Friday , February 28 2025

how to activate 10GE on CX600-X1-X2 platform

6 Aug, 2013 0

And after the holidays …

We can bring up a subject of 10GE interfaces on Huawei CX600-X1-X2 platform. The short subject but can be useful.

 

Let’s imagine that you have NPUI board installed on the router:

<CX600>display elabel 1

BoardType=CX67NPUI20
Item=03030MDQ
Description=CX600,CX67NPUI20,Network Processing Unit Integrated with 2-Port 10GBase LAN/WAN-XFP

The first you have to do is to activate licence for 10GE interfaces:

<CX600>license active licence.dat

Let’s check the license usage:

<CX600>display license resource usage
Info: Active License on master board: cfcard:/license.dat
 FeatureName    | ConfigureItemName       | ResourceUsage

 CXFEA03           LCX610GP00                  1/0
 CXFEA03           LCX6L3VN00                  1/1

License activation does not mean that you already have 10GE interfaces. Remember to activate 10GE for specific slot, in our case for slot 1:

<CX600>sys
Enter system view, return user view with Ctrl+Z.
[WRO1013-HC-1]slot 1
[WRO1013-HC-1-slot-1]active 10ge-interface

<CX600>display license resource usage
Info: Active License on master board: cfcard:/license.dat
 FeatureName    | ConfigureItemName       | ResourceUsage

 CXFEA03           LCX610GP00                  1/1
 CXFEA03           LCX6L3VN00                  1/1

Without license and port activations, by default, traffic on 10GE interfaces is limited to 10Mbbs!

Read More »

How to manage files through SCP on Huawei

13 Jul, 2013 0

SCP is a secure file transfer, based on SSH2.0, which supports downloading and uploading files between SCP client and server, in batches as well. If you would like to know more, just visit Huawei support website. I will focus on practice and show this feature, using simple lab:

Configure communication between loopback interfaces of the server and the client. Below the SCP_server as an example. As this is a simple topology, I used RIP protocol for communication (long unused by me):

#
sysname SCP_server
#
vlan batch 100
#
interface Vlanif100
 ip address 10.1.1.1 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
rip 1
 network 10.0.0.0
 network 1.0.0.0
#

Configuration of SCP_server:

[SCP_server]<strong>scp server enable</strong> 
Info: Succeeded in starting the SCP server.

[SCP_server]rsa local-key-pair create
The key name will be: SCP_server_Host
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, 
       it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.........++++++++++++
...................++++++++++++
.....++++++++
...................................................++++++++

SCP_server]<strong>user-interface vty 0 4</strong>
[SCP_server-ui-vty0-4]authentication-mode aaa
[SCP_server-ui-vty0-4]protocol inbound ssh

[SCP_server]<strong>aaa</strong>
[SCP_server-aaa]local-user labnario password cipher labnario
Info: Add a new user.
[SCP_server-aaa]local-user labnario service-type ssh
[SCP_server-aaa]local-user labnario privilege level 15

[SCP_server]<strong>ssh user labnario authentication-type password</strong>
Info: Succeeded in adding a new SSH user.
[SCP_server]<strong>ssh user labnario service-type all</strong>

Coniguration of SCP_client:

[SCP_client]<strong>scp client-source -a 2.2.2.2</strong> 
[SCP_client]<strong>ssh client first-time enable</strong>

Let’s check file system of SCP_server:

<SCP_server><strong>dir</strong>
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName 
    0  drw-              -  Jul 13 2015 11:15:03   src
    1  drw-              -  Jul 13 2015 11:15:14   compatible
    2  -rw-          1,909  Jul 13 2015 13:47:02   <span>new_file.cfg</span>

Now we can download the new_file.cfg from the remote SCP server:

[SCP_client]<strong>scp -a 2.2.2.2 -cipher 3des labnario@1.1.1.1:new_file.cfg new_file.cfg</strong>
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :y
The server's public key will be saved with the name 1.1.1.1. Please wait...

Enter password:

new_file.cfg                     0%            0Bytes            1Kb/s
new_file.cfg                   100%         1909Bytes            2Kb/s

Let’s check whether the file has been downloaded:

<SCP_client><strong>dir</strong>
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName 
    0  drw-              -  Jul 13 2015 11:15:03   src
    1  drw-              -  Jul 13 2015 11:15:14   compatible
    2  -rw-          1,909  Jul 13 2015 16:00:22   <span>new_file.cfg</span>

Now we can rename this file and upload it to SCP server:

<SCP_client><strong>rename new_file.cfg </strong><span>quite_new_file.cfg</span>
Rename flash:/new_file.cfg to flash:/quite_new_file.cfg ?[Y/N]:y
Info: Rename file flash:/new_file.cfg to flash:/quite_new_file.cfg ......Done.

<SCP_client><strong>system-view</strong> 
Enter system view, return user view with Ctrl+Z.

[SCP_client]<strong>scp -a 2.2.2.2 -cipher 3des quite_new_file.cfg labnario@1.1.1.1:</strong>
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
Enter password:

quite_new_file.cfg               0%            0Bytes            1Kb/s
quite_new_file.cfg             100%         1909Bytes            2Kb/s

And finally check the result on SCP server:

<SCP_client><strong>rename new_file.cfg </strong><span>quite_new_file.cfg</span>
Rename flash:/new_file.cfg to flash:/quite_new_file.cfg ?[Y/N]:y
Info: Rename file flash:/new_file.cfg to flash:/quite_new_file.cfg ......Done.

<SCP_client><strong>system-view</strong> 
Enter system view, return user view with Ctrl+Z.

[SCP_client]<strong>scp -a 2.2.2.2 -cipher 3des quite_new_file.cfg labnario@1.1.1.1:</strong>
Trying 1.1.1.1 ...
Press CTRL+K to abort
Connected to 1.1.1.1 ...
Enter password:

quite_new_file.cfg               0%            0Bytes            1Kb/s
quite_new_file.cfg             100%         1909Bytes            2Kb/s
<SCP_server><strong>dir</strong>
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName 
    0  drw-              -  Jul 13 2015 11:15:03   src
    1  drw-              -  Jul 13 2015 11:15:14   compatible
    2  -rw-          1,909  Jul 13 2015 16:05:08   <span>quite_new_file.cfg</span>
    2  -rw-          1,909  Jul 13 2015 13:47:02   new_file.cfg

Read More »

IP prefix list to filter routes

11 Jul, 2013 0

How to filter advertised and received routes on Huawei router?

Let’s try to check it based on the following topology:

 

  1. Configure basic OSPF functions on all routers.
  2. Configure static routes on AR1 router and import them to OSPF.
  3. Use filter-policy for advertised routes on AR1.
  4. Use filter-policy for received routes on AR3.

OSPF configuration (AR2 as an example):

[AR2]dis cur config ospf
#
ospf 1 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 150.0.1.0 0.0.0.3 
  network 150.0.1.4 0.0.0.3 
  network 150.0.1.8 0.0.0.3

Configure static routes on AR1:

[AR1]ip route-static 172.16.10.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.20.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.30.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.40.0 255.255.255.0 NULL0
[AR1]ip route-static 172.16.50.0 255.255.255.0 NULL0

Import these routes to OSPF:

[AR1]ospf
[AR1-ospf-1]import-route static

Check IP routing tables of AR2, AR3 and AR4 routers:

[AR2]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 22       Routes : 22       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   1           D   150.0.1.1       GigabitEthernet0/0/0
        2.2.2.2/32  Direct  0    0           D   127.0.0.1       LoopBack0
        3.3.3.3/32  OSPF    10   1           D   150.0.1.6       GigabitEthernet0/0/1
        4.4.4.4/32  OSPF    10   1           D   150.0.1.10      GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  Direct  0    0           D   150.0.1.2       GigabitEthernet0/0/0
      150.0.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.4/30  Direct  0    0           D   150.0.1.5       GigabitEthernet0/0/1
      150.0.1.5/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.8/30  Direct  0    0           D   150.0.1.9       GigabitEthernet2/0/0
      150.0.1.9/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.40.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.50.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[AR3]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 18       Routes : 18       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
        2.2.2.2/32  OSPF    10   1           D   150.0.1.5       GigabitEthernet0/0/1
        3.3.3.3/32  Direct  0    0           D   127.0.0.1       LoopBack0
        4.4.4.4/32  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
      150.0.1.4/30  Direct  0    0           D   150.0.1.6       GigabitEthernet0/0/1
      150.0.1.6/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.8/30  OSPF    10   2           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.40.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
    172.16.50.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[AR4]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 18       Routes : 18       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        2.2.2.2/32  OSPF    10   1           D   150.0.1.9       GigabitEthernet0/0/0
        3.3.3.3/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        4.4.4.4/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.4/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.8/30  Direct  0    0           D   150.0.1.10      GigabitEthernet0/0/0
     150.0.1.10/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.40.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.50.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

As you can see, all static routes imported to OSPF are available as O_ASE.

Now we can filter routes advertised by AR1 router. Only three routes will be advertised: 172.16.10.0/24, 172.16.20.0/24 and 172.16.30.0/24.

Create IP prefix list named AR1toAR2 and permit these 3 routes:

[AR1]ip ip-prefix AR1toAR2 index 10 permit 172.16.10.0 24
[AR1]ip ip-prefix AR1toAR2 index 20 permit 172.16.20.0 24
[AR1]ip ip-prefix AR1toAR2 index 30 permit 172.16.30.0 24

Apply filter-policy to OSPF:

[AR1]ospf
[AR1-ospf-1]filter-policy ip-prefix AR1toAR2 export

Check IP routing table, for instance AR2:

[AR2]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 20       Routes : 20       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   1           D   150.0.1.1       GigabitEthernet0/0/0
        2.2.2.2/32  Direct  0    0           D   127.0.0.1       LoopBack0
        3.3.3.3/32  OSPF    10   1           D   150.0.1.6       GigabitEthernet0/0/1
        4.4.4.4/32  OSPF    10   1           D   150.0.1.10      GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  Direct  0    0           D   150.0.1.2       GigabitEthernet0/0/0
      150.0.1.2/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.3/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
      150.0.1.4/30  Direct  0    0           D   150.0.1.5       GigabitEthernet0/0/1
      150.0.1.5/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.8/30  Direct  0    0           D   150.0.1.9       GigabitEthernet2/0/0
      150.0.1.9/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet2/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.1       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

From the output you can noticed that only three routes are advertised by AR1.

Now configure filter-policy for routes received by AR3.

Create IP prefix list on AR3 that permits only 172.16.10.0/24 route:

[AR3]ip ip-prefix AR2toAR3 index 10 permit 172.16.10.0 24

Apply filter-policy to OSPF as import:

[AR3]ospf
[AR3-ospf-1]filter-policy ip-prefix AR2toAR3 import

Check routing table of AR3 router:

[AR3]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 9        Routes : 9        

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        3.3.3.3/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.4/30  Direct  0    0           D   150.0.1.6       GigabitEthernet0/0/1
      150.0.1.6/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
      150.0.1.7/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.5       GigabitEthernet0/0/1
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

Check IP routing table of AR4 router:

[AR4]dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 16       Routes : 16       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        1.1.1.1/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        2.2.2.2/32  OSPF    10   1           D   150.0.1.9       GigabitEthernet0/0/0
        3.3.3.3/32  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
        4.4.4.4/32  Direct  0    0           D   127.0.0.1       LoopBack0
      127.0.0.0/8   Direct  0    0           D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0           D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0
      150.0.1.0/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.4/30  OSPF    10   2           D   150.0.1.9       GigabitEthernet0/0/0
      150.0.1.8/30  Direct  0    0           D   150.0.1.10      GigabitEthernet0/0/0
     150.0.1.10/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
     150.0.1.11/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
    172.16.10.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.20.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
    172.16.30.0/24  O_ASE   150  1           D   150.0.1.9       GigabitEthernet0/0/0
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

As you can see only one route is received by AR3. So filter-policy works correctly. AR4 router still receives all three routes.

Read More »

Huawei eNSP – news

4 Jul, 2013 0

A new version of Huawei simulator eNSP has been released. One of new features is AR CPU reduction. Besides that, reboot functionality of AR router has been provided. Also a few features have been modified. All information you can find in a release notes for this version.

Download, test and enjoy!

huawei-enterprise-network-simulation-platform

Read More »

how to find “TTL exceeded” packets

28 Jun, 2013 0

Let’s imagine you are an IP engineer and suddenly found increasing number of “TTL exceeded” packets on your router. Your first thought is “what the hell is it? How to find a source of these packets?”

Take it easy. You will know how to investigate such issue on Huawei router.

[labnario]display ip statistics
  Input:     sum               2783201      local               2321967
             bad protocol            0      bad format                0
             bad checksum            0      bad options               0
             discard srr             0      TTL exceeded         494196
  Output:    forwarding              0      local                886008
             dropped                 0      no route                  0
  Fragment:  input                   0      output                    0
             dropped                 0
             fragmented              0      couldn't fragment         0
  Reassembling:sum                   0      timeouts                  0

As you can see there are “TTL exceeded” packets. “Display ip statistics” command shows packets that are directed to CPU. Don’t mix it up with packets found on the interface. For example, you don’t have dropped packets on the interface but “display ip statistics” shows such packets.

What does it mean “TTL exceeded”?

It means the router receives packets with TTL=1.

What happens if it receives such packets?

It sends timeout-icmp packets.

We can check it using the following command:

[labnario]display icmp statistics
  Input: bad formats            0      bad checksum                     0
         echo                3108      destination unreachable        294
         source quench          0      redirects                        0
         echo reply             0      parameter problem                0
         timestamp              0      information request              0
         mask requests          0      mask replies                     0
         time exceeded          0
         Mping request          0      Mping reply                      0
  Output:echo                   0      destination unreachable          0
         source quench          0      redirects                        0
         echo reply          3108      parameter problem                0
         timestamp              0      information reply                0
         mask requests          0      mask replies                     0
         time exceeded     494196
         Mping request          0      Mping reply                      0

When you compare both outputs you will see that “TTL exceeded = time exceeded“.

And now how to find the source of these packets:

Feb 14 2012 09:08:08.250.1 labnario IP/7/debug_icmp:Slot=3;ICMP Send: ttl-exceeded(Type=11, Code=0), Src = 10.222.143.13, Dst = 172.16.20.88; Original IP header: Pro = 17, Src = 172.16.20.88, Dst = 10.222.143.113, First 8 bytes = B5E400A1 002C9D0D

As you can see debugging ICMP packets is helpful in this case.

Read More »
Design By: ThemeTen