ZebOS Core Configuration Guide Version 75

ZebOS®
Intelligent Network Software

Version 7.5
Core Configuration Guide

March 2007
IP Infusion Confidential
© 2001-2007 IP Infusion Inc. All Rights Reserved.
This documentation is subject to change without notice. The software described in this document and this documentation
are furnished under a license agreement or nondisclosure agreement. The software and documentation may be used or
copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced,
stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and
recording for any purpose other than the purchaser's internal use without the written permission of IP Infusion Inc.
IP Infusion Inc.
125 S. Market Street, 9th Floor
San Jose, CA 95113
(408) 794-1500 - main
(408) 278-0521 - fax
For support, questions, or comments via E-mail, contact:

support@ipinfusion.com
Trademarks:
ZebOS is a registered trademark, and IP Infusion and the ipinfusion logo are trademarks of IP Infusion Inc.
All other trademarks are trademarks of their respective companies.
ii IP Infusion Confidential
Table of Contents
CHAPTER 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
About This Publication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Conventions Used in this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Format used in the Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Command Line Interface Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Command Line Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Syntax Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Daemon Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Modes Common to Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Modes Specific to Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
CHAPTER 2 NSM Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Enabling Static Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
CHAPTER 3 RIP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Enabling RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Specifying the RIP version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
RIPv2 authentication (single key) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
RIPv2 text authentication (multiple keys) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
RIPv2 md5 authentication (multiple keys) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
CHAPTER 4 OSPF Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Enabling OSPF on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Setting priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Configuring an Area Border Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Redistributing routes into OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
OSPF Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Configuring Virtual Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
OSPF Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
CHAPTER 5 IS-IS (IPv4) Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

Enabling IS-IS on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Setting priority. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35
Redistributing routes into IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Configuring Metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
L1-L2 Area Routing with Single Instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
L1-L2 Area Routing with Multiple Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
©2003-2007 IP Infusion Inc. Confidential iii

Table of Contents
CHAPTER 6 BGP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Enabling BGP (routers in the same AS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Enabling BGP (between different Autonomous Systems) . . . . . . . . . . . . . . . . . . 46
Route-Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Route Reflector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Confederations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
BGP Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
CHAPTER 7 Forwarding Plane Load Balancing . . . . . . . . . . . . . . . . . . . . . .55

Enabling Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Verifying Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
CHAPTER 8 Configuring VLAN Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . .59

Creating a VLAN interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Configuring an IP address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Adding IP addresses to VLAN interface using ZebOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Displaying VLAN interfaces using ZebOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Deleting VLAN interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
CHAPTER 9 Tunneling and Transitioning . . . . . . . . . . . . . . . . . . . . . . . . . . .63

IPv4 Configured Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
IPv6 Transition - Configured Tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
IPv6 Transition - GRE Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
IPv6 Transition - 6to4 Automatic Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
IPv6 Transition - 6to4 Relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
IPv6 Transition - ISATAP Automatic Tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Index - 1
iv ©2003-2007 IP Infusion Inc. Confidential

CHAPTER 1 Introduction
About This Publication

Network administrators and application developers intending to configure ZebOS® protocols should use this
Configuration Guide.
This Guide attempts to make configuration simpler by adding topology illustrations and configuration samples. It covers
basic configurations for NSM, OSPF, BGP, RIP, IS-IS, load balancing and tunneling. Use this Guide in conjunction with
the Command References to get complete information on the commands used in the configurations displayed in this
Guide.
Conventions Used in this Guide

The following table lists conventions used for describing the ZebOS commands:
Convention Type Description Example

Monospaced command Represents command strings entered on a show ip ospf
font command line and sample source code.
Proportional font description Gives specific details about a parameter. advertise Advertises this
range
UPPERCASE Variable Indicates user input. Enter a value according to area AREAID range
parameter the descriptions that follow. Each uppercased ADDRESS
token expands into one or more other tokens.
lowercase Keyword Indicates keywords. Enter values exactly as show ip ospf
parameter shown in the command description.
| Vertical bar Delimits choices; select one from the list. Do not A.B.C.D|<0-4294967295>
enter as part of the command.
() Parentheses Enclose optional parameters. Choose none; or (A.B.C.D|<0-
only one. Do not enter as part of the command. 4294967295>)
{ } Braces Enclose optional parameters. Choose none; or {priority <0-255>|
select one or more a maximum of once each. poll-interval <1-
Do not enter as part of the command. 65535>}
[] Square Enclose optional parameters. Choose none; or [parm2|parm2\parm3]
brackets select one or more an unlimited number of times
each. Do not enter as part of the command.
? Question mark Used with the square brackets to limit the [parm1|parm2|?parm3] expands
immediately following token to one occurrence. to
Do not enter as part of the command. parm1 parm3 parm1
parm2
(with parm3 occurring once)
< > Angle brackets Enclose a numeric range, endpoints inclusive. <0-65535>
Do not enter as part of the command.
= Equal sign Separates the variable from explanatory text. PROCESSID = <0-65535>
Do not enter as part of the command.
©2003-2007 IP Infusion Inc. Confidential 1

Introduction
Convention Type Description Example

. dot (period) Allows the repetition of the element that .AA:NN can be expanded to:
immediately follows it multiple times. Do not 1:01 1:02 1:03.
enter as part of the command.
A.B.C.D IP address IPv4-style address. 10.0.11.123
X:X::X:X IP address An IPv6-style address. 3ffe:506::1, where the::
represents all 0s for those
address components not
explicitly given.
LINE End-of-line Indicates user input of any string, including string of words
input token spaces. No other parameters may be entered
after input for this token.
WORD Single token Indicates user input of any contiguous string singlewordnospaces
(excluding spaces).
IFNAME Single token Indicates the name of an interface. eth0
Note: Unless otherwise stated, press Enter after each command entry.
2 ©2003-2007 IP Infusion Inc. Confidential

Introduction
Format used in the Configuration Examples

Scenario Description
The examples begin with a description of the Enabling RIP
topology and the scenario. This is an explanation
of what is to be achieved by the specified This example shows the minimum configuration required for
configuration. enabling RIP on an interface...............
Illustration
This section includes the illustration of the
complete topology used in the example. The figure
uses the exact IP addresses and names of routers eth1 eth2 eth1 eth2
R1 R2
used in the example. 10.10.10.10 10.10.11.10 10.10.11.50 10.10.12.10
Configuration
Includes the complete configuration of the routers
involved in the example. The prompt shows the
execution modes of the commands. Each example
begins from the Privileged Exec mode. The
method to reach every command mode is R1
illustrated in the Daemon Command Modes ZebOS# configure terminal Enter the Configure mode.
section. For modes specific to different protocols, ZebOS(config)# router rip Define the RIP process...
please refer to the corresponding Command ZebOS(config-router)# net.. Associate networks with....
Reference (for OSPF command modes, refer to
ZebOS(config-router)# net..
the OSPF Command Reference).
Explanation
This is the grey section next to the configuration
statements and is not to be typed in the CLI. It
provides step-by-step explanation of the actions
performed by the configuration.
Names of Commands Used Names of Commands Used

This section lists the names of the commands router rip, network
used in the example. Use these command names
to look up the command details in the Command
References. To avoid repetition, this list does not
include a few common commands such as
configure terminal or interface.
These common commands are explained in the
Common Commands chapter of the NSM
Command Reference.
Validation Commands Validation Commands

These commands are usually show commands show ip rip
that display outputs and are used to validate the
configuration.

Introduction
Command Line Interface Primer

The ZebOS Command Line Interface (CLI) is a text-based facility similar to industry standards. Many of the commands
may be used in scripts to automate configuration tasks. Each command CLI is usually associated with a specific
function or a common function performing a specific task. Multiple users can telnet and issue commands using the
Exec mode and the Privileged Exec mode. However, only one user is allowed to use the Configure mode at a time, to
avoid multiple users from issuing configuration commands simultaneously.
The IMI Shell gives users and administrators the ability to issue commands to several daemons from a single telnet
session.
Command Line Help

The ZebOS CLI contains a text-based help facility. Access this help by typing in the full or partial command string then
typing “?”. The ZebOS CLI displays the command keywords or parameters plus a short description.
For example, at the CLI command prompt, type show ? (the CLI does not display the question mark).
The CLI displays this keyword list with short descriptions for each keyword:
bgpd# show
debugging Debugging functions (see also 'undebug')
history Display the session command history
ip IP information
memory Memory statistics
route-map route-map information
running-config running configuration
startup-config Contents of startup configuration
version Displays ZebOS version
Syntax Help
The ZebOS CLI can complete the spelling of command or parameter keywords. Begin typing the command or
parameter then press TAB. At the CLI command prompt type sh:
Router> sh
Press TAB. The CLI shows:
Router> show
If the command or parameter partial spelling is ambiguous, the ZebOS CLI displays the choices that match the
abbreviation. Type show i. Press TAB. The CLI shows:
Router> show i
interface ip
Router> show i
The interface displays the interface and ip keywords. Type n to select interface and press TAB. The CLI shows:
Router> show in
Router> show interface
Type ? and the CLI shows the list of parameters for the show interface command.
[IFNAME] Interface name
Router> show interface
This command has but one positional parameter, an interface name. Supply a value for the IFNAME parameter.

Introduction
Command Abbreviations
The ZebOS CLI accepts abbreviations for commands. For example,
sh in 7
is the abbreviation for the show interface command.
Command line errors

If the router does not recognize the command after ENTER is pressed, it displays this message:
% Unknown command.
If a command is incomplete it displays this message:
% Command incomplete.
Some commands are too long for the display line and can wrap in mid-parameter or mid-keyword if necessary:
area 10.10.0.18 virtual-link 10.10.0.19 authent
ication-key 57393

Introduction
Daemon Command Modes

The commands available for each protocol are separated into several modes (nodes) arranged in a hierarchy; Exec is
the lowest. Each mode has its own special commands; in some modes, commands from a lower mode are available.
Note: Multiple users can telnet and issue commands using the Exec mode and the Privileged Exec mode. However,
only one user is allowed to use the Configure mode at a time, to avoid multiple users from issuing configuration
commands simultaneously.
Modes Common to Protocols

Exec This mode, also called the View mode, is the base mode from where users can perform basic commands like
show, exit, quit, help, list, and enable. All ZebOS daemons have this mode.
Privileged Exec This mode, also called the Enable mode, allows users to perform debugging commands, the write
commands (for saving and viewing the configuration), show commands, and so on.
Configure Sometimes referred to as Configure Terminal, this mode serves as a gateway into the Interface, Router,
Line, Route Map, Key Chain and Address Family modes. All ZebOS daemons have this mode.
Interface This mode is used to configure protocol-specific settings for a particular interface. Any attribute configured in
this mode overrides an attribute configured in the router mode.
Line This mode makes available access-class commands.
Startup Router
in EXEC mode Command Mode
(View mode)
enable Command used to enter

(password) the next Command Mode
Privileged
EXEC mode
(Enable mode)
configure terminal
Configure
mode
interface IFNAME Line vty
Interface Line
mode mode

Introduction
Modes Specific to Protocols

The following command modes are not common to all protocols and the command used to enter these modes is
different for different protocols. For an illustration of these command modes refer to the corresponding Command
References.
Router Sometimes referred to as Configure Router mode, this mode is available for the LDP, BGP, OSPF, RSVP-TE
and RIP protocols only and makes available router and routing commands.
Route-map This mode is used to set route metric, route-length and cost data. It is available for the BGP, OSPF, and
RIP protocols only.
Address Family This mode allows support for multiprotocol BGP extension. It includes address family-specific
commands.
Key Chain This mode, available for the RIP protocol only, manages the key chain.
Trunk This mode is used to create or modify RSVP trunks. A trunk is the static definition for a Labeled Switch Path
(LSP). Each trunk creates a corresponding LSP, and this LSP is signalled from the machine where the trunk was
created, to the egress, as specified in the trunk's configuration.
Path Use this mode to create or modify RSVP paths. You can define a possible path to be taken between two points in
a network. This path could be a complete description (with each node specified) or a partial one specifying certain hops
that the path must take.

Introduction

CHAPTER 2 NSM Configuration
This chapter contains basic NSM configuration examples. To see details on the commands used in these examples, or
to see the outputs of the validation commands, refer to the NSM Command Reference. To avoid repetition, some
Common commands, like configure terminal, have not been listed under the Commands Used section. The NSM
Command Reference explains these common commands.
Enabling Static Routing

This example shows the complete configuration required to enable static routing in a simple network topology. Static
routes are useful in small networks. They are simple solutions for making a few destinations reachable. Large networks
use dynamic routing protocols. A static route is composed of a network prefix (host address) and a nexthop (gateway).
Router R1 is configured with three static routes, one for the remote network 10.10.12.0/24 and one each for the
loopback addresses (host addresses) of routers R2 and R3. In all three routes, interface eth0 of router R2 is the
gateway. Router R3 is configured with a default static route that is equivalent to configuring separate static routes with
the same gateway or nexthop address. Router R2 has two routes, one for each of the remote routers' loopback
address.
192.168.0.1/32 192.168.0.2/32 192.168.0.3/32

lo lo lo
eth0 eth0 eth2 eth0
R1 R2 R3
.1 10.10.10.0/24 .2 .2 10.10.12.0/24 .3
R1
ZebOS# configure terminal Enter the Configure mode.

ZebOS(config)# interface lo Specify loopback as the interface you want to configure.
ZebOS(config-if)# ip address 192.168.0.1/32 Configure the IP address on this interface and specify a 32-
bit mask, making it a host address.
ZebOS(config-if)# exit Exit the Interface mode and return to Configure
mode.
ZebOS(config)# ip route 10.10.12.0/24 Specify the destination prefix and mask for the network for
10.10.10.2 which a gateway is required, for example, 10.10.12.0/24.
ZebOS(config)# ip route 192.168.0.2/32 Add a gateway for each of them (in this case 10.10.10.2 for
10.10.10.2 all). Since R2 is the only next hop available, you can
ZebOS(config)# ip route 192.168.0.3/32 configure a default route instead of configuring the same
10.10.10.2 static route for individual addresses, see the configuration of
R3.
R2


NSM Configuration
mode.
ZebOS(config)# ip route 192.168.0.1/32 Specify the destination and mask for the network for which
10.10.10.1 gateway is required and add a gateway for each of them.
ZebOS(config)# ip route 192.168.0.3/32
10.10.12.3
R3

mode.
ZebOS(config)# ip route 0.0.0.0/0 10.10.12.2 Specify 10.10.12.2 as a default gateway to reach any
network. Since 10.10.12.2 is the only route available you
can specify it as the default gateway instead of specifying it
as the gateway for individual network or host addresses.
Names of Commands Used

ip route, ip address, interface
Validation Commands
show ip route, show running-config

CHAPTER 3 RIP Configuration
This chapter contains basic RIP configuration examples. To see details on the commands used in these examples, or
to see the outputs of the Validation commands, refer to the RIP Command Reference. To avoid repetition, some
Common commands, like configure terminal, have not been listed under the Commands Used section. These
Common commands are explained in the NSM Command Reference.
Enabling RIP
This example shows the minimum configuration required for enabling RIP on an interface. R1 and R2 are two routers
connecting to network 10.10.11.0/24. R1 and R2 are also connected to networks 10.10.10.0/24 and 10.10.12.0/24
respectively. To enable RIP, first define the RIP routing process and then associated a network with the routing
process.
eth1 eth2 eth1 eth2

R1 R2
10.10.10.10 10.10.11.10 10.10.11.50 10.10.12.10
R1

ZebOS(config)# router rip Define a RIP routing process and enter the Router mode.
ZebOS(config-router)# network 10.10.10.0/24 Associate networks with the RIP process.
ZebOS(config-router)# network 10.10.11.0/24
R2

ZebOS(config)# router rip Define a RIP routing process and enter the Router mode.
ZebOS(config-router)# network 10.10.11.0/24 Associate networks with the RIP process.

router rip, network
Validation Commands
show ip rip, show run, show ip protocols rip, show ip rip interface, show ip route

RIP Configuration
Specifying the RIP version

Configure a router to receive and send specific versions of packets on an interface. In this example, router R2 is
configured to receive and send RIP version 1 and version 2 information on both eth1 and eth2 interfaces.
V1/V2
eth2 eth1 eth2 eth1

R1 R2 R3
10.10.11.10 10.10.11.50 10.10.12.10 10.10.12.50
R2

ZebOS(config)# router rip Enable the RIP routing process.
ZebOS(config-router)# exit
ZebOS(config)# interface eth1 Specify interface eth1 as an interface you want to
configure.
ZebOS(config-if)# ip rip send version 1 2 Allow sending RIP version 1 and version 2 packets out
of this interface.
ZebOS(config-if)# ip rip receive version 1 2 Allow receiving of RIP version 1 and version 2 packets
from the eth1 interface.
ZebOS(config-if)# quit Quit the Interface mode and return to
Configure mode to configure the next interface.
ZebOS(config)# interface eth2 Specify interface eth2 as the interface you want to
configure.
ZebOS(config-if)# ip rip send version 1 2 Allow sending RIP version 1 and version 2 packets out
of this interface.
ZebOS(config-if)# ip rip receive version 1 2 Allow receiving of RIP version 1 and version 2 packets
from the eth2 interface.

ip rip send version, ip rip receive version
Validation Commands
show ip rip, show run, show ip protocols rip, show ip rip interface, show ip route

RIP Configuration
RIPv2 authentication (single key)

ZebOS RIP implementation provides the choice of configuring authentication for a single key or for multiple keys. This
example illustrates authentication of the routing information exchange process for RIP using a single key. Routers R1
and R2 are running RIP and exchange routing updates. To configure single key authentication on R1, specify an
interface and then define a key or password for that interface. Next, specify an authentication mode. Any receiving RIP
packet on this specified interface should have the same string as password. For an exchange of updates between R1
and R2, define the same password and authentication mode on R2.
eth2 eth1 eth0 eth1

R1 R2
10.10.11.10 10.10.10.10 10.10.10.50 10.10.12.50
R1

ZebOS(config)# router rip Define a RIP routing process and enter the Router
mode.
ZebOS(config-router)# network 10.10.10.0/24 Associate network 10.10.10.0/24 with the RIP
process.
ZebOS(config-router)# redistribute connected Enable redistributing from connected routes.
ZebOS(config-router)# exit Quit the Router mode and return to the Configure
mode.
ZebOS(config)# interface eth1 Specify the interface (eth1) for authentication.
ZebOS(config-if)# ip rip authentication string Specify the authentication string (IPI) for this
IPI interface.
ZebOS(config-if)# ip rip authentication mode md5 Specify the authentication mode to be MD5.
R2

mode.
process.
mode.
ZebOS(config)# interface eth0 Specify the interface (eth0) for authentication.
ZebOS(config-if)# ip rip authentication string Specify the authentication string (IPI) on this
IPI interface.
ZebOS(config-if)# ip rip authentication mode md5 Specify the authentication mode to be MD5.

RIP Configuration

ip rip authentication string, ip rip authentication mode, redistribute, network
Validation Commands
show run, show ip rip, show ip protocol rip, show ip rip interface, show ip route

RIP Configuration
RIPv2 text authentication (multiple keys)

This example illustrates text authentication of the routing information exchange process for RIP using multiple keys.
Routers R1 and R2 are running RIP and exchanging routing updates. To configure authentication on R1, define a key
chain, specify keys in the key chain and then define the authentication string or passwords to be used by the keys. Set
the time period during which it is valid to receive or send the authentication key by specifying the accept and send
lifetimes. After defining the key string, specify the key chain (or the set of keys) that will be used for authentication on
each interface and also the authentication mode to be used.
R1 receives all packets that contain any key string that matches one of the key strings included in the specified key
chain (within the accept lifetime) on that interface. The key ID is not considered for matching. For additional security,
the accept lifetime and send lifetime are configured such that every fifth day the key ID and key string changes. To
maintain continuity, the accept lifetimes should be configured to overlap. This will accommodate different time-setup on
machines. However, the send lifetime does not need to overlap and IPI recommends to configure no overlapping for
send lifetime.
eth2 eth1 eth0 eth1

R1 R2
10.10.11.10 10.10.10.10 10.10.10.50 10.10.12.50
R1

mode.
process.
mode.
ZebOS(config)# key chain SUN Enter the key chain management mode to add keys to
the key chain SUN.
ZebOS(config-keychain)# key 10 Add authentication key ID (10) to the key chain SUN.
ZebOS(config-keychain-key)# key-string IPI Specify a password (IPI) to be used by the specified
key.
ZebOS(config-keychain-key)# accept-lifetime Specify the time period during which authentication key
12:00:00 Mar 2 2003 14:00:00 Mar 7 2003 string IPI can be received. In this case, key string
IPI can be received from noon of March 2 to 2 pm
March 7, 2003.
ZebOS(config-keychain-key)# send-lifetime Specify the time period during which authentication key
12:00:00 Mar 2 2003 12:00:00 Mar 7 2003 string IPI can be send. In this case, key string IPI
can be received from noon of March 2 to noon of March
7, 2003.
ZebOS(config-keychain-key)# exit Exit the keychain-key mode and return to
keychain mode.

RIP Configuration
ZebOS(config-keychain)# key 20 Add another authentication key (20) to the key chain
SUN.
ZebOS(config-keychain-key)# key-string Earth Specify a password (Earth) to be used by the
specified key.
12:00:00 Mar 7 2003 14:00:00 Mar 12 2003 string Earth can be received. In this case, key string
Earth can be received from noon of March 7 to 2 pm
March 12, 2003.
12:00:00 Mar 7 2003 12:00:00 Mar 12 2003 string Earth can be send. In this case, key string IPI
12, 2003.
ZebOS(config-keychain-key)# end Enter Privileged Exec mode.
configure.
ZebOS(config-if)# ip rip authentication key Enable RIPv2 authentication on eth1 interface and
chain SUN specify the key chain SUN to be used for
authentication.
ZebOS(config-if)# ip rip authentication mode Specify text authentication mode to be used for RIP
text packets. This step is optional, as text is the default
mode.
R2

mode.
process.
mode.
ZebOS(config)# key chain MOON Enter the key chain management mode to add keys to
the key chain MOON.
ZebOS(config-keychain)# key 30 Add authentication key ID (30) to the key chain MOON.
key.
March 7, 2003.
7, 2003.
MOON.

RIP Configuration

specified key.
March 12, 2003.
12, 2003.
configure.
chain MARS specify the key chain MARS to be used for
authentication.
ZebOS(config-if)# ip rip authentication mode Specify authentication mode to be used for RIP
text packets. This step is optional, as text is the default
mode.

key chain, key, key-string, accept-lifetime, send-lifetime, ip rip authentication key-chain, ip rip authentication mode
Validation Commands
show run, show ip rip, show ip protocol rip, show ip rip interface, show ip route

RIP Configuration
RIPv2 md5 authentication (multiple keys)

This example illustrates the md5 authentication of the routing information exchange process for RIP using multiple
keys. Routers R1 and R2 are running RIP and exchange routing updates. To configure authentication on R1, define a
key chain, specify keys in the key chain and then define the authentication string or passwords to be used by the keys.
Then set the time period during which it is valid to receive or send the authentication key by specifying the accept and
send lifetimes. After defining the key string, specify the key chain (or the set of keys) that will be used for authentication
on the interface and the authentication mode to be used. Configure R2 and R3 to have the same key ID and key string
as R1 for the time that updates need to be exchanged.
In md5 authentication, both the key ID and key string are matched for authentication. R1 will receive only packets that
match both the key ID and the key string in the specified key chain (within the accept lifetime) on that interface. In the
following example, R2 has the same key ID and key string as R1. For additional security, the accept lifetime and send
lifetime are configured such that every fifth day the key ID and key string changes. To maintain continuity, the accept
lifetimes should be configured to overlap; however, the send lifetime should not be overlapping.
eth2 eth1 eth0 eth1

R1 R2
10.10.11.10 10.10.10.10 10.10.10.50 10.10.12.50
R1

mode.
process.
mode.
ZebOS(config)# key chain SUN Enter the key chain management mode to add keys to
the key chain SUN.
ZebOS(config-keychain)# key 1 Add authentication key ID (1) to the key chain SUN.
key.
March 7, 2003.
7, 2003.
ZebOS(config-keychain-key)# exit Exit the keychain-key mode and return to
keychain mode.

RIP Configuration
SUN.
specified key.
March 12, 2003.
12, 2003.
configure.
chain SUN specify the key chain SUN to be used for
authentication.
ZebOS(config-if)# ip rip authentication mode md5 Specify md5 authentication mode to be used for RIP
packets.
R2

mode.
process.
mode.
ZebOS(config)# key chain MOON Enter the key chain management mode to add keys to
the key chain MOON.
ZebOS(config-keychain)# key 1 Add authentication key ID (1) to the key chain MOON.
key.
March 7, 2003.
can be received from noon of March 2 to noon of
March 7, 2003.
MARS.
specified key.

RIP Configuration
March 12, 2003.
can be received from noon of March 7 to noon of
March 12, 2003.
configure.
chain MARS specify the key chain MARS to be used for
authentication.
ZebOS(config-if)# ip rip authentication mode md5 Specify authentication mode to be used for RIP
packets.

key chain, key, key-string, accept-lifetime, send-lifetime, ip rip authentication key-chain, ip rip authentication mode
Validation Commands
show run, show ip rip, show ip protocol rip, show ip rip interface

CHAPTER 4 OSPF Configuration
This chapter contains basic OSPF configuration examples. To see details on the commands used in these examples,
or to see the outputs of the Validation commands, refer to the OSPF Command Reference. To avoid repetition, some
Common commands, such as configure terminal, have not been listed under the Commands Used section.
These Common commands are explained in the NSM Command Reference.
Enabling OSPF on an interface

This example shows the minimum configuration required for enabling OSPF on an interface. R1 and R2 are two routers
in Area 0 connecting to network 10.10.10.0/24.
Note: Configure one interface so that it belongs to only one area. However, you can configure different interfaces on
a router to belong to different areas.
AS1
Area 0
R2
.11 eth1
10.10.10.0/24
.10 eth0
R1
R1

ZebOS(config)# router ospf 100 Configure the Routing process and specify the Process ID
(100). The Process ID should be a unique positive integer
identifying the routing process.
ZebOS(config-router)# network 10.10.10.0/24 Define the interface (10.10.10.0/24) on which OSPF runs
area 0 and associate the area ID (0) with the interface (area ID 0
specifies the backbone area).
R2
ZebOS# configure terminal Enter the Configure mode

(200). The Process ID should be a unique positive
integer identifying the routing process.
ZebOS(config-router)# network 10.10.10.0/24 Define the interface (10.10.10.0/24) on which OSPF
area 0 runs and associate the area ID (0) with the interface.

OSPF Configuration

network area, router ospf
Validation Commands
show ip ospf, show ip ospf interface, show ip ospf neighbor, show ip ospf route

OSPF Configuration
Setting priority
This example shows the configuration for setting the priority for an interface. You can set a high priority for a router to
make it the Designated Router (DR). Router R3 is configured to have a priority of 10, which is higher than the default
priority (default priority is 1) of R1 and R2; making it the DR.
AS 1
R2
Area 0
.11 eth1
10.10.10.0/24
.10 eth0 eth1.13
R1 R3
DR
R3
ZebOS(config)# interface eth1 Specify the interface (eth1)to be configured.

ZebOS(config-if)# ip ospf priority 10 Specify the router priority to a higher priority (10) to make
R3 the Designated Router (DR).
ZebOS(config-if)# exit Exit the Interface mode and return to the Configure
mode.
R1

area 0 runs and associate the area ID (0) with the interface (area
ID 0 specifies the backbone area).
R2

OSPF Configuration

network area, ip ospf priority
Validation Commands
show ip ospf neighbor, show ip ospf interface

OSPF Configuration
Configuring an Area Border Router

This example shows configuration for an Area Border Router. R2 is an Area Border Router (ABR). On R2, interface
eth0 is in Area 0 and interface eth1 is in Area 1.
Area 1
eth2
R4
10.10.11.13/24
Area 0
eth1
eth0 eth1 10.10.11.0/24

R2
10.10.10.11/24 10.10.11.11/24
10.10.10.0/24
eth0 10.10.10.10/24 eth0 10.10.10.12/24
R1 R3
DR
R2

ZebOS(config-router)# network 10.10.10.0/24 Define one interface (10.10.10.0/24) on which OSPF
ZebOS(config-router)# network 10.10.11.0/24 Define the other interface (10.10.11.0/24) on which
area 1 OSPF runs and associate the area ID (1) with the
interface.

network area
Validation Commands
show ip ospf, show ip ospf interface

OSPF Configuration
Redistributing routes into OSPF

In this example the configuration causes BGP routes to be imported into the OSPF routing table and advertised as
Type 5 External LSAs into Area 0.
AS1
Area 0 .11
R2
OSPF
.11
10.10.10.0/24
.10 .12
R1 BGP and R3 OSPF

OSPF
DR
AS 2
Area 2
R5
BGP
R1

ZebOS(config-router)# network 10.10.10.0/24 Define one interface (10.10.10.0/24) on which OSPF
area 0 runs and associate the area ID (0) with the interface (area
ID 0 specifies the backbone area).
ZebOS(config-router)# redistribute bgp Specify redistributing routes from other routing protocol
(BGP) into OSPF.

redistribute, network area
Validation Commands
show ip ospf database external

OSPF Configuration
OSPF Cost
You can make a route the preferred route by changing its cost. In this example, cost has been configured to make R2
the next hop for R1.
The default cost on each interface is 10. Interface eth2 on R2 has a cost of 100 and interface eth2 on R3 has a cost
of 150. The total cost to reach 10.10.14.0/24 (R4) through R2 and R3:
R2: 10+100 = 110
R3: 10+150 = 160
Therefore, R1 chooses R2 as its next hop for destination 10.10.14.0/24.
eth1 R2 eth2
AS1
0
=1 0 10
Co
st
o st 0. .1 =1
C 0 .1 0. 00
11.
eth0 0 . 1 0 eth0
1
eth2 eth2
R1 R4
10.10.9.0/24 10 10.10.14.0/24
.1 .0 eth1
eth1 0 13
Co .1 2 10. 50
st .0 10. 1
=
= st
10 Co
eth1 R3 eth2
Area 0
R1

ZebOS(config-router)# network 10.10.9.0/24 Define interfaces on which OSPF runs and associate the
area 0 area ID (0) with the interface (area ID 0 specifies the
ZebOS(config-router)# network 10.10.10.0/24 backbone area).
area 0
area 0
R2

ZebOS(config-if)# ip ospf cost 100 Set the OSPF cost of this link to 100.
mode.

OSPF Configuration
area 0 area ID (0) with the interface.
area 0
R3

ZebOS(config-if)# ip ospf cost 150 Set the OSPF cost of this link to 100.
mode.
area 0
R4
area 0
area 0

network area, ip ospf cost
Validation Commands
show ip ospf route 10.10.14.0/24

OSPF Configuration
Configuring Virtual Links

Virtual links are used to connect a temporarily disjointed non-backbone area to the backbone area, or to repair a non-
contiguous backbone area. In this example, the ABR R3 has temporarily lost connection to Area 0 disconnecting
Area 2 from the backbone area. The virtual link between ABR R1 and ABR R2 connects Area 2 to Area 0. Area 1
is used as a transit area.
ABR
lo = 192.168.1.62/32
Area 0 Area 1
10.10.22.62/24
R6 R1 R4
10.10.21.62/24 10.10.22.10/24
10.10.23.10/24
Vi rt
ual
link
10.10.23.63/24
DOWN
R3 R2
Area 2
4
3/2
. 24.6
10
10. lo = 192.168.2.63
ABR
R5
R1

ZebOS(config-if)# ip address 192.168.1.62/32 Configure the IP address on this interface.
mode.
ZebOS(config-router)# ospf router-id Configure OSPF Router ID (192.168.1.62) for this
192.168.1.62 router.
area 0 area IDs (0 and 1) with the interface.
area 1
ZebOS(config-router)# area 1 virtual-link Configure a virtual link between this router R1 and R2
192.168.2.63 (Router ID 192.168.2.63) through transit area 1.
R2
ZebOS(config)# interface lo Specify loopback as the interface you want to configure

ZebOS(config-if)# ip address 192.168.2.63/32 Configure the IP address on this interface.

OSPF Configuration

mode.
ZebOS(config-router)# ospf router-id Configure OSPF Router ID (192.168.1.63) for this
192.168.2.63 router.
area 1 area IDs (1 and 2) with the interface.
area 2
area 2
ZebOS(config-router)# area 1 virtual-link Configure a virtual link between this router R2 and
192.168.1.62 R1(Router ID 192.168.2.62) through transit area 1.

area virtual-link, network area
Validation Commands
show ip ospf virtual link, show ip ospf neighbor, show ip ospf, show ip ospf route

OSPF Configuration
OSPF Authentication
In the ZebOS implementation there are three types of OSPF authentications--Null authentication (Type 0), Simple Text
(Type 1) authentication and MD5 (Type 2) authentication. With null authentication, routing exchanges over the network
are not authenticated. In Simple Text authentication, the authentication type is the same for all routers that
communicate using OSPF in a network. For MD5 authentication, you configure a key and a key-id on each router. The
router generates a message digest on the basis of the key, key ID and the OSPF packet and adds it to the OSPF
packet.
The Authentication type can be configured on a per-interface basis or a per-area basis. Additionally, Interface and Area
authentication can be used together. Area authentication is used for an area and interface authentication is used for a
specific interface in the area. If the Interface authentication type is different from Area authentication type, Interface
authentication type overrides the Area authentication type. If the Authentication type is not specified for an interface,
the Authentication type for the area is used. The authentication command descriptions contain details of each type of
authentication. Refer to the OSPF Command Reference for OSPF authentication commands.
In the example below, R1 and R2 are configured for both the interface and area authentications.The authentication type
of interface eth1 on R1 and interface eth0 on R2 is md5 mode and is defined by the area authentication
command; however, the authentication type of interface eth2 on R1 and interface eth1 on R2 is plain text mode and is
defined by the ip ospf authentication command. This interface command overrides the area authentication
command.
AS1
Area 0 10.10.11.50
R2
eth1
.50 eth0
10.10.10.0/24
.10 eth1
10.10.11.10
R1
eth2
R1

area 0
ZebOS(config-router)# area 0 authentication Enable MD5 authentication on area 0.
message-digest
ZebOS(config-router)# exit Exit the Router mode and return to Configure mode.

OSPF Configuration
ZebOS(config-if)# ip ospf message-digest-key Register MD5 key test for OSPF authentication. The Key
1 md5 test ID is 1.
mode
ZebOS(config-if)# ip ospf authentication Enable OSPF packet to use text authentication on the
current interface (eth2).
ZebOS(config-if)# ip ospf authentication-key Specify an OSPF authentication password test for the
test neighboring routers.
R2

area 0
ZebOS(config-router)# area 0 authentication Enable MD5 authentication on area 0.
message-digest
ZebOS(config-router)# exit Exit the Router mode and return to Configure mode.
ZebOS(config-if)# ip ospf message-digest-key Register MD5 key test for OSPF authentication. The Key
1 md5 test ID is 1.
mode
ZebOS(config-if)# ip ospf authentication Enable OSPF packet to use text authentication on the
current interface (eth1).
ZebOS(config-if)# ip ospf authentication-key Specify an OSPF authentication password test for the
test neighboring routers.

ip ospf authentication, ip ospf authentication-key, network area, area authentication message-digest
Validation Commands
show run, show ip ospf neighbor

CHAPTER 5 IS-IS (IPv4) Configuration
This chapter contains basic IS-IS configuration examples. To see details on the commands used in these examples, or
to see the outputs of the Validation commands, refer to the IS-IS Command Reference. To avoid repetition, some
Common commands, like configure terminal, have not been listed under the Commands Used section. The NSM
Command Reference explains these Common Commands.
Enabling IS-IS on an interface

This example shows the minimum configuration required for enabling IS-IS on an interface. R1 and R2 are two routers
in ipi instance connecting to the network 10.10.10.0/24. After enabling IS-IS on an interface, create a routing
instance and specify the Network Entity Title (NET). IS-IS explicitly specifies a NET to begin routing. NET is comprised
of the area address and the system ID of the router.
AS 1
net 49.0000.0000.0002.00
Level-2-only R2
eth1 .11
10.10.10.0/24
eth0 .10
R1
net 49.0000.0000.0001.00
R1

ZebOS(config)# interface eth0 Specify the interface (eth0) to be configured and enter the
Interface mode.
ZebOS(config-if)# ip router isis ipi Enable IS-IS routing on an interface for area 49 (ipi).
mode.
ZebOS(config)# router isis ipi Create an IS-IS routing instance for area 49 (ipi).
ZebOS(config-router)# is-type level-2-only
Configure instance ipi as Level-2-only routing.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying the
49.0000.0000.0001.00 area address and the system ID.

IS-IS (IPv4) Configuration
R2

ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter the
Interface mode.
mode.

ip router isis, net, router isis
Validation Commands
show clns neighbors, show isis database, show isis topology

Setting priority
This example shows the configuration for setting the priority for an interface. Set a high priority for a router to make it
the Designated IS (DIS). Router R3 is configured to have a priority of 70, this is higher than the default priority (default
priority is 64) of R1 and R2. This makes R3 the DIS.
AS 1
net 49.0000.0000.0002.00
Level-2-only R2
eth0 .11
10.10.10.0/24
eth0 .10 eth0 .13
R1 R3
net 49.0000.0000.0001.00 net 49.0000.0000.0003.00

DIS
R3

Interface mode.
ZebOS(config-if)# isis priority 70 Specify the router priority to a higher priority (70) to make R3
the designated IS (DIS).
mode.
R1
Interface mode.
mode.


R2
Interface mode.
mode.

ip router isis, net, router isis, isis priority
Validation Commands
show clns neighbors, show isis database, show isis topology

Redistributing routes into IS-IS

In this example the configuration causes BGP routes to be imported into the IS-IS routing table and advertised into the
ipi instance.
AS 1
R2
Level-2-only net 49.0000.0000.0002.00
.11
10.10.10.0/24
.10 .12
R1 R3
net 49.0000.0000.0003.00
net 49.0000.0000.0001.00 DIS
R5
R1

Interface mode.
mode.
ZebOS(config-router)# is-type level-2-only Establish the IS level for this area (ipi) as Level-2-
only.
ZebOS(config-router)# net Establish a Network Entity Title for this instance, specifying
49.0000.0000.0001.00 the area address and the system ID.
ZebOS(config-router)# redistribute bgp Specify redistributing routes from other routing protocol
(BGP) into IS-IS.

ip router isis, redistribute, is-type, router isis
Validation Commands
show clns neighbors, show isis database, show isis topology, show ip isis route, show ip route

Configuring Metric
You can make a route the preferred route by changing its metric. In this example, the cost has been configured to make
R3 the next hop for R1.
The default metric on each interface is 10. Interface eth2 on R2 has a metric of 20 and Interface eth2 on R3 has a
metric of 30. The total cost to reach 10.10.14.0/24 (R4) through R2 and R3:
R2: 10+20 = 30
R3: 10+30 = 40
In this topology, R1 chooses R2 as its next hop for destination 10.10.14.0/24.
AS 1
net 49.0000.0000.0002.00
eth1 eth2
R2 met
ric =
eth0 20 eth0
eth2 Level-2-only eth2
R1 R4
= 30
eth1 ric eth1
met
net 49.0000.0000.0001 .00 net 49.0000.0000.0004.00
eth1 R3 eth2
net 49.0000.0000.0003.00
R1

Interface mode.
ZebOS(config-if)# exit Exit Interface mode and return to Configure mode.
Interface mode.
Interface mode.

R2
ZebOS(config)# interface eth1 Specify the interface (eth1)to be configured and

enter the Interface mode.
ZebOS(config-if)# ip router isis ipi Enable IS-IS routing on an interface for area 49
(ipi).
ZebOS(config-if)# exit Exit Interface mode and return to Configure
mode.
(ipi).
ZebOS(config-if)# isis metric 20 Set the value of IS-IS metric (on eth2) to 20.
mode.
ZebOS(config-router)# net 49.0000.0000.0002.00 Establish a Network Entity Title for this instance,
specifying the area address and the system ID.
R3

(ipi).
mode.
(ipi).
ZebOS(config-if)# isis metric 30 Set the value of IS-IS metric (on eth2) to 30.
mode.
R4

(ipi).


mode.
(ipi).
mode.

ip router isis, net, isis metric, router isis
Validation Commands
show clns neighbors, show isis database, show isis topology, show ip isis route, show ip route

L1-L2 Area Routing with Single Instance

IS-IS supports a two-level hierarchy for handling and scaling the functionality of large networks. The Level-1 (L1) area
is mainly for Leaf networks and the Level-2 (L2) area is the backbone area connecting Level-1 areas. In this example,
R3 and R4 are configured as Level-1 routers and sit in the Level-1 area. R1 and R2 are configured as Level-1-2 routers
and connect these two Level-1 areas with a backbone Level-2 area. You can configure Level-1-2 routers with single or
multiple instances. This configuration shows the single instance version of the Level-1-2 router.
AS 1
L2 Backbone Area
eth0 eth0
R1 R2
eth1 eth1
eth0 eth0
L1 Area 52 L1 Area 50
R3 R4
R1

Interface mode.
ZebOS(config-if)# ip router isis abc Enable IS-IS routing on the interface eth0 for area abc.
ZebOS(config-if)# isis circuit-type level-2- Set the circuit type for the interface eth0.
only
Interface mode.
ZebOS(config-if)# isis circuit-type level-1 Set the circuit type for the interface eth1.
ZebOS(config)# router isis abc Create an IS-IS routing instance for area abc.
R2
Interface mode.
ZebOS(config-if)# ip router isis bb Enable IS-IS routing on the interface eth0 for area bb.
ZebOS(config-if)# isis circuit-type level-2- Set the circuit type for the interface eth0.
only

Interface mode.
ZebOS(config-if)# isis circuit-type level-1 Set the circuit type for the interface eth1.
ZebOS(config)# router isis bb Create an IS-IS routing instance for area bb.
R3
Interface mode.
ZebOS(config-if)# ip router isis xyz Enable IS-IS routing on the interface eth0 for area xyz.
ZebOS(config)# router isis xyz Create an IS-IS routing instance for area xyz.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (xyz) as Level-1.
R4
Interface mode.
ZebOS(config-if)# ip router isis aa Enable IS-IS routing on the interface eth0 for area aa.
ZebOS(config)# router isis aa Create an IS-IS routing instance for area aa.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (aa) as Level-1.

isis circuit-type, is-type, ip router isis, net
Validation Commands
show ip isis route, show ip route

L1-L2 Area Routing with Multiple Instances

IS-IS supports a two-level hierarchy for handling and scaling the functionality of large networks. The Level-1 (L1) area
is mainly for Leaf networks and the Level-2 (L2) area is the backbone area connecting Level-1 areas. In this example,
R3 and R4 are configured as Level-1 routers and sit in the Level-1 area. R1 and R2 are configured as Level-1-2 routers
and connect these two Level-1 areas with a backbone Level-2 area. You can configure Level-1-2 routers with single or
multiple instances. This configuration shows the multiple instance version of the Level-1-2 router.
AS 1
L2 Backbone Area
eth0 eth0
R1 R2
eth1 eth1
eth0 eth0
L1 Area 52 L1 Area 50
R3 R4
R1

Interface mode.
ZebOS(config-if)# ip router isis aaa Enable IS-IS routing on the interface eth0 for area aaa.
ZebOS(config)# router isis aaa Create an IS-IS routing instance for area aaa.
ZebOS(config-router)# is-type level-2-only Establish the IS level for this area (aaa) as Level-2-
only.
bb.0000.0000.0001.00 the area address and the system ID.
ZebOS(config-router)# exit Exit Router mode and return to Configure mode.
Interface mode.
ZebOS(config-if)# ip router isis ccc Enable IS-IS routing on the interface eth1 for area ccc.
ZebOS(config)# router isis ccc Create an IS-IS routing instance for area ccc.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (ccc) as Level-1.
R2
Interface mode.


ZebOS(config)# router isis bb Create an IS-IS routing instance for area bb.
ZebOS(config-router)# is-type level-2-only Establish the IS level for this area (bb) as Level-2-
only.
bb.0000.0000.0002.00 the area address and the system ID.
ZebOS(config-router)# exit Exit Router mode and return to Configure mode.
Interface mode.
ZebOS(config)# router isis abc Create an IS-IS routing instance for area abc.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (abc) as Level-1.
R3
Interface mode.
ZebOS(config-if)# ip router isis xyz Enable IS-IS routing on the interface eth0 for area xyz.
ZebOS(config)# router isis xyz Create an IS-IS routing instance for area xyz.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (xyz) as Level-1.
R4
ZebOS(config)# interface eth0 Specify the interface (eth0)to be configured and enter
the Interface mode.
ZebOS(config-if)# ip router isis aa Enable IS-IS routing on the interface eth0 for area aa.
ZebOS(config)# router isis aa Create an IS-IS routing instance for area aa.
ZebOS(config-router)# is-type level-1 Establish the IS level for this area (aa) as Level-1.

isis circuit-type, is-type, ip router isis, net
Validation Commands
show ip isis route, show ip route

CHAPTER 6 BGP Configuration
This chapter contains basic BGP configuration examples. To see details on the commands used in these examples, or
to see the outputs of the Validation commands, refer to the BGP Command Reference. To avoid repetition, some
Common commands, such as configure terminal, have not been listed under the Commands Used section.
These common Commands are explained in the NSM Command Reference.
Enabling BGP (routers in the same AS)

This example shows the minimum configuration required for enabling BGP on an interface. R1 and R2 are two routers
belonging to the same Autonomous System, AS200, connecting to network 10.10.10.0/24. First, define the routing
process and the AS number to which the routers belong. Then, define BGP neighbors to start exchanging routing
updates.
AS200
10.10.10.10 10.10.10.11
R1 R2
R1

ZebOS(config)# router bgp 200 Define the routing process. The number 200 specifies the AS
number of R1.
ZebOS(config-router)# neighbor 10.10.10.11 Define BGP neighbors and establish a TCP session.
remote-as 200 10.10.10.11 is the IP address of the neighbor (R2) and 200
is the neighbor’s AS number.
R2

number of R2.
remote-as 200 10.10.10.10 is the IP address of the neighbor (R1) and 200
is the neighbor’s AS number.

router bgp, neighbor remote-as
Validation Commands
show ip bgp summary, show ip bgp neighbors

BGP Configuration
Enabling BGP (between different Autonomous Systems)

This example shows the minimum configuration required for enabling BGP on an interface when the routers belong to
different Autonomous Systems. R1 and R2 are two routers in different autonomous systems, AS200 and AS300
connecting to network 10.10.10.0/24.
AS200 AS300
10.10.10.10 10.10.10.11
R1 R2
R1

ZebOS(config)# router bgp 200 Define the routing process. The number 200 specifies the
AS number of R1.
remote-as 300 10.10.10.11 is the IP address of the neighbor (R2) and
300 is the neighbor’s AS number.
R2

AS number of R2.

router bgp, neighbor remote-as
Validation Commands
show ip bgp summary, show ip bgp neighbors

BGP Configuration
Route-Map
Use route-maps to filter incoming updates from a BGP peer. In this example, a prefix-list ipi on R1 is configured to
deny entry of any routes with the IP address 1.1.1.0/M (M = 26,27,28). To test the filter, R2 is configured to
generate network addresses 1.1.1.0/27 and 1.1.2.0/24. To verify, use the show ip bgp command on R1; it
displays R1 receiving updates from only 1.1.2.0/24.
AS10 AS11
192.168.10.10 192.168.10.11
R1 R2
R1

ZebOS(config)# ip prefix-list ipi seq 5 deny Create an entry in the prefix-list. ipi is the name of the
1.1.1.0/24 ge 26 le 28 map that is created above. 5 specifies the sequence
ZebOS(config)# ip prefix-list ipi seq 10 number or position of this specific route map. deny
permit any specifies the packets are to be rejected. 26 and 28 are the
minimum and maximum prefix lengths to be matched.
ZebOS(config)# route-map ipi permit 1 Enter the route-map mode to set the match operation.
ZebOS(config-route-map)# match ip address Set the match criteria. In this case, if the route-map name
prefix-list ipi matches ipi, the packets from the first sequence will be
denied.
ZebOS(config-route-map)# exit Exit the Route-map mode and return to Configure
mode.
ZebOS(config)# router bgp 10 Define the routing process and establish a TCP session.
The number 10 specifies the AS number of R1.
remote-as 11 192.168.10.11 is the IP address of the neighbor (R2)
and 11 is the neighbor’s AS number.
ZebOS(config-router)# neighbor 192.168.10.11 Apply a route-map to routes. 192.168.10.11 specifies
route-map ipi in the IP address of BGP neighbor. ipi is the name of the
route-map and in specifies that the access list will apply to
incoming advertisements.
R2
ZebOS(config)# router bgp 11 Define the routing process and establish a TCP session.
The number 11 specifies the AS number of R2.
remote-as 10 192.168.10.10 is the IP address of the neighbor (R1)
and 10 is the neighbor’s AS number.
ZebOS(config-router)# network 1.1.1.0/27 Specify the network to be advertised by the BGP routing
process.
ZebOS(config-router)# network 1.1.2.0/24 Specify the network to be advertised by the BGP routing
process.

BGP Configuration

ip prefix-list (NSM Command Reference), neighbor remote-as, route-map, match ip address, network and network
backdoor.
Validation Commands
show ip bgp

BGP Configuration
Route Reflector
Use Route Reflectors to reduce the IBGP mesh inside an AS. In this example, R2, R5 and R4 would have to maintain
a full mesh among themselves but by making R5 the Route Reflector, R2 (Client1) has IBGP session with RR only and
not with R4 (Client 2). The routes learned from R2 are advertised to the other clients and to IBGP peers outside the
cluster; the IBGP routes learned from IBGP peers outside the cluster are advertised to the R2. This reduces the IBGP
peer connections in AS1.
R3
RR Client 1
R2
10 RR Client 2
.1
0.
R4
1
0.
50
R1
50
1 1.
0.
10
.1
10 10
.1
1.
0.
.1
10
10
.
AS1 10
.
10
R6
R5
RR
RR (R5)

number of R5.
ZebOS(config-router)# neighbor 10.10.10.50 Define BGP neighbor and establish a TCP session.
remote-as 1 10.10.10.50 is the IP address of one of the neighbors
(R2) and 1 is the neighbor’s AS number.
ZebOS(config-router)# neighbor 10.10.10.50 Configure R5 as the Route-Reflector (RR) and neighbor R2
route-reflector client as its client.
remote-as 1 10.10.11.50 is the IP address of one of the neighbors
(R4) and 1 is the neighbor’s AS number.
ZebOS(config-router)# neighbor 10.10.11.50 Configure R5 as the Route-Reflector (RR) and neighbor R4
route-reflector client as its client.
RR Client 1 (R2)
number of R2.

BGP Configuration
RR Client 2 (R4)
number of R4.

neighbor remote-as, neighbor route-reflector-client
Validation Commands
show ip bgp, show ip bgp neighbors

BGP Configuration
Confederations
In this example, AS1 contains three Confederation Autonomous Systems--AS 1000, AS 1001 and AS 1002. To any
outside AS, the Confederation is a single Autonomous System AS1. Confederation eIBGP is run between R2 and R5,
and between R5 and R7. R2 is configured so that its local AS is 1000. Its peer connection to R5 is set up like any other
eBGP session. The bgp confederation identifier command tells the router that it is a member of a
Confederation and the Confederation ID. The bgp confederation peers command lists the member autonomous
system to which R2 is connected. The command tells the BGP process that the eBGP connection is a Confederation
eBGP rather than normal eBGP.
Confederations
AS1
AS 1000
R3
10.10.7.3 R8
R1 2
7.
10. 10.10.15.8
1 0. .
10 . 1 0.1 0 10 10.10.15.7
9 .1 . 9. 2
R2 .7 R7
. 11
0
10.10.10.2 .1
10 AS 1002
10 5
eIBGP
.1
0. 1. eIBGP
10 .1
10
. 5 R5 10
.
10.10.12.5
10
.4
.
12
10
0.
.1
.1
3.6
10
R4
R6
AS 1001
R2

AS number of R2.
ZebOS(config-router)# bgp confederation Specify BGP Confederation Identifier, to others the group
identifier 1 will appear as a single AS and the identifier as its AS
number.
ZebOS(config-router)# bgp confederation peers Specify AS 1001 and 1002 to become members of the
1001 1002 Confederation.
ZebOS(config-router)# neighbor 10.10.10.5 Define BGP neighbors for R2 and establish a TCP session
remote-as 1001 by specifying the IP addresses and the AS numbers of
ZebOS(config-router)# neighbor 10.10.9.1 neighbors.
remote-as 1000
ZebOS(config-router)# neighbor 10.10.7.3
remote-as 1000

BGP Configuration
R5
AS number of R5.
number.
remote-as 1002
remote-as 1001
remote-as 1001
R7
AS number of R5.
number.
remote-as 1002

neighbor remote-as, bgp confederation peer, bgp confederation identifier
Validation Commands

BGP Configuration
BGP Authentication
BGP authentication allows users to receive selected routing information, enhancing security of their network traffic.
When BGP authentication is enabled on a router, the router verifies routing packet it receives by exchanging a
password that is configured on both the sending and the receiving routers.
Note: To enable BGP authentication on TCP/IP you need to apply a kernel patch and specific MD5 libraries. Refer to
the Installation Guide for detailed information on how to apply the MD5 authentication patch and the required
libraries.
In this example, both R1 and R2 have ipi as the password. Configure the same password on all routers that are to
communicate using BGP in a network
AS200 AS300
10.10.10.10 10.10.10.11
R1 R2
R1

AS number of R1.
ZebOS(config-router)# neighbor 10.10.10.11 Specify the encryption type and the password.
password 1 ipi
R2

AS number of R2.
ZebOS(config-router)# neighbor 10.10.10.10 Specify the encryption type and the password.
password 1 ipi

neighbor remote-as, neighbor password
Validation Commands

BGP Configuration

CHAPTER 7 Forwarding Plane Load Balancing
The ZebOS implementation leverages the Forwarding Plane Load Balancing, when the underlying kernel supports
ECMP (Equal Cost Multipath).
ZebOS installs the maximum number of ECMP routes supported by a kernel. This allows for load balancing to be
performed with more than one nexthop to reach a destination. In case the router receives and installs multiple paths
with the same administrative distance and cost to a destination, load-balancing is possible.
Ideally, multiple nexthops have different interfaces to the destination, but this is not mandatory. The algorithm for
distributing traffic across ECMP routes is dependant on the kernel and typically based on the protocol, source address,
destination address and the port.
The following example illustrates how you can enable Equal Cost Multipath (ECMP) and configure a routing protocol
(OSPF is used in this example) for load balancing. However this example will not work if your kernel does not support
load balancing. In this setup, R1, R2 and R3 are three Linux routers connected to each other. R1 can reach R3 through
two links available to R2.
N1
N3
R1 .1 .2 R2 R3
.2 .3
N2
N1 10.10.10.0/24
N2 10.10.11.0/24
N3 20.10.10.0/24
Enabling Load Balancing

R1 - Kernel
• Enable multipath support by enabling the following options under Networking options:
TCP/IP Networking
IP:advanced router
IP: equal cost multipath
• Enable the following option under Network Device Support options:
EQL (serial line load balancing) support
R1 - NSM
• Enable multipath support in ZebOS and set the maximum number of paths to be installed in the FIB (Forward
Information Base):
ZebOS# configure terminal

Forwarding Plane Load Balancing
ZebOS(config)# maximum-paths 2
R1 - OSPF
• Configure OSPF on all interfaces on R1, R2 and R3.
R1 learns about R3 through 2 nexthops (both networks N1 and N2)
Verifying Load Balancing

R1 - OSPF
• Run the show ip ospf route command on R1. The OSPF routing table displays that it can reach R3 through
both the nexthops:
R1# show ip ospf route
O 10.10.10.0/24 [10] is directly connected, eth1, Area 0.0.0.0
O 10.10.11.0/24 [10] is directly connected, eth2, Area 0.0.0.0
O 20.10.10.0/24 [20] via 10.10.10.2, eth1, Area 0.0.0.0
via 10.10.11.2, eth2, Area 0.0.0.0
• Run the show ip route command on R1. It displays that R1 has installed both nexthops to reach R3 in the NSM
routing table:
R1# show ip route
Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
K 10.10.0.0/24 via 10.70.0.1, eth0

C 10.10.10.0/24 is directly connected, eth1
O 20.10.10.0/24 [110/20] via 10.10.10.2, eth1, 00:12:40
[110/20] via 10.10.11.2, eth2, 00:12:40
C 127.0.0.0/8 is directly connected, lo
S 192.16.1.0/24 [1/0] is directly connected, eth1
R1- Kernel
• Run the ip route command on R1 kernel. The kernel routing table (FIB) displays that R1 can reach R3 through
both the nexthops.
# ip route
20.10.10.0/24 proto zebra metric 20
nexthop via 10.10.10.2 dev eth1 weight 1
nexthop via 10.10.11.2 dev eth2 weight 1
10.70.0.0/24 dev eth0 scope link
10.10.0.0/24 via 10.70.0.1 dev eth0
10.10.10.0/24 dev eth1 proto kernel scope link src 10.10.10.1
10.10.11.0/24 dev eth2 proto kernel scope link src 10.10.11.1

127.0.0.0/8 dev lo scope link

The above three show outputs display the two routes (N1 and N2) in the OSPF, NSM and the kernel routing tables.
This illustrates that two routes are reaching R3 and load balancing is occurring.


CHAPTER 8 Configuring VLAN Interfaces
This chapter describes configuring VLAN interfaces and using them with the ZebOS routing software. Several Virtual
LAN (VLAN) interfaces can be configured on a single ethernet interface. Once created, a VLAN interface functions the
same as any physical interface.
Note: For VLAN support, enable the configuration option 802.1Q VLAN Support under Networking Options
before compiling the kernel. If you have installed the kernel RPM provided by IPI, this option is enabled
automatically.
The ZebOS NSM recognizes VLAN interfaces like physical interfaces. Once VLAN interfaces are created in the kernel
and an IP address is assigned to them, the ZebOS commands can be used to configure and display VLAN interfaces
like any physical interface. The ZebOS routing protocols, such as, RIP, OSPF and BGP can run across networks using
VLAN interfaces.
Two systems having physical connectivity (either directly connected or connected through a switch) can communicate
with each other through VLAN interfaces that have the same VLAN IDs and belong to the same network.
If the physical interfaces are connected to a switch and not directly, the corresponding ports on the switch have to be
configured as trunks and should not be put in any VLANs in the switch. The commands to configure switch ports as
trunks depend on the make/type of the switch and hence are beyond the scope of this document.
An example is used here to describe the VLAN interface configuration. In this example, there are two routers R1 and
R2 and the interface eth1 of R1 is connected directly to eth2 using a crossover ethernet cable.
Physical connection through

eth1 crossover ethernet cable eth2
R1 R2
VLAN connection
eth1.10 eth2.10
VLAN interface eth1.10 is created on R1 and eth2.10 is created on R2. The VLAN interfaces are configured to be in
the same network. Now R1 and R2 can reach each other using the VLAN connection.
Note that the VLAN ID of both VLAN interfaces is the same (10). Two systems with different VLAN IDs are unable to
communicate even if they are in the same network (the VLAN ID is used to tag packets sent on the VLAN interface).
Creating a VLAN interface

Use the vconfig utility to add a VLAN interface. The vconfig utility can be used to create/delete VLAN interfaces to
a physical interface. The VLAN interface identifier has two parts separated by a period, the first of which is the identifier
of the physical interface (such as, eth1, eth2...). The second part is the VLAN ID (on Linux, this number can be any
number from 2-4095). In this example, eth1.10 denotes that the physical interface is eth1 and the VLAN ID is 1.
[root]# vconfig add eth1 10
Added VLAN with VID == 10 to IF -:eth1:-

Configuring VLAN Interfaces
Configuring an IP address
Once a VLAN interface is created, configure an IP address on it. Use the ipconfig command to configure the IP address
of the VLAN interface and then use the same command to display information about the VLAN interface.
[root]# ifconfig eth1.10 inet 1.1.1.145 netmask 255.255.255.0 broadcast 1.1.1.255 up
[root]# ifconfig eth1.10
eth1.10 Link encap:Ethernet HWaddr 00:0E:0C:01:48:4D
inet addr:1.1.1.145 Bcast:1.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::20e:cff:fe01:484d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:172 (172.0 b)
Adding IP addresses to VLAN interface using ZebOS

In ZebOS NSM you can add/remove IP addresses from VLAN interfaces just like normal interfaces. Using IMISH type:
ZebOS(config)# interface eth1.10
ZebOS(config-if)# no ip address 1.1.1.145/24
ZebOS(config-if)# ip address 192.168.1.50/24
Displaying VLAN interfaces using ZebOS

In ZebOS, VLAN interfaces appear like any physical interfaces, in the show run or the show ip interface brief
outputs and can be configured just like any other interface.
The following is a sample output of the show ip interface brief command on R1. Note that the IP address of
interface eth1.1 has correctly been changed by NSM:
ZebOS# show ip interface brief
Interface IP-Address Status Protocol
lo 127.0.0.1 up up
gre0 unassigned administratively down down
eth0 10.70.0.77 up up
....
sit0 unassigned administratively down down
eth1.10 192.168.1.50 up up
tunl0 unassigned administratively down down
Given below is the NSM routing table. Note that it shows the connected network 192.168.1.0/24 of eth1.10.
These interfaces will now act as any physical interfaces and all routing protocols will run across this network.
ZebOS# show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default

Gateway of last resort is 10.70.0.1 to network 0.0.0.0

K* 0.0.0.0/0 via 10.70.0.1, eth0
B 2.2.2.0/24 [200/0] via 192.168.1.145, eth4.2, 01:14:38
....
C 127.0.0.0/8 is directly connected, lo
K 169.254.0.0/16 is directly connected, eth4
C 192.168.1.0/24 is directly connected, eth1.10
Deleting VLAN interfaces

Use the vconfig utility to delete VLAN interfaces.
To remove the eth1.10 interface on R1:
[root]# vconfig rem eth1.10
Removed VLAN -:eth1.10:-
Now if you use the ifconfig command and try to display information about the eth1.10 interface:
[root]# ifconfig eth1.10
eth1.10: error fetching interface information: Device not found
This shows that VLAN interfaces were successfully removed.
Using the ZebOS CLI, when you try to configure this interface, a message is displayed showing that the interface does
not exist:
Enter configuration commands, one per line. End with CNTL/Z.
ZebOS(config)# interface eth1.10
% No such interface


CHAPTER 9 Tunneling and Transitioning
This chapter contains basic IPv4 and IPv6 Transition Tunneling configuration examples. To see details on the
commands used in these examples, or to see the outputs of the Validation commands, refer to the NSM Command
Reference. To avoid repetition, some Common commands, like configure terminal, have not been listed under
the Commands Used section. These Common commands are explained in the NSM Command Reference. For
commands used to enter each command mode see the Command Modes section in the Introduction chapter.
Typically, tunneling is used to transmit private data over a public network, such as the Internet. Tunnels enable carrying
of incompatible data over an existing network. For example, IPv6 data can be transmitted over IPv4 networks. Secure
tunneling protocols (such as IPSec) can be used for transfering sensitive data over public networks.
Tunneling is acheived by encapsulating IP packets of private networks within IP packets of public networks. This allows
packets destined for one IP address to be wrapped and redirected to another IP address. To encapsulate an IP packet,
an outer IP header is inserted before the packet’s existing header. The source and destination addresses in the inner
IP header, specify the original sender and recipient of the packet.
IPv4 Configured Tunnel

The ZebOS IPv4 Tunneling implementation supports Generic Routing Encapsulation (GRE) and IP in IP (IPIP)
Tunneling. This section includes the configuration of GRE tunneling only. For configuring IPIP tunnels use the same
configuration, but specify the tunnel mode as ipip instead of gre.
IPv4 Network IPv4 Network IPv4 Network

9.1.0.0/24 9.3.0.0/24
GRE Tunnel Tunnel100

Tunnel100
R1 R3
.1 9.1.2.0/24 .2
eth1 .1 .2 eth1
eth1 eth2
R2
10.100.1.0/24 .2 .1 10.200.1.0/24
R1

ZebOS(config)# interface eth1 Specify the interface (eth1) to be configured.
ZebOS(config-if)# ip address 10.100.1.1/24 Set the IP address of eth1 interface.
ZebOS(config-if)# exit Exit Interface mode and enter Configure mode.
ZebOS(config)# interface tunnel 100 Create a tunnel interface.
ZebOS(config-if)# tunnel mode gre Set the tunnel mode.

Tunneling and Transitioning
ZebOS(config-if)# tunnel source 10.100.1.1 Define the IPv4 address to be used as the source address
for the tunnel interface.
ZebOS(config-if)# tunnel destination Specifies the destination IPv4 address of the tunnel
10.200.1.2 interface.
ZebOS(config-if)# ip address 9.1.2.1/24 Set the IP address of the tunnel interface.
ZebOS(config)# router ospf Create an OSPF routing instance.
ZebOS(config-router)# router-id 10.70.0.57 Specify a Router ID for the OSPF routing process.
ZebOS(config-router)# network 10.100.1.0/24 Define the interface on which OSPF runs and associate the
backbone area).
ZebOS(config-router)# exit Exit the Router mode and enter Configure mode.
ZebOS(config)# ip route 9.3.0.0/24 Tunnel100 Configure a static route for the tunnel interface.
R2

backbone area).
backbone area).
R3

ZebOS(config-if)# ip address 9.1.2.2/24 Set the IP address of the tunnel interface.

backbone area).
ZebOS(config-router)# exit Exit the Router mode and enter Configure mode.
ZebOS(config)# ip route 9.1.0.0/24 Tunnel100 Configure a static route for the tunnel interface.

tunnel mode, tunnel source, tunnel destination, interface tunnel (NSM Command Reference)
Validation Commands
show interface, show ip route

IPv6 Transition - Configured Tunnel

In this method of IPv6 transition, tunnels are enabled and configured statically. IPv4 and IPv6 addresses are manually
assigned on both sides of the tunnel interface. To configure a tunnel interface, assign:
• an IPv4 address for reaching the local dual-stack router over the IPv4 network. For example, IPv4 address
192.168.1.1 is assigned on R1 as tunnel source.
• an IPv4 address for reaching the dual-stack router at the other end of the tunnel over the IPv4 network. For
example, 192.168.2.2 is assigned on R1 as tunnel destination.
• an IPv6 address locally on the tunnel interface. For example, the IPv6 address 3ffe:b00:ffff:2::1/64, is
assigned on R1.
R3 is configured similarly to allow forwarding of IPv6 packets over the IPv4 network.
2001:420:ffff::/48 3ffe:b00:ffff::/48
Configured Tunnel
IPv6 eth2 Tunnel100 Tunnel100 eth2 IPv6
Network R1 R3
Network
eth1 192.168.1.1 192.168.2.2 eth1
2001:420:ffff:a::2/64 3ffe:b00:ffff:a::2/64
eth1 eth2
R2
192.168.1.2 192.168.2.1
IPv4 Network
3ffe:b00:ffff:2::1/64 3ffe:b00:ffff:2::2/64
R1

ZebOS(config-if)# ipv6 address Set the IPv6 address of eth2 interface.
2001:420:ffff:a::2/64
ZebOS(config-if)# tunnel mode ipv6ip Set the tunnel mode.
ZebOS(config-if)# ipv6 address Set the IPv6 address on the Tunnel100 interface.
3ffe:b00:ffff:2::1/64
ZebOS(config)# ipv6 route 3ffe:b00:ffff::/48 Specify a static route to the network via a configured tunnel.
Tunnel100


backbone area).
R2

backbone area).
backbone area).
R3

3ffe:b00:ffff:a::2/64
ZebOS(config-if)# tunnel mode ipv6ip Set the tunnel mode.
3ffe:b00:ffff:2::2/64
ZebOS(config)# ipv6 route 2001:420:ffff::/48 Specify a static route to the network via a configured tunnel.
Tunnel100

backbone area).

tunnel mode, tunnel source, network area, router-id, tunnel destination
Validation Commands
show interface, show ipv6 route

IPv6 Transition - GRE Tunnel

Configuring the GRE (Generic Routing Encapsulation) Tunnel for IPv6 transition is similar to configuring the Configured
Tunnel.To configure a GRE Tunnel, a route is statically configured between two routers to enable forwarding of IPv6
packets over an IPv4 network. To configure a GRE tunnel, assign:
• an IPv4 address for reaching the local dual-stack router over the IPv4 network. For example, IPv4 address
192.168.1.1 is assigned on R1 as tunnel source.
• an IPv4 address for reaching the dual-stack router at the other end of the tunnel over the IPv4 network. For
example, 192.168.2.2 is assigned on R1 as tunnel destination.
• an IPv6 address locally on the tunnel interface. For example, the IPv6 address 3ffe:b00:ffff:2::1/64, is
assigned on R1.
R3 is configured similarly to allow forwarding of IPv6 packets over the IPv4 network.
2001:420:ffff::/48 3ffe:b00:ffff::/48
GRE Tunnel
Network R1 R3
Network
eth1 192.168.1.1 192.168.2.2 eth1
2001:420:ffff:a::2/64 3ffe:b00:ffff:a::2/64
eth1 eth2
R2
192.168.1.2 192.168.2.1
IPv4 Network
3ffe:b00:ffff:2::1/64 3ffe:b00:ffff:2::2/64
R1

2001:420:ffff:a::2/64
ZebOS(config-if)# ipv6 address Set the IPv6 address on the Tunnel100.
3ffe:b00:ffff:2::1/64


ZebOS(config)# ipv6 route 3ffe:b00:ffff::/48 Specify a static route to the network via a configured tunnel.
Tunnel100
backbone area).
R2

backbone area).
backbone area).
R3

3ffe:b00:ffff:2::2/64
ZebOS(config)# ipv6 route 2001:420:ffff::/48 Specify a static route to the network via a configured tunnel.
Tunnel100


backbone area).

tunnel mode, tunnel source, network area, router-id, tunnel destination
Validation Commands

IPv6 Transition - 6to4 Automatic Tunnel

IPv6 transition is required for migrating from IPv4 to IPv6. One method to connect to the global IPv6 network over IPv4
existing network is called 6to4 automatic tunneling. Using this method, you do not require to specify destination
address of the tunnel endpoint, instead, destination IPv6 address itself contains destination IPv4 address to be used for
the tunnel encapsulation. ZebOS implementation allows automatic creation of 6to4 global IPv6 address, which is
derived from the configured tunnel source address.
2002:coa8:101::/48 2002:coa8:202::/48
6to4 Tunnel
Site R1 R3
Site
eth1 .1 .2 eth1
2002:coa8:101:1::10/64 2002:coa8:202:2::10/64
eth1 eth2
R2
192.168.1.0/24 .2 .1 192.168.2.0/24
192.168.1.1 IPv4 Network 192.168.2.2

2002: coa8:101 ::1/16 2002: coa8:202 ::1/16
R1

2002:c0a8:101:1::10/64
ZebOS(config-if)# tunnel mode ipv6ip 6to4 Set the tunnel mode.
backbone area).
R2



backbone area).
backbone area).
R3

2002:c0a8:202:2::10/64
backbone area).

tunnel mode ipv6ip, tunnel source, interface tunnel (NSM Command Reference)
Validation Commands

IPv6 Transition - 6to4 Relay

The 6to4 Relay method is used to enable the sending of IPv6 packets to destinations that have other prefixes than
2002::/16. To make these prefixes reachable, one of the 6to4 routers on the IPv4 network must act as a gateway and
forward 6to4 traffic to the IPv6 Internet. This router is called the 6to4 relay. Typically, the 6to4 relay is at the border
of the IPv4 and IPv6 Internet.
In this example, R3 is the 6to4 Relay, forwarding IPv6 packets received from 6to4 networks to the IPv6 Internet and
receiving routes from the IPv6 Internet. To configure a 6to4 relay, a default route (::/0) is added on R1, which points to
R3. This allows all prefixes (other than 2002::/16) to be forwarded to the IPv6 Internet.
2002:coa8:101::/48 6to4 Router 6to4 Relay

6to4 Tunnel
Site R1 R3
Internet
eth1 .1 .2 eth1
2002:coa8:101:1::10/64 3ffe:b00:ffff:a::1/64
eth1 eth2
R2
192.168.1.0/24 .2 .1 192.168.2.0/24
192.168.1.1 IPv4 Network 192.168.2.2

2002: coa8:101 ::1/16 2002: coa8:202 ::1/16
R1

2002:c0a8:101:1::10/64
ZebOS(config)# ipv6 route ::/0 ::192.168.2.2 Specify the IPv6 default route to the 6to4 Relay router.
Tunnel100
backbone area).

R2

backbone area).
backbone area).
R3

backbone area).

tunnel mode ipv6ip, tunnel source, network area, router-id
Validation Commands

IPv6 Transition - ISATAP Automatic Tunnel

ISATAP (Intra-Site Automatic Tunnel Address Protocol) is typically used for a site that does not have a fully native IPv6
network. Every ISATAP router and ISATAP host can talk to each other through the ISATAP automatic tunnel over the
existing IPv4 network.
The difference between the ISATAP and 6to4 tunnel is that ISATAP tunnel interface treats underlying IPv4 as an NBMA
(Non Broadcast Multi Access) network. Thus, each ISATAP interface has the same IPv6 prefix. The Router
Advertisement (RA) functionality is used to assign prefix automatically.
In this IPv6 transition method, IPv6 address is manually configured on a tunnel interface of the ISATAP Router. On the
ISATAP Host, the IPv4 address is manually configured using the tunnel destination command. Once the ISATAP
Host receives RA from the ISATAP Router, it automatically generates the IPv6 address.
ISATAP Router ISATAP Host

ISATAP Tunnel
Tunnel11 Tunnel11
R1 H1
2002::5efe:coa8:102/64
10.100.1.1 eth1 eth1 10.100.1.2

IPv4 Network
R1

ZebOS(config-if)# ip address 10.100.1.1 Set the IP address of eth1 interface.
ZebOS(config-if)# tunnel mode ipv6ip isatap Set the tunnel mode.
ZebOS(config-if)# no ipv6 nd suppress-ra Enable Router Advertisement (RA).
ZebOS(config-if)# ipv6 address Assign IPv6 address to tunnel interface.
2002::5efe:c0a8:102/64
H1

ZebOS(config)# no ipv6 forwarding Turn off IPv6 forwarding. Since H1 is a host, it does not
require packet forwarding.
ZebOS(config-if)# tunnel mode ipv6ip isatap Set the tunnel mode.


tunnel mode ipv6ip, tunnel source, interface tunnel, tunnel destination, no ipv6 nd suppress-ra (NSM Command
Reference)
Validation Commands


Index
Symbols see command modes 6

confederations 51
(), meaning in command syntax notation 1 Configure, command mode definition 6
, meaning in command syntax notation 1 configured tunnel 66
, meaning in command syntax notation 1 configuring an IP address on VLAN 60
?, meaning in command syntax notation 1 configuring BGP 45
|, meaning in command syntax notation 1 configuring BGP authentication 53
configuring IS-IS 33
Numerics configuring metric 38
configuring NSM 9, 55
6to4 automatic tunnel 72 configuring OSPF 21
6to4 relay 74 redistributing routes into OSPF 26
configuring RIP 11
configuring VLAN interfaces 59
A cost
abbreviated commands 5 OSPF 27
adding IP addresses to VLAN interface using ZebOS 60 creating a VLAN interface 59
address family command mode 7
angle brackets 1 D
area border router 25
authentication BGP 53 deleting VLAN interface 61
authentication OSPF 31 displaying VLAN interface using ZebOS 60
authentication rip multiple keys 15
authentication rip-multiple keys 18 E
authentication rip-single key 13
enable BGP 45
B enable IS-IS 33
Exec, command mode definition 6
BGP configuration 45
confederations 51 G
enabling bgp 45
enabling BGP- different autonomous systems 46 Generic Routing Encapsulation 63
route reflector 49 GRE 63
route-map 47 GRE tunnel 69
C H
command abbreviation 5 how to configure a route-reflector 49
command abbreviations 5 how to configure an area border router 25
command line errors 5 how to configure cost in OSPF 27
command line help 4 how to configure route-map 47
command line interface how to configure virtual links 29
syntax 4 how to configure VLAN interface 59
Command Modes how to enable authentication on an area 31
address family 7 how to enable authentication on an interface 31
key chain 7 how to enable BGP 45
path 7 how to enable IS-IS 33
route-map 7 how to enable OSPF on an interface 21
router 6 how to enable rip 11
command modes how to enable static routing 9
definitions 6 how to redistribute routes into OSPF 26
command nodes how to set priority in OSPF 23
©2003-2007 IP Infusion Inc. Confidential Index - 1

Index
how to set priority-IS-IS 35 OSPF cost 27

how to specify RIP version 12 redistributing routes into ospf 26
how to use VLAN interfaces with ZebOS 59 setting priority 23
I P
Interface, command mode definition 6 parenthesis not part of command 1
intra-site automatic tunnel address protocol 76 path command mode 7
IP-IP tunneling 63 Privileged Exec, command mode definition 6
IPv4 and IPv6 transition tunneling 63
IPv4 Tunneling 63 Q
IPv6 transition
6to4 automatic tunnel 72 question mark 1
6to4 relay 74
configured tunnel 66
GRE tunnel 69 R
ISATAP automatic tunnel 76 redistribute routes 26
ISATAP automatic tunnel 76 redistributing routes into IS-IS 37
IS-IS configuration 33 redistributing routes into OSPF 26
configuring metric 38 RIP Configuration
enabling IS-IS on an interface 33 RIPv2 authentication 13
L1 L2 area routing with multiple instances 43 RIP configuration 11
L1 L2 area routing with single instance 41 enabling rip 11
redistributing routes into IS-IS 37 RIPv2 md5 authentication 18
setting priority 35 RIPv2 text authentication-multiple keys 15
specifying the RIP version 12
K RIP configurations 11
RIP version 12
kernel patch MD5 authentication 53 route-map command mode 7
key chain command mode 7 route-map configure 47
Router Advertisement 76
L router command mode 6
route-reflector 49
L1L2 area routing 41, 43
Line, command mode definition 6 S
lowercase, meaning in command syntax notation 1
setting-priority 35
M Square brackets 1
static routes 9
manual syntax conventions 1
conventions, procedures and syntax 1 syntax help 4
MD5 authentication on BGP 53
MD5 libraries 53 T
metric in IS-IS 38
tunnel destination 76
N tunneling 63
NBMA 76 U
NSM configuration 9, 55
enabling static routing 9 UPPERCASE, meaning in command syntax notation 1
O V
OSPF configuration 21 vertical bar 1
configuring an area border router 25 virtual links 29
configuring virtual links 29 vlan interface 59
enabling authentication 31
enabling OSPF on an interface 21
Index - 2 ©2003-2007 IP Infusion Inc. Confidential

ZebOS Core Configuration Guide Version 75

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ZebOS Core Configuration Guide Version 75

Uploaded by

Copyright:

Available Formats

ZebOS®

Intelligent Network Software

Core Configuration Guide

For support, questions, or comments via E-mail, contact:

CHAPTER 2 NSM Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

CHAPTER 3 RIP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

CHAPTER 4 OSPF Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

CHAPTER 5 IS-IS (IPv4) Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

©2003-2007 IP Infusion Inc. Confidential iii

CHAPTER 6 BGP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

CHAPTER 7 Forwarding Plane Load Balancing . . . . . . . . . . . . . . . . . . . . . .55

CHAPTER 8 Configuring VLAN Interfaces. . . . . . . . . . . . . . . . . . . . . . . . . . .59

CHAPTER 9 Tunneling and Transitioning . . . . . . . . . . . . . . . . . . . . . . . . . . .63

iv ©2003-2007 IP Infusion Inc. Confidential

About This Publication

Conventions Used in this Guide

Convention Type Description Example

©2003-2007 IP Infusion Inc. Confidential 1

Convention Type Description Example

2 ©2003-2007 IP Infusion Inc. Confidential

Format used in the Configuration Examples

Names of Commands Used Names of Commands Used

Validation Commands Validation Commands

©2003-2007 IP Infusion Inc. Confidential 3

Command Line Interface Primer

Command Line Help

4 ©2003-2007 IP Infusion Inc. Confidential

Command line errors

©2003-2007 IP Infusion Inc. Confidential 5

Daemon Command Modes

Modes Common to Protocols

enable Command used to enter

interface IFNAME Line vty

6 ©2003-2007 IP Infusion Inc. Confidential

Modes Specific to Protocols

©2003-2007 IP Infusion Inc. Confidential 7

8 ©2003-2007 IP Infusion Inc. Confidential

Enabling Static Routing

192.168.0.1/32 192.168.0.2/32 192.168.0.3/32

ZebOS# configure terminal Enter the Configure mode.

ZebOS# configure terminal Enter the Configure mode.

©2003-2007 IP Infusion Inc. Confidential 9

ZebOS# configure terminal Enter the Configure mode.

Names of Commands Used

10 ©2003-2007 IP Infusion Inc. Confidential

eth1 eth2 eth1 eth2

ZebOS# configure terminal Enter the Configure mode.

ZebOS# configure terminal Enter the Configure mode.

Names of Commands Used

©2003-2007 IP Infusion Inc. Confidential 11

Specifying the RIP version

eth2 eth1 eth2 eth1

ZebOS# configure terminal Enter the Configure mode.

Names of Commands Used

12 ©2003-2007 IP Infusion Inc. Confidential

RIPv2 authentication (single key)

eth2 eth1 eth0 eth1

ZebOS# configure terminal Enter the Configure mode.

ZebOS# configure terminal Enter the Configure mode.

©2003-2007 IP Infusion Inc. Confidential 13

Names of Commands Used

14 ©2003-2007 IP Infusion Inc. Confidential

RIPv2 text authentication (multiple keys)