Aruba Layer 3—IP Routing Configuration Guide

  • Hello! I've reviewed the HPE FlexFabric 5940 & 5930 Switch Series Layer 3—IP Services Configuration Guide. This guide covers a wide range of topics from basic IP settings to advanced configurations like DHCP server, relay agent, DNS, and load sharing. I'm here to help you with any questions regarding the configuration of these devices, feel free to ask!
  • What is the purpose of this configuration guide?
    What topics are covered in the ARP section?
    What DHCP functionalities are explained in this guide?
    What configurations are related to IP forwarding?
HPE FlexFabric 5940 & 5930 Switch Series
Layer 3—IP Services Configuration Guide
P
art number: 5200-4874d
Software
version: Release 2609 and later
Document version: 6W103-20200310
© Copyright 2020 Hewlett Packard Enterprise Development LP
The information contained herein is subject to change without notice. The only warranties for Hewlett Packard
Enterprise products and services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett
Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use, or
copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s
standard commercial license.
Links to third-party websites take you outside the Hewlett Packard Enterprise website. Hewlett Packard
Enterprise has no control over and is not responsible for information outside the Hewlett Packard Enterprise
website.
Acknowledgments
Intel®, Itanium®, Pentium®, Intel Inside®, and the Intel Inside logo are trademarks of Intel Corporation in the
United States and other countries.
Microsoft® and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the
United States and/or other countries.
Adobe® and Acrobat® are trademarks of Adobe Systems Incorporated.
Java and Oracle are registered trademarks of Oracle and/or its affiliates.
UNIX® is a registered trademark of The Open Group.
i
Contents
Configuring ARP ·············································································· 1
Overview ·································································································································· 1
ARP message format ··········································································································· 1
ARP operating mechanism ···································································································· 1
ARP table ·························································································································· 2
Configuring a static ARP entry ······································································································ 3
Configuring a multiport ARP entry ·································································································· 4
Setting the maximum number of dynamic ARP entries for a device ······················································· 5
Setting the maximum number of dynamic ARP entries for an interface ·················································· 5
Setting the aging timer for dynamic ARP entries ··············································································· 6
Enabling dynamic ARP entry check ······························································································· 6
Synchronizing ARP entries ··········································································································· 6
Configuring a customer-side port ··································································································· 7
Enabling ARP logging ················································································································· 7
Displaying and maintaining ARP ··································································································· 8
Configuration examples ··············································································································· 8
Long static ARP entry configuration example ············································································· 8
Short static ARP entry configuration example ············································································ 9
Multiport ARP entry configuration example ·············································································· 10
Configuring gratuitous ARP ······························································ 13
Overview ································································································································ 13
Gratuitous ARP packet learning ···························································································· 13
Periodic sending of gratuitous ARP packets ············································································ 13
Configuration procedure ············································································································ 14
Enabling IP conflict notification ···································································································· 14
Configuring gratuitous ARP packet retransmission for the device MAC address change ·························· 15
Configuring proxy ARP ···································································· 16
Enabling common proxy ARP ····································································································· 16
Enabling local proxy ARP ·········································································································· 16
Displaying proxy ARP ··············································································································· 16
Common proxy ARP configuration example ··················································································· 17
Network requirements ········································································································ 17
Configuration procedure ····································································································· 17
Verifying the configuration ··································································································· 18
Configuring ARP snooping ······························································· 19
Configuration procedure ············································································································ 19
Displaying and maintaining ARP snooping ···················································································· 19
Configuring ARP fast-reply ······························································· 20
Overview ································································································································ 20
Configuration procedure ············································································································ 20
ARP fast-reply configuration example ··························································································· 20
Network requirements ········································································································ 20
Configuration procedure ····································································································· 21
Configuring ARP direct route advertisement ········································· 22
Mechanism of ARP direct route advertisement ········································································· 22
Application in Layer 3 access networks ·················································································· 22
Configuration procedure ············································································································ 22
Configuring IP addressing ································································ 23
Overview ································································································································ 23
IP address classes ············································································································ 23
Special IP addresses ········································································································· 24
ii
Subnetting and masking ····································································································· 24
Assigning an IP address to an interface ························································································ 24
Configuration guidelines ····································································································· 25
Configuration procedure ····································································································· 25
Configuring IP unnumbered ········································································································ 26
Configuration guidelines ····································································································· 26
Configuration prerequisites ·································································································· 26
Configuration procedure ····································································································· 26
Displaying and maintaining IP addressing ····················································································· 26
IP address configuration example ································································································ 27
Network requirements ········································································································ 27
Configuration procedure ····································································································· 27
Verifying the configuration ··································································································· 27
DHCP overview ············································································· 29
DHCP network model ··············································································································· 29
DHCP address allocation ··········································································································· 29
Allocation mechanisms ······································································································· 29
IP address allocation process ······························································································ 30
IP address lease extension ·································································································· 30
DHCP message format ············································································································· 31
DHCP options ························································································································· 32
Common DHCP options ······································································································ 32
Custom DHCP options ······································································································· 32
Protocols and standards ············································································································ 34
Configuring the DHCP server ···························································· 35
Overview ································································································································ 35
DHCP address pool ··········································································································· 35
IP address allocation sequence ···························································································· 37
DHCP server configuration task list ······························································································ 37
Configuring an address pool on the DHCP server ··········································································· 38
Configuration task list ········································································································· 38
Creating a DHCP address pool ···························································································· 38
Specifying IP address ranges for a DHCP address pool ····························································· 38
Specifying gateways for DHCP clients ··················································································· 41
Specifying a domain name suffix for DHCP clients ···································································· 42
Specifying DNS servers for DHCP clients ··············································································· 42
Specifying WINS servers and NetBIOS node type for DHCP clients ············································· 42
Specifying BIMS server for DHCP clients ················································································ 43
Specifying the configuration file for DHCP client auto-configuration ·············································· 43
Specifying a server for DHCP clients ····················································································· 44
Configuring Option 184 parameters for DHCP clients ································································ 44
Customizing DHCP options ································································································· 45
Configuring the DHCP user class whitelist ·············································································· 47
Enabling DHCP ······················································································································· 47
Enabling the DHCP server on an interface ···················································································· 47
Applying an address pool on an interface ······················································································ 48
Configuring a DHCP policy for dynamic address assignment ····························································· 48
Configuring IP address conflict detection ······················································································· 49
Enabling handling of Option 82 ··································································································· 50
Configuring the DHCP server security features ··············································································· 50
Restrictions and guidelines ·································································································· 50
Configuring DHCP flood attack protection ··············································································· 50
Configuring DHCP starvation attack protection ········································································ 51
Configuring DHCP server compatibility ························································································· 51
Configuring the DHCP server to broadcast all responses ··························································· 51
Configure the DHCP server to ignore BOOTP requests ····························································· 52
Configuring the DHCP server to send BOOTP responses in RFC 1048 format ······························· 52
Setting the DSCP value for DHCP packets sent by the DHCP server ·················································· 53
Configuring DHCP binding auto backup ························································································ 53
Configuring address pool usage alarming ······················································································ 53
iii
Applying a DHCP address pool to a VPN instance ·········································································· 54
Enabling client offline detection on the DHCP server ······································································· 54
Enabling DHCP logging on the DHCP server ················································································· 55
Displaying and maintaining the DHCP server ················································································· 55
DHCP server configuration examples ··························································································· 56
Static IP address assignment configuration example ································································· 56
Dynamic IP address assignment configuration example ····························································· 57
DHCP user class configuration example ················································································· 59
DHCP user class whitelist configuration example ····································································· 61
Primary and secondary subnets configuration example ····························································· 62
DHCP option customization configuration example ··································································· 63
Troubleshooting DHCP server configuration ·················································································· 65
Symptom ························································································································· 65
Analysis ·························································································································· 65
Solution ··························································································································· 65
Configuring the DHCP relay agent ····················································· 66
Overview ································································································································ 66
Operation ························································································································ 66
DHCP relay agent support for Option 82 ················································································· 67
DHCP relay agent configuration task list ······················································································· 67
Enabling DHCP ······················································································································· 68
Enabling the DHCP relay agent on an interface ·············································································· 68
Specifying DHCP servers on a relay agent ···················································································· 69
Configuring the DHCP relay agent security features ········································································ 69
Enabling the DHCP relay agent to record relay entries ······························································ 69
Enabling periodic refresh of dynamic relay entries ···································································· 69
Configuring DHCP flood attack protection ··············································································· 70
Enabling DHCP starvation attack protection ············································································ 70
Configuring the DHCP relay agent to release an IP address ······························································ 71
Configuring Option 82 ··············································································································· 72
Setting the DSCP value for DHCP packets sent by the DHCP relay agent ············································ 72
Enabling DHCP server proxy on the DHCP relay agent ···································································· 73
Configuring a DHCP address pool on the DHCP relay agent ····························································· 73
Specifying the DHCP relay agent address to be inserted in DHCP requests ········································· 74
Enabling client offline detection on the DHCP relay agent ································································· 74
Configuring the DHCP smart relay feature ····················································································· 75
Specifying the DHCP server selecting algorithm ············································································· 76
Specifying the source IP address for DHCP requests······································································· 78
Discarding DHCP requests that are delivered from VXLAN tunnels ····················································· 78
About discarding DHCP requests that are delivered from VXLAN tunnels ······································ 78
Procedure ························································································································ 78
Configuring the DHCP relay agent to forward DHCP replies based on the MAC address table·················· 79
Displaying and maintaining the DHCP relay agent ·········································································· 80
DHCP relay agent configuration examples ···················································································· 80
DHCP relay agent configuration example ··············································································· 80
Option 82 configuration example ·························································································· 81
DHCP server selection configuration example ········································································· 82
Troubleshooting DHCP relay agent configuration ············································································ 83
Symptom ························································································································· 83
Analysis ·························································································································· 83
Solution ··························································································································· 83
Configuring the DHCP client ····························································· 84
Enabling the DHCP client on an interface ······················································································ 84
Configuring a DHCP client ID for an interface ················································································· 84
Enabling duplicated address detection ·························································································· 85
Setting the DSCP value for DHCP packets sent by the DHCP client ··················································· 85
Displaying and maintaining the DHCP client ·················································································· 85
DHCP client configuration example ······························································································ 86
Network requirements ········································································································ 86
Configuration procedure ····································································································· 86
iv
Verifying the configuration ··································································································· 87
Configuring DHCP snooping ····························································· 88
Overview ································································································································ 88
Application of trusted and untrusted ports ··············································································· 88
DHCP snooping support for Option 82 ··················································································· 89
DHCP snooping configuration task list ·························································································· 90
Configuring basic DHCP snooping ······························································································· 90
Configuring basic DHCP snooping features in a common network ··············································· 90
Configuring basic DHCP snooping features in a VXLAN network ················································· 91
Configuring Option 82 ··············································································································· 93
Configuring DHCP snooping entry auto backup ·············································································· 93
Enabling DHCP starvation attack protection ··················································································· 94
Enabling DHCP-REQUEST attack protection ················································································· 95
Setting the maximum number of DHCP snooping entries ·································································· 95
Configuring DHCP packet rate limit ······························································································ 96
Configuring a DHCP packet blocking port ······················································································ 96
Enabling DHCP snooping logging ································································································ 96
Disabling DHCP snooping on an interface ····················································································· 97
Displaying and maintaining DHCP snooping ·················································································· 97
DHCP snooping configuration examples ······················································································· 98
Global basic DHCP snooping configuration example ································································· 98
VLAN-specific DHCP snooping configuration example ······························································ 99
Option 82 configuration example ························································································ 100
Configuring the BOOTP client ························································· 102
BOOTP application················································································································· 102
Obtaining an IP address dynamically ·························································································· 102
Protocols and standards ·········································································································· 102
Configuring an interface to use BOOTP for IP address acquisition ···················································· 102
Displaying and maintaining BOOTP client ··················································································· 103
BOOTP client configuration example ·························································································· 103
Network requirements ······································································································ 103
Configuration procedure ··································································································· 103
Verifying the configuration ································································································· 103
Configuring DNS ·········································································· 104
Overview ······························································································································ 104
Static domain name resolution ··························································································· 104
Dynamic domain name resolution ······················································································· 104
DNS proxy ····················································································································· 105
DNS spoofing ················································································································· 106
DNS configuration task list ······································································································· 107
Configuring the IPv4 DNS client ································································································ 107
Configuring static domain name resolution ············································································ 107
Configuring dynamic domain name resolution ········································································ 108
Configuring the IPv6 DNS client ································································································ 109
Configuring static domain name resolution ············································································ 109
Configuring dynamic domain name resolution ········································································ 109
Configuring the DNS proxy ······································································································· 110
Configuring DNS spoofing ········································································································ 111
Specifying the source interface for DNS packets ··········································································· 111
Configuring the DNS trusted interface ························································································ 112
Setting the DSCP value for outgoing DNS packets ········································································ 112
Displaying and maintaining DNS ······························································································· 112
IPv4 DNS configuration examples ····························································································· 113
Static domain name resolution configuration example ····························································· 113
Dynamic domain name resolution configuration example ························································· 113
DNS proxy configuration example ······················································································· 116
IPv6 DNS configuration examples ····························································································· 117
Static domain name resolution configuration example ····························································· 117
Dynamic domain name resolution configuration example ························································· 118
v
DNS proxy configuration example ······················································································· 120
Troubleshooting IPv4 DNS configuration ····················································································· 122
Failure to resolve IPv4 addresses ······················································································· 122
Troubleshooting IPv6 DNS configuration ····················································································· 122
Failure to resolve IPv6 addresses ······················································································· 122
Configuring DDNS ········································································ 123
Overview ······························································································································ 123
DDNS application ············································································································ 123
DDNS client configuration task list ····························································································· 124
Configuring a DDNS policy ······································································································· 124
Configuration prerequisites ································································································ 125
Configuration procedure ··································································································· 125
Applying the DDNS policy to an interface ···················································································· 126
Setting the DSCP value for outgoing DDNS packets ······································································ 126
Displaying DDNS ··················································································································· 127
DDNS configuration examples ·································································································· 127
DDNS configuration example with www.3322.org ··································································· 127
DDNS configuration example with PeanutHull server ······························································ 128
Configuring IP forwarding basic settings ············································ 130
FIB table ······························································································································ 130
Saving the IP forwarding entries to a file ····················································································· 130
Enabling split horizon forwarding ······························································································· 131
Displaying FIB table entries ······································································································ 131
Configuring load sharing ································································ 132
Configuring load sharing ·········································································································· 132
Enabling local-first load sharing ································································································· 132
Enabling symmetric load sharing ······························································································· 132
Displaying and maintaining load sharing ····················································································· 133
Load sharing configuration example ··························································································· 133
Network requirements ······································································································ 133
Configuration procedure ··································································································· 133
Verifying the configuration ································································································· 135
Configuring fast forwarding ····························································· 136
Overview ······························································································································ 136
Configuring the aging time for fast forwarding entries ····································································· 136
Configuring fast forwarding load sharing ····················································································· 136
Displaying and maintaining fast forwarding ·················································································· 136
Displaying the adjacency table ························································ 138
Configuring IRDP ········································································· 140
Overview ······························································································································ 140
IRDP operation ··············································································································· 140
Basic concepts ··············································································································· 140
Protocols and standards ··································································································· 141
Configuration procedure ·········································································································· 141
IRDP configuration example ····································································································· 142
Network requirements ······································································································ 142
Configuration procedure ··································································································· 142
Verifying the configuration ································································································· 143
Optimizing IP performance ····························································· 144
Enabling an interface to forward directed broadcasts destined for the directly connected network ··········· 144
Configuration procedure ··································································································· 144
Configuration example ······································································································ 144
Setting the interface MTU for IPv4 packets ·················································································· 145
Setting TCP MSS for an interface ······························································································ 145
Configuring TCP path MTU discovery ························································································· 146
vi
Enabling SYN Cookie ············································································································· 147
Setting the TCP buffer size ······································································································ 147
Setting TCP timers ················································································································· 147
Enabling sending ICMP error messages ····················································································· 148
Disabling forwarding ICMP fragments ························································································· 149
Configuring rate limit for ICMP error messages············································································· 150
Specifying the source address for ICMP packets ·········································································· 150
Enabling IPv4 local fragment reassembly ···················································································· 150
Displaying and maintaining IP performance optimization ································································ 151
Configuring UDP helper ································································· 152
Overview ······························································································································ 152
Configuration restrictions and guidelines ····················································································· 152
Configuring UDP helper to convert broadcast to unicast ································································· 152
Configuring UDP helper to convert broadcast to multicast ······························································· 153
Displaying and maintaining UDP helper ······················································································ 153
UDP helper configuration examples ··························································································· 154
Configuring UDP helper to convert broadcast to unicast ·························································· 154
Configuring UDP helper to convert broadcast to multicast ························································ 155
Configuring basic IPv6 settings ······················································· 157
Overview ······························································································································ 157
IPv6 features ·················································································································· 157
IPv6 addresses ··············································································································· 158
IPv6 ND protocol ············································································································· 160
IPv6 path MTU discovery ·································································································· 162
IPv6 transition technologies ······································································································ 163
Dual stack ······················································································································ 163
Tunneling ······················································································································ 163
6PE ······························································································································ 164
Protocols and standards ·········································································································· 164
IPv6 basics configuration task list ······························································································ 164
Assigning IPv6 addresses to interfaces ······················································································· 165
Configuring an IPv6 global unicast address ··········································································· 165
Configuring an IPv6 link-local address ················································································· 168
Configuring an IPv6 anycast address ··················································································· 169
Configuring IPv6 ND ··············································································································· 169
Configuring a static neighbor entry ······················································································ 169
Setting the maximum number of dynamic neighbor entries ······················································· 170
Setting the aging timer for ND entries in stale state ································································· 170
Minimizing link-local ND entries ·························································································· 170
Setting the hop limit ········································································································· 171
Configuring parameters for RA messages ············································································· 171
Setting the maximum number of attempts to send an NS message for DAD ································· 173
Configuring ND snooping ·································································································· 174
Enabling ND proxy ··········································································································· 175
Configuring path MTU discovery ······························································································· 177
Setting the interface MTU for IPv6 packets ··········································································· 177
Setting a static path MTU for an IPv6 address ······································································· 177
Setting the aging time for dynamic path MTUs ······································································· 178
Controlling sending ICMPv6 messages ······················································································· 178
Configuring the rate limit for ICMPv6 error messages ······························································ 178
Enabling replying to multicast echo requests ········································································· 179
Enabling sending ICMPv6 destination unreachable messages ·················································· 179
Enabling sending ICMPv6 time exceeded messages ······························································ 179
Enabling sending ICMPv6 redirect messages ········································································ 180
Specifying the source address for ICMPv6 packets ································································· 180
Enabling IPv6 local fragment reassembly ···················································································· 181
Enabling a device to discard IPv6 packets that contain extension headers ········································· 181
Displaying and maintaining IPv6 basics ······················································································ 181
IPv6 configuration examples ····································································································· 182
Basic IPv6 configuration example ······················································································· 182
vii
ND snooping configuration example ···················································································· 187
Troubleshooting IPv6 basics configuration ··················································································· 189
Symptom ······················································································································· 189
Solution ························································································································· 189
DHCPv6 overview ········································································ 190
DHCPv6 address/prefix assignment ··························································································· 190
Rapid assignment involving two messages ··········································································· 190
Assignment involving four messages ··················································································· 190
Address/prefix lease renewal ···································································································· 191
Stateless DHCPv6 ················································································································· 192
Protocols and standards ·········································································································· 192
Configuring the DHCPv6 server ······················································ 193
Overview ······························································································································ 193
IPv6 address assignment ·································································································· 193
IPv6 prefix assignment ····································································································· 193
Concepts ······················································································································· 194
DHCPv6 address pool ······································································································ 194
IPv6 address/prefix allocation sequence ··············································································· 195
Configuration task list·············································································································· 196
Configuring IPv6 prefix assignment ···························································································· 196
Configuration guidelines ··································································································· 196
Configuration procedure ··································································································· 197
Configuring IPv6 address assignment ························································································ 198
Configuration guidelines ··································································································· 198
Configuration procedure ··································································································· 198
Configuring network parameters assignment ··············································································· 199
Configuring network parameters in a DHCPv6 address pool ····················································· 199
Configuring network parameters in a DHCPv6 option group ····················································· 200
Configuring a DHCPv6 policy for IPv6 address and prefix assignment ··············································· 201
Configuring the DHCPv6 server on an interface ············································································ 202
Configuration guidelines ··································································································· 202
Configuration procedure ··································································································· 202
Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 server ·········································· 203
Configuring DHCPv6 binding auto backup ··················································································· 203
Applying a DHCPv6 address pool to a VPN instance ····································································· 204
Enabling the DHCPv6 server to advertise IPv6 prefixes ·································································· 204
Enabling DHCPv6 logging on the DHCPv6 server ········································································· 204
Displaying and maintaining the DHCPv6 server ············································································ 205
DHCPv6 server configuration examples ······················································································ 206
Dynamic IPv6 prefix assignment configuration example ··························································· 206
Dynamic IPv6 address assignment configuration example ······················································· 208
Configuring the DHCPv6 relay agent ················································ 211
Overview ······························································································································ 211
DHCPv6 relay agent configuration task list ·················································································· 212
Enabling the DHCPv6 relay agent on an interface ········································································· 212
Specifying DHCPv6 servers on the relay agent ············································································ 213
Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 relay agent ··································· 213
Specifying a padding mode for the Interface-ID option ··································································· 213
Enabling the DHCPv6 relay agent to support Option 79·································································· 214
Configuring a DHCPv6 address pool on the DHCPv6 relay agent ····················································· 214
Specifying a gateway address for DHCPv6 clients ········································································ 215
Enabling the DHCPv6 relay agent to record relay entries ································································ 215
Enabling IPv6 release notification ······························································································ 216
Enabling client offline detection ································································································· 216
Enabling the DHCPv6 relay agent to advertise IPv6 prefixes ··························································· 216
Specifying the source IPv6 address for relayed DHCPv6 requests ···················································· 217
Displaying and maintaining the DHCPv6 relay agent ····································································· 217
DHCPv6 relay agent configuration example ················································································· 218
Network requirements ······································································································ 218
viii
Configuration procedure ··································································································· 218
Verifying the configuration ································································································· 219
Configuring the DHCPv6 client ························································ 220
Overview ······························································································································ 220
DHCPv6 client configuration task list ·························································································· 220
Configuring IPv6 address acquisition ·························································································· 220
Configuring IPv6 prefix acquisition ····························································································· 221
Configuring IPv6 address and prefix acquisition ············································································ 221
Configuring stateless DHCPv6 ·································································································· 221
Configuring the DHCPv6 client DUID ························································································· 222
Setting the DSCP value for DHCPv6 packets sent by the DHCPv6 client ··········································· 222
Displaying and maintaining DHCPv6 client ·················································································· 222
DHCPv6 client configuration examples ······················································································· 223
IPv6 address acquisition configuration example ····································································· 223
IPv6 prefix acquisition configuration example ········································································ 224
IPv6 address and prefix acquisition configuration example ······················································· 226
Stateless DHCPv6 configuration example ············································································· 228
Configuring DHCPv6 snooping ························································ 230
Overview ······························································································································ 230
Application of trusted and untrusted ports ············································································· 230
Implementation of Option 18 and Option 37 ················································································· 231
Option 18 for DHCPv6 snooping ························································································· 231
DHCPv6 snooping support for Option 37 ·············································································· 232
DHCPv6 snooping configuration task list ····················································································· 232
Configuring basic DHCPv6 snooping ·························································································· 233
Configuring Option 18 and Option 37 ························································································· 233
Configuring DHCPv6 snooping entry auto backup ········································································· 234
Setting the maximum number of DHCPv6 snooping entries ····························································· 234
Configuring DHCPv6 packet rate limit ························································································· 235
Enabling DHCPv6-REQUEST check ·························································································· 235
Configuring a DHCPv6 packet blocking port ················································································ 236
Enabling DHCPv6 snooping logging ··························································································· 236
Displaying and maintaining DHCPv6 snooping ············································································· 236
DHCPv6 snooping configuration example ··················································································· 237
Network requirements ······································································································ 237
Configuration procedure ··································································································· 237
Verifying the configuration ································································································· 238
Configuring IPv6 fast forwarding ······················································ 239
Overview ······························································································································ 239
Configuring the aging time for IPv6 fast forwarding entries ······························································ 239
Configuring IPv6 fast forwarding load sharing ·············································································· 239
Displaying and maintaining IPv6 fast forwarding ··········································································· 240
Configuring tunneling ···································································· 241
Overview ······························································································································ 241
Configuring a tunnel interface ··································································································· 241
Adding TUNNEL to the PHY_UPDOWN log mnemonic for tunnel interfaces ······································· 243
Displaying and maintaining tunneling configuration ······································································· 243
Troubleshooting tunneling configuration ······················································································ 243
Symptom ······················································································································· 243
Analysis ························································································································ 243
Solution ························································································································· 244
IPv6 over IPv4 tunneling ································································ 245
Overview ······························································································································ 245
Implementation ··············································································································· 245
Tunnel modes ················································································································· 245
IPv6 over IPv4 tunneling configuration task list ············································································· 247
Configuring an IPv6 over IPv4 manual tunnel ··············································································· 247
ix
Restrictions and guidelines ································································································ 247
Procedure ······················································································································ 248
Configuration example ······································································································ 248
Configuring a 6to4 tunnel ········································································································· 251
Restrictions and guidelines ································································································ 251
Procedure ······················································································································ 251
6to4 tunnel configuration example ······················································································· 252
6to4 relay configuration example ························································································ 254
Configuring an ISATAP tunnel ·································································································· 257
Restrictions and guidelines ································································································ 257
Procedure ······················································································································ 257
Configuration example ······································································································ 258
IPv4 over IPv4 tunneling ································································ 261
Overview ······························································································································ 261
Configuring an IPv4 over IPv4 tunnel ························································································· 261
Restrictions and guidelines ································································································ 261
Procedure ······················································································································ 262
Configuration example ············································································································ 263
IPv4 over IPv6 tunneling ································································ 266
Overview ······························································································································ 266
Configuring an IPv4 over IPv6 tunnel ························································································· 266
Restrictions and guidelines ································································································ 266
Procedure ······················································································································ 267
Configuration example ············································································································ 267
IPv6 over IPv6 tunneling ································································ 271
Overview ······························································································································ 271
Configuring an IPv6 over IPv6 tunnel ························································································· 271
Restrictions and guidelines ································································································ 271
Procedure ······················································································································ 272
Configuration example ············································································································ 273
Configuring GRE ·········································································· 276
Overview ······························································································································ 276
GRE encapsulation format ································································································ 276
GRE tunnel operating principle ··························································································· 276
GRE application scenarios ································································································ 277
Protocols and standards ··································································································· 278
Configuring a GRE/IPv4 tunnel ································································································· 278
Configuration guidelines ··································································································· 278
Configuration procedure ··································································································· 279
Configuring a GRE/IPv6 tunnel ································································································· 280
Configuration guidelines ··································································································· 280
Configuration procedure ··································································································· 281
Displaying and maintaining GRE ······························································································· 282
GRE configuration examples ···································································································· 282
Configuring an IPv4 over IPv4 GRE tunnel ············································································ 282
Configuring an IPv4 over IPv6 GRE tunnel ············································································ 285
Troubleshooting GRE ············································································································· 287
Symptom ······················································································································· 287
Analysis ························································································································ 288
Solution ························································································································· 288
Configuring HTTP redirect ······························································ 289
About HTTP redirect ··············································································································· 289
HTTP redirect tasks at a glance ································································································ 289
Specifying the HTTPS redirect listening port number ····································································· 289
Associating an SSL server policy with the HTTPS redirect service ···················································· 290
x
Document conventions and icons ···················································· 291
Conventions ························································································································· 291
Network topology icons ··········································································································· 292
Support and other resources ·························································· 293
Accessing Hewlett Packard Enterprise Support ············································································ 293
Accessing updates ················································································································· 293
Websites ······················································································································· 294
Customer self repair ········································································································· 294
Remote support ·············································································································· 294
Documentation feedback ·································································································· 294
Index ························································································· 296
1
Configuring ARP
Overview
ARP resolves IP addresses into MAC addresses on Ethernet networks.
ARP message format
ARP uses two types of messages: ARP request and ARP reply. Figure 1 shows the format of ARP
request/reply messages. Numbers in the figure refer to field lengths.
Figure 1 ARP message format
• Hardware type—Hardware address type. The value 1 represents Ethernet.
• Protocol type—Type of the protocol address to be mapped. The hexadecimal value 0x0800
represents IP.
• Hardware address length and protocol address length—Length, in bytes, of a hardware
address and a protocol address. For an Ethernet address, the value of the hardware address
length field is 6. For an IPv4 address, the value of the protocol address length field is 4.
• OP—Operation code, which describes the type of ARP message. The value 1 represents an
ARP request, and the value 2 represents an ARP reply.
• Sender hardware address—Hardware address of the device sending the message.
• Sender protocol address—Protocol address of the device sending the message.
• Target hardware address—Hardware address of the device to which the message is being
sent.
• Target protocol address—Protocol address of the device to which the message is being sent.
ARP operating mechanism
As shown in Figure 2, Host A and Host B are on the same subnet. Host A sends a packet to Host B as
follows:
1. Host A looks through the ARP table for an ARP entry for Host B. If one entry is found, Host A
uses the MAC address in the entry to encapsulate the IP packet into a data link layer frame.
Then Host A sends the frame to Host B.
2. If Host A finds no entry for Host B, Host A buffers the packet and broadcasts an ARP request.
The payload of the ARP request contains the following information:
 Sender IP address and sender MAC address—Host A's IP address and MAC address.
 Target IP address—Host B's IP address.
 Target MAC address—An all-zero MAC address.
28-byte ARP request/reply
OP Sender hardware
address Sender protocol
address Target hardware
address Target protocol
address
Protocol
type
22 61 442 61
Hardware address length
Protocol address length
Hardware
type
2
All hosts on this subnet can receive the broadcast request, but only the requested host (Host B)
processes the request.
3. Host B compares its own IP address with the target IP address in the ARP request. If they are
the same, Host B operates as follows:
a. Adds the sender IP address and sender MAC address into its ARP table.
b. Encapsulates its MAC address into an ARP reply.
c. Unicasts the ARP reply to Host A.
4. After receiving the ARP reply, Host A operates as follows:
a. Adds the MAC address of Host B into its ARP table.
b. Encapsulates the MAC address into the packet and sends the packet to Host B.
Figure 2 ARP address resolution process
If Host A and Host B are on different subnets, Host A sends a packet to Host B as follows:
5. Host A broadcasts an ARP request where the target IP address is the IP address of the
gateway.
6. The gateway responds with its MAC address in an ARP reply to Host A.
7. Host A uses the gateway's MAC address to encapsulate the packet, and then sends the packet
to the gateway.
8. If the gateway has an ARP entry for Host B, it forwards the packet to Host B directly. If not, the
gateway broadcasts an ARP request, in which the target IP address is the IP address of Host B.
9. After the gateway gets the MAC address of Host B, it sends the packet to Host B.
ARP table
An ARP table stores dynamic, static, OpenFlow, and Rule ARP entries.
Dynamic ARP entry
ARP automatically creates and updates dynamic entries. A dynamic ARP entry is removed when its
aging timer expires or the output interface goes down. In addition, a dynamic ARP entry can be
overwritten by a static ARP entry.
Static ARP entry
A static ARP entry is manually configured and maintained. It does not age out and cannot be
overwritten by any dynamic ARP entry.
Static ARP entries protect communication between devices because attack packets cannot modify
the IP-to-MAC mapping in a static ARP entry.
The device supports the following types of static ARP entries:
Target IP
address
192.168.1.1
Target IP
address
192.168.1.2
Host A
192.168.1.1
0002-6779-0f4c
Host B
192.168.1.2
00a0-2470-febd
Target MAC
address
0000-0000-0000
Sender MAC
address
00a0-2470-febd
Target MAC
address
0002-6779-0f4c
Sender IP
address
192.168.1.1
Sender MAC
address
0002-6779-0f4c
Sender IP
address
192.168.1.2
3
• Long static ARP entry—It contains the IP address, MAC address, and one of the following
combinations:
ï‚¡ VLAN and output interface.
ï‚¡ Input and output interfaces.
A long static ARP entry is directly used for forwarding packets.
• Short static ARP entry—It contains only the IP address and MAC address.
ï‚¡ If the output interface is a Layer 3 Ethernet interface, the short ARP entry can be directly
used to forward packets.
ï‚¡ If the output interface is a VLAN interface, the device sends an ARP request whose target IP
address is the IP address in the short entry. If the sender IP and MAC addresses in the
received ARP reply match the short static ARP entry, the device performs the following
operations:
− Adds the interface that received the ARP reply to the short static ARP entry.
− Uses the resolved short static ARP entry to forward IP packets.
• Multiport ARP entry—It contains the IP address, MAC address, and VLAN.
The device can use a multiport ARP entry that has the same MAC address and VLAN as a
multicast or multiport unicast MAC address entry for packet forwarding. A multiport ARP entry is
manually configured. It does not age out and cannot be overwritten by any dynamic ARP entry.
For more information about multicast MAC, see IP Multicast Configuration Guide.
To communicate with a host by using a fixed IP-to-MAC mapping, configure a short static ARP entry
on the device. To communicate with a host by using a fixed IP-to-MAC mapping through an interface
in a VLAN, configure a long static ARP entry on the device.
OpenFlow ARP entry
ARP creates OpenFlow ARP entries by learning from the OpenFlow module. An OpenFlow ARP
entry does not age out, and it cannot be updated. An OpenFlow ARP entry can be used directly to
forward packets. For more information about OpenFlow, see OpenFlow Configuration Guide.
Rule ARP entry
ARP creates Rule ARP entries by learning from the portal, VXLAN, and OVSDB modules. A Rule
ARP entry does not age out, and it cannot be updated. It can be overwritten by a static ARP entry. A
Rule ARP entry can be used directly to forward packets.
For more information about portal, see Security Configuration Guide. For more information about
VXLAN and OVSDB, see VXLAN Configuration Guide.
Configuring a static ARP entry
Static ARP entries are effective when the device functions correctly.
A resolved short static ARP entry becomes unresolved upon certain events, for example, when the
resolved output interface goes down, or the corresponding VLAN or VLAN interface is deleted.
Long static ARP entries can be effective or ineffective. Ineffective long static ARP entries cannot be
used for packet forwarding. A long static ARP entry is ineffective when any of the following conditions
exists:
• The corresponding VLAN interface or output interface is down.
• The IP address in the entry conflicts with a local IP address.
• No local interface has an IP address in the same subnet as the IP address in the ARP entry.
A long static ARP entry in a VLAN is deleted if the VLAN or VLAN interface is deleted.
To configure a static ARP entry:
4
Step
Command
Remarks
1. Enter system view. system-view N/A
2. Configure a static ARP
entry.
• Configure a long static ARP entry:
arp static ip-address mac-address
[ vlan-id interface-type
interface-number | vsi-interface
vsi-interface-id tunnel number vsi
vsi-name | vsi-interface
vsi-interface-id interface-type
interface-number service-instance
instance-id vsi vsi-name ]
[ vpn-instance vpn-instance-name ]
• Configure a short static ARP entry:
arp static ip-address mac-address
[
vpn-instance
vpn-instance-name ]
By default, no static ARP entries
exist.
Configuring a multiport ARP entry
NOTE:
For multiport ARP entries to be effective for packet forwarding
, make sure the following conditions
exist:
•
A service loopback group is created to support the multiport ARP service.
•
The service loopback group has a minimum of one member port that is not used for any other
purposes and does not have any configuration.
For information about creating
and configuring a service loopback group, see Layer 2—LAN
Switching Configuration Guide.
A multiport ARP entry contains an IP address, MAC address, and VLAN ID.
To make the multiport ARP entry effective for packet forwarding, you must configure a multicast or
multiport unicast MAC address entry to specify multiple output interfaces. The MAC address entry
must have the same MAC address and VLAN ID as the multiport ARP entry. In addition, the IP
address in the multiport ARP entry must reside on the same subnet as the VLAN interface of the
specified VLAN.
A multiport ARP entry can overwrite a dynamic, short static or long static ARP entry. Conversely, a
short static or long static ARP entry can overwrite a multiport ARP entry.
To configure a multiport ARP entry:
Command
Remarks
1. Enter system view. system-view N/A
2. Configure a multicast or
multiport unicast MAC
address entry.
• Configure a multiport unicast
MAC address entry:
mac-address multiport
mac-address interface
interface-list vlan vlan-id
• Configure a multicast MAC
address entry:
mac-address multicast
mac-address interface
interface-list vlan vlan-id
By default, no multicast or
multiport unicast MAC address
entries exist.
For more information about the
mac-address multiport
command, see Layer 2—LAN
Switching Command Reference.
For more information about the
mac-address multicast
command, see IP Multicast
Command Reference.
arp multiport ip-address
By default, no multiport ARP
5
Command
Remarks
mac-address vlan-id [ vpn-instance
vpn-instance-name ]
entries exist.
Setting the maximum number of dynamic ARP
entries for a device
A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries,
you can set the maximum number of dynamic ARP entries that the device can learn. When the
maximum number is reached, the device stops learning ARP entries.
If you set a value lower than the number of existing dynamic ARP entries, the device does not
remove the existing entries unless they are aged out.
To set the maximum number of dynamic ARP entries for a device:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. Set the maximum
number of dynamic
ARP entries for the
device.
arp max-learning-number max-number slot
slot-number
By default, the maximum
number of dynamic ARP entries
that a device can learn depends
on the ARP table capacity set by
using the hardware-resource
switch-mode command. For
information about the
hardware-resource
switch-mode command, see
Fundamentals Command
Reference.
To disable the device from
learning dynamic ARP entries,
set the number to 0.
Setting the maximum number of dynamic ARP
entries for an interface
An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP
entries, you can set the maximum number of dynamic ARP entries that the interface can learn. When
the maximum number is reached, the interface stops learning ARP entries.
You can set limits for both a Layer 2 interface and the VLAN interface for a permitted VLAN on the
Layer 2 interface. The Layer 2 interface learns an ARP entry only when neither limit is reached.
The total number of dynamic ARP entries that all interfaces learn will not be larger than the maximum
number of dynamic ARP entries set for the device.
To set the maximum number of dynamic ARP entries for an interface:
Step
Command
Remarks
1. Enter system view. system-view N/A
2. Enter interface view. interface interface-type
interface-number N/A
6
Step
Command
Remarks
3. Set the maximum number
of dynamic ARP entries for
the interface.
arp max-learning-num
max-number [ alarm
alarm-threshold ]
By default, the maximum number of
dynamic ARP entries that an interface
can learn depends on the ARP table
capacity set by using the
hardware-resource switch-mode
command. For information about the
hardware-resource switch-mode
command, see Fundamentals
Command Reference.
To disable the interface from learning
dynamic ARP entries, set the number
to 0.
Setting the aging timer for dynamic ARP entries
Each dynamic ARP entry in the ARP table has a limited lifetime, called an aging timer. The aging
timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. A dynamic ARP
entry that is not updated before its aging timer expires is deleted from the ARP table.
To set the aging timer for dynamic ARP entries:
Step
Command
Remarks
1. Enter system view. system-view N/A
2. Set the aging timer for dynamic
ARP entries. arp timer aging
{ aging-minutes | second
aging-seconds } The default setting is 20 minutes.
Enabling dynamic ARP entry check
The dynamic ARP entry check feature disables the device from supporting dynamic ARP entries that
contain multicast MAC addresses. The device cannot learn dynamic ARP entries containing
multicast MAC addresses. You cannot manually add static ARP entries containing multicast MAC
addresses.
When dynamic ARP entry check is disabled, ARP entries containing multicast MAC addresses are
supported. The device can learn dynamic ARP entries containing multicast MAC addresses obtained
from the ARP packets sourced from a unicast MAC address. You can also manually add static ARP
entries containing multicast MAC addresses.
To enable dynamic ARP entry check:
Step
Command
Remarks
1. Enter system view. system-view N/A
2. Enable dynamic ARP entry
check. arp check enable By default, dynamic ARP entry check is
enabled.
Synchronizing ARP entries
This task ensures that all IRF member devices have the same ARP entries.
7
To synchronize ARP entries across all member devices in a timely manner, you can schedule the
master device to automatically execute the arp smooth command. For information about scheduling
a task, see Fundamentals Configuration Guide.
To synchronize ARP entries from the master device to all subordinate devices:
Task
Command
Synchronize ARP entries from the master device to
all subordinate devices. arp smooth
Configuring a customer-side port
By default, the device associates an ARP entry with routing information when the device learns an
ARP entry. The ARP entry provides the next hop information for routing. To save hardware resources,
you can use this command to specify a port that connects a user terminal as a customer-side port.
The device will not associate the routing information with the learned ARP entries.
To configure a customer-side port:
Step
Command
Remarks
1. Enter system view. system-view N/A
2. Enter interface view. interface interface-type
interface-number N/A
3. Configure the VLAN
interface as a
customer-side port. arp mode uni By default, a port operates as a
network-side port.
Enabling ARP logging
This feature enables a device to log ARP events when ARP cannot resolve IP addresses correctly.
The device can log the following ARP events:
• On a proxy ARP-disabled interface, the target IP address of a received ARP packet is not one of
the following IP addresses:
ï‚¡ The IP address of the receiving interface.
ï‚¡ The virtual IP address of the VRRP group.
• The sender IP address of a received ARP reply conflicts with one of the following IP addresses:
ï‚¡ The IP address of the receiving interface.
ï‚¡ The virtual IP address of the VRRP group.
The device sends ARP log messages to the information center. You can use the info-center source
command to specify the log output rules for the information center. For more information about
information center, see Network Management and Monitoring Configuration Guide.
To enable the ARP logging feature:
Step
Command
Remarks
1. Enter system view. system-view N/A
2. Enable the ARP logging
feature. arp check log enable By default, ARP logging is disabled.
8
Displaying and maintaining ARP
IMPORTANT:
Clearing ARP entries from the ARP table
might cause communication failures.
Make sure the entries
to be cleared do not affect current communications.
Execute display commands in any view and reset commands in user view.
Task
Command
Display ARP entries. display arp [ [ all | dynamic | multiport | static ] [ slot
slot-number ] | vlan vlan-id | interface interface-type
interface-number ] [ count | verbose ]
Display the ARP entry for an IP address. display arp ip-address [ slot slot-number ] [ verbose ]
Display the maximum number of ARP
entries that a device supports. display arp entry-limit
Display the number of OpenFlow ARP
entries. display arp openflow count [ slot slot-number ]
Display the ARP entries for a VPN
instance. display arp vpn-instance vpn-instance-name [ count ]
Display the aging timer of dynamic ARP
entries. display arp timer aging
Clear ARP entries from the ARP table. reset arp { all | dynamic | interface interface-type
interface-number | multiport | slot slot-number | static }
Configuration examples
Long static ARP entry configuration example
Network requirements
As shown in Figure 3, hosts are connected to Device B. Device B is connected to Device A through
interface Ten-GigabitEthernet 1/0/1 in VLAN 10.
To ensure secure communications between Device A and Device B, configure a long static ARP
entry for Device A on Device B.
/