- Table of Contents
Title | Size | Download |
---|---|---|
01-SDWAN commands | 209.41 KB |
address-family ipv4 tnl-encap-ext
display bgp routing-table ipv4 tnl-encap-ext
display sdwan peer-connection status
evpn-sdwan nexthop-recursive priority-color-only
peer advertise encap-type sdwan
sdwan encapsulation global-udp-port
SDWAN commands
address-family ipv4 tnl-encap-ext
Use address-family ipv4 tnl-encap-ext to create the BGP IPv4 tunnel-encap-ext address family and enter BGP IPv4 tunnel-encap-ext address family view, or directly enter BGP IPv4 tunnel-encap-ext address family view if the BGP IPv4 tunnel-encap-ext address family already exists.
Use undo address-family ipv4 tnl-encap-ext to delete the BGP IPv4 tunnel-encap-ext address family and all settings in the address family.
Syntax
address-family ipv4 tnl-encap-ext
undo address-family ipv4 tnl-encap-ext
Default
The BGP IPv4 tunnel-encap-ext address family does not exist.
Views
BGP instance view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Settings in BGP IPv4 tunnel-encap-ext address family view take effect only on routes in the BGP IPv4 tunnel-encap-ext address family.
Examples
# In BGP instance view, create the BGP IPv4 tunnel-encap-ext address family and enter BGP IPv4 tunnel-encap-ext address family view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 tnl-encap-ext
[Sysname-bgp-default-tnlencap-ipv4]
display bgp routing-table ipv4 tnl-encap-ext
Use display bgp routing-table ipv4 tnl-encap-ext to display information about BGP IPv4 tunnel-encap-ext routes.
Syntax
display bgp [ instance instance-name ] routing-table ipv4 tnl-encap-ext [ peer ipv4-address { advertised-routes | received-routes } [ statistics ] | [ route-type { tte | tte-ipv6 | tte-qos | saas-path } ] [ { tnlencap-route route-length | tnlencap-prefix } [ advertise-info ] ] | statistics ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays information about BGP IPv4 tunnel-encap-ext routes in the default instance.
peer: Displays BGP IPv4 tunnel-encap-ext routes advertised to or received from a peer.
ipv4-address: Specifies the peer by its IPv4 address.
advertised-routes: Displays BGP IPv4 tunnel-encap-ext routes advertised to the specified peer.
received-routes: Displays BGP IPv4 tunnel-encap-ext routes received from the specified peer.
statistics: Displays BGP IPv4 tunnel-encap-ext route statistics.
route-type: Specifies a type of BGP IPv4 tunnel-encap-ext routes.
tte: Specifies IPv4 transport tunnel endpoint (TTE) advertisement routes.
tte-ipv6: Specifies IPv6 transport tunnel endpoint (TTE) advertisement routes.
tte-qos: Specifies QoS transport tunnel endpoint (TTE) advertisement routes.
saas-path: Specifies Software as a Service (SaaS) access path quality advertisement routes.
tnlencap-route: Displays detailed information about a BGP IPv4 tunnel-encap-ext route. The tnlencap-route argument is a string of 1 to 512 characters.
route-length: Specifies the length of the specified BGP IPv4 tunnel-encap-ext route, in bits. The value range is 0 to 65535.
tnlencap-prefix: Displays detailed information about a BGP IPv4 tunnel-encap-ext route. The tnlencap-prefix argument is a case-insensitive string of 1 to 512 characters. The string contains the route and route length in the format of tnlencap-route/route-length.
advertise-info: Displays advertisement information for BGP IPv4 tunnel-encap-ext routes.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all BGP IPv4 tunnel-encap-ext routes.
Examples
# Display brief information about all BGP IPv4 tunnel-encap-ext routes.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a – additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [1][10][10][100]/40
2.2.2.2 0 100 0 i
* >i [3][30][30][100]/40
2.2.2.2 0 100 0 i
* >i [2][0x00ffffff][abc]/552
2.2.2.2 0 100 0 i
* >i [4][10][10][100]/40
2.2.2.2 0 100 0 i
Table 1 Command output
Field |
Description |
Status codes |
Route state codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a – additional-path—Add-Path optimal route. |
Origin |
Origin of the route: · i – IGP—Originated in the current AS. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. |
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
Network |
BGP IPv4 tunnel-encap-ext route and route length. The following BGP IPv4 tunnel-encap-ext routes are supported: · [1] [SiteID][DeviceID][InterfaceID] ¡ 1—IPv4 TTE advertisement route. ¡ SiteID—Site ID. ¡ DeviceID—Device ID. ¡ InterfaceID—Interface ID. · [2][SiteAndDeviceID][SaaSName] ¡ 2—SaaS access path quality advertisement route. ¡ SiteAndDeviceID—Site ID and device ID of a SaaS cloud service. A SaaS cloud service connection is identified by the site ID and device ID of the SaaS cloud service. ¡ SaaSName—Name of the SaaS cloud service. · [3] [SiteID][DeviceID][InterfaceID] ¡ 3—IPv6 TTE advertisement route. ¡ SiteID—Site ID. ¡ DeviceID—Device ID. ¡ InterfaceID—Interface ID. · [4][SiteID][DeviceID][InterfaceID] ¡ 4—QoS TTE advertisement route. ¡ SiteID—Site ID. ¡ DeviceID—Device ID. ¡ InterfaceID—Interface ID. |
NextHop |
Next hop IP address. |
MED |
Multi-exit discriminator (MED) attribute value. |
LocPrf |
Local preference value. |
PrefVal |
Preferred value. |
Path/Ogn |
AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed, which avoids routing loops. This field can display a maximum of 16 ASs. If the number of ASs exceeds the maximum number of ASs that can be displayed, an ellipsis (…) is displayed in place of the exceeding text. To view the complete information, display detailed information about the route. · ORIGIN—Identifies the origin of the route. |
# Display detailed information about BGP IPv4 tunnel-encap-ext route [1][10][10][100]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][100]/40
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [1][10][10][100]/40:
From : 4.4.4.4 (4.4.4.4)
Rely nexthop : 10.1.1.2
Original nexthop: 2.2.2.2
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : 200
Origin : egp
Attribute value : MED 0, pref-val 0
State : valid, external, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Route type : Transport Tunnel Endpoint advertisement route
LinkID : 0x000a0a64
SiteID : 10
DeviceID : 10
InterfaceID : 100
SiteName : sdwan
SystemIP : 2.2.2.2
SiteRole : CPE
EncapType : UDP
EncapPort : 65535
SourceIP : 2.2.2.2
TNName : sdwan
TNID : 0x64
RDName : BGP
RDID : 0x64
IPSecEnable : Enabled
AH SA SPI : 0x0
ESP SA SPI : 0x0
ESPEncAlg : 0x1
ESPAuthAlg : 0x1
AHAuthAlg : 0x1
NATEnable : Enabled
NATType : Full Cone NAT
PublicAddress : 3.3.3.3
PublicPort : 179
# Display detailed information about BGP IPv4 tunnel-encap-ext route [3][10][10][200]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [3][10][10][200]/40
BGP local router ID: 50.50.50.50
Local AS number: 200
Paths: 1 available, 1 best
BGP routing table information of [3][10][10][200]/40:
From : 10.10.10.10 (50.50.50.10)
Rely nexthop : 0.0.0.0
Original nexthop: 10.10.10.10
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : (null)
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
VPN-Peer UserID : N/A
DSCP : N/A
EXP : N/A
Route type : IPv6 transport tunnel endpoint advertisement route
LinkID : 0x000a0ac8
SiteID : 10
DeviceID : 10
InterfaceID : 200
SiteName : shanghai
SystemIP : 10.10.10.10
SiteRole : RR
EncapType : UDP IPv6
EncapPort : 4799
SourceIP : 14::1
TNName : tnrripv6
TNID : 0xc8
RDName : rdrr
RDID : 0x64
IPSecEnable : Disabled
AH SA SPI : 0x0
ESP SA SPI : 0x0
ESPEncAlg : 0x0
ESPAuthAlg : 0x0
AHAuthAlg : 0x0
NATEnable : Disabled
NATType : -
PublicAddress :
PublicPort :
# Display detailed information about BGP IPv4 tunnel-encap-ext route [4][10][10][200]/40.
<CPE4>display bgp routing-table ipv4 tnl-encap-ext [4][10][10][200]/40
BGP local router ID: 50.50.50.50
Local AS number: 200
Paths: 1 available, 1 best
BGP routing table information of [4][10][10][200]/40:
From : 10.10.10.10 (50.50.50.10)
Rely nexthop : 0.0.0.0
Original nexthop: 10.10.10.10
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : (null)
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
VPN-Peer UserID : N/A
DSCP : N/A
EXP : N/A
Route type : Qos transport tunnel endpoint advertisement route
LinkID : 0x000a0ac8
QoS TTE info : BW:1000/PF:a
Table 2 Command output
Field |
Description |
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
Paths |
Number of routes: · available—Number of valid routes. · best—Number of optimal routes. |
BGP routing table information of [1][10][10][100]/40 |
Detailed information about BGP IPv4 tunnel-encap-ext route [1][10][10][100]/40. |
From |
IP address of the BGP peer that advertised the route. |
Rely Nexthop |
Next hop IP address after route recursion. If no next hop IP address is found, this field displays not resolved. |
Original nexthop |
Original next hop address of the route. If the route was obtained from a BGP update message, the original next hop address is the next hop IP address in the message. |
OutLabel |
Outgoing label of the route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
RxPathID |
Add-Path ID value of the received route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
TxPathID |
Add-Path ID value of the sent route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
AS-path |
AS_PATH attribute of the route. This attribute records the ASs the route has passed and avoids routing loops. |
Origin |
Origin of the route: · igp—Originated in the current AS. · egp—Learned through EGP. · incomplete—Unknown origin. |
Attribute value |
BGP attributes of the route: · MED—MED value for the destination network. · localpref—Local preference value. · pref-val—Preferred value. · pre—Protocol preference value. |
State |
Route state: · valid—Valid route. · internal—Internal route. · external—External route. · local—Local route. · best—Optimal route. |
IP precedence |
IP precedence of the route, in the range of 0 to 7. If the IP precedence is invalid, this field displays N/A. |
QoS local ID |
QoS local ID of the route, in the range of 1 to 4095. If the QoS local ID is invalid, this field displays N/A. |
Traffic index |
Traffic index in the range of 1 to 64. If the traffic index is invalid, this field displays N/A. |
LinkID |
Link ID assigned to the TTE. A link ID identifies a TTE connection. |
QoS TTE info |
QoS TTE information carried in the route: · BW—Traffic rate limit to be applied to the outbound direction of the SDWAN tunnel on the hub device. · PF—User profile to be applied to the outbound direction of the SDWAN tunnel on the hub device. |
SiteID |
Site ID. |
DeviceID |
Device ID. |
InterfaceID |
Interface ID. |
SiteName |
Site name. |
SystemIP |
Site system IP address. |
SiteRole |
Site role: · CPE. · RR. · NAT transfer. If multiple site roles are assigned, each two roles are separated by a slash (/). For example: CPE/RR/NAT transfer. |
EncapType |
Encapsulation mode, which can be only UDP in the current software version. |
EncapPort |
Local UDP port number for SDWAN encapsulation. |
SourceIP |
Source IP address of the tunnel. |
TNName |
Transport network name. |
TNID |
Transport network ID. |
RDName |
Routing domain name. |
RDID |
Routing domain ID. |
IPSecEnable |
IPsec state: · Enabled—IPsec protection is enabled. · Disabled—IPsec protection is disabled. |
AH SA SPI |
AH SA SPI. |
ESP SA SPI |
ESP SA SPI. |
ESPEncAlg |
ESP encryption algorithm. |
ESPAuthAlg |
ESP authentication algorithm. |
AHAuthAlg |
AH authentication algorithm. |
NATEnable |
Whether NAT is deployed: · Enabled—NAT is deployed. · Disabled—NAT is not deployed. |
NATType |
NAT type: · Full Cone NAT. · Restricted Cone NAT. · Port Restricted Cone NAT. · Symmetric NAT. If no NAT type exists, this field displays a hyphen (-). |
PublicAddress |
Public IP address after NAT. |
PublicPort |
Public port number after NAT. |
# Display detailed information about BGP IPv4 tunnel-encap-ext route [2][16777216][abc]/296.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [2][0x00ffffff][abc]/296
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [2][0x00ffffff][abc]/296:
From : 4.4.4.4 (4.4.4.4)
Rely nexthop : 10.1.1.2
Original nexthop: 2.2.2.2
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0x0
AS-path : 200
Origin : egp
Attribute value : MED 0, pref-val 0
State : valid, external, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
Route type : Software as a Service access path quality advertisement route
SiteID : 0x00ffffff
DeviceID : 1
SaaSName : abc
SystemIP : 2.2.2.2
Delay : 20 ms
Jitter : 4 ms
Loss : 50 ‰
CQI : 80
Table 3 Command output
Field |
Description |
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
Paths |
Number of routes: · available—Number of valid routes. · best—Number of optimal routes. |
BGP routing table information of [2][16777216][abc]/296 |
Detailed information about BGP IPv4 tunnel-encap-ext route [2][0x00ffffff][abc]/296. |
From |
IP address of the BGP peer that advertised the route. |
Rely Nexthop |
Next hop IP address after route recursion. If no next hop IP address is found, this field displays not resolved. |
Original nexthop |
Original next hop address of the route. If the route was obtained from a BGP update message, the original next hop address is the next hop IP address in the message. |
OutLabel |
Outgoing label of the route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
RxPathID |
Add-Path ID value of the received route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
TxPathID |
Add-Path ID value of the sent route. This field is not supported by the BGP IPv4 tunnel-encap-ext address family in the current software version. |
AS-path |
AS_PATH attribute of the route. This attribute records the ASs the route has passed and avoids routing loops. |
Origin |
Origin of the route: · igp—Originated in the current AS. · egp—Learned through EGP. · incomplete—Unknown origin. |
Attribute value |
BGP attributes of the route: · MED—MED value for the destination network. · localpref—Local preference value. · pref-val—Preferred value. · pre—Protocol preference value. |
State |
Route state: · valid—Valid route. · internal—Internal route. · external—External route. · local—Local route. · best—Optimal route. |
IP precedence |
IP precedence of the route, in the range of 0 to 7. If the IP precedence is invalid, this field displays N/A. |
QoS local ID |
QoS local ID of the route, in the range of 1 to 4095. If the QoS local ID is invalid, this field displays N/A. |
Traffic index |
Traffic index in the range of 1 to 64. If the traffic index is invalid, this field displays N/A. |
SiteID |
Site ID |
DeviceID |
Device ID |
SaaSName |
SaaS cloud service name. |
SystemIP |
Site system IP address. |
Delay |
Delay for the path used to access the SaaS cloud service, in milliseconds. |
Jitter |
Jitter for the path used to access the SaaS cloud service, in milliseconds. |
Loss |
Packet loss ratio for the path used to access the SaaS cloud service, in permillage. |
CQI |
Approximate Comprehensive Quality Indicator (CQI) value for the path used to access the SaaS cloud service. |
# Display advertisement information for BGP IPv4 tunnel-encap-ext route [1][10][10][100]/40.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext [1][10][10][100]/40 advertise-info
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of routes: 1
Paths: 1 best
BGP routing table information of [1][10][10][100]/40:
Advertised to peers (1 in total):
3.3.3.3
Table 4 Command output
Field |
Description |
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
Paths |
Number of optimal routes destined for the specified destination network. |
BGP routing table information of [1][10][10][100]/40 |
Advertisement information about BGP IPv4 tunnel-encap-ext route [1][10][10][100]/40. |
Advertised to peers (1 in total) |
Peers to which the route has been advertised and total number of the peers. |
# Display statistics about BGP IPv4 tunnel-encap-ext routes advertised to peer 2.2.2.2.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext peer 2.2.2.2 advertised-routes statistics
Advertised routes total: 1
# Display statistics about BGP IPv4 tunnel-encap-ext routes received from peer 2.2.2.2.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext peer 2.2.2.2 received-routes statistics
Received routes total: 1
Table 5 Command output
Field |
Description |
Advertised routes total |
Total number of routes advertised to the peer. |
Received routes total |
Total number of routes received from the peer. |
# Display statistics about BGP IPv4 tunnel-encap-ext routes.
<Sysname> display bgp routing-table ipv4 tnl-encap-ext statistics
Total number of routes: 4
Table 6 Command output
Field |
Description |
Total number of routes |
Total number of BGP IPv4 tunnel-encap-ext routes. |
display sdwan peer-connection status
Use display sdwan peer-connection status to display SSL connection status on a CPE.
Syntax
display sdwan peer-connection status [ system-ip system-ip-address ] [ ipv4 | ipv6 ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
system-ip system-ip-address: Specifies an SDWAN server by its system IP address. If you do not specify an SDWAN server, this command displays status information for all SSL connections on the device.
ipv4: Displays status information for IPv4 SSL connections.
ipv6: Displays status information for IPv6 SSL connections.
Usage guidelines
If you do not specify the ipv4 or ipv6 keyword, this command displays status information for both IPv4 SSL connections and IPv6 SSL connections.
Examples
# Display status information for all SSL connections on the device.
<Sysname> display sdwan peer-connection status
System IP : 1.1.1.1
Peer IP/port: 10.0.0.1/7000
VPN instance: vpn1
Status : Connected
System IP : 1.1.1.1
Peer IP/port: 10::1/7000
VPN instance: vpn1
Status : Init
Table 7 Command output
Field |
Description |
System IP |
System IP address of an SDWAN server. |
Peer IP/port |
IP address and listening TCP port number of the SDWAN server. |
VPN instance |
VPN instance of the SDWAN server. |
Status |
SSL connection state: · Init. · Connecting. · Connected. · Close. |
Related commands
display sdwan server status
sdwan server
display sdwan server status
Use display sdwan server status to display SDWAN server status on an RR.
Syntax
display sdwan server status
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display SDWAN server status on an RR.
<Sysname> display sdwan server status
SDWAN server: Enabled
SDWAN server listening port: 10030
Table 8 Command output
Field |
Description |
SDWAN server |
SDWAN server state: · Enabled. · Disabled. |
SDWAN server listening port |
TCP port number that the SDWAN server is listening to. |
Related commands
sdwan server enable
sdwan server port
display sdwan site-tte
Use display sdwan site-tte to display transport tunnel endpoint (TTE) information on an SDWAN device.
Syntax
display sdwan site-tte [ site-id site-id ] [ verbose ] [ ipv4 | ipv6 ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
site-id site-id: Specifies a site by its ID, in the range of 1 to 65535. If you do not specify a site, the command displays TTE information for all sites.
verbose: Displays detailed TTE information for sites. If you do not specify this keyword, the command displays brief TTE information for sites.
ipv4: Displays TTE information for IPv4 SDWAN tunnels.
ipv6: Displays TTE information for IPv6 SDWAN tunnels.
Usage guidelines
If you do not specify the ipv4 or ipv6 keyword, this command displays TTE information for both IPv4 SDWAN tunnels and IPv6 SDWAN tunnels.
Examples
# Display brief TTE information for all sites.
<Sysname> display sdwan site-tte
Site ID: 20 (local)
Total number of TTEs: 1
***************************************************************
DevID SysIP IfID Status Encap NAT SA RDID TNID
20 1.1.1.9 20 UP UDP IPv4 Disabled Disabled rda tna
Site ID: 10
Total number of TTEs: 2
***************************************************************
DevID SysIP IfID Status Encap NAT SA RDID TNID
10 1.1.1.10 30 UP UDP IPv4 Disabled Disabled rda tna
10 1.1.1.10 40 UP UDP IPv4 Disabled Disabled rda tnb
Table 9 Command output
Field |
Description |
Site ID |
Site ID. If (local) is displayed next to the site ID, the site is the local site. |
Total number of TTEs |
Total number of TTEs at the site. |
DevID |
Device ID. |
SysIP |
System IP address of the device. |
IfID |
SDWAN tunnel interface ID. |
Status |
TTE state: · UP. · DOWN. |
Encap |
SDWAN tunnel encapsulation method: · UDP IPv4—IPv4 tunnel in UDP encapsulation. · UDP IPv6—IPv6 tunnel in UDP encapsulation. |
NAT |
NAT state: · Enabled. · Disabled. · N/A—The state is unknown. |
SA |
SA state: · Enabled. · Disabled. · NA—The state is unknown. |
RDID |
Routing domain ID of the TTE. |
TNID |
Transport network ID of the TTE. |
# Display detailed TTE information for site 20.
<Sysname> display sdwan site-tte site-id 20 verbose
Site ID: 20 (local)
Site name: fenzhi
Site role: CPE
Device ID: 20
System IP: 1.1.1.9
Interface ID: 20
Group ID: 3
Interface name: Tunnel10
Status: UP
Encapsulation protocol: UDP IPv4
Encapsulation port: 3000
Tunnel destination VPN index: 0
Transport destination VPN index: 0
NAT: Disabled
NAT type: -
NAT public IP: -
NAT public port: -
SA: Disabled
Routing domain: rda (10)
Transport network: tna (10)
Out physical interface: GigabitEthernet1/0/3
Source IP: 172.1.1.1
Table 10 Command output
Field |
Description |
Site ID |
Site ID. If (local) is displayed next to the site ID, the site is the local site. |
Site role |
Device role: · CPE. · RR—Route reflector. · NAT-transfer. |
Interface ID |
SDWAN tunnel interface ID. |
Group ID |
SDWAN tunnel group ID. |
Interface name |
SDWAN tunnel interface name. |
Status |
TTE state: · UP. · DOWN. |
Encapsulation protocol |
SDWAN tunnel encapsulation method: · UDP IPv4—IPv4 tunnel in UDP encapsulation. · UDP IPv6—IPv6 tunnel in UDP encapsulation. |
Encapsulation port |
Source UDP port number in SDWAN tunneled packets. |
NAT |
NAT state: · Enabled. · Disabled. · NA—The state is unknown. |
NAT type |
NAT type: · Full Cone NAT. · Restricted Cone NAT. · Port Restricted Cone NAT. · Symmetric NAT. · NO NAT. · Static NAT. The NAT type is unknown if this field displays a hyphen (-). |
NAT public IP |
Public IP address after NAT. |
NAT public port |
TCP port number after NAT. |
SA |
SA state: · Enabled. · Disabled. · NA—The state is unknown. |
Routing domain |
Routing domain name and ID of the TTE, in the format of domain-name (domain-id). |
Transport network |
Transport network name and ID of the TTE, in the format of network-name (network-id). |
Out physical interface |
Local physical output interface of the TTE. |
Source IP |
Source IP address of the SDWAN tunnel for the TTE. |
Related commands
display sdwan tte connection
display sdwan tte connection
Use display sdwan tte connection to display TTE connection information on the device.
Syntax
display sdwan tte connection [ site-id site-id | system-ip system-ip-address ] [ reachable | unreachable ] [ ipv4 | ipv6 ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
site-id site-id: Specifies a remote site by its ID, in the range of 1 to 65535. If you do not specify a remote site, this command displays TTE connection information for all sites.
system-ip system-ip-address: Specifies a remote device by its system IP address. If you do not specify a system IP address, this command displays TTE connection information for all system IP addresses.
reachable: Displays TTE connections reachable to system IP addresses.
unreachable: Displays TTE connections unreachable to system IP addresses.
ipv4: Displays TTE connections on IPv4 SDWAN tunnels.
ipv6: Displays TTE connections on IPv6 SDWAN tunnels.
Usage guidelines
If you do not specify the reachable or unreachable keyword, this command displays both TTE connections reachable to system IP addresses and TTE connections unreachable to system IP addresses.
If you do not specify the ipv4 or ipv6 keyword, this command displays TTE connections on both IPv4 SDWAN tunnels and IPv6 SDWAN tunnels.
Examples
# Display information about all TTE connections on the device.
<Sysname> display sdwan tte connection
Destination SiteID/DevID/IfID/SysIP: 30/50/35/50.50.50.30
Destination IP/port: 200.200.200.30/3000
Source IP/port/IfID: 200.200.200.10/3000/30
Status: Reachable
Destination SiteID/DevID/IfID/SysIP: 30/50/35/50.50.50.30
Destination IP/port: 200::30/3000
Source IP/port/IfID: 200::10/3000/30
Status: Reachable
Number of connections: 2
Table 11 Command output
Field |
Description |
Destination SiteID/DevID/IfID/SysIP |
Site ID, device ID, tunnel interface ID, and system IP address of a peer device. |
Destination IP/port |
Destination IP address and TCP port number in SDWAN tunneled packets. |
Source IP/port/IfID |
Source IP address, TCP port number, and SDWAN tunnel interface ID in SDWAN tunneled packets. |
Status |
TTE connection state: · Reachable. · Unreachable. |
Number of connections |
Number of TTE connections. |
Related commands
display sdwan site-tte
reset sdwan tte connection
evpn-sdwan nexthop-recursive priority-color-only
Use evpn-sdwan nexthop-recursive priority-color-only to configure the device to perform next hop recursion based on only the Priority-Color attribute for SDWAN-encapsulated IP prefix advertisement routes.
Use undo evpn-sdwan nexthop-recursive priority-color-only to restore the default.
Syntax
evpn-sdwan nexthop-recursive priority-color-only
undo evpn-sdwan nexthop-recursive priority-color-only
Default
The device performs next hop recursion first based on the NEXT_HOP attribute and then the Priority-Color attribute for an IP prefix advertisement route that has the Priority-Color attribute after it receives that route.
Views
BGP EVPN address family view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Application scenario
Use this command in an SDWAN scenario that uses the Priority-Color attribute for traffic rerouting or load balancing.
By default, the device performs next hop recursion for IP prefix advertisement routes based on both the NEXT_HOP and Priority-Color attributes after it receives these routes if these routes have the Priority-Color attribute. The recursion procedure is as follows for an IP prefix advertisement route:
· Typically, the address in the NEXT_HOP attribute is the system IP address of a remote CPE. The device looks up for a matching TTE connection based on the address. The SDWAN tunnel interface of the matching TTE connection is the next hop output interface obtained through next hop recursion for the IP prefix advertisement route.
· Each Priority-Color attribute includes the site ID information of a remote CPE or the site ID and device ID information of a remote CPE. The device looks up for matching TTE connections based on the information. The SDWAN tunnel interfaces of the matching TTE connections are the next hop output interfaces obtained through next hop recursion for the IP prefix advertisement route based on the Priority-Color attributes.
When the device receives packets that match an IP prefix advertisement route, it forwards the packets as follows:
· If BGP load balancing is not configured, the device forwards the packets over an SDWAN tunnel obtained through next hop recursion based on the NEXT_HOP attribute of the IP prefix advertisement route. When that SDWAN tunnel is not available, the device uses the SDWAN tunnel obtained through next hop recursion based on the Priority-Color attribute to forward the packets.
· If BGP load balancing is configured, the device can forward the packets over the following SDWAN tunnels for load balancing:
¡ The SDWAN tunnel obtained through next hop recursion based on the NEXT_HOP attribute of the IP prefix advertisement route.
¡ The SDWAN tunnels obtained through next hop recursion based on the Priority-Color attributes of the IP prefix advertisement route.
Based on the above mechanism, when the forwarding path obtained through next hop recursion based on the NEXT_HOP attribute is not available, the device still can forward VPN traffic along the forwarding path obtained through next hop recursion based on the Priority-Color attribute. The latter path is a backup for the former path. They provide rerouting and load balancing services for traffic.
The Priority-Color attribute is easy to configure, and the device can flexibly control the SDWAN forwarding path through this attribute. To perform next hop recursion for IP prefix advertisement routes that have the Priority-Color attribute based on only the Priority-Color attribute, use this command.
Working mechanism
With this command, when the device receives an IP prefix advertisement route that has the Priority-Color attribute, it does not perform next hop recursion based on the NEXT_HOP attribute. Instead, it performs next hop recursion directly based on the Priority-Color attribute. When the device receives packets that match the IP prefix advertisement route, it forwards the packets to an SDWAN tunnel obtained through next hop recursion based on only the Priority-Color attribute. In this way, the forwarding path is not restricted by the NEXT_HOP attribute of the IP prefix advertisement route. To adjust the forwarding path, you only need to modify the Priority-Color attribute.
Restrictions and guidelines
This command takes effect only on SDWAN-encapsulated IP prefix advertisement routes that have the Priority-Color attribute.
Examples
# Configure the device to perform next hop recursion based on only the Priority-Color attribute for SDWAN-encapsulated IP prefix advertisement routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family l2vpn evpn
[Sysname-bgp-default-ipv6] evpn-sdwan nexthop-recursive priority-color-only
evpn sdwan routing-enable
Use evpn sdwan routing-enable to enable EVPN to advertise SDWAN routes.
Use undo evpn sdwan routing-enable to disable EVPN from advertising SDWAN routes.
Syntax
evpn sdwan routing-enable
undo evpn sdwan routing-enable
Default
EVPN does not advertise SDWAN routes.
Views
VPN instance IPv4 address family view
VPN instance IPv6 address family view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Non-default vSystems do not support this command.
This command enables the device to advertise VPN routes as BGP EVPN IP prefix advertisement routes in SDWAN encapsulation to peers. When the device receives BGP EVPN IP prefix advertisement routes in SDWAN encapsulation from the peers, it adds the routes to the routing table of the VPN instance.
Use this command in conjunction with the peer advertise encap-type sdwan command executed in BGP EVPN address family view.
Examples
# In IPv4 address family view of VPN instance vpna, enable EVPN to advertise SDWAN routes.
<Sysname> system-view
[Sysname] ip vpn-instance vpna
[Sysname-vpn-instance-vpna] address-family ipv4
[Sysname-vpn-ipv4-vpna] evpn sdwan routing-enable
Related commands
peer advertise encap-type sdwan
reset sdwan tte connection
Use reset sdwan tte connection to clear SDWAN TTE connections.
Syntax
reset sdwan tte connection [ interface interface-type interface-number [ site-id site-id device-id device-id interface-id interface-id ] ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
interface interface-type interface-number: Specifies an SDWAN tunnel interface by its type and number. If you do not specify an SDWAN tunnel interface, this command clears TTE connections for all SDWAN tunnel interfaces.
site-id site-id device-id device-id interface-id interface-id: Specifies an interface on a device at a site. The site-id argument represents the site ID, in the range of 1 to 65535. The device-id argument represents the device ID, in the range of 1 to 255. The interface-id argument represents the interface ID, in the range of 1 to 255. If you do not specify this option, the command clears all TTE connections for the specified SDWAN tunnel interface.
Usage guidelines
Clearing the TTE connections to a remote device also deletes the routes destined for the system IP address of that remote device. As a result, data packet forwarding is interrupted.
Clearing TTE connections between a CPE and an RR also interrupts the BGP sessions between them.
Examples
# Clear TTE connections for SDWAN tunnel interface Tunnel 1.
<Sysname> reset sdwan tte connection interface tunnel 1
Related commands
display sdwan tte connection
peer advertise encap-type sdwan
Use peer advertise encap-type sdwan to enable advertisement of EVPN routes in SDWAN encapsulation to a peer or peer group.
Use undo peer advertise encap-type sdwan to disable advertisement of EVPN routes in SDWAN encapsulation to a peer or peer group.
Syntax
peer { group name | ipv4-address [ mask-length ] } advertise encap-type sdwan
undo peer { group name | ipv4-address [ mask-length ] } advertise encap-type sdwan
Default
BGP does not advertise EVPN routes in SDWAN encapsulation to a peer or peer group.
Views
BGP EVPN address family view
Predefined user roles
network-admin
mdc-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must already exists.
ipv4-address: Specifies a peer by its IPv4 address. The peer must already exists.
mask-length: Specifies a mask length in the range of 0 to 32. To specify a subnet, you must specify both the ipv4-address and mask-length arguments.
Usage guidelines
Use this command on CPEs and RRs. On a CPE, use this command in conjunction with the evpn sdwan routing-enable command executed in VPN instance IPv4 address family view.
Examples
# Configure BGP to advertise EVPN routes in SDWAN encapsulation to peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family l2vpn evpn
[Sysname-bgp-default-evpn] peer 1.1.1.1 advertise encap-type sdwan
Related commands
evpn sdwan routing-enable
sdwan bfd enable
Use sdwan bfd enable to use BFD to test the connectivity of TTE connections on an SDWAN tunnel.
Use undo sdwan bfd enable to restore the default.
Syntax
sdwan bfd enable [ template template-name ]
undo sdwan bfd enable
Default
BFD is not used to test the connectivity of TTE connections on an SDWAN tunnel. The device uses keepalive packets to test the connectivity of TTE connections on an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
template template-name: Specifies a BFD template by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a BFD template or the specified BFD template does not exist, the device uses the default BFD session parameters.
Usage guidelines
With this command, the local device periodically sends BFD control packets to the remote device over all TTE connections on an SDWAN tunnel. If the device does not receive any BFD control packets from the remote device over a TTE connection within the detection period, it determines that the TTE connection is unreachable to the remote device. For more information about BFD, see High Availability Configuration Guide.
If BFD is used to test the connectivity of TTE connections on an SDWAN tunnel, you must use this command at both ends of the SDWAN tunnel.
If this command is used on an SDWAN tunnel interface, the device determines the connectivity of TTE connections on that SDWAN tunnel based on the BFD detection result. If this command is not used on an SDWAN tunnel interface, the device determines the connectivity of TTE connections on that SDWAN tunnel based on the keepalive result.
Examples
# On SDWAN tunnel interface Tunnel 1, configure BFD to test the connectivity of TTE connections on the SDWAN tunnel.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan bfd enable template aa
Related commands
sdwan keepalive
sdwan device-id
Use sdwan device-id to assign an ID to the device.
Use undo sdwan device-id to restore the default.
Syntax
sdwan device-id device-id
undo sdwan device-id
Default
No ID is assigned to the device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
device-id: Specifies an ID for the device, in the range of 1 to 255.
Usage guidelines
The device ID uniquely identifies the device at a site.
Examples
# Assign ID 2 to the device.
<Sysname> system-view
[Sysname] sdwan device-id 2
The current configuration will lead to offline. Are you sure? [Y/N]:
Related commands
display sdwan site-tte
sdwan encapsulation global-udp-port
Use sdwan encapsulation global-udp-port to specify a global source UDP port number for SDWAN tunneled packets.
Use undo sdwan encapsulation global-udp-port to restore the default.
Syntax
sdwan encapsulation global-udp-port port-number
undo sdwan encapsulation global-udp-port
Default
The global source UDP port number is 4799 for SDWAN tunneled packets.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a global source UDP port number for SDWAN tunneled packets, in the range of 1 to 65535. As a best practice, do not specify a known port number in the range of 1 to 1023.
Usage guidelines
All devices that belong to the same SDWAN routing domain must use the same source UDP port number.
You can specify a source UDP port number for SDWAN tunneled packets both in system view and in tunnel interface view.
· The source UDP port number specified in system view applies to all SDWAN tunnel interfaces.
· The source UDP port number specified in tunnel interface view applies only to one tunnel interface.
For a tunnel interface, the source UDP port number specified in tunnel interface view takes precedence over that specified in system view. If no source UDP port number is specified in tunnel interface view, the source UDP port number specified in system view applies.
Examples
# Specify port number 5000 as the global source UDP port number for SDWAN tunneled packets.
<Sysname> system-view
[Sysname] sdwan encapsulation global-udp-port 5000
sdwan encapsulation udp-port
Use sdwan encapsulation udp-port to specify a source UDP port number for SDWAN tunneled packets in UDP encapsulation mode.
Use undo sdwan encapsulation udp-port to restore the default.
Syntax
sdwan encapsulation udp-port port-number
undo sdwan encapsulation udp-port
Default
The source UDP port number for SDWAN tunneled packets is the global source UDP port number for SDWAN tunneled packets.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a source UDP port number in the range of 1 to 65535. As a best practice, do not specify a known port number in the range of 1 to 1023.
Usage guidelines
All devices that belong to the same SDWAN routing domain must use the same source UDP port number.
You can specify a source UDP port number for SDWAN tunneled packets both in system view and in tunnel interface view.
· The source UDP port number specified in system view applies to all SDWAN tunnel interfaces.
· The source UDP port number specified in tunnel interface view applies only to one tunnel interface.
For a tunnel interface, the source UDP port number specified in tunnel interface view takes precedence over that specified in system view. If no source UDP port number is specified in tunnel interface view, the source UDP port number specified in system view applies.
Examples
# Specify 5000 as the source UDP port number of SDWAN tunneled packets.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan encapsulation udp-port 5000
Related commands
display sdwan site-tte
sdwan group-id
Use sdwan group-id to specify a group ID for an SDWAN tunnel.
Use undo sdwan group-id to restore the default.
Syntax
sdwan group-id group-id
undo sdwan group-id
Default
No group ID is specified for an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies a group ID in the range of 1 to 65535.
Usage guidelines
Use this command to control the establishment of TTE connections in a more fine and flexible manner. In the same routing domain, only tunnel interfaces that have the same group ID and belong to the same transport network can establish TTE connections.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify group ID 22 for SDWAN tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan group-id 22
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
sdwan interface-id
Use sdwan interface-id to assign an interface ID to an SDWAN tunnel interface.
Use undo sdwan interface-id to restore the default.
Syntax
sdwan interface-id interface-id
undo sdwan interface-id
Default
No interface ID is assigned to an SDWAN tunnel interface.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-id: Specifies an interface ID for the SDWAN tunnel interface, in the range of 1 to 255.
Usage guidelines
The device supports multiple SDWAN tunnel interfaces. An interface ID uniquely identifies an SDWAN tunnel interface on the device.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Assign interface ID 10 to SDWAN tunnel interface Tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan interface-id 10
The input configuration will be written to the device, changes may cause device offline. Are you sure? [Y/N]:
Related commands
display sdwan site-tte
sdwan keepalive
Use sdwan keepalive to configure SDWAN keepalive settings.
Use undo sdwan keepalive to restore the default.
Syntax
sdwan keepalive interval interval [ retry retries ]
undo sdwan keepalive
Default
The keepalive interval is 10 seconds and the number of keepalive retries is 3 for an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
interval interval: Specifies the interval between sending keepalive requests, in the range of 1 to 32767 seconds.
retry retries: Specifies the number of times that the device continues to send keepalive packets without response before the TTE connection state is changed to unreachable. The value range for the retries argument is 1 to 255 and the default value is 3.
Usage guidelines
After an SDWAN tunnel is established, the local device sends keepalive requests to the remote device over all the TTE connections on the tunnel interface at the specified keepalive interval.
· If the local device receives a keepalive response from the remote device within a keepalive interval, it determines that a TTE connection is reachable to the remote device.
· If the local device cannot receive a keepalive response from the remote device on a TTE connection within a keepalive interval, it resends a keepalive request. If the local device still cannot receive a response within the keepalive interval multiplied by keepalive retries, it determines that the TTE connection is unreachable to the remote device. The device no longer forwards packets through the TTE connection.
In an RIR-SDWAN network, set the keepalive interval within the range of 1 to 5 seconds as a best practice.
If the sdwan bfd enable command is used on an SDWAN tunnel interface, the device determines the connectivity of TTE connections on that SDWAN tunnel based on the BFD detection result. If this command is not used on an SDWAN tunnel interface, the device determines the connectivity of TTE connections on that SDWAN tunnel based on the keepalive result.
Examples
# On SDWAN tunnel interface 1, set the keepalive interval to 30 seconds and the number of keepalive retries to 5.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan keepalive interval 30 retry 5
Related commands
sdwan bfd enable
sdwan nat-global-ip
Use sdwan nat-global-ip to specify the post-NAT public IP address and port number for the source IP address and port number of tunneled packets.
Use undo sdwan nat-global-ip to restore the default.
Syntax
sdwan nat-global-ip global-address global-port global-port
undo sdwan nat-global-ip
Default
The post-NAT public IP address and port number are not specified for the source IP address and port number of tunneled packets.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
global-address: Specifies the post-NAT public IP address.
global-port: Specifies the post-NAT public port number, in the range of 1 to 65535.
Usage guidelines
Use this command on a CPE or RR if the CPE or RR is behind a NAT device and the NAT device is configured with static NAT. With this command, you do not need to configure STUN to detect the post-NAT public IP address and port number for the source IP address and port number of tunneled packets on the CPE or RR.
Using this command on a tunnel interface causes the device to disconnect all existing TTE connections established to the tunnel interface. The device will reestablish these TTE connections based on the specified post-NAT public IP address and port number.
As a best practice, do not use this command if the public network cannot actively access the internal network.
Examples
# Specify 10.1.1.1 and 5000 as the post-NAT public IP address and port number for the source IP address and port number of tunneled packets.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan nat-global-ip 10.1.1.1 global-port 5000
The current configuration will lead to TTE offline. Continue anyway? [Y/N]:
sdwan routing-domain
Use sdwan routing-domain to specify a routing domain for an SDWAN tunnel.
Use undo sdwan routing-domain to restore the default.
Syntax
sdwan routing-domain domain-name id domain-id
undo sdwan routing-domain
Default
No routing domain is specified for an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name: Specifies a routing domain by its name, a case-sensitive string of 1 to 31 characters. The string can contain only letters, digits, and dots (.).
domain-id: Specifies the ID of the routing domain, in the range of 1 to 65535.
Usage guidelines
Only CPEs and RRs that belong to the same routing domain can establish SDWAN tunnels with each other.
Examples
# Specify the routing domain named abc and with ID 2000 for SDWAN tunnel 1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan routing-domain abc id 2000
Related commands
display sdwan site-tte
sdwan server
Use sdwan server to specify an SDWAN server on a CPE.
Use undo sdwan server to remove an SDWAN server from a CPE.
Syntax
sdwan server system-ip system-ip-address { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ vpn-instance vpn-instance-name ]
undo sdwan server system-ip system-ip-address { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ vpn-instance vpn-instance-name ]
Default
No SDWAN servers are specified on a CPE.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
system-ip system-ip-address: Specifies an SDWAN server by its system IP.
ip ipv4-address: Specifies the IPv4 address of the SDWAN server. The IPv4 address must be reachable and must be on the RR where SDWAN server is enabled.
ipv6 ipv6-address: Specifies the IPv6 address of the SDWAN server. The IPv6 address must be reachable and must be on the RR where SDWAN server is enabled.
port port-number: Specifies a TCP port number used to establish connections with the SDWAN server. Make sure the port number is the same as the TCP listening port number configured for the SDWAN server on the RR. The value range for the port-number argument is 1 to 65535, and the default value is 2004.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the SDWAN server belongs. The vpn-instance-name argument represents the VPN instance name, which is a case-sensitive string of 1 to 31 characters. If the SDWAN server belongs to the public network, do not specify this option.
Usage guidelines
With this command, a CPE can act as an SDWAN client to establish an SSL connection with the specified SDWAN server (RR).
Repeat this command to specify multiple SDWAN servers on a CPE.
Examples
# On a CPE, specify the SDWAN server at 10.1.1.1 and with system IP address 192.168.0.1.
<Sysname> system-view
[Sysname] sdwan server system-ip 192.168.0.1 ip 10.1.1.1
Related commands
display sdwan peer-connection status
sdwan server enable
Use sdwan server enable to enable SDWAN server on an RR.
Use undo sdwan server enable to disable SDWAN server on an RR.
Syntax
sdwan server enable
undo sdwan server enable
Default
SDWAN server is disabled on an RR.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Use this command only on an RR. With this command, the RR can listen to the CPEs for SSL connection requests and establish SSL connections with the CPEs. After SSL connection establishment, the CPEs advertise their local TTE and IPsec SA information to the RR and the RR advertises its local TTE and IPsec SA information to the CPEs. Then, the RR and CPEs can finish SDWAN tunnel establishment.
When you enable SDWAN server on an RR and the RR does not have a digital certificate, digital certificate request is triggered. It takes some time to request a digital certificate. For more information about digital certificates, see PKI configuration in Security Configuration Guide.
Examples
# Enable SDWAN server on an RR.
<Sysname> system-view
[Sysname] sdwan server enable
Please wait.........Done.
Related commands
display sdwan server status
sdwan ssl-server-policy
sdwan server port
Use sdwan server port to specify the TCP port that the SDWAN server listens to on an RR.
Use undo sdwan server port to restore the default.
Syntax
sdwan server port port-number
undo sdwan server port
Default
The SDWAN server on an RR listens to TCP port 2004.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a port number in the range of 1 to 65535.
Usage guidelines
This command is not supported in FIPS mode.
If SDWAN server has been enabled before you change the TCP port number, the system automatically restarts the SDWAN server after you change the TCP port number. Connections that have been established between CPEs and the SDWAN server are not lost. Connections being established between CPEs and the SDWAN server are lost. To reestablish the connections, you must specify the same TCP port number as the SDWAN server on the CPEs.
Examples
# Specify 3500 as the TCP listening port number of the SDWAN server on an RR.
<Sysname> system-view
[Sysname] sdwan server port 3500
Related commands
display sdwan server status
sdwan server enable
sdwan site-id
Use sdwan site-id to specify a site ID for the device.
Use undo sdwan site-id to restore the default.
Syntax
sdwan site-id site-id
undo sdwan site-id
Default
No site ID is specified for the device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
site-id: Specifies a site ID for the device, in the range of 1 to 65535.
Usage guidelines
A site ID uniquely identifies a customer site in an SDWAN network.
Examples
# Specify site ID 2 for the device.
<Sysname> system-view
[Sysname] sdwan site-id 2
The current configuration will lead to offline. Are you sure? [Y/N]:
Related commands
display sdwan site-tte
sdwan site-name
Use sdwan site-name to specify the name of the site to which the device belongs.
Use undo sdwan site-name to restore the default.
Syntax
sdwan site-name site-name
undo sdwan site-name
Default
No site name is specified for the device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
site-name: Specifies a site name for the device, a case-sensitive string of 1 to 255 characters.
Usage guidelines
A site name can describe the site location and functions, which facilitates users to identify the site in an SDWAN network. A site name does not uniquely identify a site. You can specify the same site name for multiple devices.
Examples
# Specify site name fenbu for the device.
<Sysname> system-view
[Sysname] sdwan site-name fenbu
Related commands
display sdwan site-tte
sdwan site-role
Use sdwan site-role to specify a site role for the device.
Use undo sdwan role to restore the default.
Syntax
sdwan site-role { cpe | nat-transfer | rr } *
undo sdwan site-role
Default
No site role is specified for the device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
cpe: Specifies the CPE role.
nat-transfer: Specifies the NAT transfer role.
rr: Specifies the route reflector (RR) role.
Usage guidelines
IMPORTANT: A site role change will cause SDWAN tunnel flapping and interrupt ongoing services. As a best practice, plan role configuration before you deploy the SDWAN network. |
SDWAN supports the following site roles:
· CPE—Customer-side SDWAN tunnel endpoints.
· RR—Used to reflect TTE information and private routes among CPEs.
· NAT transfer—Used to establish forwarding paths for CPEs that must pass through NAT devices over the public network for intercommunication.
You must specify the same site role for all SDWAN devices at the same site.
Examples
# Specify site role CPE for the device.
<Sysname> system-view
[Sysname] sdwan site-role cpe
The configuration will be written to the device, changes may cause device offline. Are you sure? [Y/N]:
Related commands
display sdwan site-tte
sdwan ssl-server-policy
Use sdwan ssl-server-policy to specify an SSL server policy on an RR for the RR to establish SSL connections with CPEs (SDWAN clients).
Use undo sdwan ssl-server-policy to restore the default.
Syntax
sdwan ssl-server-policy policy-name
undo sdwan ssl-server-policy
Default
No SSL server policy is specified on an RR for the RR to establish SSL connections with CPEs (SDWAN clients).
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies an SSL server policy by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
With this command, an RR uses the specified policy to establish SSL connections with CPEs. After SSL connection establishment, the CPEs advertise their local TTE and IPsec SA information to the RR and the RR advertises its local TTE and IPsec SA information to the CPEs. Then, the RR and the CPEs can finish SDWAN tunnel establishment.
Only one SSL server policy can be applied to an SSL connection. If you execute this command multiple times, the most recent configuration cannot take effect automatically. For the most recent configuration to take effect, you must execute the undo sdwan server enable command and then the sdwan server enable command to re-enable the SDWAN server.
For more information about SSL server policies, see SSL configuration in Security Configuration Guide.
If you do not specify an SSL server policy on an RR, the RR uses the self-signed certificate and the default settings of the SSL parameters to establish SSL connections with CPEs or the NAT transfer. The configuration is simple, but less secure.
Examples
# On an RR, specify SSL server policy CA_CERT for the RR to establish SSL connections with CPEs (SDWAN clients).
<Sysname> system-view
[Sysname] sdwan ssl-server-policy CA_CERT
Related commands
display sdwan server status
sdwan server enable
sdwan server port
sdwan ssl-client-policy
Use sdwan ssl-client-policy to specify an SSL client policy on a CPE for the CPE to establish SSL connections with RRs (SDWAN servers).
Use undo sdwan ssl-client-policy to restore the default.
Syntax
sdwan ssl-client-policy policy-name
undo sdwan ssl-client-policy
Default
No SSL client policy is specified on a CPE for the CPE to establish SSL connections with RRs (SDWAN servers).
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies an SSL client policy by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
Only one SSL client policy can be applied to an SSL connection. If you execute this command multiple times, the most recent configuration takes effect. Modification to this command does not affect existing SDWAN SSL connections. It takes effect only on the SDWAN SSL connections established after the modification.
For more information about SSL client policies, see SSL configuration in Security Configuration Guide.
Examples
# On a CPE, specify SSL client policy abc for the CPE to establish SSL connections with RRs (SDWAN servers).
<Sysname> system-view
[Sysname] sdwan ssl-client-policy abc
sdwan system-ip
Use sdwan system-ip to specify a system IPv4 address for the device.
Use undo sdwan system-ip to restore the default.
Syntax
sdwan system-ip interface-type interface-number
undo sdwan system-ip
Default
No system IPv4 address is specified for the device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number. The primary IPv4 address of the specified interface is used as the system IPv4 address of the device.
Usage guidelines
The device uses the system IPv4 address to set up BGP sessions with other devices. In an RIR scenario, the system IPv4 address is also used as the inner destination IPv4 address of probe packets sent by the NQA client in NQA link connectivity probes. For more information about RIR, see Layer 3—IP Routing Configuration Guide.
For this command to take effect, you must specify a loopback interface that has an IPv4 address.
Examples
# Specify the primary IPv4 address of Loopback 0 as the system IPv4 address of the device.
<Sysname> system-view
[Sysname] sdwan system-ip loopback 0
Related commands
display sdwan site-tte
sdwan transport-network
Use sdwan transport-network to specify a transport network for an SDWAN tunnel.
Use undo sdwan transport-network to restore the default.
Syntax
sdwan transport-network network-name id network-id [ restrict ]
undo sdwan transport-network
Default
No transport network is specified for an SDWAN tunnel.
Views
Tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
network-name: Specifies a transport network by its name, a case-sensitive string of 1 to 31 characters. The string can contain only letters, digits, and dots (.).
network-id: Specifies the ID of the transport network, in the range of 1 to 65535.
restrict: Allows only tunnel interfaces that are specified the same routing domain and the same transport network ID to set up TTE connections. If you do not specify this keyword, the system allows tunnel interfaces that are specified the same routing domain to set up TTE connections regardless of whether their transport network IDs are the same.
Usage guidelines
An SDWAN tunnel interface is connected to a transport network. The transport network is uniquely identified by its name or ID.
Examples
# Specify a transport network named abc with ID 2000 for an SDWAN tunnel.
<Sysname> system-view
[Sysname] interface tunnel 1 mode sdwan udp
[Sysname-Tunnel1] sdwan transport-network abc id 2000
Related commands
display sdwan site-tte
sdwan vn-id
Use sdwan vn-id to specify a VN ID for a VPN instance.
Use undo sdwan vn-id to restore the default.
Syntax
sdwan vn-id vn-id
undo sdwan vn-id
Default
The VN ID is 0 for a VPN instance.
Views
VPN instance view.
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Non-default vSystems do not support this command.
Packets from different tenants can be forwarded through the same SDWAN tunnel. To isolate the tenants, assign them to different VPN instances. Their packets will be distinguished according to the VN IDs of the VPN instances.
You can specify only one VN ID for a VPN instance in the current software version.
Examples
# Specify VN ID 123 for VPN instance vpna.
<Sysname> system-view
[Sysname] ip vpn-instance vpna
[Sysname-vpn-instance-vpna] sdwan vn-id 123
Related commands
evpn sdwan routing-enable