Professional Documents
Culture Documents
IP Infusion Confidential
© 2001-2007 IP Infusion Inc. All Rights Reserved.
This documentation is subject to change without notice. The software described in this document and this documentation
are furnished under a license agreement or nondisclosure agreement. The software and documentation may be used or
copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and
recording for any purpose other than the purchaser's internal use without the written permission of IP Infusion Inc.
IP Infusion Inc.
125 S. Market Street, 9th Floor
San Jose, CA 95113
(408) 794-1500 - main
(408) 278-0521 - fax
ii IP Infusion Confidential
Table of Contents
CHAPTER 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About This Publication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Conventions Used in this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Format used in the Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Command Line Interface Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Command Line Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Syntax Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Daemon Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Modes Common to Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Modes Specific to Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Illustration
This section includes the illustration of the
complete topology used in the example. The figure
uses the exact IP addresses and names of routers eth1 eth2 eth1 eth2
R1 R2
used in the example. 10.10.10.10 10.10.11.10 10.10.11.50 10.10.12.10
Configuration
Includes the complete configuration of the routers
involved in the example. The prompt shows the
execution modes of the commands. Each example
begins from the Privileged Exec mode. The
method to reach every command mode is R1
illustrated in the Daemon Command Modes ZebOS# configure terminal Enter the Configure mode.
section. For modes specific to different protocols, ZebOS(config)# router rip Define the RIP process...
please refer to the corresponding Command ZebOS(config-router)# net.. Associate networks with....
Reference (for OSPF command modes, refer to
ZebOS(config-router)# net..
the OSPF Command Reference).
Explanation
This is the grey section next to the configuration
statements and is not to be typed in the CLI. It
provides step-by-step explanation of the actions
performed by the configuration.
Syntax Help
The ZebOS CLI can complete the spelling of command or parameter keywords. Begin typing the command or
parameter then press TAB. At the CLI command prompt type sh:
Router> sh
Press TAB. The CLI shows:
Router> show
If the command or parameter partial spelling is ambiguous, the ZebOS CLI displays the choices that match the
abbreviation. Type show i. Press TAB. The CLI shows:
Router> show i
interface ip
Router> show i
The interface displays the interface and ip keywords. Type n to select interface and press TAB. The CLI shows:
Router> show in
Router> show interface
Type ? and the CLI shows the list of parameters for the show interface command.
[IFNAME] Interface name
Router> show interface
This command has but one positional parameter, an interface name. Supply a value for the IFNAME parameter.
Command Abbreviations
The ZebOS CLI accepts abbreviations for commands. For example,
sh in 7
is the abbreviation for the show interface command.
Startup Router
in EXEC mode Command Mode
(View mode)
Privileged
EXEC mode
(Enable mode)
configure terminal
Configure
mode
Interface Line
mode mode
This chapter contains basic NSM configuration examples. To see details on the commands used in these examples, or
to see the outputs of the validation commands, refer to the NSM Command Reference. To avoid repetition, some
Common commands, like configure terminal, have not been listed under the Commands Used section. The NSM
Command Reference explains these common commands.
R1
R2
ZebOS(config-if)# ip address 192.168.0.2/32 Configure the IP address on this interface and specify a 32-
bit mask, making it a host address.
ZebOS(config-if)# exit Exit the Interface mode and return to Configure
mode.
ZebOS(config)# ip route 192.168.0.1/32 Specify the destination and mask for the network for which
10.10.10.1 gateway is required and add a gateway for each of them.
ZebOS(config)# ip route 192.168.0.3/32
10.10.12.3
R3
Validation Commands
show ip route, show running-config
This chapter contains basic RIP configuration examples. To see details on the commands used in these examples, or
to see the outputs of the Validation commands, refer to the RIP Command Reference. To avoid repetition, some
Common commands, like configure terminal, have not been listed under the Commands Used section. These
Common commands are explained in the NSM Command Reference.
Enabling RIP
This example shows the minimum configuration required for enabling RIP on an interface. R1 and R2 are two routers
connecting to network 10.10.11.0/24. R1 and R2 are also connected to networks 10.10.10.0/24 and 10.10.12.0/24
respectively. To enable RIP, first define the RIP routing process and then associated a network with the routing
process.
R1
R2
Validation Commands
show ip rip, show run, show ip protocols rip, show ip rip interface, show ip route
V1/V2
R2
Validation Commands
show ip rip, show run, show ip protocols rip, show ip rip interface, show ip route
R1
R2
ZebOS(config-if)# ip rip authentication string Specify the authentication string (IPI) on this
IPI interface.
ZebOS(config-if)# ip rip authentication mode md5 Specify the authentication mode to be MD5.
Validation Commands
show run, show ip rip, show ip protocol rip, show ip rip interface, show ip route
R1
ZebOS(config-keychain)# key 20 Add another authentication key (20) to the key chain
SUN.
ZebOS(config-keychain-key)# key-string Earth Specify a password (Earth) to be used by the
specified key.
ZebOS(config-keychain-key)# accept-lifetime Specify the time period during which authentication key
12:00:00 Mar 7 2003 14:00:00 Mar 12 2003 string Earth can be received. In this case, key string
Earth can be received from noon of March 7 to 2 pm
March 12, 2003.
ZebOS(config-keychain-key)# send-lifetime Specify the time period during which authentication key
12:00:00 Mar 7 2003 12:00:00 Mar 12 2003 string Earth can be send. In this case, key string IPI
can be received from noon of March 7 to noon of March
12, 2003.
ZebOS(config-keychain-key)# end Enter Privileged Exec mode.
ZebOS# configure terminal Enter the Configure mode.
ZebOS(config)# interface eth1 Specify interface eth1 as the interface you want to
configure.
ZebOS(config-if)# ip rip authentication key Enable RIPv2 authentication on eth1 interface and
chain SUN specify the key chain SUN to be used for
authentication.
ZebOS(config-if)# ip rip authentication mode Specify text authentication mode to be used for RIP
text packets. This step is optional, as text is the default
mode.
R2
Validation Commands
show run, show ip rip, show ip protocol rip, show ip rip interface, show ip route
R1
ZebOS(config-keychain)# key 2 Add another authentication key (2) to the key chain
SUN.
ZebOS(config-keychain-key)# key-string Earth Specify a password (Earth) to be used by the
specified key.
ZebOS(config-keychain-key)# accept-lifetime Specify the time period during which authentication key
12:00:00 Mar 7 2003 14:00:00 Mar 12 2003 string Earth can be received. In this case, key string
Earth can be received from noon of March 7 to 2 pm
March 12, 2003.
ZebOS(config-keychain-key)# send-lifetime Specify the time period during which authentication key
12:00:00 Mar 7 2003 12:00:00 Mar 12 2003 string Earth can be send. In this case, key string IPI
can be received from noon of March 7 to noon of March
12, 2003.
ZebOS(config-keychain-key)# end Enter Privileged Exec mode.
ZebOS# configure terminal Enter the Configure mode.
ZebOS(config)# interface eth1 Specify interface eth1 as the interface you want to
configure.
ZebOS(config-if)# ip rip authentication key Enable RIPv2 authentication on eth1 interface and
chain SUN specify the key chain SUN to be used for
authentication.
ZebOS(config-if)# ip rip authentication mode md5 Specify md5 authentication mode to be used for RIP
packets.
R2
ZebOS(config-keychain-key)# accept-lifetime Specify the time period during which authentication key
12:00:00 Mar 7 2003 14:00:00 Mar 12 2003 string Earth can be received. In this case, key string
Earth can be received from noon of March 7 to 2 pm
March 12, 2003.
ZebOS(config-keychain-key)# send-lifetime Specify the time period during which authentication key
12:00:00 Mar 7 2003 12:00:00 Mar 12 2003 string Earth can be send. In this case, key string IPI
can be received from noon of March 7 to noon of
March 12, 2003.
ZebOS(config-keychain-key)# end Enter Privileged Exec mode.
ZebOS# configure terminal Enter the Configure mode.
ZebOS(config)# interface eth0 Specify interface eth0 as the interface you want to
configure.
ZebOS(config-if)# ip rip authentication key Enable RIPv2 authentication on eth1 interface and
chain MARS specify the key chain MARS to be used for
authentication.
ZebOS(config-if)# ip rip authentication mode md5 Specify authentication mode to be used for RIP
packets.
Validation Commands
show run, show ip rip, show ip protocol rip, show ip rip interface
This chapter contains basic OSPF configuration examples. To see details on the commands used in these examples,
or to see the outputs of the Validation commands, refer to the OSPF Command Reference. To avoid repetition, some
Common commands, such as configure terminal, have not been listed under the Commands Used section.
These Common commands are explained in the NSM Command Reference.
AS1
Area 0
R2
.11 eth1
10.10.10.0/24
.10 eth0
R1
R1
R2
Validation Commands
show ip ospf, show ip ospf interface, show ip ospf neighbor, show ip ospf route
Setting priority
This example shows the configuration for setting the priority for an interface. You can set a high priority for a router to
make it the Designated Router (DR). Router R3 is configured to have a priority of 10, which is higher than the default
priority (default priority is 1) of R1 and R2; making it the DR.
AS 1
R2
Area 0
.11 eth1
10.10.10.0/24
R1 R3
DR
R3
R1
R2
ZebOS(config)# router ospf 200 Configure the Routing process and specify the Process ID
(200). The Process ID should be a unique positive integer
identifying the routing process.
ZebOS(config-router)# network 10.10.10.0/24 Define the interface (10.10.10.0/24) on which OSPF
area 0 runs and associate the area ID (0) with the interface.
Validation Commands
show ip ospf neighbor, show ip ospf interface
Area 1
eth2
R4
10.10.11.13/24
Area 0
eth1
10.10.10.0/24
R1 R3
DR
R2
Validation Commands
show ip ospf, show ip ospf interface
AS1
Area 0 .11
R2
OSPF
.11
10.10.10.0/24
.10 .12
AS 2
Area 2
R5
BGP
R1
Validation Commands
show ip ospf database external
OSPF Cost
You can make a route the preferred route by changing its cost. In this example, cost has been configured to make R2
the next hop for R1.
The default cost on each interface is 10. Interface eth2 on R2 has a cost of 100 and interface eth2 on R3 has a cost
of 150. The total cost to reach 10.10.14.0/24 (R4) through R2 and R3:
R2: 10+100 = 110
R3: 10+150 = 160
Therefore, R1 chooses R2 as its next hop for destination 10.10.14.0/24.
eth1 R2 eth2
AS1
0
=1 0 10
Co
st
o st 0. .1 =1
C 0 .1 0. 00
11.
eth0 0 . 1 0 eth0
1
eth2 eth2
R1 R4
10.10.9.0/24 10 10.10.14.0/24
.1 .0 eth1
eth1 0 13
Co .1 2 10. 50
st .0 10. 1
=
= st
10 Co
eth1 R3 eth2
Area 0
R1
R2
ZebOS(config)# router ospf 100 Configure the Routing process and specify the Process ID
(100). The Process ID should be a unique positive integer
identifying the routing process.
ZebOS(config-router)# network 10.10.10.0/24 Define interfaces on which OSPF runs and associate the
area 0 area ID (0) with the interface.
ZebOS(config-router)# network 10.10.11.0/24
area 0
R3
R4
ZebOS(config)# router ospf 100 Configure the Routing process and specify the Process ID
(100). The Process ID should be a unique positive integer
identifying the routing process.
ZebOS(config-router)# network 10.10.11.0/24 Define interfaces on which OSPF runs and associate the
area 0 area ID (0) with the interface.
ZebOS(config-router)# network 10.10.13.0/24
area 0
ZebOS(config-router)# network 10.10.14.0/24
area 0
Validation Commands
show ip ospf route 10.10.14.0/24
ABR
lo = 192.168.1.62/32
Area 0 Area 1
10.10.22.62/24
R6 R1 R4
10.10.21.62/24 10.10.22.10/24
10.10.23.10/24
Vi rt
ual
link
10.10.23.63/24
DOWN
R3 R2
Area 2
4
3/2
. 24.6
10
10. lo = 192.168.2.63
ABR
R5
R1
R2
Validation Commands
show ip ospf virtual link, show ip ospf neighbor, show ip ospf, show ip ospf route
OSPF Authentication
In the ZebOS implementation there are three types of OSPF authentications--Null authentication (Type 0), Simple Text
(Type 1) authentication and MD5 (Type 2) authentication. With null authentication, routing exchanges over the network
are not authenticated. In Simple Text authentication, the authentication type is the same for all routers that
communicate using OSPF in a network. For MD5 authentication, you configure a key and a key-id on each router. The
router generates a message digest on the basis of the key, key ID and the OSPF packet and adds it to the OSPF
packet.
The Authentication type can be configured on a per-interface basis or a per-area basis. Additionally, Interface and Area
authentication can be used together. Area authentication is used for an area and interface authentication is used for a
specific interface in the area. If the Interface authentication type is different from Area authentication type, Interface
authentication type overrides the Area authentication type. If the Authentication type is not specified for an interface,
the Authentication type for the area is used. The authentication command descriptions contain details of each type of
authentication. Refer to the OSPF Command Reference for OSPF authentication commands.
In the example below, R1 and R2 are configured for both the interface and area authentications.The authentication type
of interface eth1 on R1 and interface eth0 on R2 is md5 mode and is defined by the area authentication
command; however, the authentication type of interface eth2 on R1 and interface eth1 on R2 is plain text mode and is
defined by the ip ospf authentication command. This interface command overrides the area authentication
command.
AS1
Area 0 10.10.11.50
R2
eth1
.50 eth0
10.10.10.0/24
.10 eth1
10.10.11.10
R1
eth2
R1
ZebOS(config-if)# ip ospf message-digest-key Register MD5 key test for OSPF authentication. The Key
1 md5 test ID is 1.
ZebOS(config-if)# exit Exit the Interface mode and return to Configure
mode
ZebOS(config)# interface eth2 Specify the interface (eth2)to be configured.
ZebOS(config-if)# ip ospf authentication Enable OSPF packet to use text authentication on the
current interface (eth2).
ZebOS(config-if)# ip ospf authentication-key Specify an OSPF authentication password test for the
test neighboring routers.
R2
Validation Commands
show run, show ip ospf neighbor
This chapter contains basic IS-IS configuration examples. To see details on the commands used in these examples, or
to see the outputs of the Validation commands, refer to the IS-IS Command Reference. To avoid repetition, some
Common commands, like configure terminal, have not been listed under the Commands Used section. The NSM
Command Reference explains these Common Commands.
AS 1
net 49.0000.0000.0002.00
Level-2-only R2
eth1 .11
10.10.10.0/24
eth0 .10
R1
net 49.0000.0000.0001.00
R1
R2
Validation Commands
show clns neighbors, show isis database, show isis topology
Setting priority
This example shows the configuration for setting the priority for an interface. Set a high priority for a router to make it
the Designated IS (DIS). Router R3 is configured to have a priority of 70, this is higher than the default priority (default
priority is 64) of R1 and R2. This makes R3 the DIS.
AS 1
net 49.0000.0000.0002.00
Level-2-only R2
eth0 .11
10.10.10.0/24
R1 R3
R3
R1
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis ipi Enable IS-IS routing on an interface for area 49 (ipi).
ZebOS(config-if)# exit Exit the Interface mode and return to the Configure
mode.
ZebOS(config)# router isis ipi Create an IS-IS routing instance for area 49 (ipi).
R2
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis ipi Enable IS-IS routing on an interface for area 49 (ipi).
ZebOS(config-if)# exit Exit the Interface mode and return to the Configure
mode.
ZebOS(config)# router isis ipi Create an IS-IS routing instance for area 49 (ipi).
ZebOS(config-router)# is-type level-2-only
Configure instance ipi as Level-2-only routing.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying the
49.0000.0000.0002.00 area address and the system ID.
Validation Commands
show clns neighbors, show isis database, show isis topology
AS 1
R2
Level-2-only net 49.0000.0000.0002.00
.11
10.10.10.0/24
.10 .12
R1 R3
net 49.0000.0000.0003.00
net 49.0000.0000.0001.00 DIS
R5
R1
Validation Commands
show clns neighbors, show isis database, show isis topology, show ip isis route, show ip route
Configuring Metric
You can make a route the preferred route by changing its metric. In this example, the cost has been configured to make
R3 the next hop for R1.
The default metric on each interface is 10. Interface eth2 on R2 has a metric of 20 and Interface eth2 on R3 has a
metric of 30. The total cost to reach 10.10.14.0/24 (R4) through R2 and R3:
R2: 10+20 = 30
R3: 10+30 = 40
In this topology, R1 chooses R2 as its next hop for destination 10.10.14.0/24.
AS 1
net 49.0000.0000.0002.00
eth1 eth2
R2 met
ric =
eth0 20 eth0
eth2 Level-2-only eth2
R1 R4
= 30
eth1 ric eth1
met
net 49.0000.0000.0001 .00 net 49.0000.0000.0004.00
eth1 R3 eth2
net 49.0000.0000.0003.00
R1
R2
R3
R4
Validation Commands
show clns neighbors, show isis database, show isis topology, show ip isis route, show ip route
AS 1
L2 Backbone Area
eth0 eth0
R1 R2
eth1 eth1
eth0 eth0
L1 Area 52 L1 Area 50
R3 R4
R1
R2
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis bb Enable IS-IS routing on the interface eth0 for area bb.
ZebOS(config-if)# isis circuit-type level-2- Set the circuit type for the interface eth0.
only
ZebOS(config-if)# exit Exit Interface mode and return to Configure mode.
ZebOS(config)# interface eth1 Specify the interface (eth1)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis bb Enable IS-IS routing on the interface eth1 for area bb.
ZebOS(config-if)# isis circuit-type level-1 Set the circuit type for the interface eth1.
ZebOS(config-if)# exit Exit Interface mode and return to Configure mode.
ZebOS(config)# router isis bb Create an IS-IS routing instance for area bb.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying
50.0000.0000.0002.00 the area address and the system ID.
R3
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis xyz Enable IS-IS routing on the interface eth0 for area xyz.
ZebOS(config-if)# exit Exit Interface mode and return to Configure mode.
ZebOS(config)# router isis xyz Create an IS-IS routing instance for area xyz.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (xyz) as Level-1.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying
52.0000.0000.0003.00 the area address and the system ID.
R4
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis aa Enable IS-IS routing on the interface eth0 for area aa.
ZebOS(config-if)# exit Exit Interface mode and return to Configure mode.
ZebOS(config)# router isis aa Create an IS-IS routing instance for area aa.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (aa) as Level-1.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying
50.0000.0000.0004.00 the area address and the system ID.
Validation Commands
show ip isis route, show ip route
AS 1
L2 Backbone Area
eth0 eth0
R1 R2
eth1 eth1
eth0 eth0
L1 Area 52 L1 Area 50
R3 R4
R1
R2
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis bb Enable IS-IS routing on the interface eth0 for area bb.
R3
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis xyz Enable IS-IS routing on the interface eth0 for area xyz.
ZebOS(config-if)# exit Exit Interface mode and return to Configure mode.
ZebOS(config)# router isis xyz Create an IS-IS routing instance for area xyz.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (xyz) as Level-1.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying
52.0000.0000.0003.00 the area address and the system ID.
R4
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter
the Interface mode.
ZebOS(config-if)# ip router isis aa Enable IS-IS routing on the interface eth0 for area aa.
ZebOS(config-if)# exit Exit Interface mode and return to Configure mode.
ZebOS(config)# router isis aa Create an IS-IS routing instance for area aa.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (aa) as Level-1.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying
52.0000.0000.0004.00 the area address and the system ID.
Validation Commands
show ip isis route, show ip route
This chapter contains basic BGP configuration examples. To see details on the commands used in these examples, or
to see the outputs of the Validation commands, refer to the BGP Command Reference. To avoid repetition, some
Common commands, such as configure terminal, have not been listed under the Commands Used section.
These common Commands are explained in the NSM Command Reference.
AS200
10.10.10.10 10.10.10.11
R1 R2
R1
R2
Validation Commands
show ip bgp summary, show ip bgp neighbors
AS200 AS300
10.10.10.10 10.10.10.11
R1 R2
R1
R2
Validation Commands
show ip bgp summary, show ip bgp neighbors
Route-Map
Use route-maps to filter incoming updates from a BGP peer. In this example, a prefix-list ipi on R1 is configured to
deny entry of any routes with the IP address 1.1.1.0/M (M = 26,27,28). To test the filter, R2 is configured to
generate network addresses 1.1.1.0/27 and 1.1.2.0/24. To verify, use the show ip bgp command on R1; it
displays R1 receiving updates from only 1.1.2.0/24.
AS10 AS11
192.168.10.10 192.168.10.11
R1 R2
R1
R2
ZebOS(config)# router bgp 11 Define the routing process and establish a TCP session.
The number 11 specifies the AS number of R2.
ZebOS(config-router)# neighbor 192.168.10.10 Define BGP neighbors and establish a TCP session.
remote-as 10 192.168.10.10 is the IP address of the neighbor (R1)
and 10 is the neighbor’s AS number.
ZebOS(config-router)# network 1.1.1.0/27 Specify the network to be advertised by the BGP routing
process.
ZebOS(config-router)# network 1.1.2.0/24 Specify the network to be advertised by the BGP routing
process.
Validation Commands
show ip bgp
Route Reflector
Use Route Reflectors to reduce the IBGP mesh inside an AS. In this example, R2, R5 and R4 would have to maintain
a full mesh among themselves but by making R5 the Route Reflector, R2 (Client1) has IBGP session with RR only and
not with R4 (Client 2). The routes learned from R2 are advertised to the other clients and to IBGP peers outside the
cluster; the IBGP routes learned from IBGP peers outside the cluster are advertised to the R2. This reduces the IBGP
peer connections in AS1.
R3
RR Client 1
R2
10 RR Client 2
.1
0.
R4
1
0.
50
R1
50
1 1.
0.
10
.1
10 10
.1
1.
0.
.1
10
10
.
AS1 10
.
10
R6
R5
RR
RR (R5)
RR Client 1 (R2)
ZebOS(config)# router bgp 1 Define the routing process. The number 1 specifies the AS
number of R2.
ZebOS(config-router)# neighbor 10.10.10.10 Define BGP neighbor and establish a TCP session.
remote-as 1 10.10.10.10 is the IP address of the neighbor (R5) and
1 is the neighbor’s AS number.
RR Client 2 (R4)
ZebOS(config)# router bgp 1 Define the routing process. The number 1 specifies the AS
number of R4.
ZebOS(config-router)# neighbor 10.10.11.10 Define BGP neighbor and establish a TCP session.
remote-as 1 10.10.11.10 is the IP address of the neighbor (R5) and
1 is the neighbor’s AS number.
Validation Commands
show ip bgp, show ip bgp neighbors
Confederations
In this example, AS1 contains three Confederation Autonomous Systems--AS 1000, AS 1001 and AS 1002. To any
outside AS, the Confederation is a single Autonomous System AS1. Confederation eIBGP is run between R2 and R5,
and between R5 and R7. R2 is configured so that its local AS is 1000. Its peer connection to R5 is set up like any other
eBGP session. The bgp confederation identifier command tells the router that it is a member of a
Confederation and the Confederation ID. The bgp confederation peers command lists the member autonomous
system to which R2 is connected. The command tells the BGP process that the eBGP connection is a Confederation
eBGP rather than normal eBGP.
Confederations
AS1
AS 1000
R3
10.10.7.3 R8
R1 2
7.
10. 10.10.15.8
1 0. .
10 . 1 0.1 0 10 10.10.15.7
9 .1 . 9. 2
R2 .7 R7
. 11
0
10.10.10.2 .1
10 AS 1002
10 5
eIBGP
.1
0. 1. eIBGP
10 .1
10
. 5 R5 10
.
10.10.12.5
10
.4
.
12
10
0.
.1
.1
3.6
10
R4
R6
AS 1001
R2
R5
ZebOS(config)# router bgp 1001 Define the routing process. The number 1001 specifies the
AS number of R5.
ZebOS(config-router)# bgp confederation Specify BGP Confederation Identifier, to others the group
identifier 1 will appear as a single AS and the identifier as its AS
number.
ZebOS(config-router)# bgp confederation peers Specify AS 1000 and 1002 to become members of the
1000 1002 Confederation.
ZebOS(config-router)# neighbor 10.10.10.2 Define BGP neighbors for R5 and establish a TCP session
remote-as 1000 by specifying the IP addresses and the AS numbers of
ZebOS(config-router)# neighbor 10.10.11.7 neighbors.
remote-as 1002
ZebOS(config-router)# neighbor 10.10.13.6
remote-as 1001
ZebOS(config-router)# neighbor 10.10.12.4
remote-as 1001
R7
ZebOS(config)# router bgp 1002 Define the routing process. The number 1001 specifies the
AS number of R5.
ZebOS(config-router)# bgp confederation Specify BGP Confederation Identifier, to others the group
identifier 1 will appear as a single AS and the identifier as its AS
number.
ZebOS(config-router)# bgp confederation peers Specify AS 1000 and 1001 to become members of the
1000 1001 Confederation.
ZebOS(config-router)# neighbor 10.10.11.5 Define BGP neighbors for R7 and establish a TCP session
remote-as 1001 by specifying the IP addresses and the AS numbers of
ZebOS(config-router)# neighbor 10.10.15.8 neighbors.
remote-as 1002
Validation Commands
show ip bgp, show ip bgp neighbors
BGP Authentication
BGP authentication allows users to receive selected routing information, enhancing security of their network traffic.
When BGP authentication is enabled on a router, the router verifies routing packet it receives by exchanging a
password that is configured on both the sending and the receiving routers.
Note: To enable BGP authentication on TCP/IP you need to apply a kernel patch and specific MD5 libraries. Refer to
the Installation Guide for detailed information on how to apply the MD5 authentication patch and the required
libraries.
In this example, both R1 and R2 have ipi as the password. Configure the same password on all routers that are to
communicate using BGP in a network
AS200 AS300
10.10.10.10 10.10.10.11
R1 R2
R1
R2
Validation Commands
show ip bgp, show ip bgp neighbors
The ZebOS implementation leverages the Forwarding Plane Load Balancing, when the underlying kernel supports
ECMP (Equal Cost Multipath).
ZebOS installs the maximum number of ECMP routes supported by a kernel. This allows for load balancing to be
performed with more than one nexthop to reach a destination. In case the router receives and installs multiple paths
with the same administrative distance and cost to a destination, load-balancing is possible.
Ideally, multiple nexthops have different interfaces to the destination, but this is not mandatory. The algorithm for
distributing traffic across ECMP routes is dependant on the kernel and typically based on the protocol, source address,
destination address and the port.
The following example illustrates how you can enable Equal Cost Multipath (ECMP) and configure a routing protocol
(OSPF is used in this example) for load balancing. However this example will not work if your kernel does not support
load balancing. In this setup, R1, R2 and R3 are three Linux routers connected to each other. R1 can reach R3 through
two links available to R2.
N1
N3
R1 .1 .2 R2 R3
.2 .3
N2
N1 10.10.10.0/24
N2 10.10.11.0/24
N3 20.10.10.0/24
R1 - NSM
• Enable multipath support in ZebOS and set the maximum number of paths to be installed in the FIB (Forward
Information Base):
ZebOS# configure terminal
ZebOS(config)# maximum-paths 2
R1 - OSPF
• Configure OSPF on all interfaces on R1, R2 and R3.
R1 learns about R3 through 2 nexthops (both networks N1 and N2)
R1- Kernel
• Run the ip route command on R1 kernel. The kernel routing table (FIB) displays that R1 can reach R3 through
both the nexthops.
# ip route
20.10.10.0/24 proto zebra metric 20
nexthop via 10.10.10.2 dev eth1 weight 1
nexthop via 10.10.11.2 dev eth2 weight 1
10.70.0.0/24 dev eth0 scope link
10.10.0.0/24 via 10.70.0.1 dev eth0
10.10.10.0/24 dev eth1 proto kernel scope link src 10.10.10.1
10.10.11.0/24 dev eth2 proto kernel scope link src 10.10.11.1
This chapter describes configuring VLAN interfaces and using them with the ZebOS routing software. Several Virtual
LAN (VLAN) interfaces can be configured on a single ethernet interface. Once created, a VLAN interface functions the
same as any physical interface.
Note: For VLAN support, enable the configuration option 802.1Q VLAN Support under Networking Options
before compiling the kernel. If you have installed the kernel RPM provided by IPI, this option is enabled
automatically.
The ZebOS NSM recognizes VLAN interfaces like physical interfaces. Once VLAN interfaces are created in the kernel
and an IP address is assigned to them, the ZebOS commands can be used to configure and display VLAN interfaces
like any physical interface. The ZebOS routing protocols, such as, RIP, OSPF and BGP can run across networks using
VLAN interfaces.
Two systems having physical connectivity (either directly connected or connected through a switch) can communicate
with each other through VLAN interfaces that have the same VLAN IDs and belong to the same network.
If the physical interfaces are connected to a switch and not directly, the corresponding ports on the switch have to be
configured as trunks and should not be put in any VLANs in the switch. The commands to configure switch ports as
trunks depend on the make/type of the switch and hence are beyond the scope of this document.
An example is used here to describe the VLAN interface configuration. In this example, there are two routers R1 and
R2 and the interface eth1 of R1 is connected directly to eth2 using a crossover ethernet cable.
R1 R2
VLAN connection
eth1.10 eth2.10
VLAN interface eth1.10 is created on R1 and eth2.10 is created on R2. The VLAN interfaces are configured to be in
the same network. Now R1 and R2 can reach each other using the VLAN connection.
Note that the VLAN ID of both VLAN interfaces is the same (10). Two systems with different VLAN IDs are unable to
communicate even if they are in the same network (the VLAN ID is used to tag packets sent on the VLAN interface).
Configuring an IP address
Once a VLAN interface is created, configure an IP address on it. Use the ipconfig command to configure the IP address
of the VLAN interface and then use the same command to display information about the VLAN interface.
[root]# ifconfig eth1.10 inet 1.1.1.145 netmask 255.255.255.0 broadcast 1.1.1.255 up
[root]# ifconfig eth1.10
eth1.10 Link encap:Ethernet HWaddr 00:0E:0C:01:48:4D
inet addr:1.1.1.145 Bcast:1.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::20e:cff:fe01:484d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:172 (172.0 b)
This chapter contains basic IPv4 and IPv6 Transition Tunneling configuration examples. To see details on the
commands used in these examples, or to see the outputs of the Validation commands, refer to the NSM Command
Reference. To avoid repetition, some Common commands, like configure terminal, have not been listed under
the Commands Used section. These Common commands are explained in the NSM Command Reference. For
commands used to enter each command mode see the Command Modes section in the Introduction chapter.
Typically, tunneling is used to transmit private data over a public network, such as the Internet. Tunnels enable carrying
of incompatible data over an existing network. For example, IPv6 data can be transmitted over IPv4 networks. Secure
tunneling protocols (such as IPSec) can be used for transfering sensitive data over public networks.
Tunneling is acheived by encapsulating IP packets of private networks within IP packets of public networks. This allows
packets destined for one IP address to be wrapped and redirected to another IP address. To encapsulate an IP packet,
an outer IP header is inserted before the packet’s existing header. The source and destination addresses in the inner
IP header, specify the original sender and recipient of the packet.
eth1 .1 .2 eth1
eth1 eth2
R2
10.100.1.0/24 .2 .1 10.200.1.0/24
R1
ZebOS(config-if)# tunnel source 10.100.1.1 Define the IPv4 address to be used as the source address
for the tunnel interface.
ZebOS(config-if)# tunnel destination Specifies the destination IPv4 address of the tunnel
10.200.1.2 interface.
ZebOS(config-if)# ip address 9.1.2.1/24 Set the IP address of the tunnel interface.
ZebOS(config-if)# exit Exit Interface mode and enter Configure mode.
ZebOS(config)# router ospf Create an OSPF routing instance.
ZebOS(config-router)# router-id 10.70.0.57 Specify a Router ID for the OSPF routing process.
ZebOS(config-router)# network 10.100.1.0/24 Define the interface on which OSPF runs and associate the
area 0 area ID (0) with the interface (area ID 0 specifies the
backbone area).
ZebOS(config-router)# exit Exit the Router mode and enter Configure mode.
ZebOS(config)# ip route 9.3.0.0/24 Tunnel100 Configure a static route for the tunnel interface.
R2
R3
ZebOS(config-router)# router-id 10.70.0.59 Specify a Router ID for the OSPF routing process.
ZebOS(config-router)# network 10.200.1.0/24 Define the interface on which OSPF runs and associate the
area 0 area ID (0) with the interface (area ID 0 specifies the
backbone area).
ZebOS(config-router)# exit Exit the Router mode and enter Configure mode.
ZebOS(config)# ip route 9.1.0.0/24 Tunnel100 Configure a static route for the tunnel interface.
Validation Commands
show interface, show ip route
2001:420:ffff:a::2/64 3ffe:b00:ffff:a::2/64
eth1 eth2
R2
192.168.1.2 192.168.2.1
IPv4 Network
3ffe:b00:ffff:2::1/64 3ffe:b00:ffff:2::2/64
R1
R3
ZebOS(config-router)# router-id 10.70.0.57 Specify a Router ID for the OSPF routing process.
ZebOS(config-router)# network 192.168.2.0/24 Define the interface on which OSPF runs and associate the
area 0 area ID (0) with the interface (area ID 0 specifies the
backbone area).
Validation Commands
show interface, show ipv6 route
2001:420:ffff::/48 3ffe:b00:ffff::/48
GRE Tunnel
IPv6 eth2 Tunnel100 Tunnel100 eth2 IPv6
Network R1 R3
Network
2001:420:ffff:a::2/64 3ffe:b00:ffff:a::2/64
eth1 eth2
R2
192.168.1.2 192.168.2.1
IPv4 Network
3ffe:b00:ffff:2::1/64 3ffe:b00:ffff:2::2/64
R1
R3
Validation Commands
show interface, show ipv6 route
2002:coa8:101::/48 2002:coa8:202::/48
6to4 Tunnel
IPv6 eth2 Tunnel100 Tunnel100 eth2 IPv6
Site R1 R3
Site
eth1 .1 .2 eth1
2002:coa8:101:1::10/64 2002:coa8:202:2::10/64
eth1 eth2
R2
192.168.1.0/24 .2 .1 192.168.2.0/24
R1
R2
Validation Commands
show interface, show ipv6 route
eth1 .1 .2 eth1
2002:coa8:101:1::10/64 3ffe:b00:ffff:a::1/64
eth1 eth2
R2
192.168.1.0/24 .2 .1 192.168.2.0/24
R1
R2
R3
Validation Commands
show interface, show ipv6 route
R1
H1
ZebOS(config-if)# tunnel destination Specifies the destination IPv4 address of the tunnel
10.100.1.1 interface.
ZebOS(config-if)# tunnel source 10.100.1.2 Define the IPv4 address to be used as the source address
for the tunnel interface.
Validation Commands
show interface, show ipv6 route
C H
command abbreviation 5 how to configure a route-reflector 49
command abbreviations 5 how to configure an area border router 25
command line errors 5 how to configure cost in OSPF 27
command line help 4 how to configure route-map 47
command line interface how to configure virtual links 29
syntax 4 how to configure VLAN interface 59
Command Modes how to enable authentication on an area 31
address family 7 how to enable authentication on an interface 31
key chain 7 how to enable BGP 45
path 7 how to enable IS-IS 33
route-map 7 how to enable OSPF on an interface 21
router 6 how to enable rip 11
command modes how to enable static routing 9
definitions 6 how to redistribute routes into OSPF 26
command nodes how to set priority in OSPF 23
I P
Interface, command mode definition 6 parenthesis not part of command 1
intra-site automatic tunnel address protocol 76 path command mode 7
IP-IP tunneling 63 Privileged Exec, command mode definition 6
IPv4 and IPv6 transition tunneling 63
IPv4 Tunneling 63 Q
IPv6 transition
6to4 automatic tunnel 72 question mark 1
6to4 relay 74
configured tunnel 66
GRE tunnel 69 R
ISATAP automatic tunnel 76 redistribute routes 26
ISATAP automatic tunnel 76 redistributing routes into IS-IS 37
IS-IS configuration 33 redistributing routes into OSPF 26
configuring metric 38 RIP Configuration
enabling IS-IS on an interface 33 RIPv2 authentication 13
L1 L2 area routing with multiple instances 43 RIP configuration 11
L1 L2 area routing with single instance 41 enabling rip 11
redistributing routes into IS-IS 37 RIPv2 md5 authentication 18
setting priority 35 RIPv2 text authentication-multiple keys 15
specifying the RIP version 12
K RIP configurations 11
RIP version 12
kernel patch MD5 authentication 53 route-map command mode 7
key chain command mode 7 route-map configure 47
Router Advertisement 76
L router command mode 6
route-reflector 49
L1L2 area routing 41, 43
Line, command mode definition 6 S
lowercase, meaning in command syntax notation 1
setting-priority 35
M Square brackets 1
static routes 9
manual syntax conventions 1
conventions, procedures and syntax 1 syntax help 4
MD5 authentication on BGP 53
MD5 libraries 53 T
metric in IS-IS 38
tunnel destination 76
N tunneling 63
NBMA 76 U
NSM configuration 9, 55
enabling static routing 9 UPPERCASE, meaning in command syntax notation 1
O V
OSPF configuration 21 vertical bar 1
configuring an area border router 25 virtual links 29
configuring virtual links 29 vlan interface 59
enabling authentication 31
enabling OSPF on an interface 21