Configuration prerequisites, Configuration procedure, Configuring a large scale ipv6 bgp network – H3C Technologies H3C SecPath F1000-E User Manual
Page 825
800
Configuration prerequisites
Before applying an IPsec policy to a peer/peer group, you need to complete following tasks:
•
Create an IPsec proposal
•
Create an IPsec policy
For more information about IPsec policy configuration, see VPN Configuration Guide.
Configuration procedure
To apply an IPsec policy to a peer/peer group:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter BGP view.
bgp as-number
N/A
3.
Enter IPv6 address
family view.
ipv6-family
N/A
4.
Apply an IPsec policy to
a peer/peer group.
peer { group-name | ip-address } ipsec-policy
policy-name
Not configured by default.
NOTE:
An IPsec policy used for IPv6 BGP can be only in manual mode. For more information, see
VPN Command
Reference.
Configuring a large scale IPv6 BGP network
In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too
many peers. Configuring peer groups makes management easier and improves route distribution
efficiency. Peer group includes IBGP peer group, where peers belong to the same AS, and EBGP peer
group, where peers belong to different ASs. If peers in an EBGP group belong to the same external AS,
the EBGP peer group is a pure EBGP peer group, and if not, a mixed EBGP peer group.
In a peer group, all members have a common policy. Using the community attribute can make a set of
IPv6 BGP routers in multiple ASs have the same policy, because community sending between IPv6 BGP
peers is not limited by AS.
To ensure connectivity between IBGP peers, you need to make them fully meshed, but it becomes
unpractical when too many IBGP peers exist. Using route reflectors or confederation can solve it. In a
large-scale AS, both of them can be used.
Confederation configuration of IPv6 BGP is identical to that of BGP4, so it is not mentioned here.
Configuration prerequisites
Before you configure a large scale IPv6 BGP network, complete the following tasks:
•
Make peer nodes accessible to each other at the network layer.
•
Enable BGP and configure a router ID.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer