Optional: If the GRE tunnel networking is employed, specify the VPN instance for the static

routes. Run ip route-static vpn-instance to configure the static routes for a VPN instance and specify the tunnel interface as the outbound interface.

NOTE

l The destination address of the static route is the address of the network segment to which AAA server belongs. The next hop address is the address of the router or firewall that the PDSN9660 connects.

l If there are multiple AAA servers and they are not located in the same network segment, a static route must be configured for each AAA server.

CAUTION

On the next hop router or firewall, you must configure the static route to the PDSN9660. The destination address of the static route is the address of the interface on the PDSN9660. The next hop address is the address of the physical interface on the Pi used for interworking with the PDSN9660, or the next hop address can be the address of the Eth-trunk interface when reliability networking is adopted.

----End

3.11 Configuring the Dynamic Route to the AAA Server

You can configure a dynamic route for the interworking between the PDSN9660 and the authorization, authentication and accounting (AAA) server at the network layer.

Context

The PDSN supports static route configuration as well as dynamic routing protocols such as the Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Intermediate System to Intermediate System (IS-IS), and Border Gateway Protocol (BGP). The dynamic routing mode is suitable for a network with complex topology and a certain number of Layer 3 devices. The dynamic routing mode can automatically adapt to changes in network topology. If you plan to employ a dynamic routing protocol such as RIP, OSPF, IS-IS, and BGP, the PDSN9660 must support the protocol.

Take OSPF as an example to describe the concepts and configurations of an OSPF dynamic route.

Table 3-2 Concepts of the OSPF dynamic routing mode Concept Description

OSPF process number

When you start multiple OSPF processes on the PDSN9660, you must specify different process numbers. The OSPF process number is a local concept and it does not affect packet exchange between the PDSN9660 and other routers. Therefore, routers can exchange packets regardless of process numbers. Router ID A router ID is required for a router to employ the OSPF protocol. A router

ID is a 32-bit unsigned integer. It identifies a router in an autonomous system. You can manually set a router ID. Generally, the router ID is set to the IP address of an interface on the router.

If you do not specify the router ID, the system automatically selects an IP address of the existing interfaces as the router ID. The highest IP address of loopback interfaces is selected as the router ID. If no loopback interface is configured, the highest IP address of the interfaces is selected as the router ID.

Area You must specify an area to which an interface running OSPF belongs. OSPF processes can share an area. For example, area 0 can be used by both OSPF 1 and OSPF 2.

Concept Description

Area authenticatio n

OSPF supports packet authentication. Only the authenticated OSPF packets can be received; otherwise, the neighbor relation cannot be established normally.

All the routers in an area must employ the same area authentication mode and password.

OSPF network segment

The network segment refers to the network segment of the IP addresses of the interface that runs OSPF. A network segment can belong to only one area. That is, you must specify the area for each interface running OSPF. OSPF can be run on an interface only when the following conditions are satisfied:

l The length of the subnet mask of an interface is not shorter than that

specified by using network.

l The primary IP address of an interface must be in the range of the network

segment specified by using network.

DR priority When configuring broadcast networks or non-broadcast multiple access (NBMA) networks, you can specify the designated router (DR) priorities of interfaces to determine the DR/backup designated router (BDR) election in the network. A larger value indicates a higher priority. A router with the priority 0 cannot be elected as the DR or BDR.

Configuration Principle

The principles for configuring an OSPF dynamic route are as follows:

l If a virtual private network (VPN) instance is specified for the OSPF process, you must run

vpn-instance-capability simple to directly calculate the route instead of conducting the

routing loop detection.

l To deliver other static routes to the routers on the backbone network, you must run import-

route to import routes that are learned from other protocols.

Data Planning

No. Data

1 OSPF process number and router ID. If the OSPF process is to be bound to a VPN instance, plan the name of the VPN instance.

2 OSPF area, authentication mode, and authentication key 3 Network segment and wildcard mask of an OSPF area

To facilitate future network expansion, you can configure a network segment containing multiple IP addresses for both the physical and logical interfaces. Thus, no further configuration is required when new interfaces are added. The wildcard mask is the inverse of the mask of an IP address. That is, the wildcard mask can be obtained by changing 0 in the mask to 1 and 1 to 0. Here, 1 indicates that this bit in the IP address can be ignored and 0 indicates that this

Procedure

Step 1 Run system-view to enter the system view.