met:

{ The data link layer state of the interface is up. { The interface has an IP address.

• If you change the sending interval for gratuitous ARP packets, the configuration takes ef fect at the next sending interval.

• The sending interval for gratuitous ARP packets might be much longer than the specified sending interval in any of the following circumstances:

{ This feature is enabled on multiple interfaces. { Each interface is configured with multiple secondary IP addresses. { A small sending interval is configured when the previous two conditions exist.

To configure gratuitous ARP:

Step Command Remarks

1. Enter system view.

2. Enable learning of gratuitous

ARP packets.

3. Enable the device to send gratuitous ARP packets upon receiving ARP requests whose sender IP address belongs to a different subnet.

4. Enter interface view.

5. Enable periodic sending of

gratuitous ARP packets.

system-view

gratuitous-arp-learning enable

gratuitous-arp-sending enable

interface

interface-number

arp send-gratuitous-arp

interval

[

interface-type

interval ]

N/A By default, learning of gratuitous

ARP packets is enabled. By default, a device does not send

gratuitous ARP packets upon receiving ARP requests whose sender IP address belongs to a different subnet.

N/A

By default, periodic sending of gratuitous ARP packets is disabled.

Enabling IP conflict notification

By default, if the sender IP address of an incoming ARP packet is the same a s that of the device, the device sends a gratuitous A RP request. The device displays an error message only after it receives an ARP reply about the conflict.

You can use this command to enable the device to display error messages before sending a gratuitous ARP reply or request for conflict confirmation.

To enable IP conflict notification:

Step Command Remarks

1. Enter system view.

2. Enable IP conflict

notification.

system-view

arp ip-conflict log prompt

N/A

By default, IP conflict notification is disabled.

Configuring proxy ARP

Proxy ARP enables a device on one network to answer ARP requests for an IP address on another network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they would on the same broadcast domain.

Proxy ARP includes common proxy ARP and local proxy ARP.

• Common proxy ARP—Allows communication between hosts that conne ct to diff erent Layer 3 interfaces and reside in different broadcast domains.

• Local proxy ARP—Allows communication between hosts that connect to the same Layer 3 interface and reside in different broadcast domains.

Enabling common proxy ARP

Step Command Remarks

1. Enter system view.

2. Enter interface view.

system-view

interface

interface-number

interface-type

N/A The following interface types are

supported:

• Layer 3 Ethernet interface.

• Layer 3 Ethernet subinterface.

• Layer 3 aggregate interface.

• Layer 3 aggregate subinterface.

3. Enable common proxy ARP.

proxy-arp enable

Enabling local proxy ARP

Step Command Remarks

1. Enter system view.

2. Enter interface view.

3. Enable local proxy ARP.

system-view

interface

interface-number

local-proxy-arp enable

ip-range

[

end-ip-address ]

interface-type

start-ip-address to

Displaying proxy ARP

By default, common proxy ARP is disabled.

N/A The following interface types are

supported:

• Layer 3 Ethernet interface.

• Layer 3 Ethernet subinterface.

• Layer 3 aggregate interface.

• Layer 3 aggregate subinterface.

By default, local proxy ARP is disabled.

Execute display commands in any view .

Task Command

Display common proxy ARP status.

display proxy-arp [ interface

interface-type interface-number ]

Display local proxy ARP status.

display local-proxy-arp [ interface

interface-type interface-number ]

Common proxy ARP configuration example

Network requirements

As shown in Figure 4, Host A and Host D have the same prefix and mask, but they are located on different subnets. No default gateway is configured on Host A and Host D.

Configure common proxy ARP on the router to enable communication between Host A and Host D.

Figure 4 Network diagram

Configuration procedure

# Configure the IP address of interface GigabitEthernet 2/1/2.

<Router> system-view [Router] interface gigabitethernet 2/1/2 [Router-GigabitEthernet2/1/2] ip address 192.168.10.99 255.255.255.0

# Enable common proxy ARP on interface GigabitEthernet 2/1/2.

[Router-GigabitEthernet2/1/2] proxy-arp enable [Router-GigabitEthernet2/1/2] quit

# Configure the IP address of interface GigabitEthernet 2/1/1.

[Router] interface gigabitethernet 2/1/1 [Router-GigabitEthernet2/1/1] ip address 192.168.20.99 255.255.255.0

# Enable common proxy ARP on interface GigabitEthernet 2/1/1.

[Router-GigabitEthernet2/1/1] proxy-arp enable

[Router-GigabitEthernet2/1/1] quit

Verifying the configuration

# Verify that Host A and Host D can ping each other.

Configuring ARP suppression

Overview

The ARP suppression feature enables a device to directly answer ARP requests by using ARP suppression entries. The device generates ARP suppression entrie s based on dy namic ARP entries that it learns. This feature is typically configured on the PEs connected to base stations in an MPLS L2VPN that provides access to an L3VPN network.

You can also configure the ARP suppression push feature to push ARP suppression entries by broadcasting gratuitous ARP packets.

Figure 5 s

to the base station. The PE generates ARP suppression entries for the base station, PE-agg 1, and PE-agg 2, and it directly replies subsequent ARP requests for these devices.

Figure 5 Typical application

hows a typical application scenario. ARP suppression is enabled on the PE that connects

Configuration procedure

Step Command Remarks

1. Enter system view.

2. Create a cross-connect

group and enter its view.

3. Create a cross-connect and enter its view.

4. Enable ARP suppression.

system-view

xconnect-group

connection

arp suppression enable

N/A

group-name

connection-name

By default, no cross-connect groups exist.

For more information about this command, see MPLS Command Reference.

By default, no cross-connects exist. For more information about this

command, see MPLS Command Reference.

By default, ARP suppression is disabled.

Step Command Remarks

5. Return to cross-connect

group view.

6. Return to system view.

7. (Optional.) Enable the

ARP suppression push feature and set a push interval.

quit

arp suppression push interval

interval

N/A N/A

By default, the ARP suppression push feature is disabled.

Displaying and maintaining ARP suppression

Execute display commands in any view and reset commands in user view.

Task Command

Display ARP suppression entries (in standalone mode).

display arp suppression xconnect-group

group-name ] [

slot

slot-number ] [

count ]

name

[

Display ARP suppression entries (in IRF mode).

Clear dynamic ARP suppression entries (in standalone mode).

Clear dynamic ARP suppression entries (in IRF mode).

display arp suppression xconnect-group

group-name ] [

count ]

[

reset arp suppression xconnect-group

slot

[

slot-number ]

reset arp suppression xconnect-group

chassis

[

chassis

chassis-number

slot

slot-number ]

slot

[

ARP suppression configuration example

Network requirements

As shown in Figure 6, the base station, Router A, and Router B are in an MPLS L2VPN. Enable ARP suppression on Router A to directly reply to ARP requests for Router B.

Figure 6 Network diagram

name

[

slot-number ]

name

group-name ]

name

group-name ]

Configuration procedure

1. Configure IP addresses for the interfaces, and make sure the base station can reach the L3VE interface VE-L3VPN 1 of Router B. (Details not shown.)

2. Configure ARP suppression on Router A: # Create a cross-connect group named vpna and create a cross-connect named svc in the

group.

<RouterA> system-view [RouterA] xconnect-group vpna

[RouterA-xcg-vpna] connection svc

# Enable ARP suppression for the cross-connect svc in cross-connect group vpna.

[RouterA-xcg-vpna-svc] arp suppression enable

Verifying the configuration

1. On the base station, clear ARP entries, and ping the L3VE interface VE-L3VPN 1 of Router B. (Details not shown.)

2. Verify that Router A has ARP suppression entries for the base station and Router B.

[RouterA-xcg-vpna-svc] display arp suppression xconnect-group IP address MAC address Xconnect-group Connection Aging

10.1.1.1 00e0-fc04-582c vpna svc 25

10.1.1.3 0023-89b7-0861 vpna svc 25

3. Enable ARP debugging on Router B to verify that Router B does not receive an ARP request from the base station under the following conditions (details not shown):

a. Clear ARP entries on the base station. b. Ping the L3VE interface VE-L3VPN 1 of Router B from the base station.

Configuring ARP direct route advertisement

Overview

The ARP direct route advertisement feature advertises host route s instead of advertising the network route. This feature is typically configured on PE-aggs to advertise host routes to the connected PEs in the L3VPN.

Figure 7 sho

to a base station in the L2VPN. Traffic from the PE in the L3VPN to the base station can be load shared by PE-agg 1 and PE-agg 2. If PE-agg 1 fails, the PE uses the host route through PE-agg 2 to forward traffic.

Figure 7 Typical application

ws a typical application scenario where the PE in the L3VPN has ECMP routes destined

Configuration procedure

Step Command Remarks

1. Enter system view.

2. Create an L3VE

interface and enter its view.

3. Enable the ARP direct route advertisement feature.

system-view

interface ve-l3vpn

interface-number

arp route-direct advertise

N/A

By default, no L3VE interface exists. For more information about this

command, see MPLS Command Reference.

By default, the ARP direct route advertisement feature is disabled.

+ 426 hidden pages

HP FlexNetwork HSR6800 Comware 7 Layer 3—IP Services Configuration Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Configuring ARP

Overview

ARP message format

ARP operating mechanism

ARP table

Dynamic ARP entry

Static ARP entry

OpenFlow ARP entry

Rule ARP entry

Configuring a static ARP entry

Setting the maximum number of dynamic ARP entries for a device

Setting the maximum number of dynamic ARP entries for an interface

Setting the aging timer for dynamic ARP entries

Enabling dynamic ARP entry check

Enabling ARP logging

Displaying and maintaining ARP

Static ARP entry configuration example

Network requirements

Configuration procedure

Verifying the configuration

Configuring gratuitous ARP

Overview

Gratuitous ARP packet learning

Periodic sending of gratuitous ARP packets

Configuration procedure

Enabling IP conflict notification

Configuring proxy ARP

Enabling common proxy ARP

Enabling local proxy ARP

Displaying proxy ARP

Common proxy ARP configuration example

Network requirements

Configuration procedure

Verifying the configuration

Configuring ARP suppression

Overview

Configuration procedure

Displaying and maintaining ARP suppression

ARP suppression configuration example

Network requirements

Configuration procedure

Verifying the configuration

Configuring ARP direct route advertisement

Overview

Configuration procedure