Configuration prerequisites, Configuration procedure, Configuring a large scale ipv6 bgp network – H3C Technologies H3C SecPath F1000-E User Manual

Page 825

Advertising
background image

800

Configuration prerequisites

Before applying an IPsec policy to a peer/peer group, you need to complete following tasks:

Create an IPsec proposal

Create an IPsec policy

For more information about IPsec policy configuration, see VPN Configuration Guide.

Configuration procedure

To apply an IPsec policy to a peer/peer group:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter BGP view.

bgp as-number

N/A

3.

Enter IPv6 address
family view.

ipv6-family

N/A

4.

Apply an IPsec policy to

a peer/peer group.

peer { group-name | ip-address } ipsec-policy
policy-name

Not configured by default.

NOTE:

An IPsec policy used for IPv6 BGP can be only in manual mode. For more information, see

VPN Command

Reference.

Configuring a large scale IPv6 BGP network

In a large-scale IPv6 BGP network, configuration and maintenance become no convenient due to too
many peers. Configuring peer groups makes management easier and improves route distribution

efficiency. Peer group includes IBGP peer group, where peers belong to the same AS, and EBGP peer

group, where peers belong to different ASs. If peers in an EBGP group belong to the same external AS,

the EBGP peer group is a pure EBGP peer group, and if not, a mixed EBGP peer group.
In a peer group, all members have a common policy. Using the community attribute can make a set of

IPv6 BGP routers in multiple ASs have the same policy, because community sending between IPv6 BGP

peers is not limited by AS.
To ensure connectivity between IBGP peers, you need to make them fully meshed, but it becomes

unpractical when too many IBGP peers exist. Using route reflectors or confederation can solve it. In a
large-scale AS, both of them can be used.
Confederation configuration of IPv6 BGP is identical to that of BGP4, so it is not mentioned here.

Configuration prerequisites

Before you configure a large scale IPv6 BGP network, complete the following tasks:

Make peer nodes accessible to each other at the network layer.

Enable BGP and configure a router ID.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS, H3C SecBlade LB Cards, H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals