FlexFabric 12900E Switch Series Layer 3—IP Services

Aruba FlexFabric 12900E Switch Series Layer 3—IP Services, JH255A, JH262A, JH345A, JH951A, JL844A, JL845A, R9F19A, R9F20A Configuration Guide

  • Hello! I've reviewed the HPE FlexFabric 12900E Switch Series Layer 3 IP Services Configuration Guide. This document covers a wide range of topics, including ARP, DHCP, DNS, and IP forwarding settings. I'm ready to assist you with any questions you have about configuring your FlexFabric 12900E switch using this guide. I'm familiar with the details of creating static ARP entries, configuring DHCP servers, setting up DNS proxies, and managing IP forwarding rules. Just ask, and I will do my best to help!
  • How can I configure a static ARP entry?
    What is the purpose of gratuitous ARP?
    How do I configure the DHCP server?
    What is ARP Snooping?
    How can i enable DDNS?
HPE FlexFabric 12900E Switch Series
Layer 3—IP Services Configuration Guide
Software
version: Release 5210
Document version: 6W100-20230424
© Copyright 2023 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
i
Contents
Configuring ARP ···························································································· 1
About ARP ························································································································································· 1
ARP message format ································································································································· 1
ARP operating mechanism ························································································································ 1
ARP entry types ········································································································································· 2
ARP tasks at a glance ········································································································································ 3
Configuring a static ARP entry ··························································································································· 3
Configuring a short static ARP entry ·········································································································· 3
Configuring a long static ARP entry ··········································································································· 4
Configuring features for dynamic ARP entries ··································································································· 4
Setting the dynamic ARP learning limit for a device ·················································································· 4
Setting the dynamic ARP learning limit for an interface ············································································· 5
Setting the aging timer for dynamic ARP entries ······················································································· 5
Setting the maximum number of probes for dynamic ARP entries ···························································· 6
Setting the interval for probing dynamic ARP entries ················································································· 6
Enabling dynamic ARP entry check ··········································································································· 7
Performing ARP entry synchronization ·············································································································· 7
Configuring a customer-side or network-side port ····························································································· 8
Enabling an IP unnumbered interface to learn ARP entries for different subnets ·············································· 8
Enabling unique ARP entry learning for IP addresses ······················································································· 9
Enabling recording user IP address conflicts ····································································································· 9
Enabling interface consistency check between ARP and MAC address entries·············································· 10
Enabling recording user port migrations ·········································································································· 10
Enabling ARP logging ······································································································································ 11
Verifying and maintaining ARP ························································································································ 11
Displaying ARP entries ···························································································································· 11
Clearing ARP entries ································································································································ 12
ARP configuration examples ···························································································································· 12
Example: Configuring a long static ARP entry ························································································· 12
Example: Configuring a short static ARP entry ························································································ 13
Configuring gratuitous ARP ········································································· 15
About gratuitous ARP······································································································································· 15
IP conflict detection ·································································································································· 15
Gratuitous ARP packet learning ··············································································································· 15
Periodic sending of gratuitous ARP packets ···························································································· 15
Gratuitous ARP tasks at a glance ···················································································································· 16
Enabling IP conflict notification ························································································································ 16
Enabling gratuitous ARP packet learning········································································································· 16
Enabling periodic sending of gratuitous ARP packets ····················································································· 17
Enabling sending gratuitous ARP packets for ARP requests with sender IP address on a different subnet ··· 17
Configuring gratuitous ARP packet retransmission for the device MAC address change ······························· 18
Configuring proxy ARP ················································································ 19
About proxy ARP·············································································································································· 19
Enabling common proxy ARP ·························································································································· 19
Enabling local proxy ARP································································································································· 19
Verifying and maintaining proxy ARP··············································································································· 20
Common proxy ARP configuration example ···································································································· 20
Example: Configuring common proxy ARP ······························································································ 20
Configuring ARP snooping ··········································································· 22
About ARP snooping ········································································································································ 22
Creation of ARP snooping entries ············································································································ 22
Aging of ARP snooping entries ················································································································ 22
Protection for ARP snooping ···················································································································· 22
Enabling ARP snooping for a VLAN ················································································································ 22
ii
Enabling ARP snooping for a VSI ···················································································································· 23
Verifying and maintaining ARP snooping ········································································································· 23
Displaying ARP snooping entries ············································································································· 23
Clearing ARP snooping entries ················································································································ 23
Configuring ARP fast-reply ·········································································· 24
About ARP fast-reply········································································································································ 24
Enabling ARP fast-reply ··································································································································· 24
ARP fast-reply configuration example ·············································································································· 25
Example: Configuring ARP fast-reply······································································································· 25
Configuring ARP direct route advertisement ················································ 26
About ARP direct route advertisement ············································································································· 26
Mechanism of ARP direct route advertisement ························································································ 26
Application in Layer 3 access networks ··································································································· 26
Enabling ARP direct route advertisement ········································································································ 26
Displaying the direct routes generated based on ARP entries ········································································ 27
Configuring IP addressing ············································································ 28
About IP addressing ········································································································································· 28
IP address representation and classes ···································································································· 28
Special IP addresses ······························································································································· 29
Subnetting and masking ··························································································································· 29
IP address assignment ····························································································································· 29
Assigning an IP address to an interface ·········································································································· 30
Configuring IP unnumbered ····························································································································· 30
Verifying and maintaining IP addressing ·········································································································· 31
IP addressing configuration examples ············································································································· 31
Example: Manually specifying an IP address··························································································· 31
DHCP overview ··························································································· 34
DHCP network model······································································································································· 34
DHCP address allocation ································································································································· 34
Allocation mechanisms ···························································································································· 34
IP address allocation process ·················································································································· 35
IP address lease extension ······················································································································ 35
DHCP message format ···································································································································· 36
DHCP options ·················································································································································· 37
Common DHCP options ··································································································································· 37
Custom DHCP options ····································································································································· 37
Vendor-specific option (Option 43) ··········································································································· 38
Relay agent option (Option 82) ················································································································ 39
Option 184 ················································································································································ 40
Protocols and standards ·································································································································· 40
Configuring the DHCP server ······································································ 41
About DHCP server·········································································································································· 41
DHCP address assignment mechanisms ································································································· 41
Principles for selecting an address pool ··································································································· 42
IP address allocation sequence ··············································································································· 43
DHCP server tasks at a glance ························································································································ 43
Creating a DHCP user class ···························································································································· 44
Configuring an address pool on the DHCP server ··························································································· 44
DHCP address pool tasks at a glance ····································································································· 44
Creating a DHCP address pool ················································································································ 45
Specifying a primary subnet and multiple address ranges in a DHCP address pool ······························· 45
Specifying a primary subnet and multiple secondary subnets in a DHCP address pool·························· 46
Configuring a static binding in a DHCP address pool ·············································································· 48
Specifying gateways for DHCP clients ····································································································· 48
Specifying a domain name suffix for DHCP clients ·················································································· 49
Specifying DNS servers for DHCP clients ································································································ 49
Specifying WINS servers and NetBIOS node type for DHCP clients ······················································· 50
iii
Specifying BIMS server for DHCP clients ································································································ 50
Specifying the configuration file for DHCP client automatic configuration ··············································· 51
Specifying a server for DHCP clients ······································································································· 51
Configuring Option 184 parameters for DHCP clients ············································································· 52
Customizing DHCP options ······················································································································ 52
Applying a DHCP address pool to a VPN instance ·················································································· 54
Configuring the DHCP user class whitelist ······························································································· 54
Configuring IP address reservation ·········································································································· 55
Enabling random IP address allocation···································································································· 56
Binding gateways to DHCP server's MAC address ················································································· 56
Advertising subnets that are assigned to clients ······················································································ 57
Applying an address pool to an interface ········································································································· 57
Configuring a DHCP policy for dynamic assignment ······················································································· 58
Allocating different IP addresses to DHCP clients with the same MAC ··························································· 59
Enabling DHCP ················································································································································ 59
Enabling the DHCP server on an interface ······································································································ 60
Configuring IP address conflict detection ········································································································· 60
Enabling handling of Option 82 ························································································································ 61
Configuring the DHCP server security features ······························································································· 61
Restrictions and guidelines ······················································································································ 61
Configuring DHCP starvation attack protection ························································································ 61
Configuring DHCP server compatibility ············································································································ 62
Configuring the DHCP server to always broadcast responses ································································ 62
Disabling Option 60 encapsulation in DHCP replies ················································································ 62
Enabling the DHCP server to return a DHCP-NAK message upon client notions of incorrect IP addresses
································································································································································· 63
Configuring the DHCP server to ignore BOOTP requests ······································································· 63
Configuring the DHCP server to send BOOTP responses in RFC 1048 format ······································ 63
Setting the DSCP value for DHCP packets sent by the DHCP server ····························································· 64
Configuring DHCP binding auto backup ·········································································································· 64
Enabling client offline detection on the DHCP server ······················································································ 65
Configuring SNMP notifications for the DHCP server ······················································································ 65
Enabling DHCP logging on the DHCP server ·································································································· 66
Verifying and maintaining DHCP server··········································································································· 66
Verifying DHCP server configuration ······································································································· 66
Displaying IP address allocation information on the DHCP server ·························································· 66
Clearing IP address allocation information on the DHCP server ····························································· 67
Displaying and clearing DHCP server statistics ······················································································· 67
DHCP server configuration examples ·············································································································· 68
Example: Configuring static IP address assignment ················································································ 68
Example: Configuring dynamic IP address assignment ··········································································· 69
Example: Configuring DHCP user class ·································································································· 71
Example: Configuring DHCP user class whitelist ····················································································· 73
Example: Configuring primary and secondary subnets ············································································ 74
Example: Customizing DHCP option ······································································································· 75
Troubleshooting DHCP server configuration ··································································································· 77
Failure to obtain a non-conflicting IP address ·························································································· 77
Configuring the DHCP relay agent ······························································· 78
About DHCP relay agent ·································································································································· 78
DHCP relay agent operation ···················································································································· 78
DHCP relay agent support for Option 82 ································································································· 79
DHCP relay agent tasks at a glance ················································································································ 79
Enabling DHCP ················································································································································ 80
Enabling the DHCP relay agent on an interface ······························································································ 80
Specifying DHCP servers································································································································· 81
Specifying DHCP servers on a relay agent ······························································································ 81
Configuring a DHCP address pool on a DHCP relay agent ····································································· 81
Specifying the DHCP server selecting algorithm ····················································································· 82
Configuring the DHCP relay agent security features ······················································································· 83
Enabling the DHCP relay agent to record relay entries ··········································································· 83
Enabling periodic refresh of dynamic relay entries ·················································································· 84
iv
Enabling DHCP starvation attack protection ···························································································· 84
Enabling DHCP server proxy on the DHCP relay agent ·········································································· 85
Enabling client offline detection on the DHCP relay agent······································································· 85
Configuring the DHCP relay agent to release an IP address ··········································································· 86
Configuring DHCP relay agent support for Option 82 ······················································································ 86
Enabling Option 60 insertion into DHCP requests ··························································································· 88
Setting the DSCP value for DHCP packets sent by the DHCP relay agent ····················································· 88
Configuring DHCP packet rate limit on a DHCP relay interface ······································································ 88
Specifying the DHCP relay agent address for the giaddr field ········································································ 89
Manually specifying the DHCP relay agent address for the giaddr field ················································· 89
Configuring smart relay to specify the DHCP relay agent address for the giaddr field ··························· 89
Specifying the source IP address for relayed DHCP requests········································································· 90
Discarding DHCP requests received from SRv6 tunnels ················································································· 92
Configuring support for forwarding DHCP replies based on MAC address table············································· 92
Configuring the DHCP relay agent to always unicast relayed DHCP responses ············································· 93
Configuring forwarding DHCP replies based on Option 82 ·············································································· 93
Verifying and maintaining DHCP relay agent ··································································································· 94
Verifying DHCP relay agent configuration ································································································ 94
Displaying and clearing DHCP relay entries ···························································································· 94
Displaying MAC address check entries on the DHCP relay agent ··························································· 95
Displaying the DRNI status information recorded by the DHCP relay agent ··········································· 95
Displaying and clearing packet statistics on the DHCP relay agent························································· 95
DHCP relay agent configuration examples ······································································································ 95
Example: Configuring basic DHCP relay agent ······················································································· 95
Example: Configuring Option 82 ·············································································································· 96
Example: Configuring DHCP server selection ························································································· 97
Troubleshooting DHCP relay agent configuration ···························································································· 98
Failure of DHCP clients to obtain configuration parameters through the DHCP relay agent ··················· 98
Configuring the DHCP client ······································································ 100
About DHCP client ········································································································································· 100
Restrictions and guidelines: DHCP client configuration ················································································· 100
DHCP client tasks at a glance························································································································ 100
Enabling the DHCP client on an interface ······································································································ 100
Configuring a DHCP client ID for an interface································································································ 101
Enabling duplicated address detection ·········································································································· 101
Setting the DSCP value for DHCP packets sent by the DHCP client ···························································· 102
Verifying and maintaining DHCP client ·········································································································· 102
DHCP client configuration examples·············································································································· 102
Example: Configuring DHCP client ········································································································ 102
DHCP client configuration examples·············································································································· 104
Example: Configuring DHCP client ········································································································ 104
Configuring the BOOTP client ···································································· 106
About BOOTP client ······································································································································· 106
BOOTP client application ······················································································································· 106
Obtaining an IP address dynamically ····································································································· 106
Protocols and standards ························································································································ 106
Configuring an interface to use BOOTP for IP address acquisition ······························································· 106
Verifying and maintaining BOOTP client ········································································································ 107
BOOTP client configuration examples ··········································································································· 107
Example: Configuring BOOTP client ······································································································ 107
Configuring DNS ························································································ 108
About DNS ····················································································································································· 108
Types of DNS services ··························································································································· 108
Static domain name resolution ··············································································································· 108
DNS server-based dynamic domain name resolution ············································································ 108
DNS proxy ·············································································································································· 109
DNS spoofing ········································································································································· 110
DNS tasks at a glance···································································································································· 111
Configuring the DNS client ····························································································································· 112
v
About domain name resolution on the DNS client ················································································· 112
Configuring static domain name resolution ···························································································· 112
Configuring DNS server-based dynamic domain name resolution ························································ 113
Configuring the DNS proxy ···························································································································· 114
Enabling DNS proxy ······························································································································· 114
Specifying DNS server addresses ········································································································· 114
Configuring DNS spoofing······························································································································ 115
Specifying the source interface for DNS packets ··························································································· 115
Configuring the DNS trusted interface ··········································································································· 116
Setting the DSCP value for outgoing DNS packets ······················································································· 116
Verifying and maintaining DNS ······················································································································ 117
Verifying DNS configuration and running status ···················································································· 117
Clearing dynamic DNS entries ··············································································································· 117
IPv4 DNS configuration examples ················································································································· 117
Example: Configuring static domain name resolution ············································································ 117
Example: Configuring DNS server-based dynamic domain name resolution ········································ 118
Example: Configuring DNS proxy ·········································································································· 120
IPv6 DNS configuration examples ················································································································· 122
Example: Configuring static domain name resolution ············································································ 122
Example: Configuring DNS server-based dynamic domain name resolution ········································ 122
Example: Configuring DNS proxy ·········································································································· 125
Troubleshooting DNS configuration ··············································································································· 126
Failure to resolve IPv4 addresses ·········································································································· 126
Failure to resolve IPv6 addresses ·········································································································· 127
Configuring DDNS ····················································································· 128
About DDNS··················································································································································· 128
Restrictions and guidelines: DDNS configuration ·························································································· 128
DDNS client tasks at a glance························································································································ 129
Configuring a DDNS policy ···························································································································· 129
Applying the DDNS policy to an interface ······································································································ 131
Setting the DSCP value for outgoing DDNS packets ····················································································· 132
Verifying and maintaining DDNS···················································································································· 132
DDNS configuration examples ······················································································································· 132
Example: Configuring DDNS with www.3322.org ·················································································· 132
Example: Configuring DDNS with PeanutHull server ············································································· 134
Configuring IP forwarding basic settings ···················································· 136
About FIB table ·············································································································································· 136
Enabling IPv4 packet forwarding on an interface with no IPv4 address configured ······································ 136
Forwarding ARP packets to a remote device through a VXLAN tunnel ························································· 137
Forwarding ND packets to a remote device through a VXLAN tunnel ··························································· 137
Keeping the TTL or hop limit unchanged in packets passing through Layer 3 forwarding devices ··············· 138
Forwarding IPv4 packets with TTL 1 and a specific destination IPv4 address ·············································· 138
Keeping the TTL unchanged in packets passing through forwarding devices to a specific destination ········ 139
Forwarding IPv6 packets with hop limit 1 and a specific destination IPv6 address ······································· 139
Keeping the hop limit unchanged in packets passing through forwarding devices to a specific destination · 139
Configuring IP forwarding basic display and maintenance ············································································ 140
Displaying and maintaining FIB table ····································································································· 140
Configuring fast forwarding ········································································ 141
About fast forwarding ····································································································································· 141
Restrictions and guidelines: Fast forwarding configuration ············································································ 141
Configuring the aging time for fast forwarding entries···················································································· 141
Configuring fast forwarding load sharing ······································································································· 141
Verifying and maintaining fast forwarding ······································································································ 142
Displaying the aging time of fast forwarding entries··············································································· 142
Displaying and clearing fast forwarding entries ······················································································ 142
Displaying fast forwarding entries about fragmented packets································································ 142
Displaying the adjacency table ·································································· 143
About the adjacency table ······························································································································ 143
vi
Displaying and maintaining the adjacency table ···························································································· 143
Displaying IPv4 adjacency table information ·························································································· 143
Displaying IPv6 adjacency table information ·························································································· 143
Configuring IRDP ······················································································· 144
About IRDP ···················································································································································· 144
IRDP operation ······································································································································· 144
Protocols and standards ························································································································ 144
IRDP tasks at a glance··································································································································· 144
Restrictions and guidelines: IRDP configuration ···························································································· 144
Enabling IRDP················································································································································ 145
Specifying the preference of advertised IP addresses ··················································································· 145
Setting the lifetime of advertised IP addresses ······························································································ 145
Setting the advertising intervals ····················································································································· 146
Specifying the multicast address as the destination address for RAs···························································· 146
Specifying a proxy-advertised IP address ······································································································ 147
IRDP configuration examples ························································································································ 147
Example: Configuring IRDP ··················································································································· 147
Optimizing IP performance ········································································ 150
IP performance optimization tasks at a glance ······························································································ 150
Enabling an interface to forward directed broadcasts destined for the directly connected network ·············· 150
About forwarding broadcasts destined for the directly connected network ············································ 150
Procedure ··············································································································································· 151
Example: Enabling an interface to forward directed broadcasts destined for the directly connected network
······························································································································································· 151
Setting the MTU of IPv4 packets sent over an interface ················································································ 152
Configuring IPv4 virtual fragment reassembly ······························································································· 152
About IPv4 virtual fragment reassembly ································································································ 152
Enabling IPv4 virtual fragment reassembly ···························································································· 152
Set the aging time of packet fragments cached for VFR ········································································ 153
Enabling sending ICMP error messages ······································································································· 153
About sending ICMP error messages ···································································································· 153
Enabling sending ICMP redirect messages ··························································································· 154
Enabling sending ICMP time exceeded messages ················································································ 154
Enable sending ICMP destination unreachable messages ···································································· 155
Configuring rate limit for ICMP error messages ····························································································· 155
Disabling forwarding ICMP fragments ··········································································································· 156
Specifying the source address for ICMP packets ·························································································· 156
Disabling sending a specific type of ICMP messages···················································································· 157
Disabling receiving a specific type of ICMP messages ·················································································· 157
Setting TCP MSS for an interface ·················································································································· 158
Configuring TCP path MTU discovery············································································································ 158
Enabling SYN Cookie····································································································································· 159
Setting the TCP buffer size ···························································································································· 159
Setting TCP timers ········································································································································· 160
Configuring TCP congestion control algorithm for TCP proxy ······································································· 160
Verifying and maintaining IP performance optimization ················································································· 161
Displaying and clearing IP packet statistics ··························································································· 161
Displaying ICMP statistics ······················································································································ 161
Displaying RawIP connection information ······························································································ 161
Displaying TCP connection information ································································································· 162
Displaying UDP connection information ································································································· 162
Displaying information about UDP socket load balancing······································································ 162
Displaying and clearing UDP traffic statistics ························································································· 162
Configuring UDP helper ············································································· 163
About UDP helper ·········································································································································· 163
Configuring UDP helper to convert broadcast to unicast ··············································································· 163
Configuring UDP helper to convert broadcast to multicast ············································································ 164
Configuring UDP helper to convert multicast to broadcast or unicast ···························································· 164
Verifying and maintaining UDP helper ··········································································································· 165
vii
UDP helper configuration examples··············································································································· 166
Example: Configuring UDP helper to convert broadcast to unicast ······················································· 166
Example: Configuring UDP helper to convert broadcast to multicast ···················································· 166
Example: Configuring UDP helper to convert multicast to broadcast ···················································· 168
Configuring basic IPv6 settings ·································································· 169
About IPv6······················································································································································ 169
IPv6 features ·········································································································································· 169
IPv6 addresses ······································································································································ 170
IPv6 path MTU discovery ······················································································································· 172
Protocols and standards ························································································································ 173
IPv6 basics tasks at a glance ························································································································· 173
Configuring an IPv6 global unicast address ··································································································· 174
About IPv6 global unicast address ········································································································· 174
Generating an EUI-64 IPv6 address ······································································································ 174
Manually assigning an IPv6 global unicast address··············································································· 175
Stateless address autoconfiguration ······································································································ 175
Configuring prefix-specific address autoconfiguration ··········································································· 176
Configuring an IPv6 link-local address ··········································································································· 177
About IPv6 link-local address ················································································································· 177
Restrictions and guidelines ···················································································································· 177
Configuring automatic generation of an IPv6 link-local address for an interface ··································· 177
Manually assigning an IPv6 link-local address to an interface ······························································· 177
Configuring an IPv6 anycast address ············································································································ 178
Configuring path MTU discovery ···················································································································· 178
Setting the interface MTU for IPv6 packets ···························································································· 178
Setting the aging time for dynamic path MTUs ······················································································ 178
Setting a static path MTU for an IPv6 address ······················································································· 179
Controlling sending and receiving ICMPv6 messages ··················································································· 180
Disabling receiving a specific type of ICMPv6 messages ······································································ 180
Disabling sending a specific type of ICMPv6 messages ········································································ 180
Configuring the rate limit for ICMPv6 error messages ··········································································· 181
Enabling replying to multicast echo requests ························································································· 181
Enabling sending ICMPv6 destination unreachable messages ····························································· 181
Enabling sending ICMPv6 time exceeded messages ············································································ 182
Enabling sending ICMPv6 redirect messages ······················································································· 182
Specifying the source address for ICMPv6 packets ··············································································· 183
Enabling router renumbering·························································································································· 183
Enabling Layer 3 packet statistics collection ·································································································· 184
Enabling IPv6 local fragment reassembly ······································································································ 185
Enabling IPv6 virtual fragment reassembly ···································································································· 185
Configuring IPv6 bandwidth-based load sharing ··························································································· 186
Enabling IPv6 packet forwarding on an interface with no IPv6 address configured ······································ 186
Configuring TCP congestion control algorithm for IPv6 TCP proxy ······························································· 187
Verifying and maintaining basic IPv6 settings ································································································ 187
Verifying basic IPv6 configuration ·········································································································· 187
Displaying information about IPv6 protocol connections········································································ 188
Displaying and clearing IPv6 protocol packet statistics ·········································································· 188
Displaying and clearing IPv6 Path MTU information ·············································································· 189
Displaying and clearing routing renumbering statistics ·········································································· 189
Displaying IPv6 FIB entries ···················································································································· 189
Basic IPv6 settings configuration examples ··································································································· 189
Example: Configuring basic IPv6 settings ······························································································ 189
Configuring IPv6 neighbor discovery ························································· 194
About IPv6 neighbor discovery ······················································································································ 194
ICMPv6 messages used by IPv6 neighbor discovery ············································································ 194
Address resolution ································································································································· 194
Neighbor reachability detection ·············································································································· 195
Duplicate address detection ··················································································································· 195
Router/prefix discovery and stateless address autoconfiguration ·························································· 196
Redirection ············································································································································· 196
viii
Protocols and standards ························································································································ 196
IPv6 neighbor discovery tasks at a glance ····································································································· 196
Configuring a static neighbor entry ················································································································ 197
Setting the dynamic neighbor learning limit on an interface ·········································································· 198
Enabling unsolicited NA learning ··················································································································· 199
Setting the aging timer for ND entries in stale state ······················································································· 199
Minimizing link-local ND entries ····················································································································· 200
Setting the hop limit········································································································································ 200
Configuring RA message sending and parameters ······················································································· 200
About RA message parameters ············································································································· 200
Restrictions and guidelines ···················································································································· 201
Enabling the sending of RA messages ·································································································· 201
Configuring parameters for RA messages ····························································································· 202
Specifying DNS server information in RA messages ············································································· 203
Specifying DNS suffix information in RA messages ··············································································· 204
Suppressing advertising DNS information in RA messages ·································································· 204
Setting the maximum number of attempts to send an NS message for DAD ················································ 205
Enabling duplicate detection for duplicate addresses ···················································································· 206
Configuring ND snooping in a VXLAN ··········································································································· 206
About ND snooping in a VXLAN ············································································································ 206
Procedure ··············································································································································· 207
Enabling ND proxy ········································································································································· 207
About ND proxy ······································································································································ 207
Enabling common ND proxy ·················································································································· 209
Enabling cross-segment ND proxy········································································································· 209
Enabling local ND proxy ························································································································· 209
Configuring a customer-side or a network-side port ······················································································ 209
Configuring IPv6 ND direct route advertisement ···························································································· 210
About IPv6 ND direct route advertisement ····························································································· 210
Application in Layer 3 access networks ································································································· 210
Procedure ··············································································································································· 211
Enabling recording user IPv6 address conflicts ····························································································· 211
Enabling recording user port migrations ········································································································ 211
Enabling ND logging for user online and offline events ················································································· 212
Enabling unique ND entry learning for IPv6 addresses ················································································· 212
Verifying and maintaining IPv6 ND ················································································································ 213
Displaying and clearing IPv6 neighbor information ················································································ 213
Displaying the ND table usage ··············································································································· 214
Displaying and clearing IPv6 ND snooping information ········································································· 214
Displaying statistics about ND proxy reply packets ················································································ 214
Displaying information about ND direct route advertisement ································································· 214
DHCPv6 overview······················································································ 215
DHCPv6 address/prefix assignment ·············································································································· 215
Rapid assignment involving two messages ··························································································· 215
Assignment involving four messages ····································································································· 215
Address/prefix lease renewal ························································································································· 216
Stateless DHCPv6 ········································································································································· 217
DHCPv6 options············································································································································· 217
Option 18 ················································································································································ 217
Option 37 ················································································································································ 218
Protocols and standards ································································································································ 219
Configuring the DHCPv6 server ································································· 220
About DHCPv6 server ···································································································································· 220
IPv6 address assignment ······················································································································· 220
IPv6 prefix assignment ··························································································································· 220
Concepts ················································································································································ 221
DHCPv6 address pool ···························································································································· 221
IPv6 address/prefix allocation sequence ································································································ 222
DHCPv6 server tasks at a glance ·················································································································· 223
Configuring IPv6 prefix assignment ··············································································································· 223
ix
Configuring IPv6 address assignment ··········································································································· 225
Configuring network parameters assignment ································································································ 226
About network parameters assignment·································································································· 226
Configuring network parameters in a DHCPv6 address pool································································· 226
Configuring network parameters in a DHCPv6 option group ································································· 227
Configuring the DHCPv6 server on an interface ···························································································· 228
Configuring a DHCPv6 policy for IPv6 address and prefix assignment ························································· 229
Allocating different IPv6 addresses to DHCPv6 clients with the same MAC ················································· 230
Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 server ··················································· 230
Configuring DHCPv6 binding auto backup····································································································· 231
Advertising subnets assigned to clients ········································································································· 231
Enabling the DHCPv6 server to advertise IPv6 prefixes ················································································ 232
Configuring DHCPv6 vendor-specific options ································································································ 233
Applying a DHCPv6 address pool to a VPN instance ···················································································· 233
Enabling DHCPv6 logging on the DHCPv6 server························································································· 234
Verifying and maintaining DHCPv6 server ····································································································· 234
Verifying DHCPv6 server configuration·································································································· 234
Displaying and clearing IPv6 address binding information····································································· 235
Displaying and clearing IPv6 prefix binding information········································································· 235
Displaying and clearing packet statistics on the DHCPv6 server··························································· 236
DHCPv6 server configuration examples ········································································································ 236
Example: Configuring dynamic IPv6 prefix assignment ········································································· 236
Example: Configuring dynamic IPv6 address assignment ····································································· 238
Configuring the DHCPv6 relay agent ························································· 241
About DHCPv6 relay agent ···························································································································· 241
Typical application ·································································································································· 241
DHCPv6 relay agent operating process ································································································· 241
DHCPv6 relay agent tasks at a glance ·········································································································· 242
Enabling the DHCPv6 relay agent on an interface ························································································ 242
Specifying DHCPv6 servers on the relay agent ····························································································· 243
Specifying DHCPv6 server IP addresses ······························································································· 243
Specifying DHCPv6 servers for a DHCPv6 address pool on the DHCPv6 relay agent ························· 243
Specifying a gateway address for DHCPv6 clients ························································································ 244
Specifying the source IPv6 address for relayed DHCPv6 requests ······························································· 244
Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 relay agent ··········································· 245
Specifying a padding mode for the Interface-ID option ·················································································· 245
Enabling the DHCPv6 relay agent to support Option 79 ················································································ 245
Enabling the DHCPv6 relay agent to advertise IPv6 prefixes ········································································ 246
Configuring DHCPv6 relay security features·································································································· 246
Enabling the DHCPv6 relay agent to record relay entries······································································ 246
Enabling IPv6 release notification ·········································································································· 247
Enabling client offline detection·············································································································· 247
Discarding DHCPv6 requests received from VXLAN tunnels ········································································ 247
Verifying and maintaining DHCPv6 relay agent ····························································································· 248
Verifying DHCPv6 relay agent configuration ·························································································· 248
Displaying and clearing DHCPv6 relay entries for clients' IPv6 addresses ··········································· 248
Displaying and clearing DHCPv6 relay entries for clients' IPv6 prefixes ··············································· 249
Displaying the DRNI status information recorded by the DHCPv6 relay agent······································ 249
Displaying and clearing packet statistics on the DHCPv6 relay agent ··················································· 249
DHCPv6 relay agent configuration examples ································································································ 249
Example: Configuring DHCPv6 relay agent ··························································································· 249
Configuring the DHCPv6 client ·································································· 252
About the DHCPv6 client ······························································································································· 252
Restrictions and guidelines: DHCPv6 client configuration ············································································· 252
DHCPv6 client tasks at a glance ···················································································································· 252
Configuring the DHCPv6 client DUID ············································································································ 252
Configuring IPv6 address acquisition ············································································································· 253
Configuring IPv6 prefix acquisition ················································································································· 253
Configuring IPv6 address and prefix acquisition ···························································································· 253
Configuring acquisition of configuration parameters except IP addresses and prefixes ································ 254
x
Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 client ····················································· 254
Verifying and maintaining DHCPv6 client ······································································································ 255
Displaying DHCPv6 client information ··································································································· 255
Displaying and clearing DHCPv6 client statistics ··················································································· 255
DHCPv6 client configuration examples ·········································································································· 255
Example: Configuring IPv6 address acquisition ····················································································· 255
Example: Configuring IPv6 prefix acquisition ························································································· 257
Example: Configuring IPv6 address and prefix acquisition ···································································· 258
Example: Configuring stateless DHCPv6 ······························································································· 261
Configuring IPv6 fast forwarding ································································ 263
About IPv6 fast forwarding ····························································································································· 263
Configuring the aging time for IPv6 fast forwarding entries ··········································································· 263
Configuring IPv6 fast forwarding load sharing ······························································································· 263
Verifying and maintaining IPv6 fast forwarding ······························································································ 264
Verifying the aging time of IPv6 fast forwarding entries ········································································· 264
Displaying and clearing IPv6 fast forwarding entries ············································································· 264
IPv6 transition technologies overview ························································ 265
About IPv6 transition technologies ················································································································· 265
IPv6 over IPv4 tunneling ································································································································ 265
Implementation ······································································································································· 265
Configuring IPv6 over IPv4 tunneling ························································· 267
IPv6 over IPv4 tunneling tasks at a glance ···································································································· 267
Configuring an IPv6 over IPv4 manual tunnel ································································································ 267
Restrictions and guidelines ···················································································································· 267
Procedure ··············································································································································· 267
Example: Configuring an IPv6 over IPv4 manual tunnel ········································································ 268
Enabling dropping IPv6 packets that use IPv4-compatible IPv6 addresses ·················································· 270
Enabling fragmentation check for packets to be tunneled ············································································· 270
Verifying and maintaining IPv6 over IPv4 tunneling ······················································································· 270
Displaying IPv6 over IPv4 tunnel interface information ·········································································· 270
Clearing IPv6 over IPv4 tunnel interface information ············································································· 271
Document conventions and icons ······························································ 272
Conventions ··················································································································································· 272
Network topology icons ·································································································································· 273
Support and other resources ····································································· 274
Accessing Hewlett Packard Enterprise Support····························································································· 274
Accessing updates ········································································································································· 274
Websites ················································································································································ 275
Customer self repair ······························································································································· 275
Remote support ······································································································································ 275
Documentation feedback ······················································································································· 275
Index ·········································································································· 277
1
Configuring ARP
About ARP
ARP resolves IP addresses into MAC addresses on Ethernet networks.
ARP message format
ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP
request/reply messages. Numbers in the figure refer to field lengths.
Figure 1 ARP message format
•
Hardware type—Hardware address type. The value 1 represents Ethernet.
•
Protocol type—Type of the protocol address to be mapped. The hexadecimal value 0x0800
represents IP.
•
Hardware address length and protocol address length—Length, in bytes, of a hardware
address and a protocol address. For an Ethernet address, the value of the hardware address
length field is 6. For an IPv4 address, the value of the protocol address length field is 4.
•
OP—Operation code, which describes the type of ARP message. The value 1 represents an
ARP request, and the value 2 represents an ARP reply.
•
Sender hardware address—Hardware address of the device sending the message.
•
Sender protocol address—Protocol address of the device sending the message.
•
Target hardware address—Hardware address of the device to which the message is being
sent.
•
Target protocol address—Protocol address of the device to which the message is being sent.
ARP operating mechanism
As shown in Figure 2, Host A and Host B are on the same subnet. Host A sends a packet to Host B as
follows:
1. Host A looks through the ARP table for an ARP entry for Host B. If one entry is found, Host A
uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame.
Then Host A sends the frame to Host B.
2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request.
The payload of the ARP request contains the following information:
 Sender IP address and sender MAC address—Host A's IP address and MAC address.
 Target IP address—Host B's IP address.
 Target MAC address—An all-zero MAC address.
28-byte ARP request/reply
OP Sender hardware
address Sender protocol
address Target hardware
address Target protocol
address
Protocol
type
22 61 442 61
Hardware address length
Protocol address length
Hardware
type
2
All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)
processes the request.
3. Host B compares its own IP address with the target IP address in the ARP request. If they are
the same, Host B operates as follows:
a. Adds the sender IP address and sender MAC address into its ARP table.
b. Encapsulates its MAC address into an ARP reply.
c. Unicasts the ARP reply to Host A.
4. After receiving the ARP reply, Host A operates as follows:
a. Adds the MAC address of Host B into its ARP table.
b. Encapsulates the MAC address into the packet and sends the packet to Host B.
Figure 2 ARP address resolution process
If Host A and Host B are on different subnets, Host A sends a packet to Host B as follows:
5. Host A broadcasts an ARP request where the target IP address is the IP address of the
gateway.
6. The gateway responds with its MAC address in an ARP reply to Host A.
7. Host A uses the gateway's MAC address to encapsulate the packet, and then sends the packet
to the gateway.
8. If the gateway has an ARP entry for Host B, it forwards the packet to Host B directly. If not, the
gateway broadcasts an ARP request, in which the target IP address is the IP address of Host B.
9. After the gateway gets the MAC address of Host B, it sends the packet to Host B.
ARP entry types
An ARP table stores dynamic ARP entries and static ARP entries.
Dynamic ARP entry
ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its
aging timer expires or the output interface goes down. In addition, a dynamic ARP entry can be
overwritten by a static ARP entry.
Static ARP entry
A static ARP entry is manually configured and maintained. It does not age out and cannot be
overwritten by any dynamic ARP entry.
Static ARP entries protect communication between devices because attack packets cannot modify
the IP-to-MAC mapping in a static ARP entry.
The device supports the following types of static ARP entries:
Target IP
address
192.168.1.1
Target IP
address
192.168.1.2
Host A
192.168.1.1
0002-6779-0f4c
Host B
192.168.1.2
00a0-2470-febd
Target MAC
address
0000-0000-0000
Sender MAC
address
00a0-2470-febd
Target MAC
address
0002-6779-0f4c
Sender IP
address
192.168.1.1
Sender MAC
address
0002-6779-0f4c
Sender IP
address
192.168.1.2
3
•
Long static ARP entry—It is directly used for forwarding packets. A long static ARP entry
contains the IP address, MAC address, and one of the following combinations:
ï‚¡ VLAN and output interface.
ï‚¡ Input and output interfaces.
•
Short static ARP entry—It contains only the IP address and MAC address.
If the output interface is a Layer 3 Ethernet interface, the short ARP entry can be directly used to
forward packets.
If the output interface is a VLAN interface, the device sends an ARP request whose target IP
address is the IP address in the short entry. If the sender IP and MAC addresses in the received
ARP reply match the short static ARP entry, the device performs the following operations:
ï‚¡ Adds the interface that received the ARP reply to the short static ARP entry.
ï‚¡ Uses the resolved short static ARP entry to forward IP packets.
To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry
on the device. To communicate with a host by using a fixed IP-to-MAC mapping through an interface
in a VLAN, configure a long static ARP entry on the device.
ARP tasks at a glance
All ARP tasks are optional.
•
Configuring a static ARP entry
ï‚¡ Configuring a short static ARP entry
ï‚¡ Configuring a long static ARP entry
•
Configuring features for dynamic ARP entries
ï‚¡ Setting the dynamic ARP learning limit for a device
ï‚¡ Setting the dynamic ARP learning limit for an interface
ï‚¡ Setting the aging timer for dynamic ARP entries
ï‚¡ Setting the maximum number of probes for dynamic ARP entries
ï‚¡ Setting the interval for probing dynamic ARP entries
ï‚¡ Enabling dynamic ARP entry check
•
Performing ARP entry synchronization
•
Enabling an IP unnumbered interface to learn ARP entries for different subnets
•
Enabling unique ARP entry learning for IP addresses
•
Enabling interface consistency check between ARP and MAC address entries
•
Enabling recording user port migrations
•
Enabling ARP logging
Configuring a static ARP entry
Static ARP entries are effective when the device functions correctly.
Configuring a short static ARP entry
Restrictions and guidelines
A resolved short static ARP entry becomes unresolved upon certain events, for example, when the
resolved output interface goes down, or the corresponding VLAN or VLAN interface is deleted.
4
Procedure
1. Enter system view.
system-view
2. Configure a short static ARP entry.
arp static ip-address mac-address [ vpn-instance vpn-instance-name ]
[ description text ]
Configuring a long static ARP entry
About this task
Long static ARP entries can be effective or ineffective. Ineffective long static ARP entries cannot be
used for packet forwarding. A long static ARP entry is ineffective when any of the following conditions
exists:
•
The IP address in the entry conflicts with a local IP address.
•
No local interface has an IP address in the same subnet as the IP address in the ARP entry.
A long static ARP entry in a VLAN is deleted if the VLAN or VLAN interface is deleted.
Procedure
1. Enter system view.
system-view
2. Configure a long static ARP entry.
arp static ip-address mac-address [ vlan-id interface-type
interface-number | vsi-interface vsi-interface-id tunnel number vsi
vsi-name | vsi-interface vsi-interface-id interface-type
interface-number service-instance instance-id vsi vsi-name ]
[ vpn-instance vpn-instance-name ] [ description text ]
Configuring features for dynamic ARP entries
Setting the dynamic ARP learning limit for a device
About this task
A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries,
you can set the maximum number of dynamic ARP entries that the device can learn. When the limit
is reached, the device stops ARP learning.
If you set a value lower than the number of existing dynamic ARP entries, the device does not delete
the existing entries unless they age out. You can use the reset arp dynamic command to clear
dynamic ARP entries.
Procedure
1. Enter system view.
system-view
2. Set the dynamic ARP learning limit for the device.
arp max-learning-number max-number slot slot-number
By default, the device can learn a maximum of 90112 dynamic ARP entries.
To disable the device from dynamic ARP learning, set the value to 0.
5
Setting the dynamic ARP learning limit for an interface
About this task
An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP
entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When
the limit is reached, the interface stops ARP learning.
You can set limits for both a Layer 2 interface and the VLAN interface for a permitted VLAN on the
Layer 2 interface. The Layer 2 interface learns an ARP entry only when neither limit is reached.
The total dynamic ARP learning limit for all interfaces will not be higher than the dynamic ARP
learning limit for the device.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Set the dynamic ARP learning limit for the interface.
arp max-learning-num max-number
By default, an interface can learn a maximum of 747520 dynamic ARP entries.
To disable the interface from dynamic ARP learning, set the value to 0.
Setting the aging timer for dynamic ARP entries
About this task
Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging
timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. A dynamic ARP
entry that is not updated before its aging timer expires is deleted from the ARP table.
You can set the aging timer for dynamic ARP entries in system view or in interface view. The aging
timer set in interface view takes precedence over the aging timer set in system view.
Procedure
1. Enter system view.
system-view
2. Set the aging timer for dynamic ARP entries.
ï‚¡ Set the aging timer for dynamic ARP entries in system view.
arp timer aging { aging-minutes | second aging-seconds }
By default, the aging timer for dynamic ARP entries in system view is 20 minutes.
ï‚¡ Execute the following commands in sequence to set the aging timer for dynamic ARP
entries in interface view:
interface interface-type interface-number
arp timer aging { aging-minutes | second aging-seconds }
By default, the aging timer for dynamic ARP entries in interface view is the aging timer set in
system view.
6
Setting the maximum number of probes for dynamic ARP
entries
About this task
Dynamic ARP entry probing prevents legal dynamic ARP entries from aging out, avoiding
unnecessary ARP resolution in forwarding.
This probe feature sends ARP requests for the IP address in a dynamic ARP entry before it ages out.
•
If the device receives an ARP reply before the entry aging timer expires, the device resets the
aging timer.
•
If the device makes the maximum number of probes without receiving a reply, the device
deletes the entry when the entry aging timer expires.
You can set the maximum number of probes in system view and in interface view. The setting in
interface view takes precedence over that in system view.
Procedure
1. Enter system view.
system-view
2. Set the maximum number of probes for dynamic ARP entries.
ï‚¡ In system view, set the maximum number of probes for dynamic ARP entries.
arp timer aging probe-count count
By default, the maximum number of probes for dynamic ARP entries is 3 in system
view.
ï‚¡ Execute the following commands in sequence to set the maximum number of probes for
dynamic ARP entries on an interface:
interface interface-type interface-number
arp timer aging probe-count count
By default, the maximum number of probes for dynamic ARP entries set on an interface
is that set in system view.
Setting the interval for probing dynamic ARP entries
About this task
Dynamic ARP entry probing prevents legal dynamic ARP entries from aging out, avoiding
unnecessary ARP resolution in forwarding.
Before a dynamic ARP entry ages out, the device sends ARP requests for the IP address in the ARP
entry.
•
If the device receives an ARP reply before a probe interval expires, the device resets the aging
timer.
•
If the device has not received an ARP reply when a probe interval expires, the device starts a
new probe.
•
If the device makes the maximum number probes without receiving an ARP reply, the device
deletes the entry.
If the aging timer for a dynamic ARP entry expires while a probing is done for it, the device does not
delete the entry. Instead, the aging timer will reset if the device receives an ARP reply before the
probing finishes.
7
Restrictions and guidelines
•
Increase the probing interval if the network is heavily loaded.
•
To have the device perform ARP probing as expected, make sure the aging timer of dynamic
ARP entries is higher than the maximum number of probes multiplied by the probe interval.
Procedure
1. Enter system view.
system-view
2. Set the interval for probing dynamic ARP entries.
ï‚¡ Set the interval for probing dynamic ARP entries in system view.
arp timer aging probe-interval interval
By default, the probe interval is 5 seconds.
ï‚¡ Execute the following commands in sequence to set the interval for probing dynamic ARP
entries on an interface:
interface interface-type interface-number
arp timer aging probe-interval interval
By default, the probe interval equals the setting in system view.
Enabling dynamic ARP entry check
About this task
The dynamic ARP entry check feature disables the device from supporting dynamic ARP entries that
contain multicast MAC addresses. The device cannot learn dynamic ARP entries containing
multicast MAC addresses. You cannot manually add static ARP entries containing multicast MAC
addresses.
When dynamic ARP entry check is disabled, ARP entries containing multicast MAC addresses are
supported. The device can learn dynamic ARP entries containing multicast MAC addresses obtained
from the ARP packets sourced from a unicast MAC address. You can also manually add static ARP
entries containing multicast MAC addresses.
Procedure
1. Enter system view.
system-view
2. Enable dynamic ARP entry check.
arp check enable
By default, dynamic ARP entry check is enabled.
Performing ARP entry synchronization
About this task
This task ensures that all cards on the device have the same ARP entries.
Restrictions and guidelines
To synchronize ARP entries across all cards in a timely manner, you can schedule the device to
automatically execute the arp smooth command. For information about scheduling a task, see the
device management in Fundamentals Configuration Guide.
8
Procedure
To synchronize ARP entries from the active MPU to all other cards, execute the following command
in user view:
arp smooth
Configuring a customer-side or network-side port
About this task
The device generates a host route when it learns an ARP entry from a network-side port. To save
hardware resources, you can specify a port that connects to a user terminal as a customer-side port.
The device will not generate a host route for the learned ARP entry of the user terminal.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
3. Configure the interface as a customer-side port or a network-side port.
ï‚¡ Configure the interface as a customer-side port.
arp mode uni
ï‚¡ Configure the interface as a network-side port.
undo arp mode
By default, a port operates as a network-side port.
Enabling an IP unnumbered interface to learn
ARP entries for different subnets
About this task
An IP unnumbered interface might be unable to learn the ARP entry for the peer device if the
unnumbered interface and the remote device are on different subnets. This is because some devices
treat an ARP request as illegal and do not return a reply if the sender and target IP addresses in that
ARP request are on different subnets.
To ensure communication between them, use this feature on the IP unnumbered interface to specify
a sender IP address on the same subnet as the IP address of the peer interface on the remote
device.
If you disable an IP unnumbered interface from learning ARP entries for different subnets, the device
deletes the existing ARP entries learned for different subnets after they age out.
Restrictions and guidelines
To avoid ARP learning anomalies, do not execute the arp ip-unnumbered learning enable
command on a non-IP-unnumbered interface.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
interface interface-type interface-number
/