Ipv6 bgp ipsec policy configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 834
809
[SecPathC-bgp-af-ipv6] peer 101::2 as-number 200
[SecPathC-bgp-af-ipv6] peer 102::2 as-number 200
# Configure SecPath D.
[SecPathD] ipv6
[SecPathD] bgp 200
[SecPathD-bgp] router-id 4.4.4.4
[SecPathD-bgp] ipv6-family
[SecPathD-bgp-af-ipv6] peer 102::1 as-number 200
3.
Configure route reflector:
# Configure SecPath C as a route reflector, SecPath B and SecPath D as its clients.
[SecPathC-bgp-af-ipv6] peer 101::2 reflect-client
[SecPathC-bgp-af-ipv6] peer 102::2 reflect-client
4.
Verify the configuration:
Use the display bgp ipv6 routing-table command on SecPath B and SecPath D; you can find both
of them have learned the network 1::/64.
IPv6 BGP IPsec policy configuration example
Network requirements
As shown in
,
•
Configure IPv6 BGP on the firewalls. SecPath A and B establish an IBGP relationship. SecPath B and
C establish an EBGP relationship.
•
Configure IPsec policies on the firewalls to authenticate and encrypt protocol packets.
Figure 390 Network diagram
Configuration procedure
1.
Configure IPv6 addresses for interfaces. (Details not shown.).
2.
Configure the IBGP connection:
# Configure SecPath A.
[SecPathA] ipv6
[SecPathA] bgp 65008
[SecPathA-bgp] router-id 1.1.1.1
[SecPathA-bgp] ipv6-family
[SecPathA-bgp-af-ipv6] group ibgp internal
[SecPathA-bgp-af-ipv6] peer 1::2 group ibgp
[SecPathA-bgp-af-ipv6] quit
[SecPathA-bgp] quit
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS H3C SecBlade LB Cards H3C SecPath L1000-A Load Balancer