S300, S500, S2700, S5700, and S6700 Series

Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

4 RIPng Configuration

4.1 Overview of RIPng

4.2 Understanding RIPng
4.3 Summary of RIPng Configuration Tasks
4.4 Licensing Requirements and Limitations for RIPng
4.5 Default Settings for RIPng
4.6 Configuring Basic RIPng Functions
4.7 Preventing Routing Loops
4.8 Controlling RIPng Routing
4.9 Controlling RIPng Route Advertisement
4.10 Controlling the Receiving of RIPng Routes
4.11 Improving RIPng Network Performance
4.12 Configuring IPSec Authentication for RIPng
4.13 Clearing RIPng
4.14 Example for Configuring RIPng to Filter the Received Routes

4.1 Overview of RIPng

The Routing Information Protocol Next Generation (RIPng) is a simple Interior
Gateway Protocol (IGP). It is an extension to RIP on IPv6 networks. RIPng applies
to small-scale networks, such as campus networks and regional networks with
simple structure. RIPng is widely used on networks because it is easier to
implement, configure, and manage than OSPFv3 and IPv6 IS-IS.

NOTE

RIPng does not have any security authentication mechanism. For security purposes, use
OSPFv3, IPv6 IS-IS, or BGP4+.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 135

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

4.2 Understanding RIPng

4.2.1 RIPng
In addition to IPv4 networks, RIP is also applicable to IPv6 networks to provide
accurate route information for IPv6 packets. The IETF has defined RIP next
generation (RIPng) based on RIP for IPv6 networks. RIPng is an important protocol
for IPv6 networks.

Comparison Between RIPng and RIP

RIPng made the following modifications to RIP:

● RIPng uses UDP port 521 to send and receive routing information.
● RIPng uses the destination addresses with 128-bit prefixes (mask length).
● RIPng uses 128-bit IPv6 addresses as next-hop addresses.
● RIPng uses the local-link address FE80::/10 as the source address to send
RIPng Update packets.
● RIPng periodically sends routing information in multicast mode and uses
FF02::9 as multicast address.
● A RIPng packet consists of a header and multiple route table entries (RTEs). In
a RIPng packet, the maximum number of RTEs depends on the MTU of an
interface.

4.3 Summary of RIPng Configuration Tasks

After basic RIPng functions are configured, you can build a Layer 3 network using
the RIPng protocol. If other RIPng functions are required, configure them
according to reference sections.

Table 4-1 describes RIPng configuration tasks.

Table 4-1 RIPng configuration tasks

Scenario Description Task

Configuring basic RIPng Basic RIPng functions 4.6 Configuring Basic

functions include enabling RIPng RIPng Functions
and enabling the RIPng
process on interfaces.
Basic RIPng functions
must be configured
before you use the RIPng
features.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 136

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Scenario Description Task

Preventing routing loops RIPng is a distance- 4.7 Preventing Routing

vector routing protocol. Loops
RIPng devices advertise
their local IPv6 routing
tables to neighbors, so
routing loops may occur.
RIPng uses split horizon
and poison reverse to
prevent routing loops:
● Split horizon: A route
learned by RIPng
from an interface is
not sent to neighbors
from this interface.
This reduces
bandwidth
consumption and
prevents routing
loops.
● Poison reverse: RIPng
sets the cost of a
route learned from an
interface to 16
(unreachable), and
sends this route to
neighbors through
this interface. In this
way, RIPng can delete
useless routes from
neighbors' routing
table and prevent
routing loops.

Controlling RIPng routing To use RIPng more 4.8 Controlling RIPng

flexibly on the existing Routing
network and meet
various user
requirements, you can
configure different
parameters to control
RIPng routing.

Controlling the To meet network 4.9 Controlling RIPng

advertising and receiving requirements, you can Route Advertisement
of RIPng routes configure different 4.10 Controlling the
parameters to accurately Receiving of RIPng
control the advertising Routes
and receiving of RIPng
routes.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 137

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Scenario Description Task

Improving RIPng You can configure special 4.11 Improving RIPng

network performance
RIPng functions to Network Performance
improve RIPng network
performance.
● Adjust the RIPng
timer to change the
RIPng network
convergence speed.
● Adjust the number
and interval of
Update packets sent
by an interface to
reduce consumption
of device resources
and network
bandwidth.
● Check the zero fields
in RIPng packets to
ensure high network
security.

4.4 Licensing Requirements and Limitations for RIPng

Involved Network Elements
Other network elements are required to support RIPng.

Licensing Requirements
RIPng is a basic feature of a switch and is not under license control.

Feature Support in V200R020C10

All models of S300, S500, S2700, S5700, and S6700 series switches support RIPng.

NOTE

For details about software mappings, visit Info-Finder and search for the desired product
model.

Feature Limitations
When the maximum number of RIPng routes supported by a switch is fixed, the
maximum number of running RIPng routes supported on the switch is limited by
the CAR value of RIPng protocol packets, interval for sending RIP update packets,
and values of RIPng Age and Garbage-collect timers. To increase the maximum
number of running RIPng routes on a switch if there are large numbers of RIPng
routes running on the network, increase the values of the Age timer, Garbage-

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 138

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

collect timer, or CAR for RIPng protocol packets, as well as reducing the interval
for sending RIPng update packets.

4.5 Default Settings for RIPng

Table 4-2 describes the default settings for RIPng.

Table 4-2 Default settings for RIPng

Parameter Default Setting

Maximum number of equal-cost 8

routes

RIPng function Disabled

4.6 Configuring Basic RIPng Functions

Pre-configuration Tasks
Before configuring basic RIPng functions, complete the following tasks:
● Enable IPv6 on the switch.
● Configure IPv6 addresses for interfaces to ensure that neighboring nodes are
reachable at the network layer.

Configuration Procedure
Creating RIPng processes is the prerequisite for enabling RIPng on interfaces.

4.6.1 Enabling RIPng

Context
Enabling RIPng is the prerequisite for all RIPng configurations. If you run RIPng
commands in the interface view before enabling RIPng, the configurations take
effect only after RIPng is enabled.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ripng [ process-id ] [ vpn-instance vpn-instance-name ]
A RIPng process is created, RIPng is enabled, and the RIPng view is displayed.
If a VPN instance is specified, the RIPng process belongs to this VPN instance. If no
VPN instance is specified, the RIPng process belongs to a public network instance.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 139

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Step 3 (Optional) Run description text

A description is configured for the RIP process.

----End

4.6.2 Enabling RIPng on Interfaces

Context
After RIPng is enabled on an interface, devices can exchange RIPng routing
information through this interface.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run ripng process-id enable

RIPng is enabled on the specified interface.

NOTE

If IPv6 is not enabled on this interface, this command does not take effect on this interface.

If RIPng needs to be enabled on multiple interfaces of a switch, repeat steps 2 and

3.

----End

4.6.3 Verifying the Basic RIPng Function Configuration

Procedure
● Run the display ripng [ process-id | vpn-instance vpn-instance-name ]
command to check the configuration of the specified RIPng process.
● Run the display ripng process-id route command to check all the RIPng
routes that are learned from other switches.
● Run the display default-parameter ripng command to check the default
RIPng configuration.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 140

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

● Run the display ripng process-id statistics interface { all | interface-type

interface-number [ neighbor neighbor-ipv6-address | verbose ] } command
to check statistics about RIPng interfaces.
----End

4.7 Preventing Routing Loops

Pre-configuration Tasks
Before configuring split horizon and poison reverse, configure basic RIPng
functions.

Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the RIPng Routing Loop Prevention Configuration) in any sequence as required.

4.7.1 Configuring Split Horizon

Context
Split horizon can prevent routing loops.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run ripng split-horizon

Split horizon is configured.

NOTE

● By default, split horizon is disabled on a Non-Broadcast Multiple Access (NBMA)

network.
● If both split horizon and poison reverse are configured, only poison reverse takes effect.

----End

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 141

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

4.7.2 Configuring Poison Reverse

Context
Poison reverse can prevent routing loops.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run ripng poison-reverse

Poison reverse is enabled.

NOTE

If both split horizon and poison reverse are configured, only poison reverse takes effect.

----End

4.7.3 Verifying the RIPng Routing Loop Prevention

Configuration

Procedure
● Run the display ripng process-id interface [ interface-type interface-
number ] [ verbose ] command to check information about the specified
RIPng interface.

----End

4.8 Controlling RIPng Routing

Pre-configuration Tasks
Before configuring RIPng route attributes, configure basic RIPng functions.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 142

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the RIPng Routing Control Configuration) in any sequence as required.

4.8.1 Configuring RIPng Preference

Context
When different routing protocols discover the routes to the same destination, set
the RIPng preference to select the required route.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run ripng [ process-id ] [ vpn-instance vpn-instance-name ]

The RIPng view is displayed.

Step 3 Run preference { preference | route-policy route-policy-name } *

The RIPng preference value is set.

By default, the RIPng preference value is 100.

----End

4.8.2 Configuring Additional Metrics of an Interface

Context
Configuring the additional metrics of a RIPng interface can change the route
selection sequence.

The additional metric is the metric (hop count) to be added to the original metric
of a RIPng route. You can set additional metrics for incoming and outgoing RIPng
routes using commands.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 143

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run the following commands as required:

● Run the ripng metricin value command to set the additional metric for
receiving routes. By default, an interface does not add the metric to a received
RIPng route.
● Run the ripng metricout { value | { acl6-number | acl6-name acl6-name |
ipv6-prefix ipv6-prefix-name } value1 } command to set the additional metric
for advertising routes. By default, the metric that is added to the RIPng route
sent by an interface is 1.
NOTE

● The ripng metricin command adds an additional metric to an incoming route. After this
route is added to the routing table, its metric in the routing table changes. Running this
command affects route selection on the local device and other devices on the network.
● The ripng metricout command adds an additional metric to an outgoing route. When
this route is advertised, an additional metric is added to this route, but the metric of the
route in the routing table does not change. Running this command does not affect route
selection on the local device but other devices on the network.

----End

4.8.3 Setting the Maximum Number of Equal-Cost Routes

Context
By setting the maximum number of equal-cost RIPng routes, you can change the
number of routes for load balancing.

NOTE

Only the S5720I-SI, S5735-S, S500, S5735S-S, S5735-S-I, S5735S-H, S5736-S, S5731-H,
S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6720S-S, S6730-H, S6730S-
H, S6730-S, and S6730S-S support this function.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run ripng [ process-id ] [ vpn-instance vpn-instance-name ]

RIPng is enabled and the RIPng view is displayed.

Step 3 Run maximum load-balancing number

The maximum number of equal-cost routes is set.

The default value is 8.

----End

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 144

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

4.8.4 Verifying the RIPng Routing Control Configuration

Procedure
● Run the display ripng [ process-id | vpn-instance vpn-instance-name ]
command to check the running status and configurations of RIPng.
● Run the display ripng process-id database [ verbose ] command to check all
the active routes in the RIPng database.
● Run the display ripng process-id route command to check all RIPng routes
learned from other devices.

----End

4.9 Controlling RIPng Route Advertisement

Pre-configuration Tasks
Before controlling RIPng route advertisement, configure basic RIPng functions.

Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the RIPng Route Advertisement Control Configuration) in any sequence as
required.

4.9.1 Configuring RIPng Route Summarization

Context
Route summarization can reduce the routing table size and minimize impact of
route flapping on the network.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run interface interface-type interface-number

The interface view is displayed.

Step 3 (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 145

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Step 4 Run ripng summary-address ipv6-address prefix-length [ avoid-feedback ]

RIPng route summarization is configured.
By default, a RIPng router does not advertise summarized IPv6 addresses.

----End

4.9.2 Advertising a Default Route

Context
In an IPv6 routing table, a default route is a route to network ::/0. If the
destination address of a packet does not match any entry in the routing table, the
packet is sent through a default route.
There are two methods to advertise RIPng default routes. You can configure a
device to advertise RIPng default routes according to networking requirements.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run ripng default-route { only | originate } [ cost cost ]

The device is configured to advertise RIPng default routes.
By default, there is no default route in the RIPng routing domain.
Configure the device to advertise default routes according to networking
requirements:
● only: configures the device to advertise only IPv6 default routes (::/0),
suppressing the advertisement of other routes. If the local device is located on
the network edge and the details of the local network need to be hidden, you
can set this parameter to enable the devices on other networks to access the
local network only through the local device.
● originate: configures the device to advertise IPv6 default routes (::/0) without
affecting the advertisement of other routes. If the local device is located on
the network edge and some details of the local network need to be hidden,
you can set this parameter to enable the devices on other networks to use the
default route when connecting to certain devices on the local network.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 146

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

The device advertises generated RIPng default routes using Update packets
through a specified interface regardless of whether these routes exist in the local
IPv6 routing table.

----End

4.9.3 Configuring a RIPng Process to Import External Routes

Context
A RIPng process can import the routes learned by other processes or routing
protocols to enrich its routing information.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ripng [ process-id ] [ vpn-instance vpn-instance-name ]
The RIPng view is displayed.
Step 3 (Optional) Run default-cost cost
The default cost of external routes to be imported is set.
By default, the default cost of RIPng routes is 0.
If no cost is set for external routes to be imported, the default cost is used.

NOTE

When a RIPng process imports IBGP routes, routing loops may occur. Therefore, exercise
caution before you configure this function.

Step 4 Run import-route { { ripng | isis | ospfv3 } [ process-id ] | bgp [ permit-ibgp ] |

unr | direct | static } [ [ cost cost | inherit-cost ] | route-policy route-policy-
name ] *
External routes are imported.
Step 5 (Optional) Run filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix
ipv6-prefix-name | route-policy route-policy-name } export [ protocol [ process-
id ] ]
The RIPng process is configured to filter imported routes.
A RIPng process can use ACL6, route policy and IPv6 prefix lists to filter imported
routes, allowing only the routes matching ACL6, route policy and IPv6 prefix lists
to be advertised to RIPng neighbors. If protocol is not specified, the RIPng process
filters all the routes to be advertised, including imported routes and local RIPng
routes (similar to direct routes).

----End

4.9.4 Disabling Sending of RIPng Packets on an Interface

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 147

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Context
When a device running RIPng is connected to a network running other routing
protocols, you can run the undo ripng output command on the interface that
connects the device to the network to prevent the interface from sending useless
packets to the network.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run undo ripng output

The interface is disabled from sending RIPng packets.
By default, an interface is allowed to send RIPng packets.

----End

4.9.5 Disabling Receiving of RIPng Packets on an Interface

Context
When a device running RIPng is connected to a network running other routing
protocols, you can run the undo ripng input command on the interface that
connects the device to the network to prevent the interface from receiving useless
packets from the network.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 148

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run undo ripng input

The interface is disabled from receiving RIPng packets.

By default, an interface is allowed to receive RIPng packets.

----End

4.9.6 Verifying the RIPng Route Advertisement Control

Configuration

Procedure
● Run the display ripng process-id database [ verbose ] command to check all
activated routes in the RIPng database.
● Run the display ripng process-id route command to check all the RIPng
routes that are learned from other switches.

----End

4.10 Controlling the Receiving of RIPng Routes

Pre-configuration Tasks
Before controlling the receiving of RIPng routes, configure basic RIPng functions.

Procedure
Step 1 Run system-view

The system view is displayed.

Step 2 Run ripng [ process-id ]

The RIPng view is displayed.

Step 3 Run filter-policy { acl6-number | acl6-name acl6-name | ipv6-prefix ipv6-prefix-

name | route-policy route-policy-name } import
The RIPng process is configured to filter received routes.

You can use ACL6, route policy and IPv6 prefix lists to filter received RIPng routes,
allowing only the routes matching ACL6, route policy and IPv6 prefix lists to be
added to RIPng routing tables.

----End

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 149

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Verifying the Configuration

● Run the display ripng process-id database [ verbose ] command to check all
the active routes in the RIPng database.
● Run the display ripng process-id route command to check all the RIPng
routes learned from other switches.

4.11 Improving RIPng Network Performance

Pre-configuration Tasks
Before improving RIPng network performance, configure basic RIPng functions.

Configuration Procedure
You can perform the following configuration tasks (excluding the task of Verifying
the RIPng Network Performance Optimization Configuration) in any sequence as
required.

4.11.1 Configuring RIPng Timers

Context
RIPng uses 3 timers: Update, Age, and Garbage-collect. Changing the timer values
affects the convergence speed of RIPng routes.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ripng [ process-id ] [ vpn-instance vpn-instance-name ]
The RIPng process is enabled and the RIPng view is displayed.
Step 3 Run timers ripng update age garbage-collect
RIPng timers are configured.

NOTE

● RIPng timers take effect immediately after being changed.

● Route flapping occurs if the values of the three timers are set improperly. The
relationship between the values is: update must be smaller than age and garbage-
collect. If the update time is longer than the aging time and for example, a RIPng route
changes within the update time, the switch cannot inform its neighbors of the change
on time.
● Configure RIPng timers based on the network performance ensure that these timers are
consistent on all RIPng devices. This avoids unnecessary network traffic or route
flapping.

By default, the Update timer is 30s; the Age timer is 180s; the Garbage-collect
timer is 120s (four times the Update timer).

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 150

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

In practice, the Garbage-collect timer is not fixed. If the Update timer is set to 30s,
the Garbage-collect timer may range from 90s to 120s.
Before permanently deleting an unreachable route from its RIPng routing table, a
RIPng device advertises this route (with the metric set to 16) four times by
periodically sending Update packets. Subsequently, all the neighbors learn that
this route is unreachable. Because a route may not always become unreachable at
the beginning of an Update period, the Garbage-collect timer ranges from three
or four times the Update timer.

----End

4.11.2 Setting the Interval for Sending Update Packets and

Maximum Number of Sent Packets
Context
To limit memory resources occupied by RIPng Update packets, set the interval for
sending RIPng Update packets and the maximum number of Update packets to be
sent at a time to appropriate values.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run interface interface-type interface-number
The interface view is displayed.
Step 3 (Optional) On an Ethernet interface, run undo portswitch
The interface is switched to Layer 3 mode.
By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI, S6730-H,
S6730S-H, S6730-S, and S6730S-S support switching between Layer 2 and Layer 3 modes.

Step 4 Run ripng pkt-transmit { interval interval | number pkt-count }*

The interval for sending RIPng Update packets and the maximum number of
Update packets to be sent at a time are set.

----End

4.11.3 Enabling Zero Field Check for RIPng Packets

Context
In a RIPng packet, some fields must be zero. These fields are called zero fields.
When receiving a packet, a RIPng process checks the zero fields of the packet. If
the value of a zero field in the packet is not 0, the RIPng process discards the
packet.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 151

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Enabling zero field check on RIPng Update packets can improve network security.

Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run ripng [ process-id ] [ vpn-instance vpn-instance-name ]
The RIPng view is displayed.
Step 3 Run checkzero
Zero field check is enabled for RIPng packets.

----End

4.11.4 Verifying the RIPng Network Performance

Optimization Configuration
Procedure
● Run the display ripng [ process-id | vpn-instance vpn-instance-name ]
command to check the configuration of the RIPng process.
● Run the display ripng process-id database [ verbose ] command to check all
activated routes in the RIPng database.
● Run the display ripng process-id interface [ interface-type interface-
number ] [ verbose ] command to check information about the RIPng
interface.
● Run the display ripng process-id neighbor [ verbose ] command to check
information about RIPng neighbors.
● Run the display ripng process-id route command to check all the RIPng
routes that are learned from other switches.
----End

4.12 Configuring IPSec Authentication for RIPng

4.12.1 Configuring an IPSec Session for Encryption

Context
Internet Protocol Security (IPSec) can be configured to prevent data theft and
spoofing during data transmission in a network.
A security association (SA) must be established so that IPSec can protect
transmitted data. An SA is a unidirectional logical connection set up for security
purpose and specifies the elements used by two IPSec peers (two parties that use
the IPSec protocol to protect data transmitted between them). The elements of an
SA include the following:

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 152

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

● Security protocol
● Authentication or encryption algorithm supported by the security protocol
● Data encapsulation mode
● Security parameter index (SPI) of the SA
● Authentication key or encryption key of the SA
The first three elements are specified in an IPSec proposal. To configure IPSec
functions, first configure an IPSec proposal on the IPSec peers, and then configure
an SA.

Procedure
Step 1 Configure an IPSec proposal.
1. Run system-view
The system view is displayed.
2. Run ipsec proposal proposal-name
An IPSec proposal is created and the IPSec proposal view is displayed.
3. Run transform { ah | esp }
A security protocol is specified for the IPSec proposal.
By default, the security protocol used by an IPSec proposal is the
Encapsulation Security Protocol (ESP).
4. An authentication or encryption algorithm is configured.
– If AH is used, you can only configure the AH-specific authentication
algorithm because AH only authenticates packets.
Run the ah authentication-algorithm { sha1 | sha2-256 } command to
specify the authentication algorithm for the AH protocol.
By default, the AH protocol uses the Secure Hash Algorithm-256
(SHA2-256) authentication algorithm.
– When ESP is specified, ESP can encrypt/authenticate, or encrypt and
authenticate packets. Configure the ESP-specific authentication or
encryption algorithm.

▪ Run the esp authentication-algorithm { sha1 | sha2-256 }

command to specify the authentication algorithm for the ESP
protocol.
By default, the authentication algorithm Secure Hash Algorithm-256
(SHA-256) is used for ESP.

▪ Run the esp encryption-algorithm { 3des | aes [ 128 | 192 | 256 ] }

command to specify the encryption algorithm for the ESP protocol.
By default, the encryption algorithm Advanced Encryption
Standard-256 (AES-256) is used for ESP.
The SHA-1 and 3DES algorithm is not recommended because it cannot meet
your security defense requirements.
5. Run encapsulation-mode { transport | tunnel }
A data encapsulation mode is specified for the security protocol.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 153

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

By default, the data encapsulation mode is tunnel.

NOTE

In transport mode, the packet encryption device and decryption device must be the
originator and receiver of packets.
6. Run quit
Return to the system view.
Step 2 Configure an IPSec SA.
1. Run ipsec sa sa-name
An IPSec SA is created and the IPSec SA view is displayed.
By default, no IPSec SA exists in the system.
2. Run proposal proposal-name
The IPSec proposal is bound to the IPSec SA.
By default, an IPSec policy does not reference any IPSec proposal.

NOTE

An IPSec can use only one IPSec proposal. To bind a new IPSec proposal to the IPSec
SA, delete the original IPSec proposal.
3. Run sa spi { inbound | outbound } { ah | esp } spi-number
An SPI is configured for the SA.

NOTE

– An SPI uniquely identifies an SA. Each SA must be configured with an inbound SPI
and an outbound SPI. The outbound SPI on the local end must be the same as the
inbound SPI on the remote end.
– The security protocol (AH or ESP) you select when configuring the SPI must be the
same as that used in the IPSec proposal bound to the SA.
4. Configure a key according to the security protocol used in the IPSec proposal
bound to the SA.
– If the AH protocol is used, you can configure an authentication key that is
a hexadecimal number or a character string.

▪ Run the sa authentication-hex { inbound | outbound } ah

[ cipher ] hex-cipher-key command to configure a hexadecimal
authentication key.

▪ Run the sa string-key { inbound | outbound } ah [ cipher ] string-

cipher-key command to configure a character string as the
authentication key.
– If the ESP protocol is used, you can run one of the following commands
to configure the authentication key or the encryption key. You can also
configure both the authentication key and encryption key. If the two keys
are configured at the same time, they can only be hexadecimal keys.

▪ Run the sa authentication-hex { inbound | outbound } esp

[ cipher ] hex-cipher-key command to configure a hexadecimal
authentication key.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 154

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

▪ Run the sa string-key { inbound | outbound } esp [ cipher ] string-

cipher-key command to configure a character string as the
authentication key.

▪ Run the sa encryption-hex { inbound | outbound } esp [ cipher ]

hex-cipher-key command to configure a hexadecimal encryption key.
NOTE

– The security protocol (AH or ESP) you select when configuring the key must be the
same as that used in the IPSec proposal bound to the SA.
– The outbound key on the local end must be the same as the inbound key on the
remote end.
– The IPSec peers must use the authentication or encryption key in the same format.
For example, if the key on one end is a character string but the key on the other
end is a hexadecimal number, the IPSec tunnel cannot be set up.
– If you configure multiple keys in different formats, the last configured key takes
effect.

Step 3 Verify the configuration.

1. Run the display ipsec sa [ name sa-name ] [ brief ] command to check
information about the SA.
2. Run the display ipsec proposal [ name proposal-name ] command to check
information about the security proposal.
3. Run the display ipsec statistics [ sa-name sa-name slot slot-number ]
command to check statistics about packets processed by IPSec.

----End

4.12.2 Configuring RIPng IPSec Authentication

Context
As networks develop rapidly, network security has become a major concern. If
IPSec authentication is configured on a RIPng network, the sent and received
RIPng packets will be authenticated, and those cannot pass authentication will be
discarded. This can improve the security of the RIPng network.
There are two methods of configuring IPSec authentication for RIPng:
● One method is to configure IPSec authentication in RIPng processes. If IPSec
authentication is enabled in a RIPng process, this configuration takes effect on
all interfaces in this RIPng process. This method is recommended if IPSec
authentication needs to be applied to all interfaces in a RIPng process.
● The other method is to configure IPSec authentication on RIPng interfaces.
This method is recommended if IPSec authentication needs to be applied only
to some interfaces in a RIPng process.

Procedure
● Configuring IPSec authentication in a RIPng process
a. Run system-view
The system view is displayed.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 155

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

b. Run ripng [ process-id ]

The RIPng view is displayed.

c. Run ipsec sa sa-name

IPSec authentication is enabled, and the name of an SA is specified.

By default, IPSec authentication is disabled in a RIPng process.

● Configuring IPSec authentication on a RIPng interface
a. Run system-view

The system view is displayed.

b. Run interface interface-type interface-number

The interface view is displayed.

c. (Optional) On an Ethernet interface, run undo portswitch

The interface is switched to Layer 3 mode.

By default, an Ethernet interface works in Layer 2 mode.

NOTE

Only the S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720S-EI,

S6730-H, S6730S-H, S6730-S, and S6730S-S support switching between Layer 2
and Layer 3 modes.
d. Run ripng ipsec sa sa-name

IPSec authentication is enabled on the interface, and the name of an SA

is specified.

By default, IPSec authentication is disabled on a RIPng interface.

NOTE

The ripng ipsec sa command takes precedence over the ipsec sa command. If
both commands are run in respective views and different SA names are specified,
only the configuration of the ripng ipsec sa command takes effect.

----End

4.12.3 Verifying the RIPng IPSec Authentication Configuration

Procedure
● Run the display ipsec proposal [ name proposal-name ] command to check
IPSec proposal information.
● Run the display ipsec sa [ name sa-name ] [ brief ] command to check
information about a Security Association (SA).
● Run the display ipsec statistics [ sa-name sa-name slot slot-number ]
command to check statistics about packets processed by IPSec.
● Run the display ripng process-id interface [ interface-type interface-
number ] [ verbose ] command to check the SA used in IPSec authentication.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 156

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

● Run the display ripng process-id statistics interface { all | interface-type

interface-number [ verbose | neighbor neighbor-ipv6-address ] } command
to check the number of RIPng packets that failed authentication.
----End

4.13 Clearing RIPng

Context

NOTICE

RIPng information cannot be restored after it is cleared. Exercise caution before

clearing RIPng information.

Procedure
● Run the reset ripng process-id statistics [ interface { interface-type
interface-number [ neighbor neighbor-ip-address ] } ] command in the user
view to clear statistics about the counter that is maintained by a specified
RIPng process.
----End

4.14 Example for Configuring RIPng to Filter the

Received Routes
Networking Requirements
In Figure 4-1, the prefix length of all the IPv6 addresses is 64 bits, and the VLANIF
interfaces between neighboring Switches are assigned IPv6 link-local addresses.
All the Switches must learn IPv6 routing information on the network using RIPng.
SwitchB should filter the routes received from SwitchC (at FC00:0:0:3::/64). That is,
SwitchB does not add the routes to its own RIPng routing table or advertise the
routes to SwitchA.

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 157

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Figure 4-1 Configuring RIPng to filter the received routes

Configuration Roadmap
The configuration roadmap is as follows:
1. Enable RIPng on each Switch so that the Switches can communicate with
each other.
2. Configure an ACL on SwitchB to filter the received routes.

Procedure
Step 1 Add interfaces to VLANs.
# Configure SwitchA. Ensure that the configurations of SwitchB, and SwitchC are
similar to the configuration of SwitchA.
<HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10
[SwitchA-vlan10] quit
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] port link-type trunk
[SwitchA-GigabitEthernet0/0/2] port trunk allow-pass vlan 10
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] vlan 20
[SwitchA-vlan20] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 20
[SwitchA-GigabitEthernet0/0/1] quit

Step 2 Assign IP addresses to the VLANIF interfaces.

# Configure SwitchA. Ensure that the configurations of SwitchB, and SwitchC are
similar to the configuration of SwitchA.
[SwitchA] ipv6
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ipv6 enable
[SwitchA-Vlanif10] ipv6 address fc00:0:0:1::1/64
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ipv6 enable

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 158

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

[SwitchA-Vlanif20] ipv6 address auto link-local

[SwitchA-Vlanif20] quit

Step 3 Configure basic RIPng functions.

# Configure SwitchA.
[SwitchA] ripng 1
[SwitchA-ripng-1] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ripng 1 enable
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 20
[SwitchA-Vlanif20] ripng 1 enable
[SwitchA-Vlanif20] quit

# Configure SwitchB.
[SwitchB] ripng 1
[SwitchB-ripng-1] quit
[SwitchB] interface vlanif 20
[SwitchB-Vlanif20] ripng 1 enable
[SwitchB-Vlanif20] quit
[SwitchB] interface vlanif 30
[SwitchB-Vlanif30] ripng 1 enable
[SwitchB-Vlanif30] quit

# Configure SwitchC.
[SwitchC] ripng 1
[SwitchC-ripng-1] quit
[SwitchC] interface vlanif 30
[SwitchC-Vlanif30] ripng 1 enable
[SwitchC-Vlanif30] quit
[SwitchC] interface vlanif 40
[SwitchC-Vlanif40] ripng 1 enable
[SwitchC-Vlanif40] quit
[SwitchC] interface vlanif 50
[SwitchC-Vlanif50] ripng 1 enable
[SwitchC-Vlanif50] quit

# Check the RIPng routing table of SwitchB.

[SwitchB] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::D472:0:3C23:1 on Vlanif20
Dest FC00:0:0:1::/64,
via FE80::D472:0:3C23:1, cost 1, tag 0, RA, 4 Sec
Peer FE80::F54C:0:9FDB:1 on Vlanif30
Dest FC00:0:0:2::/64,
via FE80::F54C:0:9FDB:1, cost 1, tag 0, RA, 3 Sec
Dest FC00:0:0:3::/64,
via FE80::F54C:0:9FDB:1, cost 1, tag 0, RA, 3 Sec

The preceding information shows that the RIPng routing table of SwitchB contains
the route of network segment FC00:0:0:3::/64.
# Check the RIPng routing table of SwitchA.
[SwitchA] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
----------------------------------------------------------------

Peer FE80::476:0:3624:1 on Vlanif20

Dest FC00:0:0:2::/64,
via FE80::476:0:3624:1, cost 2, tag 0, RA, 21 Sec

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 159

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

Dest FC00:0:0:3::/64,
via FE80::476:0:3624:1, cost 2, tag 0, RA, 21 Sec

The preceding information shows that the RIPng routing table of SwitchA contains
the route of network segment FC00:0:0:3::/64 advertised by SwitchB.
Step 4 Configure SwitchB to filter the received routes.
[SwitchB] acl ipv6 number 2000
[SwitchB-acl6-basic-2000] rule deny source fc00:0:0:3:: 64
[SwitchB-acl6-basic-2000] rule permit
[SwitchB-acl6-basic-2000] quit
[SwitchB] ripng 1
[SwitchB-ripng-1] filter-policy 2000 import
[SwitchB-ripng-1] quit

Step 5 Verify the configuration.

NOTE

After the aging time of the filtered routing entry expires, check the verification result. The
default aging time is 180 seconds.

# Check the RIPng routing table of SwitchB. The RIPng routing table should not
contain the route of network segment FC00:0:0:3::/64.
[SwitchB] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
----------------------------------------------------------------
Peer FE80::D472:0:3C23:1 on Vlanif20
Dest FC00:0:0:1::/64,
via FE80::D472:0:3C23:1, cost 1, tag 0, RA, 25 Sec
Peer FE80::F54C:0:9FDB:1 on Vlanif30
Dest FC00:0:0:2::/64,
via FE80::F54C:0:9FDB:1, cost 1, tag 0, RA, 14 Sec

# Check the RIPng routing table of SwitchA. The RIPng routing table should not
contain the route of network segment FC00:0:0:3::/64.
[SwitchA] display ripng 1 route
Route Flags: R - RIPng
A - Aging, G - Garbage-collect
----------------------------------------------------------------

Peer FE80::476:0:3624:1 on Vlanif20

Dest FC00:0:0:2::/64,
via FE80::476:0:3624:1, cost 2, tag 0, RA, 7 Sec

----End

Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
ipv6
#
vlan batch 10 20
#
interface Vlanif10
ipv6 enable
ipv6 address FC00:0:0:1::1/64
ripng 1 enable
#
interface Vlanif20

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 160

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
#
ripng 1
#
return
● SwitchB configuration file
#
sysname SwitchB
#
ipv6
#
vlan batch 20 30
#
acl ipv6 number 2000
rule 0 deny source FC00:0:0:3::/64
rule 1 permit
#
interface Vlanif20
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
interface Vlanif30
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 30
#
ripng 1
filter-policy 2000 import
#
return
● SwitchC configuration file
#
sysname SwitchC
#
ipv6
#
vlan batch 30 40 50
#
interface Vlanif30
ipv6 enable
ipv6 address auto link-local
ripng 1 enable
#
interface Vlanif40
ipv6 enable
ipv6 address FC00:0:0:2::1/64
ripng 1 enable
#
interface Vlanif50

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 161

S300, S500, S2700, S5700, and S6700 Series
Ethernet Switches
Configuration Guide - IP Unicast Routing 4 RIPng Configuration

ipv6 enable
ipv6 address FC00:0:0:3::1/64
ripng 1 enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 30
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 40
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 50
#
ripng 1
#
return

Issue 03 (2022-06-27) Copyright © Huawei Technologies Co., Ltd. 162