H3C Technologies H3C SecPath F1000-E User Manual

Page 521

496

Configure OSPF so that SecPath A and Router C are reachable to each other.

Configure BGP on SecPath A:
# Establish two IBGP connections between SecPath A and Router C.

system-view

[SecPathA] bgp 100

[SecPathA-bgp] peer 3.0.2.2 as-number 200

[SecPathA-bgp] peer 2.0.2.2 as-number 200

[SecPathA-bgp] quit

# When the two links between SecPath A and Router C are both up, Router C adopts the link
SecPath A<—>Router B<—>Router C to exchange packets with network 1.1.1.0/24. (Set a
higher MED value for route 1.1.1.0/24 sent to peer 2.0.2.2 on SecPath A.)

{

Create ACL 2000 to permit 1.1.1.0/24 to pass.

[SecPathA] acl number 2000

[SecPathA-acl-basic-2000] rule permit source 1.1.1.0 24

[SecPathA-acl-basic-2000] quit

{

Create two route policies, apply_med_50 and apply_med_100. Policy apply_med_50 sets the

MED for route 1.1.1.0/24 to 50. Policy apply_med_100 sets that to 100.

[SecPathA] route-policy apply_med_50 permit node 10

[SecPathA-route-policy] if-match acl 2000

[SecPathA-route-policy] apply cost 50

[SecPathA-route-policy] quit

[SecPathA] route-policy apply_med_100 permit node 10

[SecPathA-route-policy] if-match acl 2000

[SecPathA-route-policy] apply cost 100

[SecPathA-route-policy] quit

{

Apply routing policy apply_med_50 to routes outgoing to peer 3.0.2.2, and apply routing
policy apply_med_100 to routes outgoing to peer 2.0.2.2.

[SecPathA] bgp 100

[SecPathA-bgp] peer 3.0.2.2 route-policy apply_med_50 export

[SecPathA-bgp] peer 2.0.2.2 route-policy apply_med_100 export

# Configure BFD over the link to peer 3.0.2.2 so that when the link SecPath A<—>Router B<
—

>Router C fails, BFD can quickly detect the failure and notify it to BGP, and then the link SecPath

A<—>Router D<—>Router C takes effect immediately.

[SecPathA-bgp] peer 3.0.2.2 bfd

[SecPathA-bgp] quit

Configure BGP on Router C:

system-view

[RouterC] bgp 200

[RouterC-bgp] peer 3.0.1.1 as-number 200

[RouterC-bgp] peer 3.0.1.1 bfd

[RouterC-bgp] peer 2.0.1.1 as-number 200

[RouterC-bgp] quit

Configure BFD parameters (you can use default BFD parameters instead):
# Configure SecPath A.

[SecPathA] bfd session init-mode active

[SecPathA] interface GigabitEthernet0/2

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer