Hardware	RIR compatibility
MSR610	Yes
MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK, MSR810-EI, MSR810-LM-EA, MSR810-LM-EI	Yes
MSR810-LMS, MSR810-LUS	No
MSR810-SI, MSR810-LM-SI	No
MSR810-LMS-EA, MSR810-LME	Yes
MSR1004S-5G、MSR1004S-5G-CN	Yes
MSR1104S-W, MSR1104S-W-CAT6、MSR1104S-5G-CN、MSR1104S-W-5G-CN	Yes
MSR2600-6-X1, MSR2600-15-X1, MSR2600-15-X1-T	Yes
MSR2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28, MSR3600-51	Yes
MSR3600-28-SI, MSR3600-51-SI	No
MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP	Yes
MSR3600-28-G-DP, MSR3600-51-G-DP	Yes
MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR-EAD-AK770, MSR3610-I-IG, MSR3610-IE-IG	Yes
MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC, MSR3620-X1, MSR3640-X1	Yes
MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660	Yes
MSR3610-G, MSR3620-G	Yes
MSR3640-G	Yes
MSR3640-X1-HI	Yes

Hardware	RIR compatibility
MSR810-W-WiNet, MSR810-LM-WiNet	Yes
MSR830-4LM-WiNet	Yes
MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet	Yes
MSR830-6BHI-WiNet, MSR830-10BHI-WiNet	Yes
MSR2600-6-WiNet	Yes
MSR2600-10-X1-WiNet	Yes
MSR2630-WiNet	Yes
MSR3600-28-WiNet	Yes
MSR3610-X1-WiNet	Yes
MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet	Yes

Hardware	RIR compatibility
MSR860-6EI-XS	Yes
MSR860-6HI-XS	Yes
MSR2630-XS	Yes
MSR3600-28-XS	Yes
MSR3610-XS	Yes
MSR3620-XS	Yes
MSR3610-I-XS	Yes
MSR3610-IE-XS	Yes
MSR3620-X1-XS	Yes
MSR3640-XS	Yes
MSR3660-XS	Yes

Hardware	RIR compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR1004S-5G-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	No

application-quality

Use application-quality to enter application quality detection view.

Use undo client enable to delete the application quality detection view and all its settings.

Syntax

application-quality

undo application-quality

Default

No settings exist in application quality detection view.

Views

RIR-SDWAN view

Predefined user roles

network-admin

Usage guidelines

RIR-SDWAN supports the following detection methods:

· Link quality detection—Detects the quality of SDWAN tunnels. RIR-SDWAN performs link selection based on the quality detection result.

· Application quality detection—For specific service flows forwarded through the SDWAN tunnels, RIR-SDWAN detects the quality of the application flows with the specified packet signatures for application analysis.

Application quality detection settings must be configured in application quality detection view.

If application quality detection is enabled, the device does not support the per-packet load balancing mode.

Examples

# Enter application quality detection view.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] application-quality

[Sysname-rir-sdwan-app]

client enable

Use client enable to enable the RIR client globally.

Use undo client enable to disable the RIR client globally.

Syntax

client enable

undo client enable

Default

The RIR client is disabled globally.

Views

RIR-VXLAN view

Predefined user roles

network-admin

Usage guidelines

To avoid NQA probes from occupying too many resources on a hub in a hub-spoke network, configure the hub as an RIR server and configure the spokes as RIR clients.

You can enable the RIR client globally or on an interface.

· Enabling the RIR client globally also enables the RIR client for all interfaces on the device. The interfaces can send link quality probe results for the RIR client.

· Enabling the RIR client on an interface allows only that interface to send link quality probe results for the RIR client.

When you enable the RIR client, follow these restrictions and guidelines:

· In a VXLAN network, only tunnel interfaces support enabling the RIR client. The RIR client uses the tunnel interfaces to send link quality probe results.

· The RIR server and RIR client cannot be both enabled on the same interface.

· If the enabled role (RIR server or client) on an interface is different from the globally enabled role, the interface-specific role takes effect on that interface.

Examples

# Enable the RIR client globally.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] client enable

Related commands

probe connect

probe sync-port

server enable

collaboration peer local

Use collaboration peer local to enable the local device to establish RIR collaboration relationship with a peer device.

Use undo collaboration peer local to restore the default.

Syntax

collaboration peer [ vpn-instance vpn-instance-name ] peer-ipv4-address local local-ipv4-address sync-port port-number

undo collaboration peer [ vpn-instance vpn-instance-name ] peer-ipv4-address local

Default

The local device does not establish RIR collaboration relationship with any device.

Views

RIR-VXLAN view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance on which the local and peer devices establish RIR collaboration relationship. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN instance must exist. If the local and peer IP addresses belong to the public network, do not specify this option.

peer-ipv4-address: Specifies an RIR collaboration peer by its IPv4 address.

local-ipv4-address: Specifies the IPv4 address of the local device. The local and peer devices must both belong to the public network or the same VPN instance.

sync-port port-number: Specifies the TCP port number used by the local and peer devices to synchronize link data. The value range for the port-number argument is 1024 to 65535. Make sure the port number is not used by any other service on the device.

Usage guidelines

Each pair of devices in an RIR collaboration device group must establish RIR collaboration relationship. You must configure this command on both the local and peer devices.

In a pair of devices with RIR collaboration relationship, the device with a lower IP address is the client. The client uses the port number specified by using this command to initiate a TCP connection request to its peer. Through the TCP connection, the local device can synchronize the configuration and status data of links that meet the service requirements to the peer device. The data does not include link data synchronized from other devices in the same RIR collaboration device group.

For the local device to select links from a peer device, you must execute the collaboration peer redirect command on both the local and peer devices.

The local and peer devices must use the same TCP port number for link data synchronization. A device can use the same or different TCP port numbers to synchronize data to different peers.

If you execute this command multiple times for the same pair of devices in the public network or a VPN instance, the most recent configuration takes effect.

Examples

# Establish RIR collaboration relationship between local device 1.1.1.1 and peer device 1.1.1.2 on the public network. They use TCP port number 6000 for link data synchronization.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] collaboration peer 1.1.1.2 local 1.1.1.1 sync-port 6000

# Establish RIR collaboration relationship between local device 1.1.1.1 and peer device 1.1.1.2 in VPN instance a. They use TCP port number 6000 for link data synchronization.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] collaboration peer vpn-instance a 1.1.1.2 local 1.1.1.1 sync-port 6000

Related commands

collaboration peer redirect

Use collaboration peer redirect to configure the redirect IP address of an RIR collaboration peer.

Use undo collaboration peer redirect to delete the redirect IP address of an RIR collaboration peer.

Syntax

collaboration peer [ vpn-instance vpn-instance-name ] peer-ipv4-address redirect [ vpn-instance redirect-vpn-instance-name ] redirect-ipv4-address

undo collaboration peer [ vpn-instance vpn-instance-name ] peer-ipv4-address redirect [ vpn-instance redirect-vpn-instance-name ]

Default

No redirect IP address is configured for an RIR collaboration peer.

Views

RIR-VXLAN view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance on which the local and peer devices establish RIR collaboration relationship. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the local and peer devices establish RIR collaboration relationship on the public network, do not specify this option.

peer-ipv4-address: Specifies an RIR collaboration peer by its IPv4 address.

vpn-instance redirect-vpn-instance-name: Specifies the MPLS L3VPN instance for the packets to be redirected to the redirect IPv4 address of the peer device. The redirect-vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the packets to be redirected belong to the public network, do not specify this option.

redirect-ipv4-address: Specifies the redirect IPv4 address of the peer device.

Usage guidelines

Use this command on both the local and peer devices that have established RIR collaboration relationship. This command specifies the redirect IP address for packets redirected to a peer device on the public network or a VPN instance. When the local device selects links from the peer device to forward packets on the public network or a VPN instance, it performs the following operations:

· Looks up the routing table of the public network or VPN instance based on the redirect IP address.

· Forwards the packets to the peer device through the RIR dedicated link.

If you execute the undo form of this command without the vpn-instance redirect-vpn-instance-name option for a peer, the redirect IPv4 address of the public network is deleted for the peer.

If you execute this command multiple times for the same peer on the public network or in the same redirect VPN instance, the most recent configuration takes effect.

Examples

# Specify 2.1.1.1 as the redirect IP address in VPN instance b for peer device 1.1.1.2 in VPN instance a.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] collaboration peer vpn-instance a 1.1.1.2 redirect vpn-instance b 2.1.1.1

Related commands

collaboration peer local

cqi-weight

Use cqi-weight to configure the weights for the delay, jitter, and packet loss metrics used for computing CQI values.

Use undo cqi-weight to restore the default.

Syntax

cqi-weight delay delay-weight jitter jitter-weight packet-loss packet-loss-weight

undo cqi-weight

Default

The weights for the delay, jitter, and packet loss metrics are all 1.

Views

RIR-SDWAN flow template view

Predefined user roles

network-admin

Parameters

delay delay-weight: Sets the weight for the delay metric used for computing CQI values, in the range of 0 to 10.

jitter jitter-weight: Sets the weight for the jitter metric used for computing CQI values, in the range of 0 to 10.

packet-loss packet-loss-weight: Sets the weight for the packet loss metric used for computing CQI values, in the range of 0 to 10.

Usage guidelines

RIR-SDWAN computes Comprehensive Quality Indicator (CQI) values to evaluate link quality.

· If the probe result of a metric (delay, jitter, or packet loss rate) is lower than or equal to the associated quality threshold in the SLA, the CQI value for the metric is 100.

· If the probe result of a metric is higher than the associated quality threshold in the SLA, the CQI value for the metric is calculated with the formula: (metric threshold × 100) / probe result of the metric.

· The overall CQI value is calculated with the formula: (x × Ds+ y × Js + z × Ls) / (x + y + z).

In this formula, x, y, and z represent the weight values of delay, jitter, and packet loss rate, respectively (the weight values are in the range of 0 to 10, and cannot be all 0). Ds, Js, and Ls represent the CQI values for delay, jitter, and packet loss rate.

To avoid frequent link switchovers, the device uses the approximate overall CQI value to evaluate link quality. The approximate overall CQI value is a multiple of 5 that is smaller than and closest to the overall CQI value. For example, if the overall CQI value is 82.5, the approximate overall CQI value is 80.

For quality tolerant link selection, The device selects the link with the highest approximate overall CQI value as the optimal link. If multiple links have the highest approximate overall CQI value, the device selects one or multiple optimal links from them based on the link load balancing mode.

The weights for the delay, jitter, and packet loss metrics cannot be all 0.

Examples

# Configure the weight values for the delay, jitter, and packet loss metrics as 2, 5, and 7, respectively, to compute CQI values for link quality evaluation of flow 1.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow 1

[Sysname-rir-sdwan-flow-1] cqi-weight delay 2 jitter 5 packet-loss 7

delay threshold

Use delay threshold to set the link delay threshold.

Use undo delay threshold to restore the default.

Syntax

delay threshold threshold-value

undo delay threshold

Default

The link delay threshold is 10 milliseconds.

Views

RIR-VXLAN SLA view

RIR-SDWAN SLA view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the link delay threshold, in the range of 10 to 60000 milliseconds.

Usage guidelines

Link delay refers to the interval between the sending time and receiving time of a packet.

The shorter the delay time, the higher the link quality.

A flow template uses the link delay threshold in its associated SLA to filter links that meet the link delay requirement.

Examples

# In SLA 1, set the link delay threshold to 1000 milliseconds for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] sla 1

[Sysname-rir-sla-1] delay threshold 1000

# In SLA 1, set the link delay threshold to 1000 milliseconds for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] sla 1

[Sysname-rir-sdwan-sla-1] delay threshold 1000

display rir sdwan application-quality

Use display rir sdwan application-quality to display application quality detection information.

Syntax

display rir sdwan application-quality instance instance-name [ flow-id flow-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies an application quality detection instance by its name, a case-sensitive string of 1 to 63 characters.

flow-id flow-id: Specifies a flow template by its flow ID in the range of 1 to 65535. If you do not specify a flow ID, this command displays application quality detection information for all flow templates in the specified instance.

Usage guidelines

This command displays only the application quality detection information within the most recent 10 probe intervals.

Examples

# Display application quality detection information for all flow templates in instance abc.

<Sysname> display rir sdwan application-quality instance abc

Flow ID: 1

Tunnel1

Peer TTE: Site ID=1 Device ID=2 Interface ID=4

Period started at PktCount Timestamp (msec)

2020/11/16 14:28:00 100 1596273655

2020/11/16 14:27:00 100 1596273655

2020/11/16 14:26:00 100 1596273655

2020/11/16 14:25:00 100 1596273655

2020/11/16 14:24:00 100 1596273655

2020/11/16 14:23:00 100 1596273655

2020/11/16 14:22:00 100 1596273655

2020/11/16 14:21:00 100 1596273655

2020/11/16 14:20:00 100 1596273655

2020/11/16 14:19:00 100 1596273655

Peer TTE: Site ID=1 Device ID=2 Interface ID=5

Period started at PktCount Timestamp (msec)

2020/11/16 14:28:00 100 1596273655

2020/11/16 14:27:00 100 1596273655

2020/11/16 14:26:00 100 1596273655

2020/11/16 14:25:00 100 1596273655

2020/11/16 14:24:00 100 1596273655

2020/11/16 14:23:00 100 1596273655

2020/11/16 14:22:00 100 1596273655

2020/11/16 14:21:00 100 1596273655

2020/11/16 14:20:00 100 1596273655

2020/11/16 14:19:00 100 1596273655

Flow ID: 2

Tunnel2

Peer TTE: Site ID=1 Device ID=2 Interface ID=3

Period started at PktCount Timestamp (msec)

2020/11/16 14:28:00 100 1596273655

2020/11/16 14:27:00 100 1596273655

2020/11/16 14:26:00 100 1596273655

2020/11/16 14:25:00 100 1596273655

2020/11/16 14:24:00 100 1596273655

2020/11/16 14:23:00 100 1596273655

2020/11/16 14:22:00 100 1596273655

2020/11/16 14:21:00 100 1596273655

2020/11/16 14:20:00 100 1596273655

2020/11/16 14:19:00 100 1596273655

Peer TTE: Site ID=1 Device ID=2 Interface ID=6

Period started at PktCount Timestamp (msec)

2020/11/16 14:28:00 100 1596273655

2020/11/16 14:27:00 100 1596273655

2020/11/16 14:26:00 100 1596273655

2020/11/16 14:25:00 100 1596273655

2020/11/16 14:24:00 100 1596273655

2020/11/16 14:23:00 100 1596273655

2020/11/16 14:22:00 100 1596273655

2020/11/16 14:21:00 100 1596273655

2020/11/16 14:20:00 100 1596273655

2020/11/16 14:19:00 100 1596273655

Table 1 Command output

Field	Description
Flow ID	Flow template ID.
Tunneltunnel-number	SDWAN tunnel interface name.
Peer TTE	Peer Transport Tunnel Endpoint (TTE) information of the SDWAN tunnel.
Site ID	Peer TTE site ID of the SDWAN tunnel.
Device ID	Peer TTE device ID of the SDWAN tunnel.
Interface ID	Peer TTE interface ID of the SDWAN tunnel.
Period started at	Start time of the quality detection interval.
PktCount	Number of packets collected within the interval.
Timestamp (msec)	Timestamp (in milliseconds) when the device processed packets with the specified signature within the interval. The timestamp can be used to compute the delay.

‌

display rir sdwan bandwidth tunnel

Use display rir sdwan bandwidth tunnel to display bandwidth information for the specified SDWAN tunnel interface and the associated physical output interface.

Syntax

display rir sdwan bandwidth tunnel tunnel-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel-number: Specifies an SDWAN tunnel interface by its tunnel interface number.

Examples

# Display bandwidth information for interface Tunnel 1 and the associated physical output interface.

<Sysname> display rir sdwan bandwidth tunnel 1

Tunnel bandwidth info:

Interface Total bandwidth Remaining bandwidth Bandwidth usage

Tunnel1 200 kbps 200 kbps 0 %

Output interface bandwidth info:

PeerTTE: SiteID=1 DeviceID=2 IfID=2

Interface Total bandwidth Remaining bandwidth Bandwidth usage

GE1/0/1 200 kbps 200 kbps 0 %

PeerTTE: SiteID=1 DeviceID=2 IfID=3

Interface Total bandwidth Remaining bandwidth Bandwidth usage

GE1/0/2 200 kbps 200 kbps 0 %

Table 2 Command output

Field	Description
Tunnel bandwidth info	Tunnel interface bandwidth information.
Interface	Interface name.
Total bandwidth	Total bandwidth of the tunnel interface or the associated physical output interface, in Kbps. The value is the expected bandwidth of the interface.
Remaining bandwidth	Remaining bandwidth of the tunnel interface or the associated physical output interface, in Kbps.
Bandwidth usage	Bandwidth usage of the tunnel interface or the associated physical output interface.
Output interface bandwidth info	Output interface bandwidth information.
PeerTTE	Peer TTE information of the SDWAN tunnel.
SiteID	Peer TTE site ID of the SDWAN tunnel.
DeviceID	Peer TTE device ID of the SDWAN tunnel.
IfID	Peer TTE interface ID of the SDWAN tunnel.

‌

display rir sdwan flow

Use display rir sdwan flow to display link selection policy information for the specified service flow.

Syntax

display rir sdwan flow flow-id

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

flow-id: Specifies a flow template by its flow ID in the range of 1 to 65535.

Examples

# Display link selection information for all available SDWAN tunnels in flow template 1.

<Sysname> display rir sdwan flow 1

Flow ID: 1

Session expected bandwidth: 2000 kbps

Quality policy: Yes

Tunnels with different preference values:

Preference: 8

Tunnel1

Site ID Device ID Interface ID CQI

100 1 100 80

100 2 110 90

Tunnel2

Site ID Device ID Interface ID CQI

100 1 100 80

100 2 110 90

Preference: 10

Tunnel2

Site ID Device ID Interface ID CQI

100 3 80 80

100 4 120 90

Table 3 Command output

Field	Description
Flow ID	Flow template ID.
Session expected bandwidth	Configured session expected bandwidth, in Kbps.
Quality policy	Quality policy status: · Yes—A quality policy is configured. · No—No quality policy is configured.
Tunnels with different preference values	Information about SDWAN tunnels with different preferences.
Preference	SDWAN tunnel preference. The smaller the value, the higher the preference.
Tunneltunnel-number	SDWAN tunnel interface name.
Site ID	Peer TTE site ID of the SDWAN tunnel.
Device ID	Peer TTE device ID of the SDWAN tunnel.
Interface ID	Peer TTE interface ID of the SDWAN tunnel.
CQI	Approximate overall CQI value of the SDWAN tunnel.

‌

display rir sdwan link-quality

Use display rir sdwan link-quality to display link quality detection information for SDWAN tunnels.

Syntax

display rir sdwan link-quality [ tunnel tunnel-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel tunnel-number: Specifies an SDWAN tunnel interface by its tunnel interface number. If you do not specify this option, the command displays link quality detection information for all SDWAN tunnels.

Usage guidelines

This command displays only the link quality detection information for SDWAN tunnels within the most recent 10 probe intervals.

Examples

# Display link quality detection information for all SDWAN tunnels.

<Sysname> display rir sdwan link-quality

Tunnel1

Peer TTE: Site ID=1 Device ID=2 Interface ID=3 Connectivity: Connected

Period started at PktLoss (per mill) Delay (msec) Jitter (msec)

2020/11/16 14:28:00 0 0 0

2020/11/16 14:27:00 0 0 0

2020/11/16 14:26:00 0 0 0

2020/11/16 14:25:00 0 0 0

2020/11/16 14:24:00 0 0 0

2020/11/16 14:23:00 0 0 0

2020/11/16 14:22:00 0 0 0

2020/11/16 14:21:00 0 0 0

2020/11/16 14:20:00 0 0 0

2020/11/16 14:19:00 0 0 0

Peer TTE: Site ID=1 Device ID=2 Interface ID=4 Connectivity: Connected

Period started at PktLoss (per mill) Delay (msec) Jitter (msec)

2020/11/16 14:28:00 0 0 0

2020/11/16 14:27:00 0 0 0

2020/11/16 14:26:00 0 0 0

2020/11/16 14:25:00 0 0 0

2020/11/16 14:24:00 0 0 0

2020/11/16 14:23:00 0 0 0

2020/11/16 14:22:00 0 0 0

2020/11/16 14:21:00 0 0 0

2020/11/16 14:20:00 0 0 0

2020/11/16 14:19:00 0 0 0

Tunnel2

Peer TTE: Site ID=1 Device ID=2 Interface ID=5 Connectivity: Connected

Period started at PktLoss (per mill) Delay (msec) Jitter (msec)

2020/11/16 14:28:00 0 0 0

2020/11/16 14:27:00 0 0 0

2020/11/16 14:26:00 0 0 0

2020/11/16 14:25:00 0 0 0

2020/11/16 14:24:00 0 0 0

2020/11/16 14:23:00 0 0 0

2020/11/16 14:22:00 0 0 0

2020/11/16 14:21:00 0 0 0

2020/11/16 14:20:00 0 0 0

2020/11/16 14:19:00 0 0 0

Peer TTE: Site ID=1 Device ID=2 Interface ID=6 Connectivity: Connected

Period started at PktLoss (per mill) Delay (msec) Jitter (msec)

2020/11/16 14:28:00 0 0 0

2020/11/16 14:27:00 0 0 0

2020/11/16 14:26:00 0 0 0

2020/11/16 14:25:00 0 0 0

2020/11/16 14:24:00 0 0 0

2020/11/16 14:23:00 0 0 0

2020/11/16 14:22:00 0 0 0

2020/11/16 14:21:00 0 0 0

2020/11/16 14:20:00 0 0 0

2020/11/16 14:19:00 0 0 0

Table 4 Command output

Field	Description
Tunneltunnel-number	SDWAN tunnel interface name.
Peer TTE	Peer TTE information of the SDWAN tunnel.
Site ID	Peer TTE site ID of the SDWAN tunnel.
Device ID	Peer TTE device ID of the SDWAN tunnel.
Interface ID	Peer TTE interface ID of the SDWAN tunnel.
Connectivity	NQA link connectivity probe result of the SDWAN tunnel: · Connected. · Disconnected.
Period started at	Start time of the quality detection interval.
PktLoss (per mill)	Detected packet loss rate (per mill) of the SDWAN tunnel.
Delay (msec)	Detected delay (in milliseconds) of the SDWAN tunnel.
Jitter (msec)	Detected jitter (in milliseconds) of the SDWAN tunnel.

‌

display rir sdwan session-statistics tunnel

Use display rir sdwan session-statistics tunnel to display service session statistics for the specified tunnel interface.

Syntax

In standalone mode:

display rir sdwan session-statistics tunnel interface-number [ flow flow-id ]

In IRF mode:

display rir sdwan session-statistics tunnel interface-number [ flow flow-id ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-number: Specifies a tunnel interface by its number. The specified tunnel interface must already exist on the device.

flow flow-id: Specifies a flow template by its flow ID, in the range of 1 to 65535. If you do not specify a flow ID, this command displays session statistics for all flow templates.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information on the master device. (In IRF mode.)

Examples

# Display service session statistics for the tunnel interface 1.

<Sysname> system-view

[Sysname] display rir sdwan session-statistics tunnel 1

Tunnel interface: Tun1

Flow ID: 3

Collaboration sessions : 0

Local sessions : 1

Total sessions : 1

Session statistics:

SiteID DeviceID InterfaceID SessCount

10 1 2 1

Table 5 Command output

Field	Description
Tunnel interface	Tunnel interface name.
Collaboration sessions	Number of sessions synchronized from the collaboration channel.
Local sessions	Number of local sessions.
Total sessions	Total number of sessions.
SiteID	Peer device site ID of the session.
DeviceID	Peer device ID of the session.
InterfaceID	Peer device interface ID of the session.
SessCount	Number of sessions.

display sdwan collaboration channel

Use display sdwan collaboration channel to display collaboration channel status and packet statistics on the device.

Syntax

display sdwan collaboration channel [ peer-device-id device-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

peer-device-id device-id: Specifies a peer device by its ID in the range of 1 to 255. If you do not specify this option, the command displays status and packet statistics of all collaboration channels on the local device.

Examples

# Display status and packet statistics of all collaboration channels on the device.

<Sysname> display sdwan collaboration channel

Peer device ID : 2

Peer IP : 1.1.1.2

Local IP : 1.1.1.1

VPN instance : aa

Sync-port : 1024

Status : Connected

Total collaboration channels: 1

Packet statistics:

Input(total) : 4 packets

Add tteConnectionPackets : 1

Delete tteConnectionPackets: 0

RirDataPackets : 1

SmoothStartPackets : 1

SmoothEndPackets : 1

SmoothDataPackets : 0

DropPackets : 0

Ouput(total) : 4 packets

Add tteConnectionPackers : 1

Delete tteConnectionPackets: 0

RirDataPackets : 1

SmoothStartPackets : 1

SmoothEndPackets : 1

SmoothDataPackets : 0

DropPackets : 0

Table 6 Command output

Field	Description
Peer IP	IP address of the peer device of the collaboration channel.
Local IP	IP address of the local device of the collaboration channel.
VPN instance	VPN instance to which the collaboration relationship with the peer device belongs. This field displays a hyphen (-) if the collaboration relationship belongs to the public network instance.
Sync-port	TCP port number used for synchronizing link data between the local and peer devices.
Status	Collaboration channel status: · Init. · Connecting. · Checking. · Connected. · Closed.
Total collaboration connections	Number of collaboration channels on the local device.
Input(total)	Total number of packets received through the collaboration channel by the device.
Add tteConnectionPackets	Number of packets carrying the information to add TTE connection.
Delete tteConnectionPackets	Number of packets carrying the information to delete TTE connection.
RirDataPackets	Number of packets carrying RIR data.
SmoothStartPackets	Number of smoothing start packets.
SmoothEndPackets	Number of smoothing end packets.
SmoothDataPackets	Number of packets carrying the TTE connection smoothing information.
DropPackets	Number of discarded packets.
Output(total)	Total number of packets sent through the collaboration channel by the device.

display tunnel flow-statistics

Use display tunnel flow-statistics to display tunnel traffic rate statistics.

Syntax

display tunnel flow-statistics [ flow flow-id [ interface tunnel number ] ] [ tte-connection ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

flow flow-id: Specifies a flow template by its flow ID, in the range of 0 to 65535. If you do not specify a flow ID, this command displays statistics for all flow templates.

interface tunnel number: Specifies a tunnel interface by its tunnel interface number. The value range for the number argument is 1 to 65535. If you do not specify a tunnel interface, this command displays statistics about the specified flow template for all tunnel interfaces.

tte-connection: Displays TTE connection-based tunnel traffic rate statistics. If you do not specify this keyword, the command displays tunnel traffic rate statistics for service flows.

Examples

# Display tunnel traffic rate statistics for RIR-VXLAN.

<Sysname> display tunnel flow-statistics

Flow 100:

Interface : Tunnel1

Out pps : 10

Out bps : 4800

Total out packets : 25836

Total out bytes : 3068951

Interface : Tunnel2

Out pps : 20

Out bps : 9600

Total out packets : 689575

Total out bytes : 75869523

Flow 101:

Interface : Tunnel3

Out pps : 10

Out bps : 4800

Total out packets : 699575

Total out bytes : 83946235

Table 7 Command output

Field	Description
Flow flow-id	ID of a service flow template.
Interface	Tunnel interface name.
Out pps	Number of outgoing packets through the tunnel interface per second.
Out bps	Number of outgoing bits through the tunnel interface per second.
Total out packets	Total number of outgoing packets.
Total out bytes	Total number of outgoing bytes.

‌

# Display tunnel traffic rate statistics for RIR-SDWAN.

<Sysname> display tunnel flow-statistics

Flow 100:

Interface : Tunnel1

Out pps : 10

Out bps : 4800

Total out packets : 25836

Total out bytes : 3068951

Interface : Tunnel2

Out pps : 20

Out bps : 9600

Total out packets : 689575

Total out bytes : 75869523

Flow 101:

Interface : Tunnel3

Out pps : 10

Out bps : 4800

Total out packets : 699575

Total out bytes : 83946235

Table 8 Command output

Field	Description
Flow flow-id	ID of a service flow template.
Interface	Tunnel interface name.
Out pps	Number of outgoing packets through the tunnel interface per second.
Out bps	Number of outgoing bits through the tunnel interface per second.
VPN instance	Name of the VPN instance to which the TTE connection belongs.
Total out packets	Total number of outgoing packets.
Total out bytes	Total number of outgoing bytes.

‌

# Display TTE connection-based tunnel traffic rate statistics for RIR-SDWAN.

<Sysname> display tunnel flow-statistics flow 100 tte-connection

Flow 100:

Interface: Tunnel1

SiteID/DevID/IfID : 100/1/120

VPN instance :

Out pps : 10

Out bps : 4800

Total out packets : 25836

Total out bytes : 3068951

SiteID/DevID/IfID : 100/2/80

VPN instance : vpna

Out pps : 30

Out bps : 9600

Total out packets : 689575

Total out bytes : 75869523

Table 9 Command output

Field	Description
Flow flow-id	ID of a service flow template.
Interface	Tunnel interface name.
SiteID	Site ID of the TTE connection.
DevID	Device ID of the TTE connection.
IfID	Interface ID of the TTE connection.
VPN instance	Name of the VPN instance to which the TTE connection belongs. This field is blank for the public network TTE connections.
Out pps	Number of outgoing packets through the tunnel interface per second.
Out bps	Number of outgoing bits through the tunnel interface per second.
Total out packets	Total number of outgoing packets.
Total out bytes	Total number of outgoing bytes.

‌

Related commands

reset tunnel flow-statistics

tunnel flow-statistics enable

expect-bandwidth

Use expect-bandwidth to specify the per-session expected bandwidth.

Use undo expect-bandwidth to restore the default.

Syntax

expect-bandwidth bandwidth

undo expect-bandwidth

Default

The per-session expected bandwidth is 0 kbps.

Views

RIR-VXLAN flow template view

RIR-SDWAN flow template view

Predefined user roles

network-admin

Parameters

bandwidth: Specifies the bandwidth in kbps, in the range of 1 to 400000000.

Usage guidelines

The per-session expected bandwidth configured by using this command is not the actual bandwidth used by a session. It is only a value estimated based on user services.

When the device selects links for traffic of a session, it obtains the per-session expected bandwidth in real time, and performs bandwidth detection based on the obtained bandwidth. If the device fails to obtain the bandwidth, it performs bandwidth detection based on the per-session expected bandwidth in the flow template to which the session belongs. A link is qualified in the bandwidth detection if it meets the following requirements:

· For the link-attached physical output interface, the used bandwidth plus the per-session expected bandwidth is less than 80% of the total bandwidth.

· For the link, the used bandwidth plus the per-session expected bandwidth is less than 80% of the total bandwidth.

Only RIR-SDWAN supports obtaining the per-session expected bandwidth in real time. RIR-VXLAN supports only configuring the per-session expected bandwidth in flow template view.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the per-session expected bandwidth to 10 kbps in flow template 1 for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow 1

[Sysname-rir-flow-1] expect-bandwidth 10

# Set the per-session expected bandwidth to 10 kbps in flow template 1 for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow 1

[Sysname-rir-sdwan-flow-1] expect-bandwidth 10

Related commands

flow

Use flow to create a flow template and enter RIR-VXLAN or RIR-SDWAN flow template view, or enter the view of an existing RIR-VXLAN or RIR-SDWAN flow template.

Use undo flow to delete a flow template.

Syntax

flow flow-id

undo flow flow-id

Default

No flow templates exist.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

flow-id: Specifies a flow ID for the flow template. The flow ID is in the range of 1 to 65535.

Usage guidelines

Use a flow template to define link selection policies (including the quality policy and link preference) that can filter qualified links for a type of service flow. After the device identifies the service of a packet based on the quintuple and DSCP of the packet, it assigns a flow ID to the packet according to the QoS policy applied to the service. Then, RIR selects a qualified link for the packet based on the link selection policies of the flow template that uses the flow ID.

Examples

# Create flow template 1 and enter RIR-VXLAN flow template view.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow 1

[Sysname-rir-flow-1]

# Create flow template 1 and enter RIR-SDWAN flow template view.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow 1

[Sysname-rir-sdwan-flow-1]

Related commands

remark flow-id (ACL and QoS Command Reference)

flow priority-based-schedule bandwidth-threshold

Use flow priority-based-schedule bandwidth-threshold to set the bandwidth usage thresholds for flow priority-based traffic scheduling.

Use undo flow priority-based-schedule bandwidth-threshold to restore the default.

Syntax

flow priority-based-schedule bandwidth-threshold upper upper-threshold lower lower-threshold

undo flow priority-based-schedule bandwidth-threshold

Default

The bandwidth usage upper threshold is 90% and the bandwidth usage lower threshold is 20%.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

upper upper-threshold: Sets the bandwidth usage upper threshold in percentage, in the range of 1 to 100. The upper threshold must be greater than or equal to the lower threshold.

lower lower-threshold: Sets the bandwidth usage lower threshold in percentage, in the range of 1 to 100.

Usage guidelines

If flow priority-based traffic scheduling is enabled, traffic scheduling is triggered when the bandwidth usage of a link-attached physical output interface or tunnel interface exceeds the upper threshold. The scheduling might be last for several scheduling periods. Within each scheduling period, RIR redistributes the current lowest priority flow on this link to other links. The scheduling stops for a link in one of the following conditions:

· The bandwidth usage of all link-attached physical output interfaces or tunnel interfaces for the current lowest priority flow is below the lower threshold.

· Only the highest priority flow is left on this link.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# For RIR-VXLAN, enable flow priority-based traffic scheduling and set the bandwidth usage upper threshold and lower threshold to 80% and 30%, respectively.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow priority-based-schedule enable

[Sysname-rir] flow priority-based-schedule bandwidth-threshold upper 80 lower 30

# For RIR-SDWAN, enable flow priority-based traffic scheduling and set the bandwidth usage upper threshold and lower threshold to 80% and 30%, respectively.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow priority-based-schedule enable

[Sysname-rir-sdwan] flow priority-based-schedule bandwidth-threshold upper 80 lower 30

Related commands

flow priority-based-schedule enable

Use flow priority-based-schedule enable to enable flow priority-based traffic scheduling.

Use undo flow priority-based-schedule enable to disable flow priority-based traffic scheduling.

Syntax

flow priority-based-schedule enable

undo flow priority-based-schedule enable

Default

Flow priority-based traffic scheduling is disabled.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Usage guidelines

To ensure that services with higher priority preferentially use link resources, enable flow priority-based traffic scheduling.

The priority of a flow that matches a flow template is determined by the ID of the SLA associated with that flow template. The greater the SLA ID, the higher the flow priority. To specify an SLA for a flow template, use the quality-policy command. If the command is not configured in a flow template, flows that match the flow template have the lowest priority.

· The bandwidth usage of all link-attached physical output interfaces or tunnel interfaces for the current lowest priority flow is below the lower threshold.

· Only the highest priority flow is left on this link.

Examples

# Enable flow priority-based traffic scheduling for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow priority-based-schedule enable

# Enable flow priority-based traffic scheduling for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow priority-based-schedule enable

Related commands

quality-policy

sla

flow priority-based-schedule schedule-period

Use flow priority-based-schedule schedule-period to set the scheduling period for flow priority-based traffic scheduling.

Use undo flow priority-based-schedule schedule-period to restore the default.

Syntax

flow priority-based-schedule schedule-period schedule-period-value

undo flow priority-based-schedule schedule-period

Default

The scheduling period for flow priority-based traffic scheduling is 30 seconds.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

schedule-period-value: Sets the scheduling period for flow priority-based traffic scheduling, in seconds. The value range for this argument is 15 to 65535.

Usage guidelines

If flow priority-based traffic scheduling is enabled, traffic scheduling is triggered when the bandwidth usage of a link-attached physical output interface or tunnel interface exceeds the upper threshold. The scheduling might be last for several scheduling periods. Within each scheduling period (set by using this command), RIR redistributes the current lowest priority flow on this link to other links. The scheduling stops for a link in one of the following conditions:

· The bandwidth usage of all link-attached physical output interfaces or tunnel interfaces for the current lowest priority flow is below the lower threshold.

· Only the highest priority flow is left on this link.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# For RIR-VXLAN, set the scheduling period for flow priority-based traffic scheduling to 20 seconds.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow priority-based-schedule enable

[Sysname-rir] flow priority-based-schedule schedule-period 20

# For RIR-SDWAN, set the scheduling period for flow priority-based traffic scheduling to 20 seconds.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow priority-based-schedule enable

[Sysname-rir-sdwan] flow priority-based-schedule schedule-period 20

instance

Use instance to create an application quality detection instance and enter its view, or enter the view of an existing application quality detection instance.

Use undo instance to delete an application quality detection instance.

Syntax

instance instance-name

undo instance instance-name

Default

No application quality detection instances exist.

Views

Application quality detection view

Predefined user roles

network-admin

Parameters

instance-name: Specifies an application quality detection instance by its name, a case-sensitive string of 1 to 63 characters excluding spaces.

Usage guidelines

To detect the quality of an application flow with the specified packet signature, create the same application quality detection instance (with the same name) on the two SDWAN devices. In addition, you must specify the instances as the source and destination instances, respectively, and configure the same signature and quality probe interval settings for the instances.

You can specify only one packet signature for an application quality detection instance. To detect applications with multiple packet signatures, create multiple application quality detection instances.

You can create a maximum of 16 application quality detection instances.

Examples

# Create application quality detection instance abc and enter its view.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] application-quality

[Sysname-rir-sdwan-app] instance abc

[Sysname-rir-sdwan-app-instance-abc]

jitter threshold

Use jitter threshold to set the link jitter threshold.

Use undo jitter threshold to restore the default.

Syntax

jitter threshold threshold-value

undo jitter threshold

Default

The link jitter threshold is 100 milliseconds.

Views

RIR-VXLAN SLA view

RIR-SDWAN SLA view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the link jitter threshold, in the range of 0 to 3600000 milliseconds.

Usage guidelines

The jitter time equals the receiving time interval between two consecutive packets minus the sending time interval between the two consecutive packets. The shorter the jitter time, the higher the link quality. A flow template uses the jitter threshold in its associated SLA to filter links that meet the jitter requirement.

Examples

# In RIR-VXLAN SLA 1, set the link jitter threshold to 1000 milliseconds.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] sla 1

[Sysname-rir-sla-1] jitter threshold 1000

# In RIR-SDWAN SLA 1, set the link jitter threshold to 1000 milliseconds.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] sla 1

[Sysname-rir—sdwan-sla-1] jitter threshold 1000

link-bandwidth ignore

Use link-bandwidth ignore to enable RIR to concern bandwidth when performing link selection.

Use undo link-bandwidth ignore to disable RIR from concerning bandwidth when performing link selection.

Syntax

link-bandwidth ignore

undo link-bandwidth ignore

Default

RIR concerns bandwidth when performing link selection.

Views

RIR-SDWAN view

Predefined user roles

network-admin

Usage guidelines

If the user concerns about forwarding paths of service traffic and does not concern about link quality and bandwidth, you can disable RIR from concerning bandwidth when performing link selection.

Examples

# Disable RIR from concerning bandwidth when performing link selection.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] undo link-bandwidth ignore

link-quality probe interval

Use link-quality probe interval to set the link quality probe interval.

Use undo link-quality probe interval to restore the default.

Syntax

link-quality probe interval interval

undo link-quality probe interval

Default

The link quality probe interval is 60 seconds.

Views

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

interval: Sets the link quality probe interval, in seconds. Supported values are 30, 60, 300, and 600.

Usage guidelines

After you enable the RIR-SDWAN service, the device periodically probes link quality of all SDWAN tunnels at the specified intervals, and performs link selection based on the probe result.

If you modify the link quality probe interval, the device stops probing the quality of all SDWAN tunnels, and uses the new interval to start probing the link quality of all SDWAN tunnels.

Examples

# Set the link quality probe interval to 600 seconds.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] link-quality probe interval 600

link-select delay

Use link-select delay to set the link selection delay.

Use undo link-select delay to restore the default.

Syntax

link-select delay delay

undo link-select delay

Default

The link selection delay is 60 seconds.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

delay: Sets the link selection delay in seconds, in the range of 1 to 65535.

Usage guidelines

To improve packet forwarding efficiency, the device does not repeatedly perform link selection for traffic of the same session. After the device performs link selection for traffic of a session, it forwards the subsequent traffic of that session according to the previous link selection result. Link reselection is triggered when any link in the session's flow template has one of the following changes:

· The quality of a link becomes qualified from unqualified or the quality of a link becomes unqualified from qualified.

· The bandwidth usage of a link has reached 90% of the maximum bandwidth.

· The bandwidth usage of a link-attached physical output interface has reached 90% of the maximum bandwidth.

To avoid frequent link selection caused by link flapping, RIR defines a link selection delay and link selection suppression period.

After the device performs link selection, it starts the link selection suppression period if the period has been configured. Within the link selection suppression period, the device does not perform link reselection, but it maintains the link state data. When the link selection suppression period ends, the link selection delay timer starts. If the link state still meets the conditions that can trigger link reselection when the delay timer expires, the device performs link reselection. If the link state changes to not meet the conditions that can trigger link reselection within the delay time, the device does not perform link reselection.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the link selection delay to 30 seconds for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] link-select delay 30

# Set the link selection delay to 30 seconds for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] link-select delay 30

Related commands

link-select suppress-period

link-select same-transport-network prefer

Use link-select same-transport-network prefer to enable the device to preferentially select links of the same transport network.

undo link-select same-transport-network prefer to disable the device from preferentially selecting links of the same transport network.

Syntax

link-select same-transport-network prefer

undo link-select same-transport-network prefer

Default

The device is disabled from preferentially selecting links of the same transport network.

Views

RIR-SDWAN flow template view

Predefined user roles

network-admin

Usage guidelines

With this feature enabled, the device preferentially selects a TTE connection with the same transport network name for forwarding packets. If the selected TTE connections do not meet the requirements, the device selects a TTE connection with a different transport network name. If multiple TTE connections with the same transport network name are available, they load share traffic based on link selection principles.

Examples

# Enable the device to preferentially select links of the same transport network.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow 1

[Sysname-rir-sdwan-flow-1] link-select same-transport-network prefer

link-select suppress-period

Use link-select suppress-period to set the link selection suppression period.

Use undo link-select suppress-period to restore the default.

Syntax

link-select suppress-period period-value

undo link-select suppress-period

Default

No link selection suppression period is configured. The device does not start the link selection suppression period after a link selection.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

period-value: Sets the link selection suppression period in seconds, in the range of 1 to 131070.

Usage guidelines

To avoid frequent link selection caused by link flapping, configure a link selection suppression period. The device starts the link selection suppression period after it performs a link selection.

Within the link selection suppression period, the device does not perform link reselection, but it maintains the link state data. When the link selection suppression period ends, the link selection delay timer starts. If the link state still meets the conditions that can trigger link reselection when the delay timer expires, the device performs link reselection. If the link state changes to not meet the conditions that can trigger link reselection within the delay time, the device does not perform link reselection.

As a best practice, set the link selection suppression period to a multiple of the link selection delay time. Make sure the suppression period is at least double of the link selection delay time.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the link selection suppression period to 60 seconds for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] link-select suppress-period 60

# Set the link selection suppression period to 60 seconds for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] link-select suppress-period 60

Related commands

link-select delay

load-balance per-packet enable

Use load-balance per-packet enable to enable per-packet load balancing.

Use undo load-balance enable to restore the default.

Syntax

load-balance per-packet enable

undo load-balance enable

Default

The RIR global link load balancing mode applies.

Views

RIR-VXLAN flow template view

RIR-SDWAN flow template view

Predefined user roles

network-admin

Usage guidelines

Based on link bandwidth, RIR supports the following link load balancing modes:

· Per-session weight-based link selection mode—RIR global link load balancing mode that takes effect on all RIR flows. This mode can distribute the sessions that match the same flow template to different links according to the weights of the links. RIR selects only one link to transmit a session.

· Per-session periodic link adjustment mode—RIR global link load balancing mode that takes effect on all RIR flows. This mode not only can distribute the sessions that match the same flow template to different links, but also can periodically adjust links for the sessions. Within one adjustment period, RIR selects only one link to transmit a session.

· Per-packet mode—Flow-specific link load balancing mode that takes effect only on sessions that match the flow template where this mode is enabled. This mode can distribute the same session to different links for transmission.

The mechanisms of the per-packet mode are as follows:

· For preference-based primary link selection, preference-based backup link selection, and quality tolerant link selection—If multiple links are available (or multiple links have the highest approximate overall CQI value for quality tolerant link selection in RIR-SDWAN), all these links are candidate optimal links for this session. When forwarding traffic for the session, the device distributes the traffic to these links packet by packet. The probability that a link is selected is calculated by using the following formula: (remaining bandwidth of the link-attached physical output interface / remaining bandwidth sum of all available link-attached physical output interfaces) × (remaining bandwidth of the link / remaining bandwidth sum of all available links for the link-attached physical output interface). The used bandwidth of a link or a physical output interface includes the per-session expected bandwidth.

· For bandwidth tolerant link selection—If multiple links are available for a session, all these links are candidate optimal links for this session. When forwarding traffic for the session, the device distributes the traffic to these links packet by packet. Each link has the same probability to be selected.

Because packets of the same session are distributed to multiple links, the receiver might receive out-of-order packets. As a best practice, do not enable per-packet load balancing for order-sensitive services (except the services that use protocols to maintain a correct packet order, for example, TCP).

If Wide Area Application Services (WAAS) log packet compression or decompression is enabled, per-packet load balancing cannot be performed correctly. For more information about WAAS log packet compression and decompression, see WAAS configuration in Layer 3—IP Services Configuration Guide.

Examples

# Enable per-packet load balancing mode in flow template with flow ID 1 for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow 1

[Sysname-rir-flow-1] load-balance per-packet enable

# Enable per-packet load balancing mode in flow template with flow ID 1 for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow 1

[Sysname-rir-sdwan-flow-1] load-balance per-packet enable

load-balance per-session periodic-adjust adjust-interval

Use load-balance per-session periodic-adjust adjust-interval to set the adjustment interval for per-session periodic link adjustment mode.

Use undo load-balance per-session periodic-adjust adjust-interval to restore the default.

Syntax

load-balance per-session periodic-adjust adjust-interval interval-value

undo load-balance per-session periodic-adjust adjust-interval

Default

The adjustment interval for per-session periodic link adjustment mode is 30 seconds.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

interval-value: Sets the adjustment interval for per-session periodic link adjustment mode, in the range of 15 to 65535 seconds.

Usage guidelines

In per-session periodic link adjustment mode, the device periodically detects the bandwidth usage of all links that have RIR sessions at intervals configured by using this command. RIR reselect links for sessions that match a flow template if the links in the flow template meets the following requirements: The difference between the largest remaining bandwidth ratio and smallest remaining bandwidth ratio of the physical output interfaces or tunnel interfaces becomes larger than or equal to the periodic adjustment upper threshold. The link adjustment might be last for several adjustment intervals. RIR stops link adjustment if one of the following requirements is met:

· The difference between the largest remaining bandwidth ratio and smallest remaining bandwidth ratio of the physical output interfaces or tunnel interfaces becomes smaller than the periodic adjustment lower threshold.

· RIR has performed 19 adjustments after link reselection is triggered.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the adjustment interval for per-session periodic link adjustment mode to 20 seconds for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] load-balance per-session periodic-adjust adjust-interval 20

# Set the adjustment interval for per-session periodic link adjustment mode to 20 seconds for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] load-balance per-session periodic-adjust adjust-interval 20

Related commands

load-balance per-session periodic-adjust enable

load-balance per-session periodic-adjust threshold

load-balance per-session periodic-adjust enable

Use load-balance per-session periodic-adjust enable to enable per-session periodic link adjustment mode.

Use undo load-balance per-session periodic-adjust enable to restore the default.

Syntax

load-balance per-session periodic-adjust enable

undo load-balance per-session periodic-adjust enable

Default

The per-session weight-based link selection mode is used.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Usage guidelines

Based on link bandwidth, RIR supports the following link load balancing modes:

· Per-packet mode—Flow-specific link load balancing mode that takes effect only on traffic that matches the flow template where this mode is enabled. This mode can distribute the same session to different links for transmission.

The mechanisms of the per-session periodic link adjustment mode are as follows:

a. RIR selects the physical output interface with the lowest bandwidth usage for a session. The used bandwidth is the actually used bandwidth plus the per-session expected bandwidth.

b. RIR selects a link among the links available for the selected physical output interface by comparing the bandwidth usage of the links. The link with the lowest bandwidth usage is selected as the optimal link. The used bandwidth is the actually used bandwidth plus the per-session expected bandwidth.

· For bandwidth tolerant link selection—If multiple links meet the requirements of a flow template, RIR selects one optimal link for each session of the flow template from these links. The link selected the last time for a session takes precedence over the other links for that session. If RIR performs link selection for a session for the first time, it uses the following process:

a. Selects a physical output interface based on the remaining bandwidth weights of the available physical output interfaces.

b. Selects a link among the links available for the selected physical output interface based on the remaining bandwidth weights of the links.

The per-session expected bandwidth is added to the used bandwidth.

In per-session periodic link adjustment mode, the device periodically detects the bandwidth usage of physical output interfaces or tunnel interfaces for all links that have RIR sessions at the configured adjustment intervals. RIR reselect links for sessions that match a flow template if the physical output interfaces or tunnel interfaces for the links in the flow template meets the following requirements: The difference between the largest remaining bandwidth ratio and smallest remaining bandwidth ratio of the physical output interfaces or tunnel interfaces becomes larger than or equal to the periodic adjustment upper threshold. The link adjustment might be last for several adjustment intervals. RIR stops link adjustment if one of the following requirements is met:

· The difference between the largest remaining bandwidth ratio and the smallest remaining bandwidth ratio of the physical output interfaces or tunnel interfaces becomes smaller than the periodic adjustment lower threshold.

· RIR has performed 19 adjustments after link reselection is triggered.

For a flow template, the per-packet load balancing mode takes precedence over the global per-session periodic link adjustment mode. If the per-packet load balancing mode is not enabled for a flow template, the flow template uses the global link load balancing mode.

Examples

# Enable per-session periodic link adjustment mode for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] load-balance per-session periodic-adjust enable

# Enable per-session periodic link adjustment mode for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] load-balance per-session periodic-adjust enable

Related commands

load-balance per-session periodic-adjust adjust-interval

load-balance per-session periodic-adjust threshold

Use load-balance per-session periodic-adjust threshold to set the periodic adjustment thresholds in per-session periodic link adjustment mode.

Use undo load-balance per-session periodic-adjust threshold to restore the default.

Syntax

load-balance per-session periodic-adjust threshold upper upper-threshold-value lower lower-threshold-value

undo load-balance per-session periodic-adjust threshold

Default

The periodic adjustment upper threshold is 50% and the periodic adjustment lower threshold is 20%.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

upper upper-threshold-value: Sets the periodic adjustment upper threshold, in the range of 1 to 100. The upper-threshold-value argument specifies the largest difference allowed between the largest remaining bandwidth ratio and smallest remaining bandwidth ratio of all available physical output interfaces or tunnel interfaces.

lower lower-threshold-value: Sets the periodic adjustment lower threshold, in the range of 1 to 100. After the difference between the largest remaining bandwidth ratio and the smallest remaining bandwidth ratio becomes smaller than this threshold, RIR stops link adjustment.

Usage guidelines

· RIR has performed 19 adjustments after link reselection is triggered.

The periodic adjustment upper threshold must be greater than or equal to the periodic adjustment lower threshold.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# For RIR-VXLAN, set the periodic adjustment upper threshold and the periodic adjustment lower threshold to 60% and 30%, respectively.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] load-balance per-session periodic-adjust threshold upper 60 lower 30

# For RIR-SDWAN, set the periodic adjustment upper threshold and the periodic adjustment lower threshold to 60% and 30%, respectively.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] load-balance per-session periodic-adjust threshold upper 60 lower 30

Related commands

load-balance per-session periodic-adjust enable

load-balance per-session periodic-adjust adjust-interval

log enable

Use log enable to enable RIR logging.

Use undo log enable to disable RIR logging.

Syntax

log enable

undo log enable

Default

RIR logging is disabled.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Usage guidelines

RIR logs record events occurred during the RIR process, such as link selection and reselection, quality change, bandwidth change, configuration change, and link fault events. The logs help the administrator analyze, maintain, and adjust the RIR network.

RIR logs are flow logs. To output RIR logs, you must also configure flow log features. For more information about flow logs, see Network Management and Monitoring Configuration Guide.

Examples

# Enable RIR logging for RIR-VXLAN.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] log enable

# Enable RIR logging for RIR-SDWAN.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] log enable

Related commands

userlog flow export host (Network Management and Monitoring Command Reference)

userlog flow syslog (Network Management and Monitoring Command Reference)

no-optimal-link drop

Use no-optimal-link drop to enable the device to drop service flows upon failure to find an optimal link.

Use undo no-optimal-link drop to restore the default.

Syntax

no-optimal-link drop

undo no-optimal-link drop

Default

If the device fails to find an optimal link, it forwards the service flows according to routing table lookup.

Views

Flow template view

Predefined user roles

network-admin

Usage guidelines

The device can use RIR to select optimal links to forward service flows of a flow template. If the device fails to find an optimal link, it forwards the service flows according to routing table lookup. If all links specified for a service fail, you can execute this command to avoid use of other links, for example, to prevent lower-priority video traffic to occupy service links.

Examples

# Enable the device to drop service flows in flow template 1 upon failure to find an optimal link.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow 1

[Sysname-rir-flow-1] no-optimal-link drop

Related commands

path link-type index preference

nqa

Use nqa to create an NQA link quality operation and enter its view, or enter the view of an existing NQA link quality operation.

Use undo nqa to delete an NQA link quality operation.

Syntax

nqa nqa-id

undo nqa nqa-id

Default

No NQA link quality operations exist.

Views

RIR-VXLAN view

Predefined user roles

network-admin

Parameters

nqa-id: Specifies an NQA link quality operation by its ID, in the range of 0 to 128.

Usage guidelines

An NQA link quality operation allows a flow template to start UDP jitter probes based on the probe parameters in the operation in order to detect the quality of links.

You can configure a quality policy for a flow template to associate the flow template with an SLA and an NQA link quality operation. The device monitors the quality of links in the flow template based on the NQA link quality operation and compares the NQA probe results with the thresholds in the SLA. If all parameter values in the probe results of a link are lower than or equal to the thresholds in the SLA, the link is qualified for the flow.

To differentiate service flows that have different link quality requirements, associate the flow templates with NQA link quality operations that contain different probe parameter values. Two NQA link quality operations with different probe parameter values might offer different probe results for the same link.

In a VXLAN network, the NQA link quality probe targets are VXLAN tunnel interfaces enabled with the RIR client.

The device supports a maximum of 129 NQA link quality operations.

Examples

# Create NQA link quality operation 1 and enter its view.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] nqa 1

[Sysname-rir-nqa-1]

Related commands

nqa agent enable (Network Management and Monitoring Command Reference)

quality-policy

packet-loss threshold

Use packet-loss threshold to set the packet loss threshold.

Use undo packet-loss threshold to restore the default.

Syntax

packet-loss threshold threshold-value

undo packet-loss threshold

Default

The packet loss threshold is 100‰.

Views

RIR-VXLAN SLA view

RIR-SDWAN SLA view

Predefined user roles

network-admin

Parameters

threshold-value: Sets the packet loss threshold, in the range of 0 to 1000 in permillage.

Usage guidelines

The packet loss ratio is the number of lost packets to the total number of sent packets. The lower the packet loss ratio, the higher the link quality. A flow template uses the packet loss threshold in its associated SLA to filter links that meet the packet loss requirement.

Examples

# In RIR-VXLAN SLA 1, set the packet loss threshold to 500‰.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] sla 1

[Sysname-rir-sla-1] packet-loss threshold 500

# In RIR-SDWAN SLA 1, set the packet loss threshold to 500‰.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] sla 1

[Sysname-rir-sdwan-sla-1] packet-loss threshold 500

Related commands

sla

path link-type index preference

Use path link-type index preference to specify a link preference for a type of links with a specific link index in a flow template.

Use undo path link-type index preference to restore the default.

Syntax

path link-type { 4g | internet | mpls | mstp | vpdn } index link-index preference preference

undo path link-type { 4g | internet | mpls | mstp | vpdn } index link-index

Default

No link preference is specified for a type of links with a specific link index in a flow template.

Views

RIR-VXLAN flow template view

Predefined user roles

network-admin

Parameters

4g: Specifies the 4G type.

internet: Specifies the Internet type.

mpls: Specifies the MPLS type.

mstp: Specifies the MSTP type.

vpdn: Specifies the VPDN type.

index link-index: Specifies a link index in the range of 1 to 65535.

preference preference: Specifies a link preference in the range of 1 to 255. The smaller the value, the higher the priority.

Usage guidelines

RIR preferentially selects links with higher preference.

The link type and link index specified in this command identify links on a VSI interface. .Because a VSI interface can have only one VXLAN tunnel between a hub and spoke, this command sets the link preference for a specific VXLAN tunnel.

You can assign the same link preference value to different links in the same flow template.

Examples

# In flow template 1, set the preference of MPLS link 1 to 100.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow 1

[Sysname-flow-1] path link-type mpls index 1 preference 100

Related commands

rir link-type

path sdwan

Use path sdwan to configure a link preference for the flow template.

Use undo path sdwan to restore the default.

Syntax

path sdwan transport-network network-name [ group-id group-id ] preference preference

undo path sdwan transport-network network-name [ group-id group-id ]

Default

No link preference is configured in a flow template.

Views

RIR-SDWAN flow template view

Predefined user roles

network-admin

Parameters

transport-network network-name: Specifies a transport network name, a case-sensitive string of 1 to 31 characters that can contain only letters, digits, underscores (_), and dots (.).

group-id group-id: Specifies the group ID of the SDWAN tunnel, in the range of 1 to 65535. If no SDWAN tunnel group ID is available, do not specify this option.

preference preference: Specifies a link preference in the range of 1 to 255. The smaller the value, the higher the priority.

Usage guidelines

Use this command to assign a link preference to an SDWAN tunnel by its transport network name or group ID in a flow template. To specify the SDWAN tunnel group ID, use the sdwan group-id command. RIR preferentially selects links with higher preference.

You can assign the same link preference value to different links in the same flow template.

A flow template supports assigning preference values to a maximum of 64 links.

Examples

# Assign preference 1 to the link with transport network name nt1.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow 1

[Sysname-rir-sdwan-flow-1] path sdwan transport-network nt1 preference 1

Related commands

sdwan transport-network

peer

Use peer to configure the peer device for application quality detection.

Use undo peer to delete the peer device for application quality detection.

Syntax

peer { source | destination } site-id site-id device-id device-id

undo peer

Default

No peer device is configured for application quality detection.

Views

Application quality detection instance view

Predefined user roles

network-admin

Parameters

source: Specifies the peer device as the source device for application quality detection.

destination: Specifies the peer device as the destination device for application quality detection.

site-id site-id: Specifies the site ID configured during SDWAN tunnel establishment for the peer device, in the range of 1 to 65535.

device-id device-id: Specifies the device ID configured during SDWAN tunnel establishment for the peer device, in the range of 1 to 255.

Usage guidelines

Use this command to specify a pair of peer devices as the source and destination devices for application quality detection. After you execute the probe flow command, the device uses iNQA to periodically detect the application flows with the specified packet signatures for application quality calculation. The application quality detection result is used for application analysis and does not affect link selection.

To modify the peer device settings of an instance, first execute the undo probe flow command to disable application quality detection for all service flows of the instance.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the peer device as the source device for application quality detection, and configure its site ID as 1 and device ID as 2.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] application-quality instance abc

[Sysname-rir-sdwan-app-instance-abc] peer source site-id 1 device-id 2

Related commands

probe flow

sdwan device-id

sdwan site-id

probe connect

Use probe connect to configure NQA link connectivity probe parameters.

Use undo probe connect to restore the default.

Syntax

probe connect interval interval timeout timeout

undo probe connect

Default

For RIR-VXLAN, the NQA link connectivity probe interval is 100 milliseconds, and the timeout time is 3000 milliseconds for waiting for a response to a link connectivity probe packet.

Views

RIR-VXLAN view

Predefined user roles

network-admin

Parameters

interval interval: Sets the NQA link connectivity probe interval in milliseconds. The value range for the interval argument is 0 to 604800000. The value of 0 represents that only one probe is performed.

timeout timeout: Sets the timeout time for waiting for a response to a link connectivity probe packet. The value range for the timeout argument is 10 to 3600000 milliseconds.

Usage guidelines

The device starts to detect the connectivity of all links in flow templates after RIR-VXLAN is enabled. Spokes (RIR clients) performs consecutive probes at the configured intervals and wait for responses for the probe packets. If an RIR client has not received any responses on a link when the probe packet timeout timer expires, the client determines that the link has connectivity issues.

Setting a shorter probe interval obtains more precise probe results but requires more system resources.

Set a shorter probe packet timeout time if the requirement for link quality is high.

In a VXLAN network, the probe targets are VXLAN tunnel interfaces enabled with the RIR client.

Examples

# For RIR-VXLAN, set the NQA link connectivity probe interval to 30 milliseconds, and set the timeout time to 20 milliseconds for waiting for a response to a link connectivity probe packet.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] probe connect interval 30 timeout 20

Related commands

client enable

probe sync-port

server enable

probe flow

Use probe connect to enable application quality detection for a service flow.

Use undo probe connect to disable application quality detection for a service flow.

Syntax

probe flow flow-id

undo probe flow [ flow-id ]

Default

Application quality detection is disabled for all service flows.

Views

Application quality detection instance view

Predefined user roles

network-admin

Parameters

flow-id: Specifies a flow template by its flow ID in the range of 1 to 65535. If you do not specify a flow ID, the undo probe flow command disables application quality detection for all flow templates.

Usage guidelines

For specific service flows forwarded through the SDWAN tunnel, use this command to detect the quality of the application flows with the specified packet signature (such as source or destination IP address). The application quality detection result is used for application analysis. You can enable application quality detection for multiple flow templates of an instance.

Before configuring this command, make sure you have configured the following settings:

· Create the associated flow template. Without the configuration, application quality detection cannot take effect on the service flow.

· Use the peer command to specify the role, site ID, and device ID for the peer device.

· Use the signature command to specify the packet signature for application quality detection.

For a specific service flow, the device does not detect the quality of an application flow without any packets matching the specified signature.

You cannot enable application quality detection for the same service flow in multiple application quality detection instances.

Examples

# Enable application quality detection for flow template Flow 1.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] application-quality

[Sysname-rir-sdwan-app] instance abc

[Sysname-rir-sdwan-app-instance-abc] peer source site-id 1 device-id 2

[Sysname-rir-sdwan-app-instance-abc] signature source-ip 10.1.1.1 destination-ip 20.1.1.1

[Sysname-rir-sdwan-app-instance-abc] probe flow 1

Related commands

flow

peer

signature

probe interval (application quality detection instance view)

Use probe interval to set the application quality detection interval.

Use undo probe interval to restore the default.

Syntax

probe interval interval

undo probe interval

Default

The application quality detection interval is 60 seconds.

Views

Application quality detection instance view

Predefined user roles

network-admin

Parameters

interval: Sets the application quality detection interval. Supported values are 30, 60, 300, and 600 seconds.

Usage guidelines

After you execute the probe flow command, the device uses iNQA to detect the application flows with the specified packet signatures at the specified intervals for application quality calculation. The application quality detection result is used for application analysis and does not affect link selection.

To modify the application quality detection interval setting, first execute the undo probe flow command to disable application quality detection for all service flows of the instance.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the application quality detection interval to 600 seconds for application quality detection instance abc.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] application-quality

[Sysname-rir-sdwan-app] instance abc

[Sysname-rir-sdwan-app-instance-abc] probe interval 600

Related commands

probe flow

probe interval (NQA link quality operation view)

Use probe interval to set the NQA link quality probe interval.

Use undo probe interval to restore the default.

Syntax

probe interval interval

undo probe interval

Default

The NQA link quality probe interval is 100 milliseconds.

Views

NQA link quality operation view

Predefined user roles

network-admin

Parameters

interval: Sets the NQA link quality probe interval, in the range of 0 to 604800000 milliseconds.

Usage guidelines

Use this command to specify the intervals at which the NQA client performs consecutive probes.

Examples

# In NQA link quality operation 1, set the probe interval to 60 milliseconds.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] nqa 1

[Sysname-rir-nqa-1] probe interval 60

Related commands

nqa

probe packet-dscp

Use probe packet-dscp to set the DSCP value of NQA link quality probe packets.

Use undo probe packet-dscp to restore the default.

Syntax

probe packet-dscp dscp-value

undo probe packet-dscp

Default

The DSCP value of NQA link quality probe packets is 63.

Views

NQA link quality operation view

Predefined user roles

network-admin

Parameters

dscp-value: Sets the DSCP value of NQA link quality probe packets, in the range of 0 to 63. The larger the value, the higher the priority.

Usage guidelines

Assign different DSCP values to the probe packets of different NQA link quality operations to affect the priority of links in the flow templates associated with the operations.

Examples

# In NQA link quality operation 1, set the DSCP value of probe packets to 10.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] nqa 1

[Sysname-rir-nqa-1] probe packet-dscp 10

Related commands

nqa

probe packet-interval

Use probe packet-interval to set the intervals at which NQA link quality probe packets are sent.

Use undo probe packet-interval to restore the default.

Syntax

probe packet-interval interval

undo probe packet-interval

Default

NQA link quality probe packets are sent at intervals of 20 milliseconds.

Views

NQA link quality operation view

Predefined user roles

network-admin

Parameters

interval: Sets the probe packet sending interval, in the range of 10 to 60000 milliseconds.

Usage guidelines

The device performs consecutive NQA link quality probes at intervals set by using the probe interval command and it sends multiple probe packets at each probe. The probe packet-interval command sets the probe packet sending interval within a probe.

Examples

# In NQA link quality operation 1, set the probe packet sending interval to 10 milliseconds.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] nqa 1

[Sysname-rir-nqa-1] probe packet-interval 10

Related commands

nqa

probe packet-number

Use probe packet-number to set the number of NQA link quality probe packets sent per probe.

Use undo probe packet-number to restore the default.

Syntax

probe packet-number number

undo probe packet-number

Default

An NQA client sends 100 NQA link quality probe packets per probe.

Views

NQA link quality operation view

Predefined user roles

network-admin

Parameters

number: Sets the number of NQA link quality probe packets sent per probe, in the range of 10 to 1000.

Usage guidelines

The device performs consecutive NQA link quality probes at intervals set by using the probe interval command and it sends multiple probe packets at each probe. The probe packet-number command sets the number of probe packets sent at each probe.

Examples

# In NQA link quality operation 1, set the number of link quality probe packets sent per probe to 100.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] nqa 1

[Sysname-rir-nqa-1] probe packet-number 100

Related commands

nqa

probe packet-timeout

Use probe packet-timeout to set the timeout time for waiting for a response to an NQA link quality probe packet.

Use undo probe packet-timeout to restore the default.

Syntax

probe packet-timeout packet-timeout

undo probe packet-timeout

Default

The timeout time is 3000 milliseconds.

Views

NQA link quality operation view

Predefined user roles

network-admin

Parameters

packet-timeout: Sets the timeout time for waiting for a response to an NQA link quality probe packet. The value range for this argument is 10 to 3600000 milliseconds.

Usage guidelines

A probe packet times out on an NQA client if the NQA client fails to receive any response to the probe packet when the probe packet timeout timer expires.

Examples

# In NQA link quality operation 1, set the NQA link quality probe packet timeout time to 200 milliseconds.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] nqa 1

[Sysname-rir-nqa-1] probe packet-timeout 200

Related commands

nqa

probe port

Use probe port to specify a destination port for NQA link quality probes.

Use undo probe port to restore the default.

Syntax

probe port port-number

undo probe port

Default

No destination port is specified for NQA link quality probes.

Views

NQA link quality operation view

Predefined user roles

network-admin

Parameters

port-number: Specifies a destination port number in the range of 1024 to 65535.

Usage guidelines

Use this command for an NQA client. The destination port number must be the same as the listening port number on the NQA server.

Examples

# In NQA link quality operation 1, set the NQA link quality probe destination port to 65500.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] nqa 1

[Sysname-rir-nqa-1] probe port 65500

Related commands

nqa

probe sync-port

Use probe sync-port to specify a port for synchronizing probe information between the RIR client and the RIR server.

Use undo probe sync-port to restore the default.

Syntax

probe sync-port port-number

undo probe sync-port

Default

No port is specified for synchronizing probe information between the RIR client and the RIR server.

Views

RIR view

Predefined user roles

network-admin

Parameters

port-number: Specifies a TCP port number in the range of 1024 to 65535.

Usage guidelines

Specify the same synchronization port on the RIR client and server for successful synchronization of link quality probe results.

Examples

# Set the port to 65550 for synchronizing probe information between the RIR client and the RIR server.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] probe sync-port 65550

Related commands

client enable

probe connect

server enable

quality-policy

Use quality-policy to configure a quality policy for a flow template.

Use undo quality-policy to restore the default.

Syntax

RIR-VXLAN:

quality-policy sla sla-id nqa nqa-id

undo quality-policy

RIR-SDWAN:

quality-policy sla sla-id

undo quality-policy

Default

No quality policy is configured for a flow template.

Views

RIR-VXLAN flow template view

RIR-SDWAN flow template view

Predefined user roles

network-admin

Parameters

sla sla-id: Specifies an SLA by its ID, in the range of 0 to 128. The specified SLA must exist on the device.

nqa nqa-id: Specifies an NQA link quality operation by its ID in the range of 0 to 128. The specified NQA link quality operation must exist.

Usage guidelines

Use this command to specify a link quality for a flow template.

· For RIR-VXLAN, you need to specify an SLA and an NQA link quality operation for the flow template.

· For RIR-SDWAN, you need to specify an SLA for the flow template.

The device monitors the link quality based on the NQA link quality operation and compares the NQA probe results with the thresholds set in the SLA. The device selects only links that meet the quality requirements of the SLA for traffic that matches the flow template.

For flow priority-based traffic scheduling, the priority of a flow that matches a flow template is determined by the SLA ID specified in the quality policy of that flow template. The greater the SLA ID, the higher the flow priority. If no quality policy is configured for a flow template, flows that match the flow template have the lowest priority.

You can specify only one SLA and one NQA link quality operation for the quality policy of a flow template. However, you can specify the same SLA or NQA link quality operation for the quality policies of multiple flow templates.

If you execute this command multiple times for a flow template, the most recent configuration takes effect.

Examples

# For RIR-VXLAN, configure the quality policy of flow template 1 to associate SLA 2 with NQA link quality operation 1.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] flow 1

[Sysname-rir-flow-1] quality-policy sla 2 nqa 1

# For RIR-SDWAN, configure the quality policy of flow template 1 and specify SLA 2 for the flow quality policy.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] flow 1

[Sysname-rir-sdwan-flow-1] quality-policy sla 2

Related commands

flow priority-based-schedule enable

nqa

sla

reset tunnel flow-statistics

Use reset tunnel flow-statistics to clear flow ID-based traffic rate statistics for tunnels.

Syntax

reset tunnel flow-statistics [ flow flow-id [ interface tunnel number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

flow flow-id: Specifies a flow template by its flow ID, in the range of 1 to 65535. If you do not specify a flow ID, this command clears statistics for all flow templates.

interface tunnel number: Specifies a tunnel interface by its tunnel interface number. If you do not specify a tunnel interface, this command clears statistics about the specified flow template for all tunnel interfaces.

Examples

# Clear flow ID-based traffic rate statistics for tunnels.

<Sysname> reset tunnel flow-statistics

Related commands

display tunnel flow-statistics

tunnel flow-statistics enable

rir

Use rir to enable the RIR-VXLAN service and enter RIR-VXLAN view, or directly enter RIR-VXLAN view if the RIR-VXLAN service is already enabled.

Use undo rir to disable the RIR-VXLAN service.

Syntax

rir

undo rir

Default

The RIR-VXLAN service is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

RIR can be deployed based on VXLAN tunnels or SDWAN tunnels, which are called RIR-VXLAN and RIR-SDWAN, respectively

· For RIR-VXLAN, use the rir command to enable the RIR-VXLAN service.

· For RIR-SDWAN, use the rir sdwan command to enable the RIR-SDWAN service.

When you enable the RIR-VXLAN or RIR-SDWAN service, the system enables the RIR process. When you disable the RIR-VXLAN or RIR-SDWAN service, the system disables the RIR process.

You cannot enable both the RIR-VXLAN and RIR-SDWAN services.

· To enable the RIR-SDWAN service when the RIR-VXLAN service is enabled, you must first execute the undo rir command to disable the RIR-VXLAN service.

· To enable the RIR-VXLAN service when the RIR-SDWAN service is enabled, you must first execute the undo rir sdwan command to disable the RIR-SDWAN service.

For RIR-VXLAN, you must enable the RIR-VXLAN service on all hubs and spokes.

Examples

# Enable the RIR-VXLAN service and enter RIR-VXLAN view.

<Sysname> system-view

[Sysname] rir

[Sysname-rir]

rir backup

Use rir backup to configure a tunnel as an RIR backup tunnel.

Use undo rir backup to restore the default.

Syntax

rir backup

undo rir backup

Default

A tunnel is an RIR primary tunnel.

Views

VXLAN tunnel interface view

Predefined user roles

network-admin

Usage guidelines

This command enables the RIR process if the RIR process has not been enabled. The undo form of this command does not disable the RIR process.

RIR selects qualified primary links prior to qualified backup links.

A spoke is typically connected to both a primary hub and a backup hub. You can specify the tunnels connected to the backup hub as backup tunnels. If no suitable link is available to reach the primary hub, the spoke can forward traffic through the backup tunnels to the backup hub to ensure service continuity.

Examples

# Configure VXLAN tunnel Tunnel 1 as an RIR backup tunnel.

<Sysname> system-view

[Sysname] interface tunnel1 mode vxlan

[Sysname-Tunnel1] rir backup

rir collaboration-link-group

Use rir collaboration-link-group to assign a VXLAN tunnel to an RIR collaboration link group.

Use undo rir collaboration-link-group to restore the default.

Syntax

rir collaboration-link-group group-id

undo rir collaboration-link-group

Default

A VXLAN tunnel belongs to the RIR collaboration link group with a group ID of 0.

Views

VXLAN tunnel interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies an RIR collaboration link group by its group ID in the range of 1 to 65535.

Usage guidelines

In an RIR collaboration device group, make sure all links to the same device or RIR collaboration device group are assigned to the same RIR collaboration link group. A device in an RIR collaboration device group can select links for service packets from the following links:

· ECMP links configured in the matching flow template on the local device.

· Links configured in the same flow template on devices that belong to the same RIR collaboration device group as the local device. In addition, the links belong to the same RIR collaboration link group as the candidate links on the local device.

You can use this command when RIR is enabled or disabled. However, this command takes effect only when RIR is enabled.

To ensure correct link selection, use this command on each device that belongs to the same RIR collaboration device group. Make sure all links to the same device or RIR collaboration device group are assigned to the same RIR collaboration link group.

In an RIR collaboration device group, make sure the links to different devices or RIR collaboration device groups are assigned to different RIR collaboration link groups.

In different RIR collaboration device groups, the links to the same device or RIR collaboration device group can be assigned to the same RIR collaboration link group. As a best practice to identify links, assign the links to different RIR collaboration link groups.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Assign VXLAN tunnel 1 to RIR collaboration link group 1.

<Sysname> system-view

[Sysname] interface Tunnel 1

[Sysname-Tunnel1] rir collaboration-link-group 1

rir dedicated flow

Use rir dedicated flow to specify a VXLAN tunnel as a dedicated link for a flow template.

Use undo rir dedicated flow to restore the default.

Syntax

rir dedicated flow flow-id

undo rir dedicated flow flow-id

Default

A VXLAN tunnel is not a dedicated link for a flow template.

Views

VXLAN tunnel interface view

Predefined user roles

network-admin

Parameters

flow-id: Specifies a flow ID for the flow template. The flow ID is in the range of 1 to 65535.

Usage guidelines

If the RIR process is not enabled on the device, executing this command also enables the RIR process. Executing the undo form of the command does not disable the RIR process.

This command is applicable when you want to forward only specific service flows through a tunnel, for example, to forward video conference traffic through a VXLAN tunnel created based on MPLS VPN.

RIR preferentially selects the dedicated links for the service flows in the specified flow template as follows:

· If only one dedicated link is available, RIR selects the link for forwarding.

· If multiple dedicated links are available, RIR selects a link with the highest preference as specified in the path link-type index preference command. If multiple dedicated links with the same preference are available, RIR load shares traffic among the dedicated links based on the link load balancing mode configured for the flow template.

· If no dedicated links are available, RIR selects optimal links from the flow template.

When selecting the dedicated links, the device schedules existing service flows from the dedicated links to other links. If the scheduling fails, the device drops the service flows to ensure traffic stability on the dedicated links. When the dedicated links are no longer used, the device schedules the previous service flows back to the dedicated links.

After configuring this command, execute the path link-type index preference command for the flow template to configure the preferences for the dedicated links. Without the preference settings, the device will not use the links as dedicated links for service flows.

You can specify a tunnel as the dedicated link for only one service flow, and specify multiple dedicated links for the same service flow.

Examples

# Specify Tunnel 1 as the dedicated link for flow template 1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode vxlan

[Sysname-Tunnel1] rir dedicated flow 1

Related commands

path link-type index preference

rir link-type index

Use rir link-type to assign a link type and link index to a VSI interface.

Use undo rir link-type to restore the default.

Syntax

rir link-type { 4g | internet | mpls | mstp | vpdn } index link-index

undo rir link-type { 4g | internet | mpls | mstp | vpdn } index link-index

Default

No link type or link index is assigned to a VSI interface.

Views

VSI interface view

Predefined user roles

network-admin

Parameters

4g: Specifies the 4G type.

internet: Specifies the Internet type.

mpls: Specifies the MPLS type.

mstp: Specifies the MSTP type.

vpdn: Specifies the VPDN type.

index link-index: Specifies a link index in the range of 1 to 65535.

Usage guidelines

This command enables the RIR process if the RIR process has not been enabled. The undo form of this command does not disable the RIR process.

The link type and link index together uniquely identify a link between a hub and a spoke. For a flow template to use a link, you must assign a link type and index to the link. Use this command to configure the link type as 4G, Internet, MPLS, or MSTP. The link type only marks the network type of the link and it does not affect packet encapsulation.

VXLAN-based RIR allows a hub and a spoke to have only one VXLAN tunnel for a VSI interface (a VXLAN). By assigning a link type and index to the VSI interface, RIR can identify the VXLAN tunnel between the hub and spoke.

A VSI interface on a hub (or spoke) can have a VXLAN tunnel to each spoke (or hub). The VXLAN tunnels of the same VSI interface are assigned the same link type and link index.

A VSI interface can be associated only with one link type.

You must assign different link indexes to the same type of links on different VSI interfaces.

Examples

# Set the link type to MPLS and link index to 1 on VSI-interface 1.

<Sysname>system-view

[Sysname] interface vsi-interface 1

[Sysname-Vsi-interface1] rir link-type mpls index 1

rir redirect peer

Use rir redirect peer interface to configure a redirect IP address for RIR data packets.

Use undo rir redirect peer interface to restore the default.

Syntax

rir redirect peer peer-ipv4-address interface interface-type interface-number

undo rir redirect peer peer-ipv4-address

Default

No redirect IP address is configured for RIR data packets. RIR data packets are not redirected to the peer device.

Views

System view

Predefined user roles

network-admin

Parameters

peer-ipv4-address: Specifies the IPv4 address of the collaboration peer device for redirecting RIR data packets.

interface interface-type interface-number: Specifies an interface for forwarding redirected RIR data packets by its type and number.

Usage guidelines

In the RIR collaboration network, Owners are introduced to RIR for forwarding one service flow through the same RIR collaboration device. RIR calculates a unique Owner by using the quintuple of each service flow. This makes sure that one service flow is forwarded through the same Owner device. For a service flow directly forwarded to the non-Owner collaboration device, configure this command to redirect the service flow to a collaboration device that acts as an Owner.

Examples

# Configure the redirect IP address for RIR data packets as 1.1.1.1.

<Sysname> system-view

[Sysname] rir redirect peer 1.1.1.1 interface

Related commands

rir redirect group id

rir redirect group

Use rir redirect group to configure an interface RIR collaboration group ID.

Use undo rir recirect group to restore the default.

Syntax

rir redirect group group-id

undo rir redirect group

Default

No interface RIR collaboration group ID is configured.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

In the RIR collaboration network, to forward one service flow through the same Owner device, configure the same interface collaboration group for the interfaces of the collaboration devices accessed by the service flow. For a service flow directly forwarded to the non-Owner collaboration device, it carries the interface collaboration group ID, and is redirected to a collaboration device that acts as an Owner. The Owner device processes the packets on the interface with the same interface collaboration group ID on the local device based on the input interface of the flow.

Examples

# Configure RIR collaboration group ID 1 for interface.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-Gigabitethernet 1/0/1] rir redirect group id 1

Related commands

rir redirect peer

rir relay enable

Use rir relay enable to enable transparent transmission on an interface.

Use undo rir relay enable to disable transparent transmission on an interface.

Syntax

rir relay enable

undo rir relay enable

Default

Transparent transmission is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

In a network configured with RBM and RIR, you can configure this command to set up a transparent transmission channel between RIR collaboration devices. Upon receiving packets that require transparent transmission, the device can transparently transmit the packets to the peer device through the transparent transmission channel.

You must configure this command on the same interface of the RIR collaboration peers.

Examples

# Enable transparent transmission on GigabitEthernet 1/0/1.

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rir relay enable

rir role

Use rir role to enable the RIR client or the RIR server on a VXLAN tunnel interface.

Use undo rir role to restore the default.

Syntax

rir role { client | server }

undo rir role

Default

The default for this command depends on the configuration of the client enable and server enable commands.

Views

VXLAN tunnel interface view

Predefined user roles

network-admin

Parameters

client: Specifies the RIR client.

server: Specifies the RIR server.

Usage guidelines

To avoid NQA probes from occupying too many resources on a hub in a hub-spoke network, configure the hub as an RIR server and configure the spokes as RIR clients.

You can enable the RIR client or server globally or on an interface.

· Enabling the RIR client or server globally also enables the RIR client or server for all interfaces on the device. The interfaces can send or receive link quality probe results.

· Enabling the RIR client or server on an interface allows only that interface to send or receive link quality probe results.

Enable the RIR server or RIR client, or use them in combination, depending on the role of the device in the network.

· If the device acts only as a hub, you can enable the RIR server globally.

· If the device acts only as a spoke, you can enable the RIR client globally.

· If the device acts as both a hub and a spoke, you can enable the RIR server and RIR client on the corresponding interfaces.

When you enable the RIR client or server, follow these restrictions and guidelines:

· In a VXLAN network, only tunnel interfaces support enabling the RIR client or server. The RIR server uses the tunnel interfaces to receive link quality probe results synchronized from RIR clients.

· The RIR client and RIR server cannot be both enabled on the same interface.

· If the enabled role (RIR server or client) on an interface is different from the globally enabled role, the interface-specific role takes effect on that interface.

To modify the role of an interface, you must first use the undo rir role command to remove the original role.

Examples

# Enable the RIR server on tunnel interface Tunnel 1.

<Sysname> system-view

[Sysname] interface Tunnel 1 mode vxlan

[Sysname-tunnel1] rir role client

Related commands

client enable

server enable

rir sdwan

Use rir sdwan to enable the RIR-SDWAN service and enter RIR-SDWAN view, or directly enter RIR-SDWAN view if the RIR-SDWAN service is already enabled.

Use undo rir sdwan to disable the RIR-SDWAN service.

Syntax

rir sdwan

undo rir sdwan

Default

The RIR-SDWAN service is disabled.

Views

System view

Predefined user roles

network-admin

network-operator

Usage guidelines

RIR can be deployed based on VXLAN tunnels or SDWAN tunnels, which are called RIR-VXLAN and RIR-SDWAN, respectively

· For RIR-VXLAN, use the rir command to enable the RIR-VXLAN service.

· For RIR-SDWAN, use the rir sdwan command to enable the RIR-SDWAN service.

When you enable the RIR-VXLAN or RIR-SDWAN service, the system enables the RIR process. When you disable the RIR-VXLAN or RIR-SDWAN service, the system disables the RIR process.

You cannot enable both the RIR-VXLAN and RIR-SDWAN services.

· To enable the RIR-SDWAN service when the RIR-VXLAN service is enabled, you must first execute the undo rir command to disable the RIR-VXLAN service.

· To enable the RIR-VXLAN service when the RIR-SDWAN service is enabled, you must first execute the undo rir sdwan command to disable the RIR-SDWAN service.

For RIR-SDWAN, you must enable the RIR-SDWAN service on all SDWAN devices.

Examples

# Enable the RIR-SDWAN service and enter RIR-SDWAN view.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan]

sdwan collaboration peer

Use sdwan collaboration peer to establish RIR collaboration relationship between the local and peer devices.

Use undo sdwan collaboration peer device-id to restore the default.

Syntax

sdwan collaboration peer device-id device-id [ vpn-instance vpn-instance-name ] { peer-ipv4-address | peer-ipv6-address } local { local-ipv4-address | local-ipv6-address } [ sync-port port-number ]

undo sdwan collaboration peer device-id device-id

Default

The RIR collaboration relationship is not established between the local and peer devices.

Views

System view

Predefined user roles

network-admin

Parameters

peer-device-id device-id: Specifies a peer device by its ID in the range of 1 to 255.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance on which the local and peer devices establish RIR collaboration relationship. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN instance must exist. If the RIR collaboration relationship belongs to the public network, do not specify this option.

peer-ipv4-address: Specifies an RIR collaboration peer by its IPv4 address.

peer-ipv6-address: Specifies an RIR collaboration peer by its IPv6 address.

local-ipv4-address: Specifies the IPv4 address of the local device.

local-ipv6-address: Specifies the IPv6 address of the local device.

sync-port port-number: Specifies the TCP port number used by the local and peer devices to synchronize TTE connection and link quality data. The value range for the port-number argument is 1024 to 65535. The default value is 2005. Make sure the port number is not used by any other service on the device.

Usage guidelines

The devices in an RIR collaboration device group must reside in the same site. Each pair of devices in an RIR collaboration device group must establish RIR collaboration relationship. You must configure this command on both the local and peer devices.

In a pair of devices with RIR collaboration relationship, the device with a lower IP address is the client. The client uses the port number specified by using this command to initiate a TCP connection (collaboration channel) request to its peer. Through the collaboration channel, the peer device can send the TTE connection and RIR link quality information of the specified tunnel interface to the local device.

The local and peer devices must use the same TCP port number for link data synchronization. A device can use the same or different TCP port numbers to synchronize data to different peers.

If you execute this command multiple times to specify the same local IP address, peer device ID, and peer IP address, the most recent configuration takes effect.

You can configure only one collaboration channel between the local and peer devices. Make sure the IP addresses of the local and peer devices are same type.

Examples

# Establish RIR collaboration relationship between local device 1.1.1.1 and peer device 1.1.1.2 with device ID 10. They use TCP port number 6000 for link data synchronization.

<Sysname> system-view

[Sysname] sdwan collaboration peer device-id 10 1.1.1.2 local 1.1.1.1 sync-port 6000

Related commands

collaboration peer local

sdwan collaboration peer-device-id

Use sdwan collaboration peer-device-id to synchronize TTE connection and RIR link quality information of the local SDWAN tunnel interface to the peer device through the collaboration channel.

Use undo sdwan collaboration peer-device-id to restore the default.

Syntax

sdwan collaboration peer-device-id device-id

undo sdwan collaboration peer-device-id

Default

TTE connection and RIR link quality information of the local SDWAN tunnel interface are not synchronized to the peer device through the collaboration channel.

Views

Tunnel interface view

Predefined user roles

network-admin

Parameters

device-id: Specifies a peer device by its ID in the range of 1 to 255.

Examples

# Synchronize TTE connection and RIR link quality information of local SDWAN tunnel interface 1 to the peer device with device ID 10 through the collaboration channel.

<Sysname> system-view

[Sysname] interface Tunnel1 mode sdwan udp

[Sysname-Tunnel1] sdwan collaboration peer-device-id 10

Related commands

sdwan collaboration peer local

sdwan collaboration tte-connection aging

Use sdwan collaboration tte-connection aging to configure the aging timer for the TTE connection synchronized through the collaboration channel after it is disconnected.

Use undo sdwan collaboration tte-connection aging to restore the default.

Syntax

sdwan collaboration tte-connection aging aging-time

undo sdwan collaboration tte-connection aging

Default

The aging timer is 180 seconds for the TTE connection synchronized through the collaboration channel after it is disconnected.

Views

System view

Predefined user roles

network-admin

Parameters

aging-time: Specifies an aging timer in the range of 0 to 300 seconds. Value 0 indicates that the TTE connection does not age.

Examples

# Configure the aging timer as 3 seconds for the TTE connection synchronized through the collaboration channel after it is disconnected

<Sysname> system-view

[Sysname] sdwan collaboration tte-connection aging 3

sdwan collaboration-map peer-device-id peer-interface-id

Use sdwan collaboration-map peer-device-id peer-interface-id to associate a local SDWAN extended tunnel interface with a peer SDWAN tunnel interface.

Use undo sdwan collaboration-map peer-device-id to restore the default.

Syntax

sdwan collaboration-map peer-device-id device-id peer-interface-id interface-id

undo sdwan collaboration-map peer-device-id

Default

A local SDWAN extended tunnel interface is not associated with any SDWAN tunnel interface.

Views

SDWAN extended tunnel interface view

Predefined user roles

network-admin

Parameters

peer-device-id device-id: Specifies a peer device by its ID in the same site, in the range of 1 to 255.

peer-interface-id interface-id: Specifies an SDWAN tunnel interface on the peer device in the same site by its ID, in the range of 1 to 255.

Usage guidelines

After you configure this command, if the link selection result on the local end is packet forwarding through the peer device TTE connection, the local device forwards data packets as follows:

1. Performs SDWAN extended encapsulation for data packets on the local end.

2. Forwards the packets to the peer device through the SDWAN extended tunnel interface associated with the tunnel interface of the TTE connection.

Examples

# Associate local SDWAN extended tunnel interface 1 with peer SDWAN tunnel interface 2.

<Sysname> system-view

[Sysname] interface tunnel 1 mode sdwan-ex gre

[Sysname-Tunnel1]sdwan collaboration-map peer-device-id 1 peer-interface-id 2

server enable

Use server enable to enable the RIR server globally.

Use undo server enable to disable the RIR server globally.

Syntax

server enable

undo server enable

Default

The RIR server is disabled globally.

Views

RIR-VXLAN view

Predefined user roles

network-admin

Usage guidelines

To avoid NQA probes from occupying too many resources on a hub in a hub-spoke network, configure the hub as an RIR server and configure the spokes as RIR clients.

You can enable the RIR server globally or on an interface.

· Enabling the RIR server globally also enables the RIR server for all interfaces on the device. The interfaces can receive link quality probe results synchronized from RIR clients.

· Enabling the RIR server on an interface allows only that interface to receive link quality probe results synchronized from RIR clients.

When you enable the RIR server, follow these restrictions and guidelines:

· In a VXLAN network, only tunnel interfaces support enabling the RIR server. The RIR server uses the tunnel interfaces to receive link quality probe results synchronized from RIR clients.

· The RIR server and RIR client cannot be both enabled on the same interface.

· If the enabled role (RIR server or client) on an interface is different from the globally enabled role, the interface-specific role takes effect on that interface.

Examples

# Enable the RIR server globally.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] server enable

Related commands

client enable

probe connect

probe sync-port

signature

Use signature to configure the packet signature for application quality detection.

Use undo signature to delete the packet signature for application quality detection.

Syntax

signature { source-ip { any | src-ip-address [ src-mask-length ] } destination-ip { any | dest-ip-address [ dest-mask-length ] } | source-ipv6 { any | src-ipv6-address [ src-prefix-length ] } destination-ipv6 { any | dest-ipv6-address [ dest-prefix-length ] } }

undo signature

Default

No packet signature is configured for application quality detection.

Views

Application quality detection instance view

Predefined user roles

network-admin

Parameters

source-ip { any | src-ip-address [ src-mask-length ] }: Specifies a source IPv4 address for packets. The any keyword represents any source IPv4 address. The src-ip-address argument represents the source IPv4 address of packets, in dotted decimal notation. The src-mask-length argument represents the length of the subnet mask, in the range of 1 to 32. If you do not specify the src-mask-length argument, the command matches the exact source IPv4 address of packets.

destination-ip { any | dest-ip-address [ dest-mask-length ] }: Specifies a destination IPv4 address for packets. The any keyword represents any destination IPv4 address. The dest-ip-address argument represents the destination IPv4 address of packets, in dotted decimal notation. The dest-mask-length argument represents the length of the subnet mask, in the range of 1 to 32. If you do not specify the dest-mask-length argument, the command matches the exact destination IPv4 address of packets.

source-ipv6 { any | src-ipv6-address [ src-prefix-length ] }: Specifies a source IPv6 address for packets. The any keyword represents any source IPv6 address. The src-ipv6-address argument represents the source IPv6 address of packets, in colon-separated hexadecimal notation. The src-prefix-length argument represents the prefix length of the source IPv6 address, in the range of 1 to 128. If you do not specify the src-prefix-length argument, the command matches the exact source IPv6 address of packets.

destination-ipv6 { any | dest-ipv6-address [ dest-prefix-length ] }: Specifies a destination IPv6 address for packets. The any keyword represents any destination IPv6 address. The dest-ipv6-address argument represents the destination IPv6 address of packets, in colon-separated hexadecimal notation. The dest-prefix-length argument represents the prefix length of the source IPv6 address, in the range of 1 to 128. If you do not specify the dest-prefix-length argument, the command matches the exact destination IPv6 address of packets.

Usage guidelines

After you execute the probe flow command for specific service flows, the device will detect the quality of the application flows with the specified packet signatures (such as source or destination IP address).

To modify the packet signature settings of an instance, first execute the undo probe flow command to disable application quality detection for all service flows of the instance.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the packet signature for application quality detection by specifying the source and destination IPv4 addresses for packets as 10.1.1.1 and 20.1.1.1, respectively.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] application-quality

[Sysname-rir-sdwan-app] instance abc

[Sysname-rir-sdwan-app-instance-abc] signature source-ip 10.1.1.1 destination-ip 20.1.1.1

Related commands

probe flow

sla

Use sla to create an SLA and enter RIR-VXLAN or RIR-SDWAN SLA view, or enter the view of an existing RIR-VXLAN or RIR-SDWAN SLA.

Use undo sla to delete an SLA.

Syntax

sla sla-id

undo sla sla-id

Default

No SLAs exist.

Views

RIR-VXLAN view

RIR-SDWAN view

Predefined user roles

network-admin

Parameters

sla-id: Specifies an SLA ID in the range of 0 to 128.

Usage guidelines

To meet the differentiated requirements of services on link quality, configure a Service Level Agreement (SLA) for each service. An SLA contains a set of parameters to evaluate link quality, including the link delay, jitter, and packet loss thresholds.

The device supports a maximum of 129 SLAs.

Examples

# For RIR-VXLAN, create SLA 1 and enter RIR-VXLAN SLA view.

<Sysname> system-view

[Sysname] rir

[Sysname-rir] sla 1

[Sysname-rir-sla-1]

# For RIR-SDWAN, create SLA 1 and enter RIR-SDWAN SLA view.

<Sysname> system-view

[Sysname] rir sdwan

[Sysname-rir-sdwan] sla 1

[Sysname-rir-sdwan-sla-1]

Related commands

flow priority-based-schedule enable

quality-policy

tunnel bfd enable

Use tunnel bfd enable to enable BFD for a tunnel.

Use undo tunnel bfd enable to disable BFD for a tunnel.

Syntax

tunnel bfd enable [ template template-name ]

undo tunnel bfd enable [ template template-name ]

Default

BFD is disabled for a tunnel.

Views

SDWAN extended tunnel interface view

Predefined user roles

network-admin

Parameters

template template-name: Specifies a BFD session parameter template by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a template or specify a nonexistent template, the default BFD session parameters of the device apply.

Usage guidelines

This feature can avoid packet forwarding failure when the CPE cannot detect or cannot timely detect SDWAN extended tunnel failure. You need to enable the feature on the CPE devices on both ends of the tunnel. The CPE device periodically sends BFD control packets to the collaboration peer device through the SDWAN extended tunnel. If the device does not receive any BFD control packets from the peer device within five seconds, it sets the tunnel state to Defect. The tunnel interface state is still up. After the SDWAN extended tunnel failure is resolved, the tunnel state is automatically recovered to up.

Examples

# Enable BFD for SDWAN extended tunnel interface Tunnel1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode sdwan-ex gre

[Sysname-Tunnel1] tunnel bfd enable template aa

tunnel flow-statistics enable

Use tunnel flow-statistics enable to enable flow ID-based traffic rate statistics for tunnels.

Use undo tunnel flow-statistics enable to disable flow ID-based traffic rate statistics for tunnels.

Syntax

tunnel flow-statistics enable

undo tunnel flow-statistics enable

Default

Flow ID-based traffic rate statistics for tunnels is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable flow ID-based traffic rate statistics for tunnels.

<Sysname> system-view

[Sysname] tunnel flow-statistics enable

Related commands

display tunnel flow-statistics

tunnel flow-statistics interval

Use tunnel flow-statistics interval to set the intervals at which the device collects flow ID-based traffic rate statistics for tunnels.

Use undo tunnel flow-statistics interval to restore the default.

Syntax

tunnel flow-statistics interval interval

undo tunnel flow-statistics interval

Default

The device collects flow ID-based traffic rate statistics for tunnels at intervals of 300 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies an interval in the range of 5 to 300 seconds.

Examples

# Enable the device to collect flow ID-based traffic rate statistics for tunnels at intervals of 100 seconds.

<Sysname> system-view

[Sysname] tunnel flow-statistics interval 100

Related commands

tunnel flow-statistics enable

SaaS path optimization commands

access-network

Use access-network to match packets in the public network or a VPN instance for SaaS path optimization.

Use undo access- network to cancel SaaS path optimization for packets in the public network or a VPN instance.

Syntax

access-network { public | vpn-instance vpn-instance-name }

undo access-network { public | vpn-instance [ vpn-instance-name ] }

Default

The device performs SaaS path optimization for all packets that access a SaaS application.

Views

SaaS application instance view

Predefined user roles

network-admin

Parameters

public: Specifies the public network.

vpn-instance: Specifies VPN instances.

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must already exists.

Usage guidelines

Use this command to enable the device to select optimal paths only for packets that access a SaaS application in the public network or specified VPN instances.

Repeat this command to specify the public network and multiple VPN instances. A SaaS application supports a maximum of eight VPN instances (including the public network) for SaaS path optimization.

If you do not specify a VPN instance for the undo access-network vpn-instance [ vpn-instance-name ] command, the command cancels SaaS path optimization for all VPN instances.

If you cancel SaaS path optimization for packets that access a SaaS application in the public network and all VPN instances, the device performs SaaS path optimization for all packets that access the SaaS application.

Examples

# Match packets that access SaaS application App1 in the public network for SaaS path optimization.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] application-instance App1

[Sysname-saas-pathoptimize-App1] access-network public

# Match packets that access SaaS application App1 in VPN instance vpn1 for SaaS path optimization.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] application-instance App1

[Sysname-saas-pathoptimize-App1] access-network vpn-instance vpn1

application-instance

Use application-instance to create a SaaS application instance and enter its view, or enter the view of an existing SaaS application instance.

Use undo application-instance to delete a SaaS application instance.

Syntax

application-instance instance-name

undo application-instance instance-name

Default

Only predefined SaaS application instances exist.

Views

SaaS path optimization view

Predefined user roles

network-admin

Parameters

instance-name: Specifies a name for the SaaS application instance, a case-sensitive string of 1 to 63 characters. The string cannot contain a backslash (\), quotation mark ("), question mark (?), or space.

Usage guidelines

SaaS applications include predefined SaaS applications and user-defined SaaS applications. Typically, predefined SaaS applications are common SaaS applications. User-defined SaaS applications are manually configured to meet service requirements.

To configure path optimization for a SaaS application, you must create a SaaS application instance for that SaaS application.

The system has predefined SaaS application instances. You cannot delete them or add, delete, or change the predefined parameters in them. For example, you cannot add, delete, or change the URLs, health check URL, and static IP addresses in a predefined SaaS application instance.

Use this command to create a user-defined SaaS application instance and enter itsview, or use this command to enter the view of a predefined SaaS application instance.

The name of a user-defined SaaS application instance cannot be the same as the name of any existing SaaS application instance (including the name of a predefined SaaS application instance). To obtain the names of existing SaaS application instances, use the display saas attribute command.

The device supports a maximum of 100 user-defined SaaS application instances.

Examples

# Create SaaS application instance App1 and enter its view.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] application-instance App1

[Sysname-saas-pathoptimize-App1]

Related commands

display saas attribute

cqi-weight (SaaS application instance view)

Use cqi-weight to configure the weights for the delay, jitter, and packet loss metrics used for computing CQI values.

Use undo cqi-weight to restore the default.

Syntax

cqi-weight delay delay-weight jitter jitter-weight packet-loss packet-loss-weight

undo cqi-weight

Default

The weights for the delay, jitter, and packet loss metrics are all 1.

Views

SaaS application instance view

Predefined user roles

network-admin

Parameters

delay delay-weight: Sets the weight for the delay metric used for computing CQI values, in the range of 0 to 10.

jitter jitter-weight: Sets the weight for the jitter metric used for computing CQI values, in the range of 0 to 10.

packet-loss packet-loss-weight: Sets the weight for the packet loss metric used for computing CQI values, in the range of 0 to 10.

Usage guidelines

The device computes Comprehensive Quality Indicator (CQI) values to evaluate path quality for a SaaS application.

· If the probe result of a metric (delay, jitter, or packet loss ratio) is lower than or equal to the exepected quality value, the CQI value for the metric is 100.

· If the probe result of a metric is higher than the expected quality value, the CQI value for the metric is calculated with the formula: (expected quality value for the metric × 100) / probe result of the metric.

· The overall CQI value is calculated with the formula: (x × Ds+ y × Js + z × Ls) / (x + y + z).

In this formula, x, y, and z represent the weight values of delay, jitter, and packet loss ratio, respectively. Ds, Js, and Ls represent the CQI values for delay, jitter, and packet loss ratio.

To evaluate quality for a path that can directly access the SaaS application, the device computes the overall CQI value based on the path quality result probed by local interface.

To evaluate quality for a path that accesses the SaaS application via a gateway, the device uses the average value for the following values as the overall CQI value:

¡ The overall CQI value for the path that the gateway uses to directly access the SaaS application. This value is obtained based on the path quality result probed by gateway local interface. The path quality result is advertised to the device through BGP IPv4 tunnel-encap-ext routes.

¡ The overall CQI value for the path (SDWAN tunnel) from the device to the gateway. This value is obtained based on the quality probe result for the SDWAN tunnel in RIR-SDWAN.

The device allocates paths to different color areas according to the approximate overall CQI value.

· A path belongs to the green area if its approximate overall CQI value is in the range of 80 to 100.

· A path belongs to the yellow area if its approximate overall CQI value is in the range of 55 to 80.

· A path belongs to the red area if its approximate overall CQI value is in the range of 0 to 50.

The device first selects a color area in the order of green, yellow, and red. Then, it selects an optimal path in the selected color area. If the selected color area has only one path, this path is the optimal path. If the selected color area has multiple paths, the device randomly selects one of the paths as the optimal path.

The weights for the delay, jitter, and packet loss metrics cannot be all 0.

Examples

# In SaaS application instance App1, configure the weight values for the delay, jitter, and packet loss metrics as 2, 5, and 7, respectively, to compute CQI values for path quality evaluation.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] application-instance App1

[Sysname-saas-pathoptimize-App1] cqi-weight delay 2 jitter 5 packet-loss 7

Related commands

expect-quality

direct interface

Use direct interface to specify an interface for the device to directly access SaaS applications.

Use undo direct interface to disable the device from using specific interfaces to directly access SaaS applications.

Syntax

direct interface interface-type interface-number

undo direct interface [ interface-type interface-number ]

Default

No interfaces are specified for the device to directly access SaaS applications.

Views

SaaS path optimization view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface for the undo direct interface command, the command disable the device from using all interfaces to directly access SaaS applications.

Usage guidelines

Use this command if the device directly accesses SaaS applications or acts as a gateway for other devices to access SaaS applications. After you use the node-type command to specify a node type and use the direct interface command to specify interfaces, the device probes path quality at intervals of 30 seconds. The paths are from the specified direct interfaces to SaaS applications. The health check URL in each SaaS application instance is used to access the SaaS applications for path quality probe.

The device supports a maximum of 10 interfaces through which the device can directly access SaaS applications.

Examples

# Allow the device to directly access SaaS applications through interface GigabitEthernet 1/0/2.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] direct interface gigabitethernet 1/0/2

display saas attribute

Use display saas attribute to display attribute information for SaaS applications.

Syntax

display saas attribute [ verbose [ application-instance instance-name ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed attribute information for SaaS applications. If you do not specify this keyword, the command displays only brief attribute information for SaaS applications.

application-instance instance-name: Specifies a SaaS application instance by its name, a case-sensitive string of 1 to 63 characters. The string cannot contain a backslash (\), quotation mark ("), question mark (?), or space. If you do not specify this option following the verbose keyword, the command displays detailed attribute information for all predefined and user-defined SaaS applications.

Examples

# Display detailed attribute information for all predefined and user-defined SaaS applications.

<Sysname> display saas attribute verbose

SaaS application : App1

Health check URL : www.app1url1.com

URL list : www.app1url1.com

www.app1url2.com

www.app1url3.com

www.app1url4.com

Static IP address : 10.124.25.36

10.124.25.37

SaaS application : office365

Health check URL : www.office.com

URL list : *.broadcast.skype.com

*.lync.com

*.mail.protection.outlook.com

*.manage.office.com

*.msappproxy.net

*.msftidentity.com

*.msidentity.com

*.online.office.com

*.outlook.office.com

*.portal.cloudappsecurity.com

*.protection.office.com

*.protection.outlook.com

*.sharepoint.com

*.skypeforbusiness.com

*.teams.microsoft.com

*broadcast.officeapps.live.com

*excel.officeapps.live.com

*onenote.officeapps.live.com

*powerpoint.officeapps.live.com

*rtc.officeapps.live.com

*shared.officeapps.live.com

*view.officeapps.live.com

*visio.officeapps.live.com

*word-edit.officeapps.live.com

account.activedirectory.windowsazure.com

account.office.net

accounts.accesscontrol.windows.net

admin.microsoft.com

adminwebservice.microsoftonline.com

api.passwordreset.microsoftonline.com

autologon.microsoftazuread-sso.com

becws.microsoftonline.com

broadcast.skype.com

clientconfig.microsoftonline-p.net

companymanager.microsoftonline.com

device.login.microsoftonline.com

graph.microsoft.com

graph.windows.net

home.office.com

logincert.microsoftonline.com

loginex.microsoftonline.com

manage.office.com

nexus.microsoftonline-p.com

nexus.officeapps.live.com

nexusrules.officeapps.live.com

office.live.com

outlook.office.com

outlook.office365.com

passwordreset.microsoftonline.com

portal.microsoftonline.com

portal.office.com

protection.office.com

provisioningapi.microsoftonline.com

smtp.office365.com

teams.microsoft.com

www.office.com

Static IP address : 13.80.125.22

13.91.91.243

13.107.6.152

13.107.6.156

13.107.6.171

13.107.7.190

13.107.9.156

13.107.18.10

13.107.64.0

13.107.128.0

13.107.136.0

13.107.140.6

20.190.128.0

23.103.160.0

40.81.156.154

40.90.218.198

40.92.0.0

40.96.0.0

40.104.0.0

40.107.0.0

40.108.128.0

40.126.0.0

52.96.0.0

52.100.0.0

52.104.0.0

52.108.0.0

52.112.0.0

52.120.0.0

52.174.56.180

52.183.75.62

52.184.165.82

52.238.78.88

52.238.106.116

52.238.119.141

52.244.37.168

52.244.160.207

52.244.203.72

52.244.207.172

52.244.223.198

52.247.150.191

104.42.230.91

104.47.0.0

104.146.128.0

131.253.33.215

132.245.0.0

150.171.32.0

150.171.40.0

157.55.145.0

157.55.155.0

157.55.227.192

204.79.197.215

# Display brief attribute information for all predefined and user-defined SaaS applications.

<Sysname> display saas attribute

SaaS application IsCustomize

App1 NO

office365 Yes

Table 10 Command output

Field	Description
SaaS application	SaaS application name.
URL list	URLs used to access the SaaS application.
Static IP addresses	Static IP addresses used to access a predefined SaaS application. If no static IP addresses exist, this field displays a hyphen (-).
IsCustomized	Whether the SaaS application is a predefined SaaS application. · Yes—Predefined SaaS application. · No—User-defined SaaS application.

display saas optimal-path

Use display saas optimal-path to display information for optimal paths that can access a SaaS application.

Syntax

display saas optimal-path application-instance instance-name

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display information for optimal paths that can access SaaS application App1.

<Sysname> display saas optimal-path application-instance App1

SaaS application: App1

UserIP DirectInterface TunnelID SiteID DevID IfID

------------------------------------------------------------------------------

10.125.36.33 GE1/0/1 - - - -

10.125.27.45 - 1 30 2 2

Table 11 Command output

Field	Description
SaaS application	SaaS application name.
UserIP	IP address used by a user to access the SaaS application.
DirectInterface	Name of an interface through which the device can directly access the SaaS application.
TunnelID	SDWAN tunnel ID.
SiteID	Gateway site ID.
DevID	Gateway device ID.
IfID	Interface ID of the peer TTE for the SDWAN tunnel.

display saas path-cqi

Use display saas path-cqi to display CQI information for paths that can access SaaS applications.

Syntax

display saas path-cqi [ application-instance instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

application-instance instance-name: Specifies a SaaS application instance by its name, a case-sensitive string of 1 to 63 characters. The string cannot contain a backslash (\), quotation mark ("), question mark (?), or space. If you do not specify a SaaS application instance, this command displays CQI information for all paths that can access predefined and user-defined SaaS applications.

Examples

# Display CQI information for paths that can access SaaS application App1.

<Sysname> display saas path-cqi application-instance App1

SaaS application: App1

DirectInterface TunnelID SiteID DevID IfID CQI Color

------------------------------------------------------------------------------

GE1/0/1 - - - - 90 Green

- 1 9 2 2 85 Green

GE1/0/3 - - - - 80 Yellow

GE1/0/2 - - - - 75 Yellow

GE1/0/4 - - - - 65 Yellow

- 1 9 5 4 50 Red

GE1/0/6 - - - - 45 Red

Table 12 Command output

Field	Description
SaaS application	SaaS application name.
DirectInterface	Name of an interface through which the device can directly access the SaaS application.
TunnelID	SDWAN tunnel ID.
SiteID	Gateway site ID.
DevID	Gateway device ID.
IfID	Interface ID of the peer TTE for the SDWAN tunnel.
CQI	Approximate overall CQI value for the path.
Color	Color area to which the path belongs.

display saas path-quality

Use display saas path-quality to display quality information for paths that can access SaaS applications.

Syntax

display saas path-quality { client-to-gateway | gateway-to-saas | local-to-saas } [ application-instance instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

client-to-gateway: Displays quality information for the SDWAN tunnels from the client to the gateway. Do not specify this keyword if the device only accesses SaaS applications directly or the device acts as a gateway for other devices to access SaaS applications.

gateway-to-saas: Displays quality information for the optimal paths from the gateway to SaaS applications. Do not specify this keyword if the device only accesses SaaS applications directly or the device acts as a gateway for other devices to access SaaS applications.

local-to-saas: Displays quality information for the paths from the local device to SaaS applications. Do not specify this keyword if the device accesses SaaS applications only via a gateway.

application-instance instance-name: Specifies a SaaS application instance by its name, a case-sensitive string of 1 to 63 characters. The string cannot contain a backslash (\), quotation mark ("), question mark (?), or space. If you do not specify a SaaS application instance, this command displays quality information for all paths that can access predefined and user-defined SaaS applications.

Examples

# Display quality information for the paths from the local device to SaaS applications.

<Sysname> display saas path-quality local-to-saas

SaaS application: App1

DirectInterface PktLoss(per mill) Delay(ms) Jitter(ms) CQI

------------------------------------------------------------------------------

GE1/0/1 50 20 3 80

GE1/0/2 45 30 5 85

GE1/0/3 55 20 4 85

GE1/0/4 57 10 5 90

GE1/0/5 80 10 3 80

GE1/0/6 80 20 2 85

SaaS application: App2

DirectInterface PktLoss(per mill) Delay(ms) Jitter(ms) CQI

------------------------------------------------------------------------------

GE1/0/1 50 10 3 80

GE1/0/2 45 20 5 85

GE1/0/3 55 25 4 85

GE1/0/4 57 15 5 90

GE1/0/5 80 10 3 80

GE1/0/6 90 30 1 85

# Display quality information for the optimal paths from the gateway to SaaS applications.

<Sysname> display saas path-quality gateway-to-saas

SaaS application: App1

SiteID DevID GatewayIP PktLoss(per mill) Delay(ms) Jitter(ms) CQI

------------------------------------------------------------------------------

10 5 1.1.1.1 50 20 4 80

20 4 2.2.2.2 40 25 3 85

10 4 3.3.3.3 30 15 2 90

SaaS application: App2

SiteID DevID GatewayIP PktLoss(per mill) Delay(ms) Jitter(ms) CQI

------------------------------------------------------------------------------

10 5 1.1.1.1 40 20 5 85

20 4 2.2.2.2 50 20 2 80

10 4 3.3.3.3 35 25 4 90

# Display quality information for the SDWAN tunnels from the client to the gateway.

<Sysname> display saas path-quality client-to-gateway

SaaS application: App1

GatewayInfo: SiteID=10 DevID=5 GatewayIP=1.1.1.1

TunnelID IfID PktLoss(per mill) Delay(ms) Jitter(ms) CQI

------------------------------------------------------------------------------

1 2 50 20 3 85

1 3 40 30 4 80

1 4 60 30 2 90

1 5 50 25 5 75

GatewayInfo: SiteID=20 DevID=4 GatewayIP=2.2.2.2

TunnelID IfID PktLoss(per mill) Delay(ms) Jitter(ms) CQI

-----------------------------------------------------------------------------------

2 2 45 30 4 90

2 3 50 20 3 70

2 4 65 25 2 85

2 5 40 30 4 90

SaaS application: App2

GatewayInfo: SiteID=10 DevID=5 GatewayIP=1.1.1.1

TunnelID IfID PktLoss(per mill) Delay(ms) Jitter(ms) CQI

------------------------------------------------------------------------------

4 2 45 10 3 80

4 3 50 20 3 85

4 4 55 25 4 95

4 5 45 10 6 70

GatewayInfo: SiteID=20 DevID=4 GatewayIP=2.2.2.2

TunnelID IfID PktLoss(per mill) Delay(ms) Jitter(ms) CQI

-----------------------------------------------------------------------------------

4 2 40 20 4 85

4 3 30 10 5 95

4 4 30 10 3 85

4 5 50 15 6 75

Table 13 Command output

Field	Description
SaaS application	SaaS application name.
DirectInterface	Name of an interface through which the device can directly access the SaaS application.
PktLoss	Packet loss ratio per mille.
Delay	Path delay, in milliseconds.
Jitter	Path jitter, in milliseconds.
CQI	Approximate overall CQI value for the path.
GatewayInfo	Gateway information.
SiteID	Gateway site ID.
DevID	Gateway device ID.
GatewayIP	Gateway IP address. A gateway IP address uniquely identifies a gateway.
TunnelID	SDWAN tunnel ID.
IfID	Interface ID of the peer TTE for the SDWAN tunnel.

expect-quality

Use expect-quality to set the expected delay, jitter, and packet loss ratio for accessing a SaaS application.

Use undo expect-quality to restore the default.

Syntax

expect-quality delay delay-value jitter jitter-value packet-loss packet-loss-ratio

undo expect-quality

Default

The expected delay, jitter, and packet loss ratio for accessing a SaaS application are 10 milliseconds, 100 milliseconds, and 100‰, respectively.

Views

SaaS application instance view

Predefined user roles

network-admin

Parameters

delay delay-value: Sets the expected delay, in the range of 0 to 3600000 milliseconds.

jitter jitter-value: Sets the expected jitter, in the range of 10 to 60000 milliseconds.

packet-loss packet-loss-ratio: Specifies the expected packet loss ratio, in the range of 0 to 1000 per mille.

Usage guidelines

When the device performs path optimization for traffic that accesses a SaaS application, it probes quality for the paths that can access the SaaS application. The device calculates CQI values for the paths based on the probe results and the configured expected quality values to evaluate path quality.

Examples

# Set the expected delay, jitter, and packet loss ratio for accessing SaaS application App1 to 1000 milliseconds, 1000 milliseconds, and 500‰, respectively.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] application-instance App1

[Sysname-saas-pathoptimize-App1] expect-quality delay 1000 jitter 1000 packet-loss 500

Related commands

cqi-weight (SaaS application instance view)

health-url

Use health-url to configure the health check URL for a SaaS application.

Use undo health-url to restore the default.

Syntax

health-url health-url

undo health-url

Default

No health check URL is configured for a SaaS application.

Views

SaaS application instance view

Predefined user roles

network-admin

Parameters

health-url: Specifies a URL as the health check URL. The URL is a case-insensitive string of 1 to 63 characters. The string cannot contain a back slash (\), quotation mark, question mark (?), or space. If the string contains an asterisk (*), the asterisk (*) must be the first character.

Usage guidelines

When the device performs path optimization for traffic that accesses a SaaS application, it probes quality for paths that access the SaaS application through the health check URL. Based on the probe results, the device selects an optimal path for the traffic that accesses the SaaS application.

This command is applicable only to user-defined SaaS application instances. The system defines a health check URL for each predefined SaaS application instance. You cannot change the health check URL of a predefined SaaS application instance.

If the health check URL has not been added to a user-defined SaaS application instance, this command automatically adds the URL to the application instance as an access URL.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the health check URL as www.app1url1.com for user-defined SaaS application App1.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] application-instance App1

[Sysname-saas-pathoptimize-App1] health-url www.app1url1.com

Related commands

url

node-type

Use node-type to specify a node type for the device.

Use undo node-type to restore the default.

Syntax

node-type { client [ allow-direct-access ] | gateway }

undo node-type

Default

No node type is specified for the device.

Views

SaaS path optimization view

Predefined user roles

network-admin

Parameters

client: Configures the device as a client.

allow-direct-access: Allows the device to directly access SaaS applications through local interfaces. If you do not specify this keyword following the client keyword, the device acts only as a client and it must access SaaS applications via a gateway.

gateway: Configures the device as a gateway.

Usage guidelines

The device can use one of the following methods to access SaaS applications:

· Direct access—The device directly accesses SaaS applications through local interfaces and performs SaaS path optimization based on local quality information for the paths that can directly access SaaS applications.

· Access via a gateway—The device acts as a client and accesses SaaS applications via a gateway. For high availability, deploy multiple gateways. The device performs SaaS path optimization based on quality information for the paths that can access SaaS applications via a gateway. An indirect access path contains an SDWAN tunnel between the client and gateway and a path from the gateway to a SaaS application. The device uses the quality probe mechanisms in RIR-SDWAN to probe the SDWAN tunnel quality. In addition, the device receives path quality information advertised from the gateway for the optimal paths that the gateway uses to access SaaS applications. Based on the information, the device obtains the quality of the indirect access path.

CPEs at the gateway site use BGP IPv4 tunnel-encap-ext routes to advertise SaaS path quality information to an RR. The RR reflects the routes to other CPEs.

· Hybrid access—The device can directly access SaaS applications without using a gateway and access SaaS applications via a gateway. The device can select optimal paths based on path quality information from both the paths that can directly access SaaS applications and the paths that access SaaS applications via a gateway.

Specify a node type for the device according to the method that the device uses to access SaaS applications.

· If the device must use a gateway to access SaaS applications, configure the device as a client without specifying the allow-direct-access keyword.

· If the device directly accesses SaaS applications without using a gateway or uses the hybrid method to access SaaS applications, configure the device as a client and specify the allow-direct-access keyword.

· If the device directly accesses SaaS applications without using a gateway and acts as a gateway for other devices to access SaaS applications, configure the device as a gateway.

If the device uses a gateway to access SaaS applications or uses the hybrid method to access SaaS applications, you must enable RIR-SDWAN on the device. This operation ensures that the device can correctly perform SaaS path optimization.

If the device only accesses SaaS applications directly without using a gateway, you can enable RIR-VXLAN or RIR-SDWAN.

Examples

# Configure the device as a client and allow the client to directly access SaaS applications through local interfaces.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] node-type client allow-direct-access

saas-path-optimize

Use saas-path-optimize to create the SaaS path optimization view.

Use undo saas-path-optimize to delete the SaaS path optimization view and all settings in the view.

Syntax

saas-path-optimize

undo saas-path-optimize

Default

The SaaS path optimization view does not exist.

Views

System view

Predefined user roles

network-admin

Usage guidelines

SaaS path optimization enables the device to select optimal paths for traffic that accesses SaaS applications and adjust the optimal paths accordingly when path quality changes. In SaaS path optimization view, you can configuration parameters for SaaS path optimization.

If the RIR process is not enabled on the device, executing this command also enables the RIR process. Executing the undo form of the command does not disable the RIR process.

To disable the RIR-VXLAN or RIR-SDWAN service, you must first use the undo saas-path-optimize command to delete the SaaS path optimization view.

Examples

# Enter SaaS path optimization view.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize]

Related commands

rir

rir sdwan

url

Use url to add URLs that can be used to access a user-defined SaaS application.

Use undo url to delete URLs that can be used to access a user-defined SaaS application.

Syntax

url url

undo url [ url ]

Default

No access URLs exist in a user-defined SaaS application instance.

Views

SaaS application instance view

Predefined user roles

network-admin

Parameters

url: Specifies a URL for accessing the SaaS application, a case-insensitive string of 1 to 63 characters. The string cannot contain a back slash (\), quotation mark ("), question mark (?), or space. If you do not specify a URL for the undo url command, the command deletes all URLs in the SaaS application instance except the health check URL.

Usage guidelines

This command is not supported by predefined SaaS applications. The access URLs of predefined SaaS applications are defined by the system. You cannot add, delete, or change access URLs for predefined SaaS applications.

When the device performs path optimization for traffic that accesses a SaaS application, it probes quality for paths that access the SaaS application through the health check URL. When the device receives a DNS request that contains a URL for accessing the SaaS application, it performs the following operations for SaaS path optimization:

1. Selects an optimal path based on the path quality information obtained by probing the health check URL.

2. Forwards the DNS request through the optimal path.

3. Associates the IP address in the received DNS response with the optimal path and adds the association as an optimal path entry.

4. Forwards the DNS response to the user.

5. Upon receiving a packet destined for the IP address in the optimal path entry, the device forwards the packet through the optimal path.

Users can access predefined SaaS applications through static IP addresses. When the device receives a service packet destined for a static IP address specified in a predefined SaaS application instance, it examines whether an optimal path entry exists for the static IP address.

· If an optimal path entry exists for the static IP address, the device forwards the packet based on the entry.

· If no optimal path entry exists for the static IP address, the device selects an optimal path based on the quality information for paths that can access the SaaS application. Then, the device forwards the packet through the optimal path, associates the static IP address with the optimal path, and adds the association as an optimal path entry.

A URL can be added only to one SaaS application instance.

The undo url command cannot delete the health check URL.

You can add a maximum of 100 URLs to a user-defined SaaS application instance.

Examples

# Add URL www.app1url1.com for accessing SaaS application App1.

<Sysname> system-view

[Sysname] saas-path-optimize

[Sysname-saas-pathoptimize] application-instance App1

[Sysname-saas-pathoptimize-App1] url www.app1url1.com

Related commands

health-url

08-Layer 3—IP Routing Command References

probe interval (NQA link quality operation view)

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us