Login
- Table of Contents
-
- 10-MPLS Command Reference
- 00-Preface
- 01-Basic MPLS commands
- 02-Static LSP commands
- 03-LDP commands
- 04-MPLS TE commands
- 05-Static CRLSP commands
- 06-RSVP commands
- 07-Tunnel policy commands
- 08-MPLS L3VPN commands
- 09-IPv6 MPLS L3VPN commands
- 10-MPLS L2VPN commands
- 11-VPLS commands
- 12-MPLS OAM commands
- 13-MCE commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-IPv6 MPLS L3VPN commands | 253.25 KB |
address-family ipv6 (VPN instance view)
display bgp routing-table vpnv6
display bgp routing-table vpnv6 inlabel
display bgp routing-table vpnv6 outlabel
ext-community-type (OSPFv3 view)
peer advertise vpn-reoriginate ibgp (BGP VPNv6 address family view)
route-replicate (public instance IPv6 address family view)
route-replicate (VPN instance IPv6 address family view)
rr-filter (BGP VPNv6 address family view)
IPv6 MPLS L3VPN commands
This chapter describes only IPv6 MPLS L3VPN-specific commands. For information about the commands available for both IPv4 MPLS L3VPN and IPv6 MPLS L3VPN, see "MPLS L3VPN commands."
address-family ipv6 (VPN instance view)
Use address-family ipv6 to enter VPN instance IPv6 address family view.
Use undo address-family ipv6 to remove all configurations from VPN instance IPv6 address family view.
Syntax
address-family ipv6
undo address-family ipv6
Views
VPN instance view
Predefined user roles
network-admin
Usage guidelines
In VPN instance IPv6 address family view, you can configure IPv6 VPN parameters such as inbound and outbound routing policies.
Examples
# Enter VPN instance IPv6 address family view.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] address-family ipv6
[Sysname-vpn-ipv6-vpn1]
Related commands
address-family ipv4 (VPN instance view)
address-family vpnv6
Use address-family vpnv6 to create the BGP VPNv6 address family and enter its view, or enter the view of the existing BGP VPNv6 address family.
Use undo address-family vpnv6 to remove the BGP VPNv6 address family and all configurations in address family view.
Syntax
address-family vpnv6
undo address-family vpnv6
Default
The BGP VPNv6 address family is not created.
Views
BGP instance view
Predefined user roles
network-admin
Usage guidelines
A VPNv6 address consists of an RD and an IPv6 prefix. In IPv6 MPLS L3VPNs, PEs exchange BGP VPNv6 routes.
For a PE to exchange BGP VPNv6 routes with a BGP peer, you must enable that peer by executing the peer enable command in BGP VPNv6 address family view.
In BGP VPNv6 address family view, you can configure the following settings:
· BGP VPNv6 route attributes, such as the preferred value.
· Whether to allow the local AS number to appear in the AS_PATH attribute of received route updates.
Examples
# Create the BGP VPNv6 address family and enter its view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family vpnv6
[Sysname-bgp-default-vpnv6]
advertise route-reoriginate
Use advertise route-reoriginate to re-originate the BGP unicast routes from other VPN instances.
Use undo advertise route-reoriginate to restore the default.
Syntax
advertise route-reoriginate [ route-policy route-policy-name ] [ replace-rt ]
undo advertise route-reoriginate
Default
A VPN instance cannot re-originate the BGP unicast routes from other VPN instances.
Views
BGP-VPN IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
route-policy route-policy-name: Specifies a routing policy to filter the routes to be re-originated. The route-policy-name argument represents the name of the routing policy, a case-sensitive string of 1 to 63 characters.
replace-rt: Changes the route target attribute of re-originated routes to that of the current VPN instance. If you do not specify this keyword, re-originated routes use their original route target attributes.
Usage guidelines
Application scenarios
This command is primarily used to fulfill the following requirements:
· Interworking in heterogeneous networks—In heterogeneous networks, BGP routes that can propagate in one type of network usually cannot propagate in another type. Therefore, it is necessary to reoriginate BGP routes at network border devices, modifying the information carried by the BGP routes. The route origination transforms routes that propagate within one network into routes that can propagate and be recognized in another network, achieving end-to-end transmission of routing information.
· Reoriginating routing information—In some scenarios, the device needs to carry its local information in BGP routes when it forwards the routes. To achieve this purpose, you can configure the device to reoriginate the received BGP routes. The reoriginated BGP routes are considered as locally generated routes, so that they can carry local information.
Operating mechanism
BGP routes in local BGP-VPN instances or BGP routes received from remote BGP peers can be imported into a local BGP-VPN instance through RT matching. After the advertise route-reoriginate command is executed in BGP-VPN IPv4 unicast address family view of that BGP-VPN instance, these imported BGP routes can be reoriginated. The reoriginated BGP routes are considered as locally generated routes. Therefore, the reoriginated routes carry the RD of the local VPN instance, and the device can modify the information of the reoriginated routes, such as the carried RT and whether to allocate local VPN labels to the routes.
Restrictions and guidelines
This command can reoriginate the BGP routes that are imported into a local VPN instance and have a different RD from that of the local VPN instance. It cannot reoriginate the BGP routes that are received from remote peers and have the same RD as that of the local VPN instance.
A route received from an IBGP peer will not be advertised to other IBGP peers after being re-originated. To advertise the route to IBGP peers, you must execute the peer advertise vpn-reoriginate ibgp command.
Examples
# In VPN instance vpn1, re-originate the BGP unicast routes from other VPN instances.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ip vpn-instance vpn1
[Sysname-bgp-default-vpn1] address-family ipv6
[Sysname-bgp-default-ipv6-vpn1] advertise route-reoriginate
Related commands
peer advertise vpn-reoriginate ibgp
apply-label
Use apply-label to specify a label allocation mode.
Use undo apply-label to restore the default.
Syntax
apply-label { per-instance [ static static-label-value ] | per-route }
undo apply-label
Default
BGP allocates labels on a per-next-hop basis.
Views
VPN instance IPv6 address family view
Predefined user roles
network-admin
Parameters
per-instance: Allocates a label to each VPN instance. All routes in the VPN instance use the same label.
static static-label-value: Specifies a static label value. The value range for the static-label-value argument is 16 to 1048575. If you do not specify this option, BGP randomly allocates a label value to the VPN instance.
per-route: Allocates a label to each route. Each route in the VPN instance uses an exclusive label.
Usage guidelines
|
|
CAUTION: After you change the label allocation mode, BGP re-advertises all routes in the VPN instance, which will cause service interruption. Use this command with caution. |
BGP supports the following label allocation modes:
· Per-next-hop—Allocates a label to each next hop. Use this mode when the number of labels required by the per-route mode exceeds the maximum number of labels supported by the device.
· Per-route—Allocates a label to each route.
· Per-VPN-instance—Allocates a label to each VPN instance. Use this mode when a large number of VPN routes exist on the PE.
When you specify the per-route or per-next-hop label allocation mode, you can execute the vpn popgo command to specify the POPGO forwarding mode on an egress PE. The egress PE will pop the label for each packet and forward the packet out of the interface corresponding to the label.
When you specify the per-VPN-instance label allocation mode, do not execute the vpn popgo command because it is mutually exclusive with the apply-label per-instance command. The egress PE will pop the label for each packet and forward the packet through the FIB table.
Examples
# In VPN instance IPv6 address family view, allocate static label 10000 to VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] address-family ipv6
[Sysname-vpn-ipv6-vpn1] apply-label per-instance static 10000
This configuration causes service interruption. Continue? [Y/N]:y
Related commands
vpn popgo
disable-dn-bit-check
Use disable-dn-bit-check to ignore the DN bit in OSPFv3 LSAs.
Use undo disable-dn-bit-check to restore the default.
Syntax
disable-dn-bit-check
undo disable-dn-bit-check
Default
A PE checks the DN bit in OSPFv3 LSAs.
Views
OSPFv3 view
Predefined user roles
network-admin
Usage guidelines
When a PE redistributes BGP routes into OSPFv3 and creates OSPFv3 LSAs, it sets the DN bit for the LSAs. When receiving the LSAs whose DN bit is set, the other PEs ignore the LSAs in route calculation to avoid routing loops.
If all LSAs from other PEs, including the LSAs whose DN bit is set, are required for route calculation, use the disable-dn-bit-check command to ignore the DN bit.
Before using this command, make sure it does not cause any routing loops.
This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.
Examples
# Ignore the DN bit in LSAs for VPN OSPFv3 process 100.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] disable-dn-bit-check
Related commands
disable-dn-bit-set
display ospfv3 (Layer 3—IP Routing Command Reference)
disable-dn-bit-set
Use disable-dn-bit-set to disable setting the DN bit in OSPFv3 LSAs.
Use undo disable-dn-bit-set to restore the default.
Syntax
disable-dn-bit-set
undo disable-dn-bit-set
Default
When a PE redistributes BGP routes into OSPFv3 and creates OSPFv3 LSAs, it sets the DN bit for the LSAs.
Views
OSPFv3 view
Predefined user roles
network-admin
Usage guidelines
When a PE redistributes BGP routes into OSPFv3 and creates OSPFv3 LSAs, it sets the DN bit for the LSAs. When receiving the LSAs whose DN bit is set, the other PEs ignore the LSAs in route calculation to avoid routing loops.
If other PEs require all LSAs from a local PE for route calculation, use the disable-dn-bit-set command to disable setting the DN bit in the LSAs.
Before using this command, make sure it does not cause any routing loops.
This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.
Examples
# Disable setting the DN bit in LSAs for VPN OSPFv3 process 100.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] disable-dn-bit-set
Related commands
disable-dn-bit-check
display ospfv3 (Layer 3—IP Routing Command Reference)
display bgp routing-table vpnv6
Use display bgp routing-table vpnv6 to display BGP VPNv6 routing information.
Syntax
display bgp [ instance instance-name ] routing-table vpnv6 [ [ route-distinguisher route-distinguisher ] [ ipv6-address prefix-length [ advertise-info ] | ipv6-address prefix-length { as-path | cluster-list | community | ext-community } | peer ipv4-address { advertised-routes | received-routes } [ ipv6-address prefix-length | statistics ] | statistics ]
display bgp [ instance instance-name ] routing-table vpnv6 [ route-distinguisher route-distinguisher ] as-path-acl { as-path-acl-number | as-path-acl-name }
display bgp [ instance instance-name ] routing-table vpnv6 [ route-distinguisher route-distinguisher ] [ statistics ] community [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] [ whole-match ]
display bgp [ instance instance-name ] routing-table vpnv6 [ route-distinguisher route-distinguisher ] [ statistics ] community-list { basic-community-list-number | comm-list-name | adv-community-list-number } [ whole-match ]
display bgp [ instance instance-name ] routing-table vpnv6 [ route-distinguisher route-distinguisher ] [ statistics ] ext-community [ bandwidth link-bandwidth-value | color color | rt route-target | soo site-of-origin ]&<1-32> [ whole-match ]
display bgp [ instance instance-name ] routing-table vpnv6 [ same-rd-selected ]
display bgp [ instance instance-name ] routing-table vpnv6 system-ip
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays BGP VPNv6 routes in the default BGP instance.
route-distinguisher route-distinguisher: Specifies an RD, a string of 3 to 21 characters in one of the following formats:
· 16-bit AS number:32-bit user-defined number. For example, 101:3.
· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.
· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.
ipv6-address prefix-length: Displays detailed information about the BGP VPNv6 route that exactly matches the specified network address and prefix length. The prefix length is in the range of 0 to 128. If you do not specify this argument, the command displays brief information about all BGP VPNv6 routes.
advertise-info: Displays BGP VPNv6 route advertisement information.
as-path: Displays AS_PATH attribute information for the specified BGP VPNv6 unicast route.
cluster-list: Displays CLUSTER_LIST attribute information for the specified BGP VPNv6 unicast route.
community: Displays COMMUNITY attribute information for the specified BGP VPNv6 unicast route, or displays BGP VPNv6 unicast routes that match the specified community attribute.
ext-community: Displays extended community attribute information for the specified BGP VPNv6 unicast route, or displays BGP VPNv6 unicast routes that match the specified extended community attribute.
peer: Displays BGP VPNv6 routing information advertised to or received from a peer.
ipv4-address: Specifies the peer IPv4 address.
advertised-routes: Displays BGP VPNv6 routing information advertised to the specified peer.
received-routes: Displays BGP VPNv6 routing information received from the specified peer.
statistics: Displays BGP VPNv6 routing statistics.
as-path-acl as-path-acl-number: Displays BGP VPNv6 routes that match the AS path list specified by its number in the range of 1 to 256.
as-path-acl as-path-acl-name: Displays BGP VPNv6 routes that match the AS path list specified by its name, a case-sensitive string of 1 to 51 characters. The name cannot contain only digits.
community-number&<1-32>: Specifies a community sequence number. The value range for the community-number argument is 1 to 4294967295. &<1-32> indicates that a maximum of 32 numbers can be specified.
aa:nn&<1-32>: Specifies a community number. Both aa and nn are in the range of 0 to 65535. &<1-32> indicates that a maximum of 32 numbers can be specified.
internet: Displays BGP VPNv6 routes that have the INTERNET community attribute. Routes with this attribute can be advertised to all BGP peers. By default, all routes have this attribute.
no-advertise: Displays BGP VPNv6 routes that have the NO_ADVERTISE community attribute. Routes with this attribute cannot be advertised to any peers.
no-export: Displays BGP VPNv6 routes that have the NO_EXPORT community attribute. Routes with this attribute cannot be advertised outside the local AS or confederation, but can be advertised to other sub-ASs in the confederation.
no-export-subconfed: Displays BGP VPNv6 routes that have the NO_EXPORT_SUBCONFED community attribute. Routes with this attribute cannot be advertised outside the local AS or to other sub-ASs in the confederation.
whole-match: Displays BGP VPNv6 routes exactly matching the specified community list, community attribute, or extended community attribute. If you do not specify this keyword, the command displays BGP VPNv6 routes whose COMMUNITY attributes include the specified community list, community attribute, or extended community attribute.
community-list: Displays BGP VPNv6 routes that match a BGP community list.
basic-community-list-number: Specifies a basic community list by its number in the range of 1 to 99.
comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters.
adv-community-list-number: Specifies an advanced community list by its number in the range of 100 to 199.
bandwidth link-bandwidth-value: Specifies the link bandwidth extended community attribute. The link-bandwidth-value argument is a string of 3 to 16 characters in 16-bit AS number:32-bit user-defined number format, for example, 100:3. The value range for the AS number is 0 to 65535. The value range for the user-defined number is 0 to 4294967295.
color color: Specifies the color extended community attribute, a string of 4 to 13 characters in Color-Only (CO) flag value:color-value, for example, 10:3. The CO flag value is a binary number in the range of 00 to 11. The color value range is 0 to 4294967295.
rt route-target: Specifies the Route Target (RT) extended community attribute. An RT is a string of 3 to 24 characters.
soo site-of-origin: Specifies the Site of Origin (SoO) extended community attribute. An SoO is a string of 3 to 24 characters.
An RT or SoO can be in one of the following formats:
· 16-bit AS number:32-bit user-defined number, for example, 101:3. The value range for the AS number is 0 to 65535. The value range for the user-defined number is 0 to 4294967295.
· 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. The value range for the user-defined number is 0 to 65535.
· 32-bit AS number:16-bit user-defined number, for example, 70000:3. The value range for the AS number is 65536 to 4294967295. The value range for the user-defined number is 0 to 65535.
· 32-bit IP address/IPv4 mask:16-bit user-defined number, for example, 192.168.122.15/24:1.
· 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1.
&<1-32> indicates that a maximum of 32 extended community attribute values can be specified.
same-rd-selected: Displays only the routes that BGP added to the IPv6 routing tables of VPN instances after the bestroute same-rd command is executed. If you do not specify this keyword, the command displays all BGP VPNv6 routes.
system-ip: Displays VPNv6 routes generated based on the Priority-Color extended community attribute in the routing tables of all BGP-VPN instances.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all BGP VPNv6 routes.
If you do not specify the community-number, aa:nn, internet, no-advertise, no-export, and no-export-subconfed parameters, this command displays BGP VPNv6 routes that carry any community attributes regardless of whether the whole-match keyword is specified or not.
If you do not specify the bandwidth, color, rt, and soo parameters, this command displays BGP VPNv6 routes that carry any extended community attributes regardless of whether the whole-match keyword is specified or not.
Examples
# Display brief information about all BGP VPNv6 routes in the default BGP instance.
<Sysname> display bgp routing-table vpnv6
BGP local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 5
Total number of routes from all PEs: 5
Route distinguisher: 100:1(vpn1)
Total number of routes: 4
* > Network : 2001:1:: PrefixLen : 96
NextHop : :: LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* e Network : 2001:1:: PrefixLen : 96
NextHop : 2001:1::1 LocPrf :
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: 65410?
* > Network : 2001:1::2 PrefixLen : 128
NextHop : ::1 LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
Route distinguisher: 200:1
Total number of routes: 1
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
# Display information about BGP VPNv6 routes matching AS_PATH list 1 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 as-path-acl 1
BGP local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 5
Total number of routes from all PEs: 5
Route distinguisher: 100:1(vpn1)
Total number of routes: 4
* > Network : 2001:1:: PrefixLen : 96
NextHop : :: LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* e Network : 2001:1:: PrefixLen : 96
NextHop : 2001:1::1 LocPrf :
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: 65410?
* > Network : 2001:1::2 PrefixLen : 128
NextHop : ::1 LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
Route distinguisher: 200:1
Total number of routes: 1
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
# Display information about BGP VPNv6 routes matching BGP community list 100 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 community-list 100
BGP local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of VPN routes: 5
Total number of routes from all PEs: 5
Route distinguisher: 100:1(vpn1)
Total number of routes: 4
* > Network : 2001:1:: PrefixLen : 96
NextHop : :: LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* e Network : 2001:1:: PrefixLen : 96
NextHop : 2001:1::1 LocPrf :
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: 65410?
* > Network : 2001:1::2 PrefixLen : 128
NextHop : ::1 LocPrf :
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: ?
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
Route distinguisher: 200:1
Total number of routes: 1
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
# Display information about public BGP VPNv6 routes advertised to 3.3.3.9 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 advertised-routes
Total number of routes: 1
BGP local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Route distinguisher: 100:1
Total number of routes: 1
* > Network : 2001:1:: PrefixLen : 96
NextHop : :: LocPrf :
MED : 0 OutLabel : NULL
Path/Ogn: ?
# Display information about public BGP VPNv6 routes received from 3.3.3.9 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 received-routes
Total number of routes: 1
BGP local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Route distinguisher: 200:1
Total number of routes: 1
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 LocPrf : 100
PrefVal : 0 OutLabel : 1279
MED : 0
Path/Ogn: ?
# Display VPNv6 routes generated based on the Priority-Color extended community attribute in the routing tables of all BGP-VPN instances.
<Sysname> display bgp routing-table vpnv6 system-ip
BGP local router ID is 50.50.50.30
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external,
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Route distinguisher: 1:1(vpn1)
Total number of routes: 4
* >i Network : 100::8 PrefixLen : 128
NextHop : ::FFFF:50.50.50.50 LocPrf : 100
SystemIP: N/A Priority : 0
Path/Ogn: i
* i Network : 100::8 PrefixLen : 128
NextHop : ::FFFF:50.50.50.50 LocPrf : 100
SystemIP: ::FFFF:10.10.10.10 Priority : 1
Path/Ogn: i
|
Field |
Description |
|
BGP local router ID |
Router ID of the local BGP router. |
|
Status codes |
Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route. |
|
Origin |
Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols. |
|
Total number of VPN routes |
Total number of VPNv6 routes on the device. |
|
Total number of routes from all PEs |
Total number of VPNv6 routes received from all PEs and meeting the filtering criteria of the command. |
|
Network |
Network address. |
|
PrefixLen |
Prefix length. |
|
NextHop |
Address of the next hop. |
|
LocPrf |
Local preference value. |
|
PrefVal |
Preferred value. |
|
MED |
MULTI_EXIT_DISC attribute. |
|
Path/Ogn |
AS_PATH and Origin attributes. |
|
SystemIP |
System IP recursed based on the Priority-Color extended community attribute, which is the next hop of the route added to the IP routing table of the VPN instance. This field displays N/A for the primary route. |
|
Priority |
Priority of the Priority-Color extended community attribute based on which the route is generated. This field displays 0 for the primary route. |
# Display detailed information about BGP VPNv6 routes to 2::/64 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 2:: 64
BGP local router ID: 192.168.1.135
Local AS number: 200
Paths: 2 available, 1 best
BGP routing table information of 2::/64:
From : 10.1.1.1 (192.168.1.136)
Rely nexthop : ::FFFF:10.1.1.1
Original nexthop: ::FFFF:10.1.1.1
OutLabel : NULL
AS-path : 100
Origin : igp
Attribute value : MED 0, pref-val 0
State : valid, external, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Backup route.
From : 1::1 (192.168.1.136)
Rely nexthop : 1::1
Original nexthop: 1::1
OutLabel : NULL
AS-path : 100
Origin : igp
Attribute value : MED 0, pref-val 0
State : valid, external
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Table 2 Command output
|
Field |
Description |
|
BGP local router ID |
Router ID of the local BGP router. |
|
Paths |
Number of routes: · available—Available routes. · best—Optimal routes. |
|
BGP routing table information of 2::/64 |
Routing information for the BGP routes to 2::/64. |
|
From |
IP address of the BGP peer that advertises the route. |
|
Rely Nexthop |
Recursive next hop. If no recursive next hop is found, this field displays not resolved. |
|
Original nexthop |
Original next hop. If the route is learned from a BGP update, it is the next hop in the update message. |
|
Origin |
Route origin: · igp—Originated in the AS. The origin of routes advertised by the network command is IGP. · egp—Learned through EGP. · incomplete—Redistributed from IGP protocols. |
|
Attribute value |
BGP route attribute information: · MED—MED attribute. · localpref—Local preference. · pref-val—Preferred value. · pre—Protocol preference. |
|
State |
Route status: · valid—Valid route. · internal—Internal route. · external—External route. · local—Locally generated route. · best—Optimal route. · localredist—Routes replicated from the public instance or other local VPN instances to the current VPN instance. · remoteredist—Routes received from the remote end and then redistributed to the current VPN instance. · reoriginated—Reoriginated route. |
|
SystemIP |
System IP recursed based on the Priority-Color extended community attribute, which is the next hop of the route added to the IP routing table of the VPN instance. This field is not displayed for the primary route or route not generated based on the Priority-Color extended community attribute. |
|
IP precedence |
IP priority of a route, in the range of 0 to 7. N/A indicates that the route does not support this field. |
|
QoS local ID |
QoS local ID attribute of a route, in the range of 1 to 4095. N/A indicates that the route does not support this field. |
|
Traffic index |
Index of the traffic, in the range of 1 to 64. N/A indicates that the route does not support this field. |
# Display advertisement information for BGP VPNv6 routes to 2001:1::/96 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 2001:1:: 96 advertise-info
BGP local router ID: 1.1.1.9
Local AS number: 100
Route distinguisher: 100:1
Total number of routes: 1
Paths: 1 best
BGP routing table information of 2001:1::/96:
Advertised to VPN peers (1 in total):
3.3.3.9
Inlabel : 1279
Table 3 Command output
|
Field |
Description |
|
Paths |
Number of routes to the specified destination network. |
|
BGP routing table information of 2001:1::/96 |
Advertisement information for the BGP route to 2001:1::/96. |
|
Advertised to VPN peers (1 in total) |
VPNv6 peers to which the route is advertised, and the number of peers. |
|
Inlabel |
Incoming label of the route. |
# Display statistics about public BGP VPNv6 routes advertised to peer 3.3.3.9 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 advertised-routes statistics
Advertised routes total: 2
# Display statistics about public BGP VPNv6 routes received from peer 3.3.3.9 in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 received-routes statistic
Received routes total: 2
Table 4 Command output
|
Field |
Description |
|
Advertised routes total |
Total number of routes advertised to the specified peer. |
|
Received routes total |
Total number of routes received from the specified peer. |
# Display statistics about public BGP VPNv6 routes in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 statistics
Total number of routes from all PEs: 1
Route distinguisher: 100:1(vpn1)
Total number of routes: 4
Route distinguisher: 200:1
Total number of routes: 1
Table 5 Command output
|
Field |
Description |
|
Total number of routes from all PEs |
Total number of VPNv6 routes received from all PEs and meeting the filtering criteria of the command. |
|
Total number of routes |
Total number of VPNv6 routes with the specified RD. |
Related commands
apply extcommunity priority-color (Layer 3—IP Routing Command Reference)
ip as-path (Layer 3—IP Routing Command Reference)
display bgp routing-table vpnv6 inlabel
Use display bgp routing-table vpnv6 inlabel to display incoming labels for all BGP VPNv6 routes.
Syntax
display bgp [ instance instance-name ] routing-table vpnv6 inlabel
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays incoming labels for all BGP VPNv6 routes in the default BGP instance.
Examples
# Display incoming labels for all BGP VPNv6 routes.
<Sysname> display bgp routing-table vpnv6 inlabel
Total number of routes: 1
BGP local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Route distinguisher: 100:1
Total number of routes: 1
* > Network : 2001:1:: PrefixLen : 96
NextHop : :: OutLabel : NULL
InLabel : 1279
Table 6 Command output
|
Field |
Description |
|
BGP local router ID |
Router ID of the local BGP router. |
|
Status codes |
Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route. |
|
Origin |
Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols. |
|
OutLabel |
Outgoing label. If the peer PE assigns a null label, this field displays NULL. |
|
InLabel |
Incoming label. |
display bgp routing-table vpnv6 outlabel
Use display bgp routing-table vpnv6 outlabel to display outgoing labels for BGP VPNv6 routes.
Syntax
display bgp [ instance instance-name ] routing-table vpnv6 outlabel
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays outgoing labels for all BGP VPNv6 routes in the default BGP instance.
Examples
# Display outgoing labels for all BGP VPNv6 routes in the default BGP instance.
<Sysname> display bgp routing-table vpnv6 outlabel
BGP local router ID is 1.1.1.9
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 1
Route distinguisher: 100:1(vpn1)
Total number of routes: 1
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 OutLabel : 1279
Route distinguisher: 200:1
Total number of routes: 1
* >i Network : 2001:3:: PrefixLen : 96
NextHop : ::FFFF:3.3.3.9 OutLabel : 1279
Table 7 Command output
|
Field |
Description |
|
BGP local router ID |
Router ID of the local BGP router. |
|
Status |
Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route. |
|
Origin |
Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols. |
|
Total number of routes from all PEs |
Total number of routes received from all PEs and meeting the filtering criteria of the command. |
|
OutLabel |
Outgoing label. If the peer PE assigns a null label, this field displays NULL. |
display ospfv3 sham-link
Use display ospfv3 sham-link to display OSPFv3 sham link information.
Syntax
display ospfv3 [ process-id ] [ area area-id ] sham-link [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
process-id: Specifies an OSPFv3 process by its ID. The process ID is in the range of 1 to 65535. If you do not specify a process, this command displays sham link information for all OSPFv3 processes.
area area-id: Specifies an OSPFv3 area by its ID, which is an IP address, or an integer. The integer is in the range of 0 to 4294967295. If you do not specify an area, this command displays sham link information for all OSPFv3 areas.
verbose: Displays detailed sham link information. If you do not specify this keyword, the command displays brief sham link information.
Examples
# Display brief information about all OSPFv3 sham links.
<Sysname> display ospfv3 sham-link
OSPFv3 Process 1 with Router ID 125.0.0.1
Sham-link (Area: 0.0.0.1)
Neighbor ID State Instance ID Destination address
0.0.0.0 Down 1 1:1::58
95.0.0.1 P-2-P 1 1:1::95
# Display detailed information about all OSPFv3 sham links.
<Sysname> display ospfv3 sham-link verbose
OSPFv3 Process 1 with Router ID 125.0.0.1
Sham-link (Area: 0.0.0.1)
Source : 1:1::125
Destination : 1:1::58
Interface ID: 2147483649
Neighbor ID : 0.0.0.0, Neighbor state: Down
Cost: 1 State: Down Type: Sham Instance ID: 1
Timers: Hello 10, Dead 40, Retransmit 5, Transmit delay 1
Request list: 0 Retransmit list: 0
Keychain authentication: Enabled (test), inherited
Source : 1:1::125
Destination : 1:1::95
Interface ID: 2147483650
Neighbor ID : 95.0.0.1, Neighbor state: Full
Cost: 1 State: P-2-P Type: Sham Instance ID: 1
Timers: Hello 10, Dead 40, Retransmit 5, Transmit delay 1
Request list: 0 Retransmit list: 0
IPsec profile name: profile001
Keychain authentication: Enabled (test)
Table 8 Command output
|
Field |
Description |
|
Neighbor state |
Neighbor state for the sham link: Down, Init, 2-Way, ExStart, Exchange, Loading, or Full. |
|
Request list |
Number of LSAs in the request list. |
|
Retransmit list |
Number of LSAs in the retransmit list. |
|
IPsec profile name |
Name of the IPsec profile used by the sham link. |
|
Cryptographic authentication: HMAC-SHA-256, key ID: xx, inherited |
The OSPFv3 sham link uses the HMAC-SHA-256 authentication mode, and the key ID is xx. inherited indicates that the OSPFv3 sham link uses the authentication mode of its area. |
|
Cryptographic authentication: HMAC-SM3, key ID: xx, inherited |
The OSPFv3 sham link uses the HMAC-SM3 authentication mode, and the key ID is xx. inherited indicates that the OSPFv3 sham link uses the authentication mode of its area. |
|
Keychain authentication: Enabled (test), inherited |
Keychain authentication is enabled for the sham link, and the keychain test is used. The inherited attribute indicates that the sham link uses the authentication mode specified for the area where the sham link resides. |
domain-id (OSPFv3 view)
Use domain-id to set an OSPFv3 domain ID.
Use undo domain-id to delete an OSPFv3 domain ID.
Syntax
domain-id { domain-id [ secondary ] | null }
undo domain-id [ domain-id | null ]
Default
The OSPFv3 domain ID is 0.
Views
OSPFv3 view
Predefined user roles
network-admin
Parameters
domain-id: Specifies an OSPFv3 domain ID, in one of the following formats:
· Integer, in the range of 0 to 4294967295. For example, 1.
· Dotted decimal notation. For example, 0.0.0.1.
· A string of 9 to 21 characters in the dotted decimal notation:16-bit user-defined number format. The value range for the 16-bit user-defined number is 0 to 65535. For example, 0.0.0.1:512.
secondary: Specifies a secondary domain ID. If you do not specify this keyword, the command specifies a primary domain ID.
null: Carries no domain ID in the community attribute.
Usage guidelines
When you redistribute OSPFv3 routes into BGP, BGP adds the primary domain ID to the redistributed BGP VPNv6 routes as a BGP extended community attribute. Then, BGP advertises the routes to the peer PE.
When the peer PE receives the routes, it compares the OSPFv3 domain ID in the routes with the locally configured primary and secondary domain IDs. OSPFv3 advertises these routes in Inter-Area-Prefix LSAs (Type 3 LSAs) if both the following conditions exist:
· The primary or secondary domain ID is the same as the received domain ID.
· The received routes are intra-area or inter-area routes.
Otherwise, OSPFv3 advertises these routes in AS External LSAs (Type 5 LSAs) or NSSA External LSAs (Type 7 LSAs).
A null domain ID and a domain ID of 0 are considered the same in domain ID comparison.
You cannot configure a secondary domain ID when the primary domain ID is configured as 0.
If you do not specify any parameters, the undo domain-id command restores the default.
This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.
Examples
# Set the primary domain ID for VPN OSPFv3 process 100 to 1.1.1.1.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] domain-id 1.1.1.1
Related commands
display ospfv3 (Layer 3—IP Routing Command Reference)
ext-community-type (OSPFv3 view)
Use ext-community-type to configure the type code of an OSPFv3 extended community attribute.
Use undo ext-community-type to restore the default.
Syntax
ext-community-type { domain-id type-code1 | route-type type-code2 | router-id type-code3 }
undo ext-community-type [ domain-id | route-type | router-id ]
Default
The type codes for domain ID, route type, and router ID are hex numbers 0005, 0306, and 0107, respectively.
Views
OSPFv3 view
Predefined user roles
network-admin
Parameters
domain-id type-code1: Specifies the type code for domain ID. Valid values are hex numbers 0005, 0105, 0205, and 8005.
route-type type-code2: Specifies the type code for route type. Valid values are hex numbers 0306 and 8000.
router-id type-code3: Specifies the type code for router ID. Valid values are hex numbers 0107 and 8001.
Examples
# Configure the type codes of domain ID, route type, and router ID as hex numbers 8005, 8000, and 8001, respectively, for VPN OSPFv3 process 100.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] ext-community-type domain-id 8005
[Sysname-ospfv3-100] ext-community-type route-type 8000
[Sysname-ospfv3-100] ext-community-type router-id 8001
Related commands
display ospfv3 (Layer 3—IP Routing Command Reference)
peer advertise vpn-reoriginate ibgp (BGP VPNv6 address family view)
Use peer advertise vpn-reoriginate ibgp to enable the device to advertise the BGP routes reoriginated for a VPN instance to an IBGP peer or peer group.
Use undo peer advertise vpn-reoriginate ibgp to cancel the configuration.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise vpn-reoriginate ibgp
undo { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } peer advertise vpn-reoriginate ibgp
Default
The device does not advertise the BGP routes reoriginated for a VPN instance to IBGP peers or peer groups.
Views
BGP VPNv6 address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.
ipv4-address: Specifies a peer by its IPv4 address. The peer must exist.
mask-length: Specifies a mask length in the range of 0 to 32. To specify a subnet, you must specify both the ipv4-address and mask-length arguments.
ipv6-address: Specifies a peer by its IPv6 address. The peer must exist.
prefix-length: Specifies a prefix length in the range of 0 to 128. To specify a subnet, you must specify both the ipv6-address and prefix-length arguments.
Usage guidelines
For application scenarios of this command, see advertise route-reoriginate. For this command to take effect, you must also execute the advertise route-reoriginate command.
This command enables the device to advertise the BGP routes reoriginated for VPN instances to IBGP peers after the advertise route-reoriginate command is executed for the VPN instances.
Examples
# In BGP VPNv6 address family view, enable the device to advertise the BGP routes reoriginated for VPN instances to IBGP peer 1::1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family vpnv6
[Sysname-bgp-default-vpnv6] peer 1::1 advertise vpn-reoriginate ibgp
Related commands
advertise route-reoriginate
peer advertise vpn-reoriginate ibgp (BGP VPNv4 address family view)
peer next-hop-vpn
Use peer next-hop-vpn to change the next hop of a BGP VPNv6 route received from a peer or peer group to a VPN instance address.
Use undo peer next-hop-vpn to restore the default.
Syntax
peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn
undo peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn
Default
The device does not change the next hop attribute of a received BGP VPNv6 route, and the next hop belongs to the public network.
Views
BGP VPNv6 address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The specified group must have been created.
ipv4-address: Specifies a peer by its IP address. The specified peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command changes the next hop of BGP VPNv6 routes received from the dynamic peers in the subnet.
Usage guidelines
By default, the device does not change the next hop attribute of a received BGP VPNv6 route. The next hop address of a BGP VPNv6 route is a public address. This command changes the next hop address of a BGP VPNv6 route received from a peer or peer group to a VPN instance address. The outgoing label of the VPNv6 route is also changed to an invalid value. For example, the device received a VPNv6 route and its next hop address is 10.1.1.1, which is a public address by default. After this command is executed, the next hop address changes to private address 10.1.1.1.
After this command is executed, the following applies:
· The device re-establishes the BGP sessions to the specified peer or to all peers in the specified peer group.
· The device receives a BGP VPNv6 route only when its RD is the same as a local RD.
· When advertising a BGP VPNv6 route received from the specified peer or peer group, the device does not change the route target attribute of the route.
· If you delete a VPN instance or its RD, BGP VPNv6 routes received from the specified peer or peer group and in the VPN instance will be deleted.
Examples
# In BGP VPNv6 address family view, change the next hop of BGP VPNv6 routes received from peer 1.1.1.1 to a VPN instance address.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family vpnv6
[Sysname-bgp-default-vpnv6] peer 1.1.1.1 next-hop-vpn
policy vpn-target
Use policy vpn-target to enable route target filtering of received VPNv6 routes. Only VPNv6 routes whose export route target attribute matches local import route target attribute are added to the routing table.
Use undo policy vpn-target to disable route target filtering, permitting all incoming VPNv6 routes.
Syntax
policy vpn-target
undo policy vpn-target
Default
The route target filtering feature is enabled for received VPNv6 routes.
Views
BGP VPNv6 address family view
Predefined user roles
network-admin
Usage guidelines
In an inter-AS option B scenario, an ASBR must save all incoming VPNv6 routes and advertise those routes to the peer ASBR. For this purpose, you must execute the undo policy vpn-target command on the ASBR to disable route target filtering.
Examples
# Disable route target filtering of received VPNv6 routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family vpnv6
[Sysname-bgp-default-vpnv6] undo policy vpn-target
route-replicate (public instance IPv6 address family view)
Use route-replicate to replicate routes from a VPN instance to the public instance.
Use undo route-replicate to cancel the configuration.
Syntax
route-replicate from vpn-instance vpn-instance-name protocol { bgp4+ as-number | direct | static | { isisv6 | ospfv3 | ripng } process-id | vlink-direct } [ advertise ] [ route-policy route-policy-name ]
undo route-replicate from vpn-instance vpn-instance-name protocol { bgp4+ as-number | direct | static | { isisv6 | ospfv3 | ripng } process-id | vlink-direct }
Default
The public instance cannot replicate routes from VPN instances.
Views
Public instance IPv6 address family view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Replicates routes from a VPN instance. The vpn-instance-name argument specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.
protocol: Replicates routes of the specified routing protocol.
bgp4+: Replicates IPv6 BGP routes.
as-number: Specifies an AS number in the range of 1 to 4294967295.
direct: Replicates IPv6 direct routes.
static: Replicates IPv6 static routes.
isisv6: Replicates IPv6 IS-IS routes.
ospfv3: Replicates OSPFv3 routes.
ripng: Replicates RIPng routes.
process-id: Specifies a process by its ID, in the range of 1 to 65535.
vlink-direct: Replicates IPv6 VLINK direct routes, which are generated based on ND entries learned by interfaces.
advertise: Allows the public instance to advertise replicated routes. If you do not specify this keyword, the public instance cannot advertise replicated routes.
route-policy route-policy-name: Applies a routing policy to replicated routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
Configure this command to enable the public network to communicate with a VPN instance by replicating routes from the VPN instance to the public instance.
The route-replicate from vpn-instance protocol direct command replicates IPv6 VLINK direct routes, but the VLINK direct routes cannot be added to the IPv6 FIB, causing traffic forwarding failures. To address this issue, you can specify the vlink-direct keyword to replicate IPv6 VLINK direct routes and add the routes to the IPv6 FIB.
Examples
# Replicates OSPFv3 routes from VPN instance vpn1 to the public instance.
<Sysname> system-view
[Sysname] ip public-instance
[Sysname-public-instance] address-family ipv6
[Sysname-public-instance-ipv6] route-replicate from vpn-instance vpn1 protocol ospfv3 1
route-replicate (VPN instance IPv6 address family view)
Use route-replicate to enable a VPN instance to replicate routes from the public instance or other VPN instances.
Use undo route-replicate to cancel the configuration.
Syntax
route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp4+ as-number | direct | static | { isisv6 | ospfv3 | ripng } process-id | vlink-direct } [ advertise ] [ route-policy route-policy-name ]
undo route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp4+ as-number | direct | static | { isisv6 | ospfv3 | ripng } process-id | vlink-direct }
Default
A VPN instance cannot replicate routes of the public instance or other VPN instances.
Views
VPN instance IPv6 address family view
Predefined user roles
network-admin
Parameters
public: Replicates routes from the public instance.
vpn-instance vpn-instance-name: Replicates routes from a VPN instance. The vpn-instance-name argument specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.
protocol: Replicates routes of the specified routing protocol.
bgp4+: Replicates IPv6 BGP routes.
as-number: Specifies an AS number in the range of 1 to 4294967295.
direct: Replicates IPv6 direct routes.
static: Replicates IPv6 static routes.
isisv6: Replicates IPv6 IS-IS routes.
ospfv3: Replicates OSPFv3 routes.
ripng: Replicates RIPng routes.
process-id: Specifies a process by its ID, in the range of 1 to 65535.
vlink-direct: Replicates IPv6 VLINK direct routes, which are generated based on ND entries learned by interfaces.
advertise: Allows the VPN instance to advertise replicated routes. If you do not specify this keyword, the VPN instance cannot advertise replicated routes.
route-policy route-policy-name: Applies a routing policy to replicated routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
In an IPv6 BGP/IPv6 MPLS L3VPN network, only VPN instances that have matching route targets can communicate with each other. This command allows a VPN instance to communicate with the public network or other VPN instances by replicating routing information of the public instance or other VPN instances.
In an intelligent traffic control network, traffic of different tenants is assigned to different VPNs. To enable the tenants to communicate with the public network, configure this command to replicate routes from the public instance to the VPN instances.
The route-replicate from vpn-instance protocol direct or route-replicate from public protocol direct command replicates IPv6 VLINK direct routes, but the VLINK direct routes cannot be added to the IPv6 FIB, causing traffic forwarding failures. To address this issue, you can specify the vlink-direct keyword to replicate IPv6 VLINK direct routes and add the routes to the IPv6 FIB.
Examples
# Replicates OSPFv3 routes from the public network to VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] address-family ipv6
[Sysname-vpn-ipv6-vpn1] route-replicate from public protocol ospfv3 1
route-tag (OSPFv3 view)
Use route-tag to configure an external route tag for redistributed VPN routes.
Use undo route-tag to restore the default.
Syntax
route-tag tag-value
undo route-tag
Default
If BGP runs within an MPLS backbone, and the BGP AS number is not greater than 65535, the first two octets of the external route tag are 0xD000, and the last two octets are the local BGP AS number. For example, if the local BGP AS number is 100, the external route tag value is 3489661028 (100 + the decimal value of 0xD0000000). If the AS number is greater than 65535, the external route tag is 0.
Views
OSPFv3 view
Predefined user roles
network-admin
Parameters
tag-value: Specifies the external route tag for redistributed VPN routes, in the range of 0 to 4294967295.
Usage guidelines
In a dual-homed scenario where OSPFv3 runs between the CE and the connected PEs (PE-A and PE-B, for example), you can use external route tags to avoid routing loops.
PE-A redistributes BGP VPNv6 routes from the peer PE into OSPFv3, and advertises these routes in the Type 5 or 7 LSAs to the CE. In these LSAs, PE-A adds the locally configured external route tag.
If the route-tag-check enable command is configured on the PE-B, it compares the external route tag in the receiving Type 5 or 7 LSAs with the locally configured tag. If they are the same, PE-B ignores the LSA in route calculation to avoid routing loops.
The commands used to configure the external route tag (in the descending order of tag priority) are as follows:
· import-route
· route-tag (for PEs) and default tag (for CEs and MCEs)
As a best practice, configure the same external route tag for PEs in the same area.
An external route tag is not transferred in any BGP extended community attribute. It takes effect only on PEs that receive BGP routes and generate OSPF Type 5 or 7 LSAs.
You can configure the same external route tag for different OSPF processes.
This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.
Examples
# Set the external route tag for redistributed VPN routes to 100 for VPN OSPFv3 process 100.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] route-tag 100
Related commands
default tag (Layer 3—IP Routing Command Reference)
display ospfv3 (Layer 3—IP Routing Command Reference)
import-route (Layer 3—IP Routing Command Reference)
route-tag-check enable
route-tag-check enable
Use route-tag-check enable to enable external route check for OSPFv3 LSAs.
Use undo route-tag-check enable to disable external route check for OSPFv3 LSAs.
Syntax
route-tag-check enable
undo route-tag-check enable
Default
The external route check feature is disabled for OSPFv3 LSAs.
Views
OSPFv3 view
Predefined user roles
network-admin
Usage guidelines
In a dual-homed scenario where OSPFv3 runs between the CE and the connected PEs (PE-A and PE-B, for example), you can use external route tags to avoid routing loops.
PE-A redistributes BGP VPNv6 routes from the peer PE into OSPFv3, and advertises these routes in the Type 5 or 7 LSAs to the CE. In these LSAs, PE-A adds the locally configured external route tag.
If external route check for OSPFv3 LSAs is enabled on PE-B, it compares the external route tag in the receiving Type 5 or 7 LSAs with the locally configured tag. If they are the same, PE-B ignores the LSA in route calculation to avoid routing loops.
Use the external route tag check feature only when the device does not support the DN bit. Otherwise, use the DN bit to avoid routing loops.
This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.
Examples
# Enable external route check in OSPFv3 LSAs for VPN OSPFv3 process 100.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] route-tag-check enable
Related commands
display ospfv3 (Layer 3—IP Routing Command Reference)
route-tag
rr-filter (BGP VPNv6 address family view)
Use rr-filter to create an RR reflection policy.
Use undo rr-filter to restore the default.
Syntax
rr-filter { ext-comm-list-number | ext-comm-list-name }
undo rr-filter
Default
An RR does not filter reflected routes.
Views
BGP VPNv6 address family view
Predefined user roles
network-admin
Parameters
ext-comm-list-number: Specifies an extended community list number in the range of 1 to 65535.
ext-comm-list-name: Specifies an extended community list name, a case-sensitive string of 1 to 63 characters. The name cannot contain only digits.
Usage guidelines
After this command is executed, only the VPNv6 routes that are permitted by the specified extended community list are reflected.
By configuring different RR reflection policies on RRs in a cluster, you can implement load balancing among the RRs.
For more information about extended community lists, see Layer 3—IP Routing Configuration Guide.
Examples
# Configure the RR to reflect only VPNv6 routes that are permitted by extended community list 10.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family vpnv6
[Sysname-bgp-default-vpnv6] rr-filter 10
Related commands
ip extcommunity-list (Layer 3—IP Routing Command Reference)
sham-link (OSPFv3 area view)
Use sham-link to create an OSPFv3 sham link.
Use undo sham-link to remove an OSPFv3 sham link or restore the defaults of specified parameters for an OSPFv3 sham link.
Syntax
sham-link source-ipv6-address destination-ipv6-address [ cost cost-value | dead dead-interval | hello hello-interval | instance instance-id | ipsec-profile profile-name | [ { hmac-sha-256 | hmac-sm3 } key-id { cipher | plain } string | keychain keychain-name ] | retransmit retrans-interval | trans-delay delay ] *
undo sham-link source-ipv6-address destination-ipv6-address [ cost | dead | hello | ipsec-profile | [ hmac-sha-256 | hmac-sm3 | keychain ] | retransmit | trans-delay ] *
Default
No OSPFv3 sham links exist.
Views
OSPFv3 area view
Predefined user roles
network-admin
Parameters
source-ipv6-address: Specifies the source IPv6 address of the sham link.
destination-ipv6-address: Specifies the destination IPv6 address of the sham link.
cost cost-value: Specifies the cost of the sham link, in the range of 1 to 65535. The default cost is 1.
dead dead-interval: Specifies the dead interval in the range of 1 to 32768 seconds. The default is 40 seconds. The dead interval configured on each end of the sham link must be identical, and it must be at least four times the hello interval.
hello hello-interval: Specifies the interval for sending hello packets, in the range of 1 to 8192 seconds. The default is 10 seconds. The hello interval configured on each end of the sham link must be identical.
instance instance-id: Specifies the instance ID of the sham link, in the range of 0 to 255. The default value is 0.
ipsec-profile profile-name: Specifies the IPsec profile for the sham link. The profile-name argument specifies the profile by its name, a case-insensitive string of 1 to 63 characters.
hmac-sha-256: Specifies the HMAC-SHA-256 authentication mode.
hmac-sm3: Specifies the HMAC-SM3 authentication mode.
key-id: Specifies a key ID in the range of 0 to 65535.
cipher: Specifies a key in encrypted form.
plain: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the key. The plaintext form of the key is a case-sensitive string of 1 to 255 characters. The encrypted form of the key is a case-sensitive string of 33 to 373 characters.
keychain: Specifies keychain authentication for the sham link.
keychain-name: Specifies a keychain by its name, a case-sensitive string of 1 to 63 characters.
retransmit retrans-interval: Specifies the interval for retransmitting LSAs, in the range of 1 to 3600 seconds. The default is 5 seconds.
trans-delay delay: Specifies the delay interval before the interface sends an LSA, in the range of 1 to 3600 seconds. The default is 1 second.
Usage guidelines
When a backdoor link exists between the two sites of a VPN, traffic is forwarded through the backdoor link. To forward VPN traffic over the backbone, you can create a sham link between PEs. A sham link is considered an OSPFv3 intra-area route.
The authentication mode specified for an OSPFv3 sham link has a higher priority than the authentication mode specified for the area where the sham link resides. If no authentication mode is specified for the sham link, the authentication mode specified for the area applies. A sham link can use only one of the HMAC-SHA-256, HMAC-SM3, and keychain authentication modes.
When keychain authentication is configured for an OSPFv3 sham link, OSPFv3 performs the following operations before sending a packet:
1. Obtains a valid send key from the keychain.
OSPFv3 does not send the packet if it fails to obtain a valid send key or the key ID is larger than 65535.
2. Uses the key ID, authentication algorithm, and key string to authenticate the packet.
If the key ID is greater than 65535, OSPFv3 does not send the packet.
When keychain authentication is configured for an OSPFv3 sham link, OSPFv3 performs the following operations after receiving a packet:
3. Uses the key ID carried in the packet to obtain a valid accept key from the keychain.
OSPFv3 discards the packet if it fails to obtain a valid accept key.
4. Uses the authentication algorithm and key string for the valid accept key to authenticate the packet.
If the authentication fails, OSPFv3 discards the packet.
OSPFv3 supports only the HMAC-SHA-256 and HMAC-SM3 authentication algorithms.
The ID of keys used for authentication can only be in the range of 0 to 65535.
Examples
# Create a sham link with the source address 1::1 and destination address 2::2.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] area 0
[Sysname-ospfv3-100-area-0.0.0.0] sham-link 1::1 2::2
Related commands
display ospfv3 sham-link
