Enabling the ignoring of next-hop address matching, Enabling the ignoring of, Next-hop address matching – H3C Technologies H3C SecPath F1000-E User Manual

123

Enabling the ignoring of next-hop address matching

Introduction to the ignoring of next-hop address matching

Traditional PPP links are single point-to-single point, but virtual template (VT) interface-based PPP links

are typically single point-to-multiple points. For example, a VT interface on a PPPoE server may connect
multiple PPPoE client interfaces. When a PPP packet is sent out the VT interface, the server needs to obtain

the corresponding MAC address according to the next-hop IP address of the packet and encapsulate the

packet with a link-layer header before sending it out. If the next-hop IP address is not any of the peer

addresses, the server drops the packet. Take the PPPoE network shown in

Figure 62

for example. When

a packet is sent out the VT interface on the PPPoE server, the server looks up the forwarding table for a

match for the next-hop IP address of the packet. If the next hop IP address is not 10.0.0.2, 10.0.0.3, or

10.0.0.4, the server drops the packet directly.

Figure 62 A PPPoE network

On the network shown in

Figure 63

, Router A and Router B are connected by a PPPoA link. The IP address

of the VT interface on Router A is 12.0.0.1/24. A NAT address pool that contains IP addresses 12.0.0.2

through 12.0.0.254 is configured for the VT interface on Router B. Router A needs to send all packets

destined for IP addresses on network segment 12.0.0.0/24 to Router B. In this case, the VT interface on

Router A operates in point-to-point mode. Because Router A maintains only one next-hop address
corresponding to Router B, a large amount of packets will be dropped if Router A performs the next-hop

address matching. To address this problem, configure Router A not to perform the next-hop address

matching, thus implementing the point-to-point application of VT interfaces.