Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-SDWAN commands | 339.34 KB |
address-family ipv4 tnl-encap-ext
display bgp routing-table ipv4 tnl-encap-ext
display sdwan peer-connection status
evpn-sdwan nexthop-recursive priority-color-only
peer advertise encap-type sdwan
sdwan encapsulation global-udp-port
SDWAN commands
address-family ipv4 tnl-encap-ext
Use address-family ipv4 tnl-encap-ext to create the BGP IPv4 tunnel-encap-ext address family and enter BGP IPv4 tunnel-encap-ext address family view, or directly enter BGP IPv4 tunnel-encap-ext address family view if the BGP IPv4 tunnel-encap-ext address family already exists.
Use undo address-family ipv4 tnl-encap-ext to delete the BGP IPv4 tunnel-encap-ext address family and all settings in the address family.
Syntax
address-family ipv4 tnl-encap-ext
undo address-family ipv4 tnl-encap-ext
Default
The BGP IPv4 tunnel-encap-ext address family does not exist.
Views
BGP instance view
Predefined user roles
network-admin
Usage guidelines
Settings in BGP IPv4 tunnel-encap-ext address family view take effect only on routes in the BGP IPv4 tunnel-encap-ext address family.
Examples
# In BGP instance view, create the BGP IPv4 tunnel-encap-ext address family and enter BGP IPv4 tunnel-encap-ext address family view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 tnl-encap-ext
[Sysname-bgp-default-tnlencap-ipv4]
display bgp routing-table ipv4 tnl-encap-ext
Use display bgp routing-table ipv4 tnl-encap-ext to display information about BGP IPv4 tunnel-encap-ext routes.
Syntax
display bgp [ instance instance-name ] routing-table ipv4 tnl-encap-ext [ peer ipv4-address { advertised-routes | received-routes } [ statistics ] | [ route-type { tte | tte-ext-local | tte-ipv6 | tte-qos | saas-path } ] [ { tnlencap-route route-length | tnlencap-prefix } [ advertise-info | as-path | cluster-list | community | ext-community ] ] | statistics ]
display bgp [ instance instance-name ] routing-table ipv4 tnl-encap-ext [ statistics ] community [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] [ whole-match ]
display bgp [ instance instance-name ] routing-table ipv4 tnl-encap-ext [ statistics ] community-list { basic-community-list-number | comm-list-name | adv-community-list-number } [ whole-match ]
display bgp [ instance instance-name ] routing-table ipv4 tnl-encap-ext [ statistics ] ext-community [ bandwidth link-bandwidth-value | color color | rt route-target | soo site-of-origin ]&<1-32> [ whole-match ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays information about BGP IPv4 tunnel-encap-ext routes in the default instance.
peer: Displays BGP IPv4 tunnel-encap-ext routes advertised to or received from a peer.
ipv4-address: Specifies the peer by its IPv4 address.
advertised-routes: Displays BGP IPv4 tunnel-encap-ext routes advertised to the specified peer.
received-routes: Displays BGP IPv4 tunnel-encap-ext routes received from the specified peer.
statistics: Displays BGP IPv4 tunnel-encap-ext route statistics.
route-type: Specifies a type of BGP IPv4 tunnel-encap-ext routes.
tte: Specifies transport tunnel endpoint (TTE) advertisement routes.
tte-ext-local: Specifies extra local transport tunnel endpoint (TTE) advertisement routes.
tte-ipv6: Specifies IPv6 transport tunnel endpoint (TTE) advertisement routes.
tte-qos: Specifies QoS transport tunnel endpoint (TTE) advertisement routes.
saas-path: Specifies Software as a Service (SaaS) access path quality advertisement routes.
tnlencap-route: Displays detailed information about a BGP IPv4 tunnel-encap-ext route. The tnlencap-route argument is a string of 1 to 512 characters.
route-length: Specifies the length of the specified BGP IPv4 tunnel-encap-ext route, in bits. The value range is 0 to 65535.
tnlencap-prefix: Displays detailed information about a BGP IPv4 tunnel-encap-ext route. The tnlencap-prefix argument is a case-insensitive string of 1 to 512 characters. The string contains the route and route length in the format of tnlencap-route/route-length.
advertise-info: Displays advertisement information for BGP IPv4 tunnel-encap-ext routes.
as-path: Displays the AS_PATH attribute for BGP IPv4 tunnel-encap-ext routes.
cluster-list: Displays the cluster ID list attribute for BGP IPv4 tunnel-encap-ext routes.
community: Displays community attribute information for BGP IPv4 tunnel-encap-ext routes or displays BGP IPv4 tunnel-encap-ext routes that match specific community numbers.
ext-community: Displays extended community attribute information for BGP IPv4 tunnel-encap-ext routes or displays BGP IPv4 tunnel-encap-ext routes that match specific extended community attributes.
community-number&<1-32>: Specifies a list of up to 32 community numbers. The value range for community numbers is 1 to 4294967295.
aa:nn&<1-32>: Specifies a list of up to 32 community numbers. The value range for the aa and nn arguments is 0 to 65535.
internet: Specifies the predefined Internet attribute. By default, all routes have the internet attribute and can be advertised to all BGP peers.
no-advertise: Specifies the NO_ADVERTISE attribute. When the device receives a route that has this attribute from a peer, it does not advertise the route to any other BGP peers.
no-export: Specifies the NO_EXPORT attribute. When the device receives a route that has this attribute in an AS, it cannot advertise the route outside that AS. If BGP confederation is used, the device cannot advertise the route outside the local BGP confederation. However, it can advertise the route to the sub-ASs in the BGP confederation.
no-export-subconfed: Specifies the NO_EXPORT_SUBCONFED attribute. When the device receives a route that has this attribute in an AS, it cannot advertise the route outside that AS or advertise the route to the sub-ASs in the local BGP confederation.
whole-match: Displays BGP IPv4 tunnel-encap-ext routes that exactly match the specified criteria. If you do not specify this keyword, the command displays all BGP IPv4 tunnel-encap-ext routes that match the specified criteria.
community-list: Displays BGP IPv4 tunnel-encap-ext routes that match a BGP community list.
basic-community-list-number: Specifies a basic community list by its number in the range of 1 to 99.
comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters.
adv-community-list-number: Specifies an advanced community list by its number in the range of 100 to 199.
bandwidth link-bandwidth-value: Specifies the link bandwidth attribute. The link-bandwidth-value argument is a string of 3 to 16 characters in the format of 16-bit AS number:32-bit user-defined number. An example is 100:3. The value range for the AS number is 0 to 65535, and the value range for the user-defined number is 0 to 4294967295.
color color: Specifies the color attribute. The color argument is a string of 4 to 13 characters in the format of Color-Only (CO) flag:color-value. An example is 10:3. The value range for the CO flag is 00 to 11 in binary, and the value range for the color-value argument is 0 to 4294967295.
rt route-target: Specifies the route target attribute, a string of 3 to 24 characters.
soo site-of-origin: Specifies the Site of Origin (SoO) attribute, a string of 3 to 24 characters.
The route-target and site-of-origin arguments can be in one of the following formats:
· 16-bit AS number:32-bit user-defined number. For example, 101:3. The value range for the AS number is 0 to 65535. The value range for the user-defined number is 0 to 4294967295.
· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1. The value range for the user-defined number is 0 to 65535.
· 32-bit AS number:16-bit user-defined number. For example, 70000:3. The value range for the AS number is 65536 to 4294967295, and the value range for the user-defined number is 0 to 65535.
· 32-bit IP address/IPv4 address mask:16-bit user-defined number. For example, 192.168.122.15/24:1.
· Dot-separated 32-bit AS number:16-bit user-defined number. For example, 65535.65535:1.
&<1-32>: Indicates that you can specify up to 32 items for the previous parameter.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all BGP IPv4 tunnel-encap-ext routes.
If you do not specify the community-number, aa:nn, internet, no-advertise, no-export, or no-export-subconfed parameter, the command displays BGP IPv4 tunnel-encap-ext routes that have any community attributes. In addition, the whole-match keyword cannot take effect.
If you do not specify the bandwidth, color, rt, or soo keyword, the command displays BGP IPv4 tunnel-encap-ext routes that have any extended community attributes. In addition, the whole-match keyword cannot take effect.
Examples
# Display brief information about all BGP IPv4 tunnel-encap-ext routes.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [1][10][10][100]/40
2.2.2.2 0 100 0 i
* >i [3][30][30][100]/40
2.2.2.2 0 100 0 i
* >i [2][0x00ffffff][abc]/552
2.2.2.2 0 100 0 i
* >i [4][10][10][100]/40
2.2.2.2 0 100 0 i
* >i [5][10][10][100]/40
127.0.0.1 0 100 0 i
# Display all BGP IPv4 tunnel-encap-ext routes that have community attributes.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext community
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn Community
* >i [1][10][10][100]/40
2.2.2.2 0 100 0 i <1:2>
* >i [2][0x00ffffff][abc]/552
2.2.2.2 0 100 0 i <1:2>
# Display all BGP IPv4 tunnel-encap-ext routes that have extended community attributes.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext ext-community
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn Ext-Community
* >i [1][10][10][100]/40
2.2.2.2 0 100 0 i <1:2>
* >i [2][0x00ffffff][abc]/552
2.2.2.2 0 100 0 i <1:2>
Table 1 Command output
|
Field |
Description |
|
Status codes |
Route state codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a – additional-path—Add-Path optimal route. |
|
Origin |
Origin of the route: · i – IGP—Originated in the current AS. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. |
|
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
|
Network |
BGP IPv4 tunnel-encap-ext route and route length. The following BGP IPv4 tunnel-encap-ext routes are supported: · [1] [SiteID][DeviceID][InterfaceID] ¡ 1—IPv4 TTE advertisement route. ¡ SiteID—Site ID. ¡ DeviceID—Device ID. ¡ InterfaceID—Interface ID. · [2][SiteAndDeviceID][SaaSName] ¡ 2—SaaS access path quality advertisement route. ¡ SiteAndDeviceID—Site ID and device ID of a SaaS cloud service. A SaaS cloud service connection is identified by the site ID and device ID of the SaaS cloud service. ¡ SaaSName—Name of the SaaS cloud service. · [3] [SiteID][DeviceID][InterfaceID] ¡ 3—IPv6 TTE advertisement route. ¡ SiteID—Site ID. ¡ DeviceID—Device ID. ¡ InterfaceID—Interface ID. · [4][SiteID][DeviceID][InterfaceID] ¡ 4—QoS TTE advertisement route. ¡ SiteID—Site ID. ¡ DeviceID—Device ID. ¡ InterfaceID—Interface ID. · [5][SiteID][DeviceID][InterfaceID] ¡ 5—Extra local TTE advertisement route. The route is used for RIR collaboration. With the route, private routes not only can be recursed to SDWAN tunnels, but also can be recursed to the links of extended interfaces. The links are used as backup links. ¡ SiteID—Site ID. ¡ DeviceID—Device ID. ¡ InterfaceID—Interface ID. |
|
NextHop |
Next hop IP address. |
|
MED |
Multi-exit discriminator (MED) attribute value. |
|
LocPrf |
Local preference value. |
|
PrefVal |
Preferred value. |
|
Path/Ogn |
AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed, which avoids routing loops. This field can display a maximum of 16 ASs. If the number of ASs exceeds the maximum number of ASs that can be displayed, an ellipsis (…) is displayed in place of the exceeding text. To view the complete information, display detailed information about the route. · ORIGIN—Identifies the origin of the route. |
|
Community |
Community attribute value. |
|
Ext-Community |
Extended community attribute value. |
# Display detailed information about BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][200]/40
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [1][10][10][200]/40:
From : 4.4.4.4 (4.4.4.4)
Rely nexthop : 10.1.1.2
Original nexthop: 2.2.2.2
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : 200
Origin : egp
Attribute value : MED 0, pref-val 0
State : valid, external, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Route type : Transport Tunnel Endpoint advertisement route
LinkID : 0x000a0ac8
SiteID : 10
DeviceID : 10
InterfaceID : 200
SiteName : sdwan
SystemIP : 2.2.2.2
SiteRole : CPE
EncapType : UDP
EncapPort : 65535
SourceIP : 2.2.2.2
TNID : 0x499602d2
GroupID : -
RDID : 0xffffffff
IPSecEnable : Enabled
AH SA SPI : 0xffffffff
ESP SA SPI : 0xffffffff
ESPEncAlg : 0x1
ESPAuthAlg : 0x1
AHAuthAlg : 0x1
NATEnable : Enabled
NATType : Full Cone NAT
PublicAddress : 3.3.3.3
PublicPort : 179
# Display detailed information about BGP IPv4 tunnel-encap-ext route [3][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [3][10][10][200]/40
BGP local router ID: 50.50.50.50
Local AS number: 200
Paths: 1 available, 1 best
BGP routing table information of [3][10][10][200]/40:
From : 10.10.10.10 (50.50.50.10)
Rely nexthop : 0.0.0.0
Original nexthop: 10.10.10.10
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : (null)
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
VPN-Peer UserID : N/A
DSCP : N/A
EXP : N/A
Route type : IPv6 transport tunnel endpoint advertisement route
LinkID : 0x000a0ac8
SiteID : 10
DeviceID : 10
InterfaceID : 200
SiteName : shanghai
SystemIP : 10.10.10.10
SiteRole : RR
EncapType : UDP IPv6
EncapPort : 4799
SourceIP : 14::1
TNID : 0xc8
GroupID : -
RDID : 0x64
IPSecEnable : Disabled
AH SA SPI : 0x0
ESP SA SPI : 0x0
ESPEncAlg : 0x0
ESPAuthAlg : 0x0
AHAuthAlg : 0x0
NATEnable : Disabled
NATType : -
PublicAddress :
PublicPort :
# Display detailed information about BGP IPv4 tunnel-encap-ext route [4][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [4][10][10][200]/40
BGP local router ID: 50.50.50.50
Local AS number: 200
Paths: 1 available, 1 best
BGP routing table information of [4][10][10][200]/40:
From : 10.10.10.10 (50.50.50.10)
Rely nexthop : 0.0.0.0
Original nexthop: 10.10.10.10
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : (null)
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
VPN-Peer UserID : N/A
DSCP : N/A
EXP : N/A
Route type : Qos transport tunnel endpoint advertisement route
LinkID : 0x000a0ac8
QoS TTE info : BW:1000/PF:a
# Display detailed information about BGP IPv4 tunnel-encap-ext route [5][40][40][70]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [5][40][40][70]/40
BGP local router ID: 1.1.1.1
Local AS number: 100
Paths: 1 available, 1 best
BGP routing table information of [5][40][40][70]/40:
Imported route.
Original nexthop: 127.0.0.1
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : (null)
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 32768
State : valid, local, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
VPN-Peer UserID : N/A
DSCP : N/A
EXP : N/A
Route type : IPv4 transport tunnel endpoint advertisement route ext-local
LinkID : 0x00282846
SiteID : 40
DeviceID : 40
InterfaceID : 70
SystemIP : 7.7.7.7
Table 2 Command output
|
Field |
Description |
|
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
|
Paths |
Number of routes: · available—Number of valid routes. · best—Number of optimal routes. |
|
BGP routing table information of [1][10][10][200]/40 |
Detailed information about BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40. |
|
From |
IP address of the BGP peer that advertised the route. |
|
Rely Nexthop |
Next hop IP address after route recursion. If no next hop IP address is found, this field displays not resolved. |
|
Original nexthop |
Original next hop address of the route. If the route was obtained from a BGP update message, the original next hop address is the next hop IP address in the message. |
|
OutLabel |
Outgoing label of the route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
|
RxPathID |
Add-Path ID value of the received route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
|
TxPathID |
Add-Path ID value of the sent route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
|
AS-path |
AS_PATH attribute of the route. This attribute records the ASs the route has passed and avoids routing loops. |
|
Origin |
Origin of the route: · igp—Originated in the current AS. · egp—Learned through EGP. · incomplete—Unknown origin. |
|
Attribute value |
BGP attributes of the route: · MED—MED value for the destination network. · localpref—Local preference value. · pref-val—Preferred value. · pre—Protocol preference value. |
|
State |
Route state: · valid—Valid route. · internal—Internal route. · external—External route. · local—Local route. · best—Optimal route. |
|
IP precedence |
IP precedence of the route, in the range of 0 to 7. If the IP precedence is invalid, this field displays N/A. |
|
QoS local ID |
QoS local ID of the route, in the range of 1 to 4095. If the QoS local ID is invalid, this field displays N/A. |
|
Traffic index |
Traffic index in the range of 1 to 64. If the traffic index is invalid, this field displays N/A. |
|
VPN-Peer UserID |
Peer ID of the VPN to which the route belongs, in the range of 1 to 134217727. If the VPN-Peer UserID is invalid, this field displays N/A. |
|
DSCP |
DSCP priority of the route, in the range of 0 to 63. If the DSCP priority is invalid, this field displays N/A. |
|
EXP |
EXP priority of the route. If the EXP priority is invalid, this field displays N/A. |
|
LinkID |
Link ID assigned to the TTE. A link ID identifies a TTE connection. |
|
QoS TTE info |
QoS TTE information carried in the route: · BW—Traffic rate limit to be applied to the outbound direction of the SDWAN tunnel on the hub device. · PF—User profile to be applied to the outbound direction of the SDWAN tunnel on the hub device. |
|
SiteID |
Site ID. |
|
DeviceID |
Device ID. |
|
InterfaceID |
Interface ID. |
|
SiteName |
Site name. |
|
SystemIP |
Site system IP address. |
|
SiteRole |
Site role: · CPE. · RR. · NAT transfer. If multiple site roles are assigned, each two roles are separated by a slash (/). For example: CPE/RR/NAT transfer. |
|
EncapType |
Encapsulation mode, which can be only UDP in the current software version. |
|
EncapPort |
Local UDP port number for SDWAN encapsulation. |
|
SourceIP |
Source IP address of the tunnel. |
|
TNID |
Transport network ID. |
|
GroupID |
Group ID. |
|
RDID |
Routing domain ID. |
|
IPSecEnable |
IPsec state: · Enabled—IPsec protection is enabled. · Disabled—IPsec protection is disabled. |
|
AH SA SPI |
AH SA SPI. |
|
ESP SA SPI |
ESP SA SPI. |
|
ESPEncAlg |
ESP encryption algorithm. |
|
ESPAuthAlg |
ESP authentication algorithm. |
|
AHAuthAlg |
AH authentication algorithm. |
|
NATEnable |
Whether NAT is deployed: · Enabled—NAT is deployed. · Disabled—NAT is not deployed. |
|
NATType |
NAT type: · Full Cone NAT. · Restricted Cone NAT. · Port Restricted Cone NAT. · Symmetric NAT. If no NAT type exists, this field displays a hyphen (-). |
|
PublicAddress |
Public IP address after NAT. |
|
PublicPort |
Public port number after NAT. |
# Display detailed information about BGP IPv4 tunnel-encap-ext route [2][16777216][abc]/296.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [2][0x00ffffff][abc]/296
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [2][0x00ffffff][abc]/296:
From : 4.4.4.4 (4.4.4.4)
Rely nexthop : 10.1.1.2
Original nexthop: 2.2.2.2
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : 200
Origin : egp
Attribute value : MED 0, pref-val 0
State : valid, external, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Route type : Software as a Service access path quality advertisement route
SiteID : 0x00ffffff
DeviceID : 1
SaaSName : abc
SystemIP : 2.2.2.2
Delay : 20 ms
Jitter : 4 ms
Loss : 50 ‰
CQI : 80
Table 3 Command output
|
Field |
Description |
|
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
|
Paths |
Number of routes: · available—Number of valid routes. · best—Number of optimal routes. |
|
BGP routing table information of [2][16777216][abc]/296 |
Detailed information about BGP IPv4 tunnel-encap-ext route [2][0x00ffffff][abc]/296. |
|
From |
IP address of the BGP peer that advertised the route. |
|
Rely Nexthop |
Next hop IP address after route recursion. If no next hop IP address is found, this field displays not resolved. |
|
Original nexthop |
Original next hop address of the route. If the route was obtained from a BGP update message, the original next hop address is the next hop IP address in the message. |
|
OutLabel |
Outgoing label of the route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
|
RxPathID |
Add-Path ID value of the received route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
|
TxPathID |
Add-Path ID value of the sent route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
|
AS-path |
AS_PATH attribute of the route. This attribute records the ASs the route has passed and avoids routing loops. |
|
Origin |
Origin of the route: · igp—Originated in the current AS. · egp—Learned through EGP. · incomplete—Unknown origin. |
|
Attribute value |
BGP attributes of the route: · MED—MED value for the destination network. · localpref—Local preference value. · pref-val—Preferred value. · pre—Protocol preference value. |
|
State |
Route state: · valid—Valid route. · internal—Internal route. · external—External route. · local—Local route. · best—Optimal route. |
|
IP precedence |
IP precedence of the route, in the range of 0 to 7. If the IP precedence is invalid, this field displays N/A. |
|
QoS local ID |
QoS local ID of the route, in the range of 1 to 4095. If the QoS local ID is invalid, this field displays N/A. |
|
Traffic index |
Traffic index in the range of 1 to 64. If the traffic index is invalid, this field displays N/A. |
|
SiteID |
Site ID |
|
DeviceID |
Device ID |
|
SaaSName |
SaaS cloud service name. |
|
SystemIP |
Site system IP address. |
|
Delay |
Delay for the path used to access the SaaS cloud service, in milliseconds. |
|
Jitter |
Jitter for the path used to access the SaaS cloud service, in milliseconds. |
|
Loss |
Packet loss ratio for the path used to access the SaaS cloud service, in permillage. |
|
CQI |
Approximate Comprehensive Quality Indicator (CQI) value for the path used to access the SaaS cloud service. |
# Display community attribute information for BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][200]/40 community
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [1][10][10][200]/40:
Community: no-export
# Display extended community attribute information for BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][200]/40 ext-community
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [1][10][10][200]/40:
Ext-community: <RT: 1:1>
# Display the AS_PATH attribute for BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][200]/40 as-path
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [1][10][10][200]/40:
As-path: 200
# Display the cluster ID list attribute for BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][200]/40 cluster-list
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [1][10][10][200]/40:
Cluster list: 80
Table 4 Command output
|
Field |
Description |
|
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
|
Paths |
Number of routes: · available—Number of valid routes. · best—Number of optimal routes. |
|
BGP routing table information of [1][10][10][200]/40 |
Attribute information of BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40. |
|
Community |
Community attribute information of the route. |
|
Ext-Community |
Extended community attribute information of the route. |
|
As-path |
AS_PATH attribute of the route. |
|
Cluster list |
Cluster ID list attribute of the route. |
# Display advertisement information for BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][200]/40 advertise-info
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 best
BGP routing table information of [1][10][10][200]/40:
Advertised to peers (1 in total):
3.3.3.3
Table 5 Command output
|
Field |
Description |
|
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
|
Paths |
Number of optimal routes destined for the specified destination network. |
|
BGP routing table information of [1][10][10][200]/40 |
Advertisement information about BGP IPv4 tunnel-encap-ext route [1][10][10][200]/40. |
|
Advertised to peers (1 in total) |
Peers to which the route has been advertised and total number of the peers. |
# Display statistics about BGP IPv4 tunnel-encap-ext routes advertised to peer 2.2.2.2.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext peer 2.2.2.2 advertised-routes statistics
Advertised routes total: 1
# Display statistics about BGP IPv4 tunnel-encap-ext routes received from peer 2.2.2.2.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext peer 2.2.2.2 received-routes statistics
Received routes total: 1
Table 6 Command output
|
Field |
Description |
|
Advertised routes total |
Total number of routes advertised to the peer. |
|
Received routes total |
Total number of routes received from the peer. |
# Display statistics about BGP IPv4 tunnel-encap-ext routes.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext statistics
Total number of routes: 4
# Display statistics for BGP IPv4 tunnel-encap-ext routes that have community attributes.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext statistics community
Total number of routes: 4
Table 7 Command output
|
Field |
Description |
|
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
display sdwan peer-connection status
Use display sdwan peer-connection status to display SSL connection status on a CPE.
Syntax
display sdwan peer-connection status [ system-ip system-ip-address ] [ ipv4 | ipv6 ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
system-ip system-ip-address: Specifies an SDWAN server by its system IP address. If you do not specify an SDWAN server, this command displays status information for all SSL connections on the device.
ipv4: Displays status information for IPv4 SSL connections.
ipv6: Displays status information for IPv6 SSL connections.
Usage guidelines
If you do not specify the ipv4 or ipv6 keyword, this command displays status information for both IPv4 SSL connections and IPv6 SSL connections.
Examples
# Display status information for all SSL connections on the device.
<Sysname> display sdwan peer-connection status
System IP : 1.1.1.1
Peer IP/port: 10.0.0.1/7000
VPN instance: vpn1
Status : Connected
System IP : 1.1.1.1
Peer IP/port: 10::1/7000
VPN instance: vpn1
Status : Init
Table 8 Command output
|
Field |
Description |
|
System IP |
System IP address of an SDWAN server. |
|
Peer IP/port |
IP address of the SDWAN server and TCP port number that the SDWAN server is listening to.. |
|
VPN instance |
VPN instance of the SDWAN server. This field is empty if the SDWAN server is on the public network. |
|
Status |
SSL connection state: · Init. · Connecting. · Connected. · Close. |
Related commands
display sdwan server status
sdwan server
display sdwan server status
Use display sdwan server status to display SDWAN server status on an RR.
Syntax
display sdwan server status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display SDWAN server status on an RR.
<Sysname> display sdwan server status
SDWAN server: Enabled
SDWAN server listening port: 10030
Table 9 Command output
|
Field |
Description |
|
SDWAN server |
SDWAN server state: · Enabled. · Disabled. |
|
SDWAN server listening port |
TCP port number that the SDWAN server is listening to. |
Related commands
sdwan server enable
sdwan server port
display sdwan site-tte
Use display sdwan site-tte to display transport tunnel endpoint (TTE) information on an SDWAN device.
Syntax
display sdwan site-tte [ site-id site-id ] [ verbose ] [ ipv4 | ipv6 ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
site-id site-id: Specifies a site by its ID, in the range of 1 to 65535. If you do not specify a site, the command displays TTE information for all sites.
verbose: Displays detailed TTE information for sites. If you do not specify this keyword, the command displays brief TTE information for sites.
ipv4: Displays TTE information for IPv4 SDWAN tunnels.
ipv6: Displays TTE information for IPv6 SDWAN tunnels.
Usage guidelines
If you do not specify the ipv4 or ipv6 keyword, this command displays TTE information for both IPv4 SDWAN tunnels and IPv6 SDWAN tunnels.
Examples
# Display brief TTE information for all sites.
<Sysname> display sdwan site-tte
Site ID: 20 (local)
Total number of TTEs: 1
***************************************************************
DevID SysIP IfID Status Encap NAT SA RDID TNID
20 1.1.1.9 20 UP UDP IPv4 Disabled Disabled rda tna
Site ID: 10
Total number of TTEs: 2
***************************************************************
DevID SysIP IfID Status Encap NAT SA RDID TNID
10 1.1.1.10 30 UP UDP IPv4 Disabled Disabled rda tna
10 1.1.1.10 40 UP UDP IPv4 Disabled Disabled rda tnb
Table 10 Command output
|
Field |
Description |
|
Site ID |
Site ID. If (local) is displayed next to the site ID, the site is the local site. |
|
Total number of TTEs |
Total number of TTEs at the site. |
|
Sys IP |
System IP address of the device. |
|
IfID |
SDWAN tunnel interface ID. |
|
Status |
TTE state, UP or DOWN. |
|
Encap |
SDWAN tunnel encapsulation method: · UDP IPv4—IPv4 tunnel in UDP encapsulation. · UDP IPv6—IPv6 tunnel in UDP encapsulation. |
|
NAT |
NAT state: · Enabled. · Disabled. · N/A—The state is unknown. |
|
SA |
SA state: · Enabled. · Disabled. · NA—The state is unknown. |
|
RDID |
Routing domain ID of the TTE. |
|
TNID |
Transport network ID of the TTE. |
# Display detailed TTE information for site 20.
<Sysname> display sdwan site-tte site-id 20 verbose
Site ID: 20 (local)
Site name: fenzhi
Site role: CPE
Device ID: 20
System IP: 1.1.1.9
Interface ID: 20
Interface name: Tunnel10
Status: UP
Encapsulation protocol: UDP
Encapsulation port: 3000
Tunnel destination VPN index: 0
Transport destination VPN index: 0
NAT: Disabled
NAT type: -
NAT public IP: -
NAT Public port: -
SA: Disabled
Routing domain(name/ID): rda/10
Transport network(name/ID): tna/10
Restrict transport network: Enabled
Out physical interface: GigabitEthernet0/0/3
Source IP: 172.1.1.1
Origin: TLS,BGP
TnlSysIP: True
Table 11 Command output
|
Field |
Description |
|
Site ID |
Site ID. If (local) is displayed next to the site ID, the site is the local site. If (remote) is displayed next to the site ID, the site is the remote site. |
|
Site role |
Device role: · CPE. · RR—Route reflector. · NAT-transfer. |
|
Interface ID |
SDWAN tunnel interface ID. |
|
Interface name |
SDWAN tunnel interface name. This field is not displayed for the remote site. |
|
Status |
TTE state, UP or DOWN. |
|
Encapsulation protocol |
SDWAN tunnel encapsulation method. The value is UDP, which represents UDP encapsulation. |
|
Encapsulation port |
Source UDP port number in SDWAN tunneled packets. |
|
NAT |
NAT state: · Enabled. · Disabled. · NA—The state is unknown. |
|
NAT type |
NAT type: · Full Cone NAT. · Restricted Cone NAT. · Port Restricted Cone NAT. · Symmetric NAT. · NO NAT. · Static NAT. The NAT type is unknown if this field displays a hyphen (-). |
|
NAT public IP |
Public IP address after NAT. |
|
NAT Public port |
TCP port number after NAT. |
|
SA |
SA state: · Enabled. · Disabled. · NA—The state is unknown. |
|
Routing domain(name/ID) |
Routing domain name and ID of the TTE. |
|
Transport network(name/ID) |
Transport network name and ID of the TTE. |
|
Restrict transport network |
Whether to check the transport network ID during SDWAN tunnel establishment: · Enabled—Allows only tunnel interfaces that are specified the same routing domain and the same transport network ID to set up SDWAN tunnels. · Disabled—Allows tunnel interfaces that are specified the same routing domain to set up SDWAN tunnels regardless of whether their transport network IDs are the same. |
|
Out physical interface |
Local physical output interface of the TTE. This field is not displayed for the remote site. |
|
Source IP |
Source IP address of the SDWAN tunnel for the TTE. |
|
Origin |
Origin of the remote TTE. Values include: · TLS—Remote TTE information is obtained through SSL. · BGP—Remote TTE information is obtained through BGP. · TLS,BGP—Remote TTE information is obtained through SSL and BGP. |
|
TnlSysIP |
Indicates whether to allow the remote TTE to establish a TTE connection with the local TTE. · True—BGP has deployed the on-demand TTE connection setup configuration. The remote TTE can establish connections with the local TTE. · False—BGP has not deployed the on-demand TTE connection setup configuration. The remote TTE cannot establish connections with the local TTE. This field is available only when the origin of the remote TTE is BGP or TLS,BGP. |
Related commands
display sdwan tte connection
display sdwan tte connection
Use display sdwan tte connection to display TTE connection information on the device.
Syntax
display sdwan tte connection [ site-id site-id | system-ip system-ip-address ] [ reachable | unreachable ] [ ipv4 | ipv6 ] [ collaboration ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
site-id site-id: Specifies a remote site by its ID, in the range of 1 to 65535. If you do not specify a remote site, this command displays TTE connection information for all sites.
system-ip system-ip-address: Specifies a remote device by its system IP address. If you do not specify a system IP address, this command displays TTE connection information for all system IP addresses.
reachable: Displays TTE connections reachable to system IP addresses.
unreachable: Displays TTE connections unreachable to system IP addresses.
ipv4: Displays TTE connections on IPv4 SDWAN tunnels.
ipv6: Displays TTE connections on IPv6 SDWAN tunnels.
collaboration: Displays the TTE connections synchronized to the local device through a collaboration channel. If you do not specify this keyword, this command displays local TTE connections on the local device.
count: Displays the number of TTE connections. If you do not specify this keyword, this command displays detailed TTE connection information.
Usage guidelines
If you do not specify the reachable or unreachable keyword, this command displays both TTE connections reachable to system IP addresses and TTE connections unreachable to system IP addresses.
Examples
# Display information about all TTE connections on the device.
<Sysname> display sdwan tte connection
Destination SiteID/DevID/IfID/SysIP: 30/50/35/50.50.50.30
Destination IP/port: 200.200.200.30/3000
Source SiteID/DevID/IfID/SysIP: 20/55/30/50.50.50.10
Source IP/port: 200.200.200.10/3000
Created at: 2024/07/19 16:11:39
Status: Reachable
State changed at: 2024/07/19 16:11:39
Destination SiteID/DevID/IfID/SysIP: 30/50/35/50.50.50.30
Destination IP/port: 200::30/3000
Source SiteID/DevID/IfID/SysIP: 50/10/20/50.50.50.10
Source IP/port: 200.200.200.10/300
Created at: 2024/07/19 16:11:39
Status: Reachable
State changed at: 2024/07/19 16:11:39
Number of connections: 2
Table 12 Command output
|
Field |
Description |
|
Destination SiteID/DevID/IfID/SysIP |
Site ID, device ID, tunnel interface ID, and system IP address of a peer device. |
|
Destination IP/port |
Destination IP address and TCP port number in SDWAN tunneled packets. |
|
Source IP/port/IfID |
Source IP address, TCP port number, and SDWAN tunnel interface ID in SDWAN tunneled packets. |
|
Created at |
Time when the TTE connection was created. |
|
Status |
Status of the TTE connection: · Reachable. · Unreachable. |
|
State changed at |
Last time when the status of the TTE connection changed. |
|
Number of connections |
Number of TTE connections. |
Related commands
display sdwan site-tte
reset sdwan tte connection
evpn-sdwan nexthop-recursive priority-color-only
Use evpn-sdwan nexthop-recursive priority-color-only to configure the device to perform next hop recursion based on only the Priority-Color attribute for SDWAN-encapsulated IP prefix advertisement routes.
Use undo evpn-sdwan nexthop-recursive priority-color-only to restore the default.
Syntax
evpn-sdwan nexthop-recursive priority-color-only
undo evpn-sdwan nexthop-recursive priority-color-only
Default
The device performs next hop recursion first based on the NEXT_HOP attribute and then the Priority-Color attribute for an IP prefix advertisement route that has the Priority-Color attribute after it receives that route.
Views
BGP EVPN address family view
Predefined user roles
network-admin
Usage guidelines
Application scenario
Use this command in an SDWAN scenario that uses the Priority-Color attribute for traffic rerouting or load balancing.
By default, the device performs next hop recursion for IP prefix advertisement routes based on both the NEXT_HOP and Priority-Color attributes after it receives these routes if these routes have the Priority-Color attribute. The recursion procedure is as follows for an IP prefix advertisement route:
· Typically, the address in the NEXT_HOP attribute is the system IP address of a remote CPE. The device looks up for a matching TTE connection based on the address. The SDWAN tunnel interface of the matching TTE connection is the next hop output interface obtained through next hop recursion for the IP prefix advertisement route.
· Each Priority-Color attribute includes the site ID information of a remote CPE or the site ID and device ID information of a remote CPE. The device looks up for matching TTE connections based on the information. The SDWAN tunnel interfaces of the matching TTE connections are the next hop output interfaces obtained through next hop recursion for the IP prefix advertisement route based on the Priority-Color attributes.
When the device receives packets that match an IP prefix advertisement route, it forwards the packets as follows:
· If BGP load balancing is not configured, the device forwards the packets over an SDWAN tunnel obtained through next hop recursion based on the NEXT_HOP attribute of the IP prefix advertisement route. When that SDWAN tunnel is not available, the device uses the SDWAN tunnel obtained through next hop recursion based on the Priority-Color attribute to forward the packets.
· If BGP load balancing is configured, the device can forward the packets over the following SDWAN tunnels for load balancing:
¡ The SDWAN tunnel obtained through next hop recursion based on the NEXT_HOP attribute of the IP prefix advertisement route.
¡ The SDWAN tunnels obtained through next hop recursion based on the Priority-Color attributes of the IP prefix advertisement route.
Based on the above mechanism, when the forwarding path obtained through next hop recursion based on the NEXT_HOP attribute is not available, the device still can forward VPN traffic along the forwarding path obtained through next hop recursion based on the Priority-Color attribute. The latter path is a backup for the former path. They provide rerouting and load balancing services for traffic.
The Priority-Color attribute is easy to configure, and the device can flexibly control the SDWAN forwarding path through this attribute. To perform next hop recursion for IP prefix advertisement routes that have the Priority-Color attribute based on only the Priority-Color attribute, use this command.
Working mechanism
With this command, when the device receives an IP prefix advertisement route that has the Priority-Color attribute, it does not perform next hop recursion based on the NEXT_HOP attribute. Instead, it performs next hop recursion directly based on the Priority-Color attribute. When the device receives packets that match the IP prefix advertisement route, it forwards the packets to an SDWAN tunnel obtained through next hop recursion based on only the Priority-Color attribute. In this way, the forwarding path is not restricted by the NEXT_HOP attribute of the IP prefix advertisement route. To adjust the forwarding path, you only need to modify the Priority-Color attribute.
Restrictions and guidelines
This command takes effect only on SDWAN-encapsulated IP prefix advertisement routes that have the Priority-Color attribute.
Examples
# Configure the device to perform next hop recursion based on only the Priority-Color attribute for SDWAN-encapsulated IP prefix advertisement routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family l2vpn evpn
[Sysname-bgp-default-ipv6] evpn-sdwan nexthop-recursive priority-color-only
evpn sdwan routing-enable
Use evpn sdwan routing-enable to enable EVPN to advertise SDWAN routes.
Use undo evpn sdwan routing-enable to disable EVPN from advertising SDWAN routes.
Syntax
evpn sdwan routing-enable
undo evpn sdwan routing-enable
Default
EVPN does not advertise SDWAN routes.
Views
VPN instance IPv4 address family view
VPN instance IPv6 address family view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to advertise VPN routes as BGP EVPN IP prefix advertisement routes in SDWAN encapsulation to peers. When the device receives BGP EVPN IP prefix advertisement routes in SDWAN encapsulation from the peers, it adds the routes to the routing table of the VPN instance.
Use this command in conjunction with the peer advertise encap-type sdwan command executed in BGP EVPN address family view.
Examples
# In IPv4 address family view of VPN instance vpna, enable EVPN to advertise SDWAN routes.
<Sysname> system-view
[Sysname] ip vpn-instance vpna
[Sysname-vpn-instance-vpna] address-family ipv4
[Sysname-vpn-ipv4-vpna] evpn sdwan routing-enable
Related commands
peer advertise encap-type sdwan
reset sdwan tte connection
Use reset sdwan tte connection to clear SDWAN TTE connections.
Syntax
reset sdwan tte connection interface interface-type interface-number [ site-id site-id device-id device-id interface-id interface-id ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an SDWAN tunnel interface by its type and number.
site-id site-id device-id device-id interface-id interface-id: Specifies an interface on a device at a site. The site-id argument represents the site ID, in the range of 1 to 65535. The device-id argument represents the device ID, in the range of 1 to 255. The interface-id argument represents the interface ID, in the range of 1 to 255. If you do not specify this option, the command clears all TTE connections for the specified SDWAN tunnel interface.
Usage guidelines
Clearing the TTE connections to a remote device also deletes the routes destined for the system IP address of that remote device. As a result, data packet forwarding is interrupted.
Clearing TTE connections between a CPE and an RR also interrupts the BGP sessions between them.
Examples
# Clear TTE connections for SDWAN tunnel interface Tunnel 1.
<Sysname> reset sdwan tte connection interface tunnel 1
Related commands
display sdwan tte connection
peer advertise encap-type sdwan
Use peer advertise encap-type sdwan to enable advertisement of EVPN routes in SDWAN encapsulation to a peer or peer group.
Use undo peer advertise encap-type sdwan to disable advertisement of EVPN routes in SDWAN encapsulation to a peer or peer group.
Syntax
peer { group name | ipv4-address [ mask-length ] } advertise encap-type sdwan
undo peer { group name | ipv4-address [ mask-length ] } advertise encap-type sdwan
Default
BGP does not advertise EVPN routes in SDWAN encapsulation to a peer or peer group.
Views
BGP EVPN address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must already exists.
ipv4-address: Specifies a peer by its IPv4 address. The peer must already exists.
mask-length: Specifies a mask length in the range of 0 to 32. To specify a subnet, you must specify both the ipv4-address and mask-length arguments.
Usage guidelines
Use this command on CPEs and RRs. On a CPE, use this command in conjunction with the evpn sdwan routing-enable command executed in VPN instance IPv4 address family view.
Examples
# Configure BGP to advertise EVPN routes in SDWAN encapsulation to peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family l2vpn evpn
[Sysname-bgp-default-evpn] peer 1.1.1.1 advertise encap-type sdwan
Related commands
evpn sdwan routing-enable
sdwan bfd enable
Use sdwan bfd enable to use BFD to test the connectivity of TTE connections on an SDWAN tunnel.
Use undo sdwan bfd enable to restore the default.
Syntax
sdwan bfd enable [ template template-name ]
undo sdwan bfd enable
Default
BFD is not used to test the connectivity of TTE connections on an SDWAN tunnel. The device uses keepalive packets to test the connectivity of TTE connections on an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
template template-name: Specifies a BFD template by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a BFD template or the specified BFD template does not exist, the device uses the default BFD session parameters.
Usage guidelines
With this command, the local device periodically sends BFD control packets to the remote device over all TTE connections on an SDWAN tunnel. If the device does not receive any BFD control packets from the remote device over a TTE connection within the detection period, it determines that the TTE connection is unreachable to the remote device. For more information about BFD, see High Availability Configuration Guide.
If BFD is used to test the connectivity of TTE connections on an SDWAN tunnel, you must use this command at both ends of the SDWAN tunnel.
If this command is used on an SDWAN tunnel interface, the device determines the connectivity of TTE connections on that SDWAN tunnel based on the BFD detection result. If this command is not used on an SDWAN tunnel interface, the device determines the connectivity of TTE connections on that SDWAN tunnel based on the keepalive result.
Examples
# On SDWAN tunnel interface Tunnel 1, configure BFD to test the connectivity of TTE connections on the SDWAN tunnel.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan bfd enable template aa
Related commands
sdwan keepalive
sdwan device-id
Use sdwan device-id to assign an ID to the device.
Use undo sdwan device-id to restore the default.
Syntax
sdwan device-id device-id
undo sdwan device-id
Default
No ID is assigned to the device.
Views
System view
Predefined user roles
network-admin
Parameters
device-id: Specifies an ID for the device, in the range of 1 to 255.
Usage guidelines
The device ID uniquely identifies the device at a site.
Examples
# Assign ID 2 to the device.
<Sysname> system-view
[Sysname] sdwan device-id 2
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
Related commands
display sdwan site-tte
sdwan encapsulation global-udp-port
Use sdwan encapsulation global-udp-port to specify a global source UDP port number for SDWAN tunneled packets in UDP encapsulation mode.
Use undo sdwan encapsulation global-udp-port to restore the default.
Syntax
sdwan encapsulation global-udp-port port-number
undo sdwan encapsulation global-udp-port
Default
The global source UDP port number is 4799 for SDWAN tunneled packets.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a global source UDP port number for SDWAN tunneled packets, in the range of 1 to 65535. As a best practice, do not specify a known port number in the range of 1 to 1023.
Usage guidelines
All devices that belong to the same SDWAN routing domain must use the same source UDP port number.
You can specify a source UDP port number for SDWAN tunneled packets both in system view and in tunnel interface view.
· The source UDP port number specified in system view applies to all SDWAN tunnel interfaces.
· The source UDP port number specified in tunnel interface view applies only to one tunnel interface.
For a tunnel interface, the source UDP port number specified in tunnel interface view takes precedence over that specified in system view. If no source UDP port number is specified in tunnel interface view, the source UDP port number specified in system view applies.
Examples
# Specify port number 5000 as the global source UDP port number for SDWAN tunneled packets.
<Sysname> system-view
[Sysname] sdwan encapsulation global-udp-port 5000
Related commands
display sdwan site-tte
sdwan encapsulation udp-port
Use sdwan encapsulation udp-port to specify a source UDP port number for SDWAN tunneled packets in UDP encapsulation mode.
Use undo sdwan encapsulation udp-port to restore the default.
Syntax
sdwan encapsulation udp-port port-number
undo sdwan encapsulation udp-port
Default
The source UDP port number for SDWAN tunneled packets is the global source UDP port number for SDWAN tunneled packets.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
port-number: Specifies a source UDP port number in the range of 1 to 65535. As a best practice, do not specify a known port number in the range of 1 to 1023.
Usage guidelines
All devices that belong to the same SDWAN routing domain must use the same source UDP port number.
You can specify a source UDP port number for SDWAN tunneled packets both in system view and in tunnel interface view.
· The source UDP port number specified in system view applies to all SDWAN tunnel interfaces.
· The source UDP port number specified in tunnel interface view applies only to one tunnel interface.
For a tunnel interface, the source UDP port number specified in tunnel interface view takes precedence over that specified in system view. If no source UDP port number is specified in tunnel interface view, the source UDP port number specified in system view applies.
Examples
# Specify 5000 as the source UDP port number of SDWAN tunneled packets.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan encapsulation udp-port 5000
Related commands
display sdwan site-tte
sdwan group-id
Use sdwan group-id to specify a group ID for an SDWAN tunnel.
Use undo sdwan group-id to restore the default.
Syntax
sdwan group-id group-id
undo sdwan group-id
Default
No group ID is specified for an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
group-id: Specifies a group ID in the range of 1 to 65535.
Usage guidelines
Use this command to control the establishment of TTE connections in a more fine and flexible manner. In the same routing domain, only tunnel interfaces that have the same group ID and belong to the same transport network can establish TTE connections.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify group ID 22 for SDWAN tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan group-id 22
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
sdwan interface-id
Use sdwan interface-id to assign an interface ID to an SDWAN tunnel interface.
Use undo sdwan interface-id to restore the default.
Syntax
sdwan interface-id interface-id
undo sdwan interface-id
Default
No interface ID is assigned to an SDWAN tunnel interface.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
interface-id: Specifies an interface ID for the SDWAN tunnel interface, in the range of 1 to 255.
Usage guidelines
The device supports multiple SDWAN tunnel interfaces. An interface ID uniquely identifies an SDWAN tunnel interface on the device.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Assign interface ID 10 to SDWAN tunnel interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan interface-id 10
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
Related commands
display sdwan site-tte
sdwan keepalive
Use sdwan keepalive to configure SDWAN keepalive settings.
Use undo sdwan keepalive to restore the default.
Syntax
sdwan keepalive interval interval [ retry retries ]
undo sdwan keepalive
Default
The keepalive interval is 10 seconds and the number of keepalive retries is 3 for an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the interval between sending keepalive requests, in the range of 1 to 32767 seconds.
retry retries: Specifies the number of times that the device continues to send keepalive packets without response before the TTE connection state is changed to unreachable.
Usage guidelines
After an SDWAN tunnel is established, the local device sends keepalive requests to the remote device over all the TTE connections on the tunnel interface at the specified keepalive interval.
· If the local device receives a keepalive response from the remote device within a keepalive interval, it determines that a TTE connection is reachable to the remote device.
· If the local device cannot receive a keepalive response from the remote device on a TTE connection within a keepalive interval, it resends a keepalive request. If the local device still cannot receive a response within the keepalive interval multiplied by keepalive retires, it determines that the TTE connection is unreachable to the remote device. The device no longer forwards packets through the TTE connection.
In an SDWAN network enabled with smart link selection, set the keepalive interval within the range of 1 to 5 seconds as a best practice.
Examples
# On SDWAN tunnel interface 1, set the keepalive interval to 30 seconds and the number of keepalive retries to 5.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan keepalive interval 30 retry 5
sdwan nat-global-ip
Use sdwan nat-global-ip to specify the post-NAT public IP address and port number for the source IP address and port number of tunneled packets.
Use undo sdwan nat-global-ip to restore the default.
Syntax
sdwan nat-global-ip { global-address [ global-port global-port ] | dynamic }
undo sdwan nat-global-ip
Default
The post-NAT public IP address and port number are not specified for the source IP address and port number of tunneled packets.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
global-address: Specifies the post-NAT public IP address.
global-port: Specifies the post-NAT public port number, in the range of 1 to 65535. If you do not specify this argument, the port number is not translated.
dynamic: Specifies dynamic NAT, allowing the NAT device to dynamically translate the tunnel's source IP address and port number into a public IP address and port number.
Usage guidelines
Application scenarios
In scenarios where SDWAN tunnels are established through NAT, the STUN protocol can detect the public IP address and port number (the source UDP port number used when encapsulating SDWAN packets) after NAT transformation. However, running the STUN protocol consumes certain network resources and has specific requirements for devices, necessitating support for STUN in CPE/RR devices.
With this feature configured, the system can obtain the public IP address and port number after NAT transformation without deploying the STUN protocol.
Operating mechanism
Without STUN deployed, CPE/RR devices can obtain the public IP address and port number after NAT transformation in either of the following ways:
· If static NAT is configured on the NAT device, you can use the sdwan nat-global-ip global-address [ global-port global-port ] command on the CPE/RR to manually specify the public IP address and port number after translation.
· If dynamic NAT is configured on the NAT device, you can use the sdwan nat-global-ip dynamic command on the CPE/RR to specify the NAT type as dynamic NAT. This enables the system to obtain the public IP address and port number after NAT translation. If both CPEs are configured with dynamic NAT, then these two CPEs cannot establish an SDWAN tunnel. An SDWAN tunnel can only be established between these two CPEs if one CPE is configured with dynamic NAT and the other CPE is manually specified with the public IP address and port number. Dynamic NAT is typically applied in Hub-Spoke networking, where the NAT type is configured as dynamic NAT on the Spoke CPE, and the public IP address and port number after NAT transformation are manually specified on the Hub CPE (which generally also acts as an RR device). This allows establishing an SDWAN tunnel between the Spoke CPE and Hub CPE, with Spoke CPEs communicating through the Hub CPE.
Restrictions and guidelines
Using this feature on a tunnel interface causes the device to disconnect all existing TTE connections established to the tunnel interface. The device will reestablish these TTE connections based on the specified post-NAT public IP address and port number.
As a best practice, do not configure this feature if the public network cannot actively access the internal network.
To ensure communication success, if you use this feature to manually specify the public IP address and port number, make sure the configured public IP address and port number match the settings on the NAT device.
If both CPEs are configured with dynamic NAT using the sdwan nat-global-ip dynamic command, then these two CPEs cannot establish an SDWAN tunnel between them.
Examples
# Specify the post-NAT public IP address and port number as 10.1.1.1 and 5000 for the source IP address and port number of tunneled packets.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan nat-global-ip 10.1.1.1 global-port 5000
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
sdwan nat-global-ipv6
Use sdwan nat-global-ipv6 to specify the post-NAT public IPv6 address and port number for the source IPv6 address and port number of tunneled packets.
Use undo sdwan nat-global-ipv6 to restore the default.
Syntax
sdwan nat-global-ipv6 { global-ipv6-address [ global-port global-port ] | dynamic }
undo sdwan nat-global-ipv6
Default
The post-NAT public IPv6 address and port number are not specified for the source IPv6 address and port number of tunneled packets.
Views
Tunnel interface view
Predefined user roles
network-admin
Parameters
global-address: Specifies the post-NAT public IPv6 address.
global-port: Specifies the post-NAT public port number, in the range of 1 to 65535. If you do not specify this argument, the port number is not translated.
dynamic: Specifies dynamic NAT, allowing the NAT device to dynamically translate the tunnel's source IPv6 address and port number into a public IPv6 address and port number.
Usage guidelines
Application scenarios
In scenarios where SDWAN tunnels are established through NAT, the STUN protocol can detect the public IP address and port number (the source UDP port number used when encapsulating SDWAN packets) after NAT transformation. However, running the STUN protocol consumes certain network resources and has specific requirements for devices, necessitating support for STUN in CPE/RR devices.
With this feature configured, the system can obtain the public IP address and port number after NAT transformation without deploying the STUN protocol.
Operating mechanism
Without STUN deployed, CPE/RR devices can obtain the public IP address and port number after NAT transformation in either of the following ways:
· If static NAT is configured on the NAT device, you can use the sdwan nat-global-ipv6 global-address [ global-port global-port ] command on the CPE/RR to manually specify the public IP address and port number after translation.
· If dynamic NAT is configured on the NAT device, you can use the sdwan nat-global-ipv6 dynamic command on the CPE/RR to specify the NAT type as dynamic NAT. This enables the system to obtain the public IP address and port number after NAT translation. If both CPEs are configured with dynamic NAT, then these two CPEs cannot establish an SDWAN tunnel. An SDWAN tunnel can only be established between these two CPEs if one CPE is configured with dynamic NAT and the other CPE is manually specified with the public IP address and port number. Dynamic NAT is typically applied in Hub-Spoke networking, where the NAT type is configured as dynamic NAT on the Spoke CPE, and the public IP address and port number after NAT transformation are manually specified on the Hub CPE (which generally also acts as an RR device). This allows establishing an SDWAN tunnel between the Spoke CPE and Hub CPE, with Spoke CPEs communicating through the Hub CPE.
Restrictions and guidelines
Using this feature on a tunnel interface causes the device to disconnect all existing TTE connections established to the tunnel interface. The device will reestablish these TTE connections based on the specified post-NAT public IP address and port number.
As a best practice, do not configure this feature if the public network cannot actively access the internal network.
To ensure communication success, if you use this feature to manually specify the public IP address and port number, make sure the configured public IP address and port number match the settings on the NAT device.
If both CPEs are configured with dynamic NAT using the sdwan nat-global-ipv6 dynamic command, then these two CPEs cannot establish an SDWAN tunnel between them.
Examples
# Specify the post-NAT public IP address and port number as 10:1::1:1 and 5000 for the source IP address and port number of tunneled packets.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan nat-global-ipv6 10:1::1:1 global-port 5000
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
sdwan routing-domain
Use sdwan routing-domain to specify a routing domain for an SDWAN tunnel.
Use undo sdwan routing-domain to restore the default.
Syntax
sdwan routing-domain domain-name id domain-id
undo sdwan routing-domain
Default
No routing domain is specified for an SDWAN tunnel.
Views
SDWAN tunnel interface view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a routing domain by its name, a case-sensitive string of 1 to 31 characters. The string can contain only letters, digits, and dots (.).
domain-id: Specifies the ID of the routing domain, in the range of 1 to 65535.
Usage guidelines
Only CPEs and RRs that belong to the same routing domain can establish SDWAN tunnels with each other.
Examples
# Specify the routing domain named abc and with ID 2000 for SDWAN tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan routing-domain abc id 2000
Related commands
display sdwan site-tte
sdwan server
Use sdwan server to specify an SDWAN server on a CPE.
Use undo sdwan server to remove an SDWAN server from a CPE.
Syntax
sdwan server system-ip system-ip-address { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ vpn-instance vpn-instance-name ]
undo sdwan server system-ip system-ip-address { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ vpn-instance vpn-instance-name ]
Default
No SDWAN servers are specified on a CPE.
Views
System view
Predefined user roles
network-admin
Parameters
system-ip system-ip-address: Specifies an SDWAN server by its system IP.
ip ipv4-address: Specifies the IPv4 address of the SDWAN server. The IPv4 address must be reachable and must be on the RR where SDWAN server is enabled.
ipv6 ipv6-address: Specifies the IPv6 address of the SDWAN server. The IPv6 address must be reachable and must be on the RR where SDWAN server is enabled.
port port-number: Specifies a TCP port number used to establish connections with the SDWAN server. Make sure the port number is the same as the TCP listening port number configured for the SDWAN server on the RR. The value range for the port-number argument is 1 to 65535, and the default value is 2004.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the SDWAN server belongs. The vpn-instance-name argument represents the VPN instance name, which is a case-sensitive string of 1 to 31 characters. If the SDWAN server belongs to the public network, do not specify this option.
Usage guidelines
With this command, a CPE can act as an SDWAN client to establish an SSL connection with the specified SDWAN server (RR).
Repeat this command to specify multiple SDWAN servers on a CPE.
Examples
# On a CPE, specify the SDWAN server at 10.1.1.1 on the RR with system IP address 192.168.0.1.
<Sysname> system-view
[Sysname] sdwan server system-ip 192.168.0.1 ip 10.1.1.1
Related commands
display sdwan peer-connection status
sdwan server enable
Use sdwan server enable to enable SDWAN server on an RR.
Use undo sdwan server enable to disable SDWAN server on an RR.
Syntax
sdwan server enable
undo sdwan server enable
Default
SDWAN server is disabled on an RR.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use this command only on an RR. With this command, the RR can listen to the CPEs for SSL connection requests and establish SSL connections with the CPEs. After SSL connection establishment, the CPEs advertise their local TTE and IPsec SA information to the RR and the RR advertises its local TTE and IPsec SA information to the CPEs. Then, the RR and CPEs can finish SDWAN tunnel establishment.
When you enable SDWAN server on an RR and the RR does not have a digital certificate, digital certificate request is triggered. It takes some time to request a digital certificate. For more information about digital certificates, see PKI configuration in Security Configuration Guide.
Examples
# Enable SDWAN server on an RR.
<Sysname> system-view
[Sysname] sdwan server enable
Please wait.........Done.
Related commands
display sdwan server status
sdwan ssl-server-policy
sdwan server port
Use sdwan server port to specify the TCP listening port number of the SDWAN server on an RR.
Use undo sdwan server port to restore the default.
Syntax
sdwan server port port-number
undo sdwan server port
Default
The SDWAN server on an RR listens to TCP port 2004.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a listening port number of the SDWAN server in the range of 1 to 65535.
Usage guidelines
This command is not supported in FIPS mode.
If SDWAN server has been enabled before you change the TCP port number, the system automatically restarts the SDWAN server after you change the TCP port number. Connections that have been established between CPEs and the SDWAN server are not lost. Connections being established between CPEs and the SDWAN server are lost. To reestablish the connections, you must specify the same TCP port number as the SDWAN server on the CPEs.
Examples
# Specify 3500 as the TCP listening port number of the SDWAN server on an RR.
<Sysname> system-view
[Sysname] sdwan server port 3500
Related commands
display sdwan server status
sdwan server enable
sdwan site-id
Use sdwan site-id to specify a site ID for the device.
Use undo sdwan site-id to restore the default.
Syntax
sdwan site-id site-id
undo sdwan site-id
Default
No site ID is specified for the device.
Views
System view
Predefined user roles
network-admin
Parameters
site-id: Specifies a site ID for the device, in the range of 1 to 65535.
Usage guidelines
A site ID uniquely identifies a customer site in an SDWAN network.
Examples
# Specify site ID 2 for the device.
<Sysname> system-view
[Sysname] sdwan site-id 2
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
Related commands
display sdwan site-tte
sdwan site-name
Use sdwan site-name to specify the name of the site to which the device belongs.
Use undo sdwan site-name to restore the default.
Syntax
sdwan site-name site-name
undo sdwan site-name
Default
No site name is specified for the device.
Views
System view
Predefined user roles
network-admin
Parameters
site-name: Specifies a site name for the device, a case-sensitive string of 1 to 255 characters.
Usage guidelines
A site name can describe the site location and functions. It facilitates users to identify the site in an SDWAN network. A site name does not uniquely identify a site. You can specify the same site name for multiple devices.
Examples
# Specify site name fenbu for the device.
<Sysname> system-view
[Sysname] sdwan site-name fenbu
Related commands
display sdwan site-tte
sdwan site-role
Use sdwan site-role to specify a site role for the device.
Use undo sdwan role to restore the default.
Syntax
sdwan site-role { cpe | nat-transfer | rr } *
undo sdwan site-role
Default
No site role is specified for the device.
Views
System view
Predefined user roles
network-admin
Parameters
cpe: Specifies the CPE role.
nat-transfer: Specifies the NAT transfer role.
rr: Specifies the route reflector (RR) role.
Usage guidelines
|
|
IMPORTANT: A site role change will cause SDWAN tunnel flapping and interrupt ongoing services. As a best practice, plan role configuration before you deploy the SDWAN network. |
SDWAN supports the following site roles:
· CPE—Customer-side SDWAN tunnel endpoints.
· RR—Used to reflect TTE information and private routes among CPEs.
· NAT transfer—Used to establish forwarding paths for CPEs that must pass through NAT devices over the public network for intercommunication.
You must specify the same site role for all SDWAN devices at the same site.
Examples
# Specify site role CPE for the device.
<Sysname> system-view
[Sysname] sdwan site-role cpe
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
Related commands
display sdwan site-tte
sdwan ssl-server-policy
Use sdwan ssl-server-policy to specify an SSL server policy on an RR for the RR to establish SSL connections with CPEs (SDWAN clients).
Use undo sdwan ssl-server-policy to restore the default.
Syntax
sdwan ssl-server-policy policy-name
undo sdwan ssl-server-policy
Default
No SSL server policy is specified on an RR for the RR to establish SSL connections with CPEs (SDWAN clients).
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an SSL server policy by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
With this command, an RR uses the specified policy to establish SSL connections with CPEs. After SSL connection establishment, the CPEs advertise their local TTE and IPsec SA information to the RR and the RR advertises its local TTE and IPsec SA information to the CPEs. Then, the RR and the CPEs can finish SDWAN tunnel establishment.
Only one SSL server policy can be applied to an SSL connection. If you execute this command multiple times, the most recent configuration cannot take effect automatically. For the most recent configuration to take effect, you must execute the undo sdwan server enable command and then the sdwan server enable command to re-enable the SDWAN server.
For more information about SSL server policies, see SSL configuration in Security Configuration Guide.
If you do not specify an SSL server policy on an RR, the RR uses the self-signed certificate and the default settings of the SSL parameters to establish SSL connections with CPEs or the NAT transfer. The configuration is simple, but less secure.
Examples
# On an RR, specify SSL server policy CA_CERT for the RR to establish SSL connections with CPEs (SDWAN clients).
<Sysname> system-view
[Sysname] sdwan ssl-server-policy CA_CERT
Related commands
display sdwan server status
sdwan server enable
sdwan server port
sdwan ssl-client-policy
Use sdwan ssl-client-policy to specify an SSL client policy on a CPE for the CPE to establish SSL connections with RRs (SDWAN servers).
Use undo sdwan ssl-client-policy to restore the default.
Syntax
sdwan ssl-client-policy policy-name
undo sdwan ssl-client-policy
Default
No SSL client policy is specified on a CPE for the CPE to establish SSL connections with RRs (SDWAN servers).
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies an SSL client policy by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
Only one SSL client policy can be applied to an SSL connection. If you execute this command multiple times, the most recent configuration takes effect. Modification to this command does not affect existing SDWAN SSL connections. It takes effect only on the SDWAN SSL connections established after the modification.
For more information about SSL client policies, see SSL configuration in Security Configuration Guide.
Examples
# On a CPE, specify SSL client policy abc for the CPE to establish SSL connections with RRs (SDWAN servers).
<Sysname> system-view
[Sysname] sdwan ssl-client-policy abc
sdwan system-ip
Use sdwan system-ip to specify a system IPv4 address for the device.
Use undo sdwan system-ip to restore the default.
Syntax
sdwan system-ip interface-type interface-number
undo sdwan system-ip
Default
No system IPv4 address is specified for the device.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number. The primary IPv4 address of the specified interface is used as the system IPv4 address of the device.
Usage guidelines
The device uses the system IPv4 address to set up BGP sessions with other devices. In an RIR scenario, the system IPv4 address is also used as the inner destination IPv4 address of probe packets sent by the NQA client in NQA link connectivity probes. For more information about RIR, see Layer 3—IP Routing Configuration Guide.
For this command to take effect, you must specify a loopback interface that has an IPv4 address.
Examples
# Specify the primary IPv4 address of Loopback 0 as the system IPv4 address of the device.
<Sysname> system-view
[Sysname] sdwan system-ip loopback 0
Related commands
display sdwan site-tte
sdwan transport-network
Use sdwan transport-network to specify a transport network for an SDWAN tunnel.
Use undo sdwan transport-network to restore the default.
Syntax
sdwan transport-network network-name id network-id [ restrict ]
undo sdwan transport-network
Default
No transport network is specified for an SDWAN tunnel.
Views
SDWAN tunnel interface view
Predefined user roles
network-admin
Parameters
network-name: Specifies a transport network by its name, a case-sensitive string of 1 to 31 characters. The string can contain only letters, digits, and dots (.).
network-id: Specifies the ID of the transport network, in the range of 1 to 65535.
restrict: Allows only tunnel interfaces that are specified the same routing domain and the same transport network ID to set up SDWAN tunnels. If you do not specify this keyword, the system allows tunnel interfaces that are specified the same routing domain to set up SDWAN tunnels regardless of whether their transport network IDs are the same.
Usage guidelines
An SDWAN tunnel interface is connected to a transport network. The transport network is uniquely identified by its name or ID.
Examples
# Specify a transport network named abc with ID 2000 for an SDWAN tunnel.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan transport-network abc id 2000
Related commands
display sdwan site-tte
sdwan vn-id
Use sdwan vn-id to specify a VN ID for a VPN instance.
Use undo sdwan vn-id to restore the default.
Syntax
sdwan vn-id vn-id
undo sdwan vn-id
Default
No VN ID is specified for a VPN instance.
Views
VPN instance view.
Predefined user roles
network-admin
Usage guidelines
Packets from different tenants can be forwarded through the same SDWAN tunnel. To isolate the tenants, assign them to different VPN instances. Their packets will be distinguished according to the VN IDs of the VPN instances.
You can specify only one VN ID for a VPN instance in the current software version.
Examples
# Specify VN ID 123 for VPN instance vpna.
<Sysname> system-view
[Sysname] ip vpn-instance vpna
[Sysname-vpn-instance-vpna] sdwan vn-id 123
Related commands
evpn sdwan routing-enable
