H3c S5500-si series User manual

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Table of Contents

Table of Contents

Chapter 1 IP Address Configuration ...........................................................................................1-1

1.1 IP Address Overview.........................................................................................................1-1

1.1.1 IP Address Classes.................................................................................................1-1

1.2 Configuring IP Addresses..................................................................................................1-3

1.2.1 Assigning an IP Address to an Interface.................................................................1-4

1.2.2 IP Address Configuration Example.........................................................................1-4

1.3 Displaying and Maintaining IP Address Configuration....................................................... 1-6

Chapter 2 IP Performance Configuration.................................................................................... 2-1

2.1 IP Performance Overview..................................................................................................2-1

2.2 Permitting Receiving and Forwarding of Directed Broadcast Packets..............................2-1

2.2.1 Enabling Receiving of Directed Broadcasts............................................................2-1

2.2.2 Enabling Forwarding Directed Broadcasts..............................................................2-1

2.2.3 Receiving and Forwarding of Directed Broadcast Configuration Example.............2-2

2.3 Configuring TCP Attributes................................................................................................2-3

2.4 Configuring ICMP to Send Error Packets..........................................................................2-4

2.5 Displaying and Maintaining IP Performance...................................................................... 2-6

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 1 IP Address Configuration

1-1

Chapter 1 IP Address Configuration

1.1 IP Address Overview

1.1.1 IP Address Classes

Each device interface connected to the Internet must be assigned a globally unique IP

address. IP addresses are 32-bit in length, generally expressed in dotted decimal

notation. That is, an IP address can be expressed as four decimal integers separated

by dots, with each integer corresponding to one byte. 10.1.1.1 is an example.

Each IP address breaks down into two parts:

znet-id, the first several bits of the IP address defining a network, also known as

class bits.

zhost-id, identifies a host on a network.

For administration sake, IP addresses are divided into five classes. Which class an IP

address belongs to depends on the first one to four bits of the net-id, as shown in Figure

1-1.

Figure 1-1 IP address classes

Table 1-1 describes the address ranges of these five classes. Currently, the first three

classes of IP addresses are used in large quantities.

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 1 IP Address Configuration

1-2

Table 1-1 IP address classes and ranges

Class Address range Description

A 0.0.0.0 to 127.255.255.255

Address 0.0.0.0 means this host no

this network. This address is used

by a host at bootstrap when it does

not know its IP address. This

address is never a valid destination

address.

Addresses starting with 127 are

reserved for loopback test. Packets

destined to these addresses are

processed locally as input packets

rather than sent to the link.

B 128.0.0.0 to 191.255.255.255 ––

C 192.0.0.0 to 223.255.255.255 ––

D 224.0.0.0 to 239.255.255.255 Multicast address.

E 240.0.0.0 to 255.255.255.255 Reserved for future use except for

the broadcast address

255.255.255.255.

As the Internet develops rapidly, available IP addresses are being exhausted. To make

full use of available IP addresses, a network can be divided into smaller ones (known

as subnets) with subnet masks. A network can be divided into subnets by using some

bits of the host-id to create a subnet-id. The length of subnet-id is determined by subnet

mask.

A subnet mask is 32-bit in length and comprises a series of consecutive ones and a

series of consecutive zeros. In a subnet mask, the part containing consecutive ones

identifies the combination of net-id and subnet-id, whereas the part containing

consecutive zeros identifies the host-id.

A subnet is significant only within a network. From the perspective of an external

network, the network has only one net-id.Agateway performs route selection based on

subnet-id and finds the destination host only after incoming packets are received by the

network.

Figure 1-2 shows how a Class B address is subnetted.

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 1 IP Address Configuration

1-3

Figure 1-2 Subnetting a Class B address

Note that subnetting is somewhat a tradeoff between subnets and accommodated

hosts. For example, a Class B network can accommodate 65,534 hosts before being

subnetted. After you break it down into 64 subnets by using the first 6 bits of the host-id

for the subnet, you have only 10 bits for the host-id and thus have only 1,022 (210 – 2)

(excluding all-one broadcast addresses and all-zero network segment addresses)

hosts in each subnet. The maximum number of hosts is thus 64 × 1,022 = 65,408,

which is126 less than that before the network is subnetted.

Class A, B, and C networks, before being subnetted, use these default masks (also

called natural masks): 255.0.0.0, 255.255.0.0, and 255.255.255.0 respectively.

1.2 Configuring IP Addresses

An interface can obtain an IP address using the following methods:

zThrough manual IP address assignment

zThrough BOOTP

zThrough DHCP

These methods are mutually exclusive. An IP address obtained using a new method

overwrites that obtained using an old method. For example, if you manually assign an

IP address and then obtain another IP address through BOOTP, the IP address

obtained from BOOTP will overwrite the old one manually assigned. In this case, the

interface is assigned the IP address through BOOTP.

Note:

This chapter only covers how to assign an IP address manually. For how to obtain an IP

address using the other two methods, see the related sections in DHCP part of this

manual.

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 1 IP Address Configuration

1-4

1.2.1 Assigning an IP Address to an Interface

Generally, one interface is configured with one IP address. To connect multiple logical

subnets on the same physical subnet, you may assign an interface multiple IP

addresses, one primary and multiple secondary.

Follow these steps to assign an IP address to an interface:

To do… Use the command… Remarks

Enter system view system-view ––

Enter interface view interface interface-type

interface-number ––

Assign an IP address to

the interface

ip address ip-address

{ mask | mask-length }

[ sub ]

Required

No IP address is assigned

by default.

Caution:

zOne interface can be configured with only one primary IP address. The primary IP

address you assigned to the interface can overwrite the old one if there is any.

zYou cannot assign secondary IP addresses to an interface using BOOTP or DHCP.

zThe primary and secondary IP addresses you assign to the interface can be located

on the same network segment.

zWith S5500-SI series Ethernet switches, you can configure IP addresses for VLAN

interfaces and Loopback interfaces. Only 32-bit subnet masks can be configured on

Loopback interfaces.

1.2.2 IP Address Configuration Example

I. Network requirements

As shown in Figure 1-3, Vlan-interface1 (belonging to VLAN 1) on the switch is

connected to a LAN comprising two segments: 172.16.1.0/24 and 172.16.2.0/24. The

hosts in external network can communicate with the two network segments through the

switch and the hosts between the two segments can communicate with each other.

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 1 IP Address Configuration

1-5

II. Network diagram

Figure 1-3 Network diagram for IP address configuration

III. Configuration procedure

If only one IP address is configured on Vlan-interface1 of the switch, only part of the

hosts can be accessed from external network through the switch. To enable the access

to all the hosts in the network through the switch, a secondary IP address needs to be

configured for Vlan-interface1. To allow the hosts on the two segments to communicate

with each other, the switch needs to be set as the gateway on all the hosts on the two

segments.

# Assign a primary IP address and a secondary IP address to Vlan-interface1.

<Sysname> system-view

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] ip address 172.16.1.1 255.255.255.0

[Sysname-Vlan-interface1] ip address 172.16.2.1 255.255.255.0 sub

# Set the gateway address to 172.16.1.1 on the PCs attached to the subnet

172.16.1.0/24, and to 172.16.2.1 on the PCs attached to the subnet 172.16.2.0/24.

# Ping a host on the subnet 172.16.1.0/24 from the switch to verify the configuration.

<Sysname> ping 172.16.1.2

PING 172.16.1.2: 56 data bytes, press CTRL_C to break

Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=25 ms

Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=27 ms

Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=26 ms

Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=26 ms

Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=26 ms

--- 172.16.1.2 ping statistics ---

5 packet(s) transmitted

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 1 IP Address Configuration

1-6

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 25/26/27 ms

# Ping a host on the subnet 172.16.2.0/24 from the switch to verify the configuration.

<Sysname> ping 172.16.2.2

PING 172.16.2.2: 56 data bytes, press CTRL_C to break

Reply from 172.16.2.2: bytes=56 Sequence=1 ttl=255 time=25 ms

Reply from 172.16.2.2: bytes=56 Sequence=2 ttl=255 time=26 ms

Reply from 172.16.2.2: bytes=56 Sequence=3 ttl=255 time=26 ms

Reply from 172.16.2.2: bytes=56 Sequence=4 ttl=255 time=26 ms

Reply from 172.16.2.2: bytes=56 Sequence=5 ttl=255 time=26 ms

--- 172.16.2.2 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 25/25/26 ms

# Verify that the hosts on the subnets 172.16.1.0/24 and 172.16.2.0/24 can

communicate with each other.

1.3 Displaying and Maintaining IP Address Configuration

After the above-mentioned configuration, you can use the display command in any

view to display IP address configuration, so as to verify configuration result.

Follow these steps to display and maintain IP address configuration:

To do… Use the command…

Display information about a specified or

all L3 interfaces display ip interface [ interface-type

interface-number ]

Display brief information about a

specified or all Layer 3 interfaces display ip interface brief

[ interface-type interface-number ]

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 2 IP Performance Configuration

2-1

Chapter 2 IP Performance Configuration

2.1 IP Performance Overview

In some network environments, you need to adjust the IP parameters to achieve best IP

performance. IP performance configuration parameters include:

zReceiving and forwarding of directed broadcasts

zTCP timers

zSize of TCP receive/send buffer

zICMP error packets sending

2.2 Permitting Receiving and Forwarding of Directed

Broadcast Packets

Directed broadcast packets include network directed broadcast packets,

individual-subnet directed broadcast packets and all-subnet directed broadcast

packets. If a device is permitted to receive and forward directed broadcast packets,

hackers can use such packets to attack the network, which brings potential trouble to

network security. Therefore, the receiving and forwarding of directed broadcast packets

are disabled on S5500-SI series Ethernet switches by default. When necessary, you

can use the related command to permit the device to receive and forward directed

broadcast packets.

2.2.1 Enabling Receiving of Directed Broadcasts

If the device is permitted to receive directed broadcast packets, the configuration on an

interface determines whether these packets can be forwarded. Otherwise, directed

broadcast packets are discarded directly.

Follow these steps to enable the receiving of directed broadcasts:

To do… Use the command… Remarks

Enter system view system-view —

Enable the device to

receive directed

broadcasts ip forward-broadcast

Required

By default, an interface is

not allowed to receive

directed broadcasts

2.2.2 Enabling Forwarding Directed Broadcasts

Follow these steps to enable forwarding directed broadcasts:

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 2 IP Performance Configuration

2-2

To do… Use the command… Remarks

Enter system view system-view —

Enter interface view interface interface-type

interface-number —

Enable forwarding

directed broadcasts

on an interface

ip forward-broadcast [acl

acl-number ]

Required

By default, directed

broadcasts forwarding is

not allowed.

Note:

zIf you have configured ACL when enabling an interface to forward directed

broadcasts, the ACL will discard the directed broadcast packets that do not meet its

rules, but forward only those in compliance with the rules.

zIf you execute the ip forward-broadcast acl command on an interface for many

times, the last executed command takes the final effect. As such, if the last

command is one without the acl acl-number, the previous ACL rules will be

cancelled.

2.2.3 Receiving and Forwarding of Directed Broadcast Configuration

Example

I. Network requirement

As shown in Figure 2-1, the PC interface and Vlan-interface3 of Switch A are in the

same network segment (1.1.1.0/24). Vlan-interface2 of Switch Aand Vlan-interface2 of

Switch B are in another network segment (2.2.2.0/24). The default gateway of the PC is

Vlan-interface3 (IP address 1.1.1.2/24) of Switch A. Configure a static route on Switch

B for the reachability between PC and Switch B.

II. Network diagram

Figure 2-1 Blocking directed broadcasts

III. Configuration procedure

zPerform the following configuration on Switch A.

# Configure Switch A to receive directed broadcast packets.

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 2 IP Performance Configuration

2-3

<SwitchA> system-view

[SwitchA] ip forward-broadcast

# Configure IP addresses for Vlan-interface3 and Vlan-interface2.

[SwitchA] interface Vlan-interface 3

[SwitchA-Vlan-interface3] ip address 1.1.1.2 24

[SwitchA-Vlan-interface3] quit

[SwitchA] interface Vlan-interface 2

[SwitchA-Vlan-interface2] ip address 2.2.2.2 24

# Configure Vlan-interface2 to forward directed broadcast packets.

[SwitchA-Vlan-interface2] ip forward-broadcast

zPerform the following configuration on Switch B

# Configure Switch B to receive directed broadcast packets.

<SwitchB> system-view

[SwitchB] ip forward-broadcast

# Configure a static route from Switch B to the PC.

[SwitchB] ip route-static 1.1.1.1 24 2.2.2.2

# Configure an IP address for Vlan-interface2.

[SwitchB] interface Vlan-interface 2

[SwitchB-Vlan-interface2] ip address 2.2.2.1 24

After the above configurations, if you ping the subnet broadcast address (2.2.2.255) of

Vlan-interface 2 of Switch A on the PC, the ping packets can be received by

Vlan-interface 2 of Switch B. However, if you cancel the ip forward-broadcast

command, the ping packets can not be received by the Vlan-interface 2 of Switch B.

2.3 Configuring TCP Attributes

TCP attributes that can be configured include:

zsynwait timer: Before sending a SYN packet, TCP starts the synwait timer. If no

response packets are received before synwait timeout, TCP connection is not

successfully created.

zfinwait timer: When the TCP connection is in FIN_WAIT_2 state, finwait timer will

be started. If no FIN packets are received before the timer timeouts, the TCP

connection will be terminated. If FIN packets are received, the TCP connection

state changes to TIME_WAIT. If non-FIN packets are received, and the system

recounts the time from receiving the last non-FIN packet until the connection is

broken after the timer timeouts.

zSize of TCP receiving/sending buffer

Follow these steps to configure TCP attributes:

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 2 IP Performance Configuration

2-4

To do… Use the command… Remarks

Enter system view system-view —

Configure TCP synwait

timer’s timeout value tcp timer syn-timeout

time-value

Optional

By default, the timeout

value is 75 seconds.

Configure TCP finwait

timer’s timeout value tcp timer fin-timeout

time-value

Optional

By default, the timeout

value is 675 seconds.

Configure the size of TCP

receiving/sending buffer tcp window window-size Optional

By default, the buffer is 8k

bytes.

2.4 Configuring ICMP to Send Error Packets

Sending error packets is a major function of ICMP protocol. In case of network

abnormalities, ICMP packets are usually sent by the network or transport layer

protocols to notify corresponding devices so as to facilitate control and management.

I. Advantage of sending ICMP error packets

There are three kinds of ICMP error packets: redirection packets, timeout packets and

destination unreachable packets. Their sending conditions and functions are as

follows.

1) Sending ICMP redirect packets

A host may have only one route (the default route to the default gateway) in its routing

table when starting. The default gateway will send ICMP redirect packets to the source

host and notify it to reselect a correct next hop router to send the subsequent packets,

if the following conditions are satisfied:

zThe receiving and sending interfaces are the same.

zThe selected route has not been created or modified by ICMP redirect packets.

zThe selected route is not the default route of the device.

zThere is no source route option in the packet.

ICMP redirect packets function simplifies host administration and enables a host to

gradually establish a sound routing table to find out the best route

2) Sending ICMP timeout packets

Adevice drops the data packet and sends an ICMP timeout packet to the source when

there is a timeout error after the device received an IP data packet.

The device will send an ICMP timeout packet under the following conditions:

zIf a device finds the destination of the packet is not local after receiving a data

packet whose TTL field is 1, it will send a “TTL timeout” ICMP error message.

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 2 IP Performance Configuration

2-5

zWhen the device receives the first fragment IP packets whose destination address

is local, it will start the timer. If the timer timeouts before receiving all the fragments,

the device will send a “reassembly timeout” ICMP error packets.

3) Sending ICMP destination unreachable packets

Sending ICMP destination unreachable packet means when there happens a

destination timeout error after a device received an IP data packet, the device will drop

the data packet and send an ICMP error packet to the source.

The device will send an ICMP destination unreachable packet under the following

conditions:

zWhen forwarding a packet, if the device finds no corresponding forward route and

default route in the routing table, it will send a “network unreachable” ICMP error

packet.

zWhen receiving a data packet whose destination address is local, if the transfer

layer protocol is unavailable for the device, then the device sends a “protocol

unreachable” ICMP error packet.

zWhen receiving a data packet with the destination address as local and transfer

layer as UDP, if the packet’s port number does not match with the running process,

the device will send source a “port unreachable” ICMP error packet.

zWhen sending packets using “strict source routing", if the intermediate finds that

the source point to a device not directly connected to the network, it will send

source a “source routing fails” ICMP error packet.

zWhen forwarding a packet, if the MTU of the forward interface is smaller than the

packet but the packet has been set unfragmentable, the device will send source a

“fragmenting is required but unavailable” ICMP error packet.

II. Disadvantage of sending ICMP error packets

Although sending ICMP error packets facilitate control and management, it still has the

following disadvantage:

zSending a lot of ICMP packets will increase network traffic.

zIf the device receives a lot of malicious packets that sends much ICMP error

packets, it will reduce the device's performance.

zAs redirecting increases a host’s routing, it will reduce the host’s performance if

there is a great increase in the hosting.

zAs ICMP destination unreachable packets are unreachable to users' process, if

there are malicious attacks, end users may be affected.

In order to prevent such phenomena, you can disable the device from sending ICMP

error packets to reduce network traffic and avoid malicious attacks.

Follow these steps to disable sending ICMP error packets:

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 2 IP Performance Configuration

2-6

To do… Use the command… Remarks

Enter system view system-view —

Disable sending ICMP

redirect packets undo ip redirects

Required

Sending a device’s ICMP

redirection packet is

enabled by default

Disable sending ICMP

timeout packets undo ip ttl-expires

Required

Sending a device’s ICMP

timeout packet is enabled

by default.

Disable sending ICMP

destination unreachable

packets undo ip unreachables

Required

Sending a device’s ICMP

destination unreachable

packet is enabled by

default

Note:

zThe device stops sending “network unreachable” and “source route unsuccessful”

ICMP error packets after sending ICMP destination unreachable packets is disabled.

But other destination unreachable packets will be sent normally.

zThe device stops sending “TTL timeout” ICMP error packets after sending ICMP

timeout packets is disabled. But “reassembly timeout” error packets will be sent

normally.

2.5 Displaying and Maintaining IP Performance

After the above-mentioned configuration, you can use the display command in any

view to display the IP performance status, so as to verify configuration result.

You can use the reset command in user view to clear the statistics about IP, TCP, and

UDP traffic.

Following these steps to display and maintain IP performance:

To do… Use the command…

Display current TCP connection state display tcp status

Display statistics of TCP connection display tcp statistics

Display statistics of UDP flows display udp statistics

Display statistics of IP packets display ip statistics

Display statistics of ICMP flows display icmp statistics

Operation Manual – IP Address and Performance

H3C S5500-SI Series Ethernet Switches Chapter 2 IP Performance Configuration

2-7

To do… Use the command…

Display current socket information of the

system display ip socket [socktype

sock-type ] [ task-id socket-id ]

Display FIB forward information display fib [ | { begin | include |

exclude } text | acl acl-number |

ip-prefix ip-prefix-name ]

Display FIB forward information

matching the specified destination IP

address

display fib ip-address1 [ { mask1 |

mask-length1 } [ ip-address2 { mask2 |

mask-length2 }| longer ] | longer ]

Display statistics about the FIB items display fib statistics

Clear statistics of IP packets reset ip statistics

Clear statistics of TCP flows reset tcp statistics

Clear statistics of UDP flows reset udp statistics

Other manuals for S5500-SI Series

Table of contents

Other H3C Switch manuals

Popular Switch manuals by other brands

Digisol

Digisol DG-GS1528HP/C Web management user guide

Quintum

Quintum Tenor AXE1600 release note

D-Link

D-Link DES-3528 - xStack Switch - Stackable Hardware installation guide

Pico Macom

Pico Macom TSMS-5/16RK Installation and operation manual

iPuray

iPuray BRT-706 quick start guide

3Com

3Com 4800G Series Getting started guide

Jung

Jung 52921 ST operating instructions

Omega Engineering

Omega Engineering FSW-50 Series manual

Cisco

Cisco Catalyst 4948E Installing guide

Di-soric

Di-soric KDCT 6.5 V 02 G3-4 manual

Sierra Video

Sierra Video SP-14 Setup guide

ATEN

ATEN CS-1742 user manual

ATEN

ATEN US221A user manual

QuantumZERO

QuantumZERO QZ-HB02 Welcome guide

HP 316095-B21 - StorageWorks Edge Switch 2/24 release note

Keysight

Keysight U7108 Series Operating and service manual

Edimax

Edimax ES-5224RS+ Specifications

HP OfficeConnect 1405 Series Installation and getting started guide

H3C S5500-SI Series User manual

Popular Switch manuals by other brands