Configuring ipsec for ipv6 bgp – H3C Technologies H3C S5560 Series Switches User Manual

Page 263

Advertising
background image

247

Step Command

Remarks

2.

Enter BGP view or BGP-VPN

instance view.

Enter BGP view:
bgp as-number

Enter BGP-VPN instance view:

a.

bgp as-number

b.

ip vpn-instance
vpn-instance-name

N/A

3.

Enter BGP IPv6 unicast

address family view or
BGP-VPN IPv6 unicast

address family view.

address-family ipv6 [ unicast ]

N/A

4.

Specify the maximum number
of BGP ECMP routes for load

balancing.

balance { [ ebgp | eibgp | ibgp ]
number | as-path-neglect }

By default, load balancing is
disabled.

With the as-path-neglect keyword specified, the balance command enables BGP to implement load

balancing over routes with different AS_PATH attributes. Use the as-path-neglect keyword according to

your network, and make sure a routing loop does not occur.

Configuring IPsec for IPv6 BGP

Perform this task to configure IPsec for IPv6 BGP. IPsec can provide privacy, integrity, and authentication
for IPv6 BGP packets exchanged between BGP peers.
When two IPv6 BGP peers are configured with IPsec (for example, Device A and Device B), Device A

encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully

receives and de-encapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A and
learns IPv6 BGP routes from Device A. If Device B receives but fails to de-encapsulate the packet, or

receives a packet not protected by IPsec, it discards the packet.
To configure IPsec for IPv6 BGP packets:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure an IPsec transform
set and a manual IPsec

profile.

See Security Configuration Guide.

By default, no IPsec transform set or
manual IPsec profile exists.

3.

Enter BGP view or BGP-VPN
instance view.

Enter BGP view:

bgp as-number

Enter BGP-VPN instance view:

a.

bgp as-number

b.

ip vpn-instance

vpn-instance-name

N/A

4.

Apply the IPsec profile to an
IPv6 BGP peer or peer group.

peer { group-name | ipv6-address
[ prefix-length ] } ipsec-profile

profile-name

By default, no IPsec profile is
configured for any IPv6 BGP peer
or peer group.
This command supports only IPsec
profiles in manual mode.

Advertising
This manual is related to the following products:

H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals