Ipv6 bgp ipsec policy configuration example, Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

809

[SecPathC-bgp-af-ipv6] peer 101::2 as-number 200

[SecPathC-bgp-af-ipv6] peer 102::2 as-number 200

# Configure SecPath D.

<SecPathD> system-view

[SecPathD] ipv6

[SecPathD] bgp 200

[SecPathD-bgp] router-id 4.4.4.4

[SecPathD-bgp] ipv6-family

[SecPathD-bgp-af-ipv6] peer 102::1 as-number 200

3.

Configure route reflector:
# Configure SecPath C as a route reflector, SecPath B and SecPath D as its clients.

[SecPathC-bgp-af-ipv6] peer 101::2 reflect-client

[SecPathC-bgp-af-ipv6] peer 102::2 reflect-client

4.

Verify the configuration:
Use the display bgp ipv6 routing-table command on SecPath B and SecPath D; you can find both
of them have learned the network 1::/64.

IPv6 BGP IPsec policy configuration example

Network requirements

As shown in

Figure 390

,

•

Configure IPv6 BGP on the firewalls. SecPath A and B establish an IBGP relationship. SecPath B and
C establish an EBGP relationship.

•

Configure IPsec policies on the firewalls to authenticate and encrypt protocol packets.

Figure 390 Network diagram

Configuration procedure

1.

Configure IPv6 addresses for interfaces. (Details not shown.).

2.

Configure the IBGP connection:
# Configure SecPath A.

<SecPathA> system-view

[SecPathA] ipv6

[SecPathA] bgp 65008

[SecPathA-bgp] router-id 1.1.1.1

[SecPathA-bgp] ipv6-family

[SecPathA-bgp-af-ipv6] group ibgp internal

[SecPathA-bgp-af-ipv6] peer 1::2 group ibgp

[SecPathA-bgp-af-ipv6] quit

[SecPathA-bgp] quit