372
SAVI configuration
SAVI overview
Source Address Validation (SAVI) is applied on access devices. SAVI creates a table of bindings between
addresses and ports through other features such as ND snooping, DHCPv6 snooping, and IP Source
Guard, and uses those bindings to check the validity of the source addresses of DHCPv6 protocol
packets, ND protocol packets, and IPv6 data packets.
SAVI can be used in the following address assignment scenarios:
• DHCPv6-only: The hosts connected to the SAVI-enabled device obtain addresses only through
DHCPv6.
• SLAAC-only: The hosts connected to the SAVI-enabled device obtain addresses only through
Stateless Address Autoconfiguration (SLAAC).
• DHCPv6+SLAAC: The hosts connected to the SAVI-enabled device obtain addresses through
DHCPv6 and SLAAC.
The following section describes SAVI configurations in these address assignment scenarios.
Global SAVI configuration
Follow these steps to configure SAVI globally:
To do... Use the command…
Remarks
Enter system view system-view ––
Enable the SAVI function ipv6 savi strict
Required
Disabled by default.
Set the time to wait for a
duplicate address detection
(DAD) NA
ipv6 savi dad-delay value
Optional
One second by default.
If no DAD NA is received within the specified
time when the corresponding ND snooping
entry is in detect state, the ND snooping entry
changes to bound state.
Set the time to wait for a
DAD NS from a DHCPv6
client
ipv6 savi dad-preparedelay
[ value ]
Optional
One second by default.[
This command is used with the DHCPv6
snooping function. After DHCPv6 snooping
detects that a client obtains an IPv6 address, it
monitors whether the client detects IP address
conflict. If DHCPv6 snooping does not receive
any DAD NS from the client before the set
time expires, SAVI sends a DAD NS on behalf
of the client.
To Next Page
Loading...
Need help?
General