H3C Technologies H3C SecPath F1000-E User Manual
Page 837
812
[SecPathC-ipsec-policy-manual-policy002-10] proposal tran2
[SecPathC-ipsec-policy-manual-policy002-10] sa spi outbound esp 54321
[SecPathC-ipsec-policy-manual-policy002-10] sa spi inbound esp 54321
[SecPathC-ipsec-policy-manual-policy002-10] sa string-key outbound esp gfedcba
[SecPathC-ipsec-policy-manual-policy002-10] sa string-key inbound esp gfedcba
[SecPathC-ipsec-policy-manual-policy002-10] quit
5.
Apply IPsec policies to IBGP peers:
# Configure SecPath A.
[SecPathA] bgp 65008
[SecPathA-bgp] ipv6-family
[SecPathA-bgp-af-ipv6] peer 1::2 ipsec-policy policy001
[SecPathA-bgp-af-ipv6] quit
[SecPathA-bgp] quit
# Configure SecPath B.
[SecPathB] bgp 65008
[SecPathB-bgp] ipv6-family
[SecPathB-bgp-af-ipv6] peer 1::1 ipsec-policy policy001
[SecPathB-bgp-af-ipv6] quit
[SecPathB-bgp] quit
6.
Apply IPsec policies to EBGP peers:
# Configure SecPath C.
[SecPathC] bgp 65009
[SecPathC-bgp] ipv6-family
[SecPathC-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[SecPathC-bgp-af-ipv6] quit
[SecPathC-bgp] quit
# Configure SecPath B.
[SecPathB] bgp 65008
[SecPathB-bgp] ipv6-family
[SecPathB-bgp-af-ipv6] peer ebgp ipsec-policy policy002
[SecPathB-bgp-af-ipv6] quit
[SecPathB-bgp] quit
7.
Verify the configuration;
# Display detailed IPv6 BGP peer information.
[SecPathB] display bgp ipv6 peer verbose
BGP Peer is 1::1, remote AS 65008,
Type: IBGP link
BGP version 4, remote router ID 1.1.1.1
BGP current state: Established, Up for 00h01m51s
BGP current event: RecvKeepalive
BGP last state: OpenConfirm
Port: Local – 1029 Remote - 179
Configured: Active Hold Time: 180 sec Keepalive Time: 60 sec
Received : Active Hold Time: 180 sec
Negotiated: Active Hold Time: 180 sec
Peer optional capabilities:
Peer support bgp multi-protocol extended