This command is used to the debug MPLS LSPM. As running the debugging will affect the performance of the H3C S9500 Series Routing Switches, you are advised to use the command with caution.

Example

# Enable all MPLS VPN debugging.

<H3C> debugging mpls lspm vpn

1.1.2 display mpls interface

Syntax

display mpls interface

View

Any view

Parameter

None

Description

Use the display mpls interface command to view the information of all MPLS-enabled interfaces.

Related command: display mpls lsp, display mpls statistics and display static-lsp.

Example

# Display the information of all MPLS-enabled interface.

<H3C> display mpls interface

MPLS interface information:

Interface Vlan-interface12 ( Label Range : 0-44800 )

Interface Vlan-interface23 ( Label Range : 0-44800 )

Interface Vlan-interface21 ( Label Range : 0-44800 )

Interface Vlan-interface20 ( Label Range : 0-44800 )

Interface Vlan-interface194 ( Label Range : 0-44800 )

Interface Vlan-interface104 ( Label Range : 0-44800 )

Interface Vlan-interface76 ( Label Range : 0-44800 )

Interface Vlan-interface22 ( Label Range : 0-44800 )

Interface Vlan-interface193 ( Label Range : 0-44800 )

Interface Vlan-interface27 ( Label Range : 0-44800 )

1.1.3 display mpls lsp

Syntax

display mpls lsp [ include text | verbose ]

View

Any view

Parameter

include text: Displays the matching string including the specified information.

verbose: Displays detailed information.

Description

Use the display mpls lsp command to display LSP information.

By default, the display mpls lsp command displays all LSP information.

Related command: display mpls interface, display mpls statistics and display static-lsp.

Example

# Display all the LSPs including “-----------”.

<H3C-Vlan-interface2000> display mpls lsp include ----------------

-------------------------------------------------------------------------- LSP Information: Ldp Lsp

NO FEC NEXTHOP I/O-LABEL OUT-INTERFACE

1 10.110.1.0/24 10.110.1.1 3/----- -------

2 10.10.10.0/24 10.10.10.1 3/----- -------

3 10.100.20.20/32 127.0.0.1 3/----- -------

4 5.5.5.5/32 127.0.0.1 3/----- -------

5 10.100.20.0/24 10.100.20.20 3/----- -------

6 80.80.80.80/32 127.0.0.1 3/----- -------

7 70.70.70.70/32 200.5.5.4 -----/3 Vlan2000

TOTAL: 7 Record(s) Found.

1.1.4 display mpls static-lsp

Syntax

display mpls static-lsp [ include text | verbose ]

View

Any view

Parameter

include text: Displays the matching string including the specified information .

verbose: Displays detailed information.

Description

Use the display mpls static-lsp command to view the information of one static LSP or all.

Related command: display mpls interface, display mpls lsp and display mpls statistics.

Example

# Display the static LSP information.

<H3C-mpls> display mpls static-lsp

--------------------------------------------------------------------

LSP Information: Static Lsp

--------------------------------------------------------------------

NO FEC NEXTHOP I/O-LABEL OUT-INTERFACE

1 1.1.1.1/32 200.5.5.4 -----/1000 Vlan2000

TOTAL: 1 Record(s) Found.

1.1.5 display mpls statistics

Syntax

display mpls statistics { interface { Vlan-interface | all } | lsp { lsp-Index | all | lsp-name }}

View

Any view

Parameter

interface { Vlan-interface | all }: Specifies one interface or all interfaces.

lsp { lsp-Index | all | lsp-name }: Specifies one label switching path or all label switching paths. Where lsp-Index is an LSP index, lsp-name is an LSP name, and all represents all LSPs.

Description

Use the display mpls statistics command to view the MPLS statistics about one specific VLAN interface/LSP or all interfaces/LSPs.

Related command: display mpls interface and display mpls lsp.

Example

# Display MPLS statistics about all LSPs

<H3C> display mpls statistics lsp all

Building the information...

LSP Index/LSP Name : 10240/dynamic-lsp

There is no information of LSP incoming segment!

The statistics of lsp Out :

OutSegment octets of LSP is: 162876

OutSegment packets of LSP is: 2943

OutSegment errors of LSP is: 0

OutSegment discard packets of LSP is: 0

1.1.6 lsp-trigger

Syntax

lsp-trigger { all | ip-prefix ip-prefix }

undo lsp-trigger { all | ip-prefix ip-prefix }

View

MPLS view

Parameter

all: Triggers LSPs at any route.

ip-prefix: Triggers LSPs only at the routes matching the specified IP prefix list.

ip-prefix: IP prefix list, ranging from 1 to 19.

Description

Use the lsp-trigger command to configure topology-triggered LSP creation policy.

Use the undo lsp-trigger command to remove the filtering conditions specified by parameters and disable LSP trigger creation at any route.

By default, all kinds of routing protocols are filtered out.

& Note:

If no route-triggered policy is configured, LSPs can be triggered at all host routes with 32-bit masks.

If you import an IP-prefix rule without contents, LSPs can be triggered at all routes.

Related command: ip ip-prefix.

Example

# Triggers LSPs at all routes.

<H3C>system-view

[H3C] mpls

[H3C-mpls] lsp-trigger all

1.1.7 mpls

Syntax

mpls

undo mpls

View

System view, VLAN interface view

Parameter

None

Description

In system, input the mpls command for an initial use to enable MPLS function globally and enter MPLS view. Later you can go straight to the MPLS view with this command.

Use the mpls command in VLAN interface view to enable MPLS on the VLAN interface.

Use the undo mpls command to disable MPLS function in the system view or on the VLAN interface.

By default, you cannot enter this view.

After executing the command, you can enter MPLS view. Only after you enter MPLS view, can you configure other MPLS commands.

You must configure the mpls lsr-id command first and then you can enter MPLS view.

Example

# Enter MPLS view from system view.

<H3C>system-view

[H3C] mpls

[H3C-mpls]

# Execute the mpls command in interface view.

[H3C] vlan 201

[H3C-Vlan201] port gigabitethernet 2/1/1

[H3C-Vlan201] quit

[H3C] interface vlan-interface 201

[H3C-vlan-interface201] mpls

% Info: MPLS in the interface is starting, please wait...OK

1.1.8 mpls lsr-id

Syntax

mpls lsr-id ip-address

undo mpls lsr-id

View

System view

Parameter

ip-address: LSR ID, in the format of IP address, used to identify an LSR.

Description

Use the mpls lsr-id command to configure an LSR ID.

Use the undo mpls lsr-id command to delete an LSR ID.

By default, no LSR has an ID.

You must configure the mpls lsr-id command first and then you can use the other MPLS-related commands.

An LSR ID is in the format of IP address, thus a loopback address is recommended.

Related command: display mpls interface.

Example

# Set the LSR ID to 202.17.41.246.

<H3C>system-view

[H3C] mpls lsr-id 202.17.41.246

% Info: Mpls lsr-id changed.

1.1.9 snmp-agent trap enable ldp

Syntax

snmp-agent trap enable ldp

undo snmp-agent trap enable ldp

View

System view

Parameter

None

Description

Use the snmp-agent trap enable ldp command to enable Trap function in MPLS LDP creation.

Use the undo snmp-agent trap enable ldp command to disable Trap function in MPLS LDP creation.

By default, Trap function is not enabled during MPLS LDP creation.

Example

# Enable the Trap function during MPLS LDP creation.

<H3C>system-view

[H3C] snmp-agent trap enable ldp

1.1.10 snmp-agent trap enable lsp

Syntax

snmp-agent trap enable lsp

undo snmp-agent trap enable lsp

View

System view

Parameter

None

Description

Use the snmp-agent trap enable lsp command to enable Trap function in MPLS LSP creation.

Use the undo snmp-agent trap enable lsp command to disable Trap function in MPLS LSP creation.

By default, Trap function is disabled during MPLS LSP creation.

Example

# Enable the Trap function during MPLS LSP creation.

[H3C] snmp-agent trap enable lsp

1.1.11 static-lsp egress

Syntax

static-lsp egress lsp-name [ l2vpn ] incoming-interface interface-type interface-number in-label in-label-value

undo static-lsp egress lsp-name

View

MPLS view

Parameter

lsp-name: LSP name

interface-type Interface-number: Interface type, interface number.

in-label-value: Value of inbound label, ranging 3 (implicit empty label) and from 16 to 1023.

Description

Use the static-lsp egress command to configure a static LSP for an egress LSR.

Use the undo static-lsp egress command to delete an LSP for an egress LSR.

Related command: static-lsp ingress, static-lsp transit and debugging mpls.

Example

# Configure a static LSP named bj-sh on the egress LSR.

<H3C>system-view

[H3C-mpls] static-lsp egress bj-sh incoming-interface vlan-interface 201 in-label 233

1.1.12 static-lsp ingress

Syntax

static-lsp ingress lsp-name { destination dest-addr { addr-mask | mask-length } | l2vpn } nexthop next-hop-addr } } out-label out-label-value

undo static-lsp ingress lsp-name

View

MPLS view

Parameter

lsp-name: LSP name

dest-addr: Destination IP address.

addr-mask: Destination IP address mask.

mask-length: Mask length of destination IP address

next-hop-addr: Next-hop address.

out-label-value: Value of outbound label, ranging 3 (implicit empty label) and from 16 to 1023.

Description

Use the static-lsp ingress command to configure a static LSP for an ingress LSR.

Use the undo static-lsp ingress command to delete an LSP for an ingress LSR.

Related command: static-lsp egress, static-lsp transit and debugging mpls.

Example

# Configure a static LSP for the ingress LSR heading for the destination address 202.25.38.1.

<H3C>system-view

[H3C] mpls

[H3C-mpls] static-lsp ingress bj-sh destination 202.25.38.1 24 nexthop 202.55.25.33 out-label 237

1.1.13 static-lsp transit

Syntax

static-lsp transit lsp-name [ l2vpn ] incoming-interface interface-type interface-number in-label in-label-value nexthop next-hop-addr out-label out-label-value

undo static-lsp transit lsp-name

View

MPLS view

Parameter

lsp-name: LSP name

interface-type Interface-number: Interface type, interface number.

next-hop-addr: Next-hop address.

in-label-value: Value of inbound label, ranging from 16 to 1023.

out-label-value: Value of outbound label, ranging 3 (implicit empty label) and from 16 to 1023.

Description

Use the static-lsp transit command to configure a static LSP for a transit LSR.

Use the undo static-lsp transit command to delete an LSP for a transit LSR.

Related command: static-lsp egress and static-lsp ingress.

Example

# Configure a static LSP for the VLAN201 interface on a transit LSR, with an inbound label of 123 and an outbound label of 253.

<H3C>system-view

[H3C] mpls

[H3C-mpls] static-lsp transit bj-sh incoming-interface vlan-interface 201 in-label 123 nexthop 202.34.114.7 out-label 253

1.2 LDP Configuration Commands

1.2.1 debugging mpls ldp

Syntax

debugging mpls ldp { all | main | advertisement | session | pdu | notification | remote } [ interface interface-type interface-number ]

undo debugging mpls ldp { all | main | advertisement | session | pdu | notification | remote } [ interface interface-type interface-number ]

View

User view

Parameter

all: Displays all debugging information related to LDP.

main: Displays the debugging information of LDP main tasks.

advertisement: Displays the debugging information during LDP advertising.

session: Displays debugging information during LDP session processing.

pdu: Displays the debugging information during PDU packet processing.

notification: Displays the debugging information during notification.

remote: Displays debugging information of all Remote Peers.

interface-type interface-number: Interface type, interface number.

Description

Use the debugging ldp command to enable the debugging of various LDP messages. Use the undo debugging ldp command to disable the debugging of various LDP messages.

You are advised to use the debugging command cautiously.

Example

# Enable LDP debugging.

<H3C> debugging mpls ldp all

1.2.2 display mpls ldp

Syntax

display mpls ldp

View

Any view

Parameter

None

Description

Use the display mpls ldp command to display LDP and LSR information.

By default, it displays information of LDP and LSR.

Related command: mpls ldp, mpls ldp hops-count, mpls ldp loop-detection and mpls ldp path-vectors.

Example

# Display LDP and LSR information.

<H3C> display mpls ldp

Label Distribution Protocol: V1

LSR ID: 10.10.10.10 LSR Status: Active

Loop Detection: Disabled.

Path Vector Limit: 32 Hop Count Limit: 32

DU Readvertisement: On Request Retry: Off

Label Retention Mode: Liberal DU Explicit Request: Off

Label Distribution Control Mode: Ordered.

1.2.3 display mpls ldp buffer-info

Syntax

display mpls ldp buffer-info

View

Any view

Parameter

None

Description

Use the display mpls ldp buffer-info command to view the LDP buffer information.

Example

# Display the LDP buffer information.

<H3C> display mpls ldp buffer-info

---------------------------------------------------------------

Buffer-Name Buffer-ID Buffer-Size Total-Count Free-Count

---------------------------------------------------------------

ENTITY 0 292 199 195

LOCAL-IF 1 36 200 196

PEER-IF 2 40 201 195

PDU 3 204 249 249

ADJACENCY 4 56 201 198

PEER-INF 5 116 201 198

SESSION 6 176 201 198

US-BLK 7 264 1052 1028

DS-BLK 8 240 1052 1042

FEC 9 40 1042 1032

US-LIST 10 16 1052 1028

TRIG-BLK 11 56 2076 2071

LABEL-RANGE 12 20 198 198

CR-TUNNEL 13 124 128 128

ER-HOP 14 40 4096 4096

IF-MSG 15 24 9999 9999

-----------------------------------------------------------------

Buffer no error.

1.2.4 display mpls ldp interface

Syntax

display mpls ldp interface [ | begin text | exclude text | include text ]

View

Any view

Parameter

|: Displays matched outputs.

begin: Displays the outputs matching the regular expression from the first line.

exclude: Displays the outputs excluding those lines matching the regular expression.

include: Displays only those outputs matching the regular expression.

text: Contents of the regular expression.

Description

Use the display mpls ldp interface command to display information of the interface with LDP enabled and in the Up state.

Related command: mpls ldp enable and display mpls ldp session.

Example

# Display the information of the interface with LDP enabled and in the UP state.

<H3C-Ethernet3/1/0> display mpls ldp interface

Displaying information about all Ldp interface:

Interface Vlan-interface12(address=12.12.12.2):

Label distributing enabled,bound to entity:2.2.2.2:0

Generic label range configured:16 - 44800

Label Advertisement Mode: Downstream-Unsolicited

Configured KeepAlive hold time:60, Configured Hello hold time:15

Negotiated Hello hold time:15

Hello packets sent/rcv:21158/21136

Interface Vlan-interface21(address=21.21.21.2):

Label distributing enabled,bound to entity:2.2.2.2:0

Generic label range configured:16 - 44800

Label Advertisement Mode: Downstream-Unsolicited

Configured KeepAlive hold time:60, Configured Hello hold time:15

Negotiated Hello hold time:0

Hello packets sent/rcv:16929/0

Interface Vlan-interface22(address=22.22.22.2):

Label distributing enabled,bound to entity:2.2.2.2:0

Generic label range configured:16 - 44800

Label Advertisement Mode: Downstream-Unsolicited

Configured KeepAlive hold time:60, Configured Hello hold time:15

Negotiated Hello hold time:15

Hello packets sent/rcv:21175/21159

Interface Vlan-interface23(address=23.23.23.2):

Label distributing enabled,bound to entity:2.2.2.2:0

Generic label range configured:16 - 44800

Label Advertisement Mode: Downstream-Unsolicited

Configured KeepAlive hold time:60, Configured Hello hold time:15

Negotiated Hello hold time:15

Hello packets sent/rcv:20970/20949

Interface Vlan-interface194(address=192.4.1.1):

Label distributing enabled,bound to entity:2.2.2.2:0

Generic label range configured:16 - 44800

Label Advertisement Mode: Downstream-Unsolicited

Configured KeepAlive hold time:60, Configured Hello hold time:15

Negotiated Hello hold time:0

Hello packets sent/rcv:15296/0

1.2.5 display mpls ldp lsp

Syntax

display mpls ldp lsp [ | begin text | exclude text | include text ]

View

Any view

Parameter

|: Displays matched outputs.

begin: Displays the outputs matching the regular expression from the first line.

exclude: Displays the outputs excluding those lines matching the regular expression.

include: Displays only those outputs matching the regular expression.

text: Contents of the regular expression.

Description

Use the display mpls ldp lsp command to view relevant LSP information created via LDP.

Related command: display mpls lsp.

Example

# Display LSP.

<H3C-Ethernet3/1/0> display mpls ldp lsp

--------------------------------------------------------------------------------

LDP LSP Information

--------------------------------------------------------------------------------

No. FECType DestAddress InLab OLab UHC DHC Next-Hop OutInterface

1 PREFIX 2.2.2.2 3 ---- 0 1 127.0.0.1 InLoop0

2 PREFIX 2.2.2.2 3 ---- 0 1 127.0.0.1 InLoop0

3 PREFIX 192.4.1.0/24 3 ---- 0 1 192.4.1.1 Vlan194

4 PREFIX 192.4.1.0/24 3 ---- 0 1 192.4.1.1 Vlan194

Liberal 12.12.12.0/24 ---- 3 --- 1 -------- Vlan22

5 PREFIX 12.12.12.0/24 3 ---- 0 1 12.12.12.2 Vlan12

6 PREFIX 12.12.12.0/24 3 ---- 0 1 12.12.12.2 Vlan12

Liberal 16.16.16.0/24 ---- 1026 --- 2 -------- Vlan23

Liberal 16.16.16.0/24 ---- 3 --- 1 -------- Vlan22

7 PREFIX 16.16.16.0/24 3 ---- 0 1 16.16.16.16 Vlan16

8 PREFIX 16.16.16.0/24 3 ---- 0 1 16.16.16.16 Vlan16

9 PREFIX 22.22.22.0/24 3 ---- 0 1 22.22.22.2 Vlan22

Liberal 1.1.0.5/32 ---- 1024 --- 2 -------- ------

10 PREFIX 1.1.0.5 1024 3 0 1 23.23.23.3 Vlan23

11 PREFIX 1.1.0.5 ---- 3 1 1 23.23.23.3 Vlan23

Liberal 85.12.0.1/32 ---- 1025 --- 2 -------- ------

12 PREFIX 85.12.0.1 1025 3 0 1 23.23.23.3 Vlan23

13 PREFIX 85.12.0.1 ---- 3 1 1 23.23.23.3 Vlan23

1.2.6 display mpls ldp peer

Syntax

display mpls ldp peer [ | begin text | exclude text | include text ]

View

Any view

Parameter

|: Displays matched outputs.

begin: Displays the outputs matching the regular expression from the first line.

exclude: Displays the outputs excluding those lines matching the regular expression.

include: Displays only those outputs matching the regular expression.

text: Contents of the regular expression.

Description

Use the display mpls ldp peer command to view peer information.

By default, it displays all the peer information.

Example

# Display peer information.

<H3C> display mpls ldp peer

Displaying information about all peers:

Local LDP ID: 2.2.2.2:0

Peer LDP ID: 1.1.1.1:0

Internetwork Address Type: IPv4

Internetwork Address: 1.1.1.1

Maximum Peer PDU length: 4096

Peer KeepAlive hold time: 60

Peer Distribution Method: Downstream Unsolicited

Peer Type: Remote

Peer RowStatus: Active

Local LDP ID: 2.2.2.2:0

Peer LDP ID: 3.3.3.3:0

Internetwork Address Type: IPv4

Internetwork Address: 3.3.3.3

Maximum Peer PDU length: 4096

Peer KeepAlive hold time: 60

Peer Distribution Method: Downstream Unsolicited

Peer Type: Remote

Peer RowStatus: Active

Local LDP ID: 2.2.2.2:0

Peer LDP ID: 1.1.1.1:0

Internetwork Address Type: IPv4

Internetwork Address: 1.1.1.1

Maximum Peer PDU length: 4096

Peer KeepAlive hold time: 60

Peer Distribution Method: Downstream Unsolicited

Peer Type: Local

Peer RowStatus: Active

Local LDP ID: 2.2.2.2:0

Peer LDP ID: 1.1.1.1:0

Internetwork Address Type: IPv4

Internetwork Address: 1.1.1.1

Maximum Peer PDU length: 4096

Peer KeepAlive hold time: 60

Peer Distribution Method: Downstream Unsolicited

Peer Type: Local

Peer RowStatus: Active

Local LDP ID: 2.2.2.2:0

Peer LDP ID: 3.3.3.3:0

Internetwork Address Type: IPv4

Internetwork Address: 3.3.3.3

Maximum Peer PDU length: 4096

Peer KeepAlive hold time: 60

Peer Distribution Method: Downstream Unsolicited

Peer Type: Local

Peer RowStatus: Active

1.2.7 display mpls ldp remote

Syntax

display mpls ldp remote [ | begin text | exclude text | include text ]

View

Any view

Parameter

|: Displays matched outputs.

begin: Displays the outputs matching the regular expression from the first line.

exclude: Displays the outputs excluding those lines matching the regular expression.

include: Displays only those outputs matching the regular expression.

text: Contents of the regular expression.

Description

Use the display mpls ldp remote command to view the configured Remote-peer information.

By default, you can view all the Remote-peer configurations.

Related command: mpls ldp remote-peer and remote-ip.

Example

# Display the Remote-peer configuration.

<H3C> display mpls ldp remote

Displaying information about all Ldp Remote Peers:

Remote Index: 1

Peer Address: 1.1.1.1 Transport Address: 2.2.2.2

Configured KeepAlive hold time:60, Configured Hello hold time:45

Negotiated Hello hold time:45

Hello packets sent/rcv:6515/6509

Remote Index: 3

Peer Address: 3.3.3.3 Transport Address: 2.2.2.2

Configured KeepAlive hold time:60, Configured Hello hold time:45

Negotiated Hello hold time:45

Hello packets sent/rcv:6457/6453

Remote Index: 4

Peer Address: 1.1.0.3 Transport Address: 2.2.2.2

Configured KeepAlive hold time:60, Configured Hello hold time:45

Negotiated Hello hold time:0

Hello packets sent/rcv:0/0

Remote Index: 7

Peer Address: 1.1.1.7 Transport Address: 2.2.2.2

Configured KeepAlive hold time:60, Configured Hello hold time:45

Negotiated Hello hold time:0

Hello packets sent/rcv:0/0

1.2.8 display mpls ldp session

Syntax

display mpls ldp session [ | begin text | exclude text | include text ]

View

Any view

Parameter

|: Displays matched outputs.

begin: Displays the outputs matching the regular expression from the first line.

exclude: Displays the outputs excluding those lines matching the regular expression.

include: Displays only those outputs matching the regular expression.

text: Contents of the regular expression.

Description

Use the display mpls ldp session command to know the session between peer entities.

By default, it displays the session between peer entities.

Related command: mpls ldp enable.

Example

# Display the session between peer entities.

<H3C> display mpls ldp session

Local LDP ID: 1.1.1.9:5; Peer LDP ID: 4.4.4.9:0

TCP Connection: 1.1.1.9 <- 4.4.4.9

Session State: Operational

Session Role: Passive

Session existed time:

Basic Hello Packets Sent/Received: 85/67

KeepAlive Packets Sent/Received: 1/1

Negotiated Keepalive hold time: 60 Peer PV Limit: 0

LDP Basic Discovery Source((A) means active):

Inter vlan113(A) Inter vlan112

Inter vlan111

1.2.9 mpls ldp

Syntax

mpls ldp

undo mpls ldp

View

System view

Parameter

None

Description

Use the mpls ldp command to enable LDP.

Use the undo mpls ldp command to disable LDP.

By default, LDP is disabled.

Before enabling LDP, you must enable MPLS and configure LSR ID first.

Related command: mpls lsr-id.

Example

# Enable LDP.

<H3C>system-view

[H3C] mpls ldp

1.2.10 mpls ldp enable

Syntax

mpls ldp enable

mpls ldp disable

View

VLAN interface view

Parameter

None

Description

Use the mpls ldp enable command to enable LDP on a VLAN interface.

Use the mpls ldp disable command to disable LDP on a VLAN interface.

By default, LDP is disabled on an interface.

To enable an interface, you must enable LDP first. After LDP is enabled on an interface, peer discovery and session creation proceed.

Example

# Enable LDP on a VLAN interface.

<H3C> system-view

[H3C] vlan 201

[H3C-Vlan201] port gigabitethernet 2/1/1

[H3C-Vlan201] quit

[H3C] interface vlan-interface 201

[H3C-Vlan-interface201] mpls

[H3C-vlan-interface201] mpls ldp enable

1.2.11 mpls ldp hops-count

Syntax

mpls ldp hops-count hop-number

undo mpls ldp hops-count

View

System view

Parameter

hop-number: Maximum hop count of loop detection, ranging from 1 to 32.

Description

Use the mpls ldp hops-count command to set the maximum hop count of loop detection.

Use the undo mpls ldp hops-count command to restore the default value of the maximum hop count of loop detection.

By default, the maximum hop count of loop detection is 32.

This command should be configured before LDP is enabled on all interfaces. Its value, which depends on actual networking, determines the loop detection speed during LSP creation

Related command: mpls ldp loop-detection and mpls ldp path-vector.

Example

# Set the maximum hop count of loop detection to 22.

<H3C> system-view

[H3C] mpls ldp hops-count 22

# Set the maximum hop count of loop detection to its default value 32.

[H3C] undo mpls ldp hops-count

1.2.12 mpls ldp loop-detect

Syntax

mpls ldp loop-detect

undo mpls ldp loop-detect

View

System view

Parameter

None

Description

Use the mpls ldp loop-detect command to enable loop detection.

Use the undo mpls ldp loop-detect command to disable loop detection.

By default, loop detection is not enabled in the system.

This command should be configured before LDP is enabled on any interface.

Related command: mpls ldp hops-count and mpls ldp path-vectors.

Example

# Enable loop detection.

<H3C>system-view

[H3C] mpls ldp loop-detect

# Disable loop detection.

[H3C] undo mpls ldp loop-detect

1.2.13 mpls ldp password

Syntax

mpls ldp password [ cipher | simple ] password

undo mpls ldp password

View

VLAN interface view, remote-peer view

Parameter

cipher: The password in configuration file will be displayed in cipher-text.

simple: The password in configuration file will be displayed in plain-text.

password: User password.

Description

Use the mpls ldp password command to configure MD5 authentication password for the LDP. After this configuration, the MD5 authentication is adopted for LDP on the interface.

Use the undo mpls ldp password command to delete the configuration.

Example

# Configure the LDP authentication mode as MD5, plain-text password 123.

<H3C>system-view

[H3C] interface vlan-interface 201

[H3C-vlan-interface201] mpls ldp password simple 123

1.2.14 mpls ldp path-vectors

Syntax

mpls ldp path-vectors pv-number

undo mpls ldp path-vectors

View

System view

Parameter

pv-number: Maximum value of path vector, ranging from 1 to 32.

Description

Use the mpls ldp path-vectors command to set the maximum value of path vector.

Use the undo mpls ldp path-vectors command to restore the default maximum value of path vector.

By default, pv-number is 32.

This command should be configured before LDP is enabled on all interfaces. Its value, which depends on actual networking situation, determines the loop detection speed during LSP creation

Related command: mpls ldp loop-detection and mps ldp hops-count.

Example

# Set the maximum value of path vector to 23

<H3C>system-view

[H3C] mpls ldp path-vectors 23

# Restore the default maximum value of path vector.

[H3C] undo mpls ldp path-vectors

1.2.15 mpls ldp remote-peer

Syntax

mpls ldp remote-peer index

undo mpls ldp remote-peer index

View

System view or remote-peer view

Parameter

index: Index that identifies a remote peer entity, ranging from 0 to 99.

Description

Use the mpls ldp remote-peer command to create a Remote-peer entity and enter remote-peer view.

Use the undo mpls ldp remote-peer command to delete a Remote-peer entity.

You can use this command to create a Remote-peer and accordingly create a Remote-session.

Related command: remote-ip.

Example

# Create a Remote-peer.

<H3C>system-view

[H3C] mpls ldp remote-peer 22

[H3C-mpls-remote22]

# Delete a Remote-peer.

[H3C-mpls-remote22] undo mpls ldp remote-peer 22

[H3C]

1.2.16 mpls ldp reset-session

Syntax

mpls ldp reset-session peer-address

View

VLAN interface view

Parameter

peer-address: Corresponding remote LDP Peer address (in IP address format).

Description

Use the mpls ldp reset-session command to reset a specified session on an interface.

After LDP is configured on an interface and LDP session is created, this command can be used to reset a specific session on the interface. You only need to specify the address of the peer corresponding to the session to be reset.

Related command: mpls ldp and mpls ldp enable.

Example

# Reset a specified session on the VLAN201 interface.

<H3C>system-view

[H3C] interface vlan-interface 201

[H3C-Vlan-interface201] mpls ldp reset-session 10.1.1.1

1.2.17 mpls ldp timer

Syntax

In VLAN interface view:

mpls ldp timer { session-hold session-holdtime | hello hello-holdtime }

undo mpls ldp timer { session-hold | hello }

In remote-peer view:

mpls ldp timer { targeted-session-hold | targeted-hello } { holdtime holdtime | interval interval }

undo mpls ldp timer { targeted-session-hold | targeted-hello } { holdtime | interval }

View

VLAN interface view, remote-peer view

Parameter

hello hello-holdtime: Hold time (i.e. timeout time) of the Hello hold timer, in the range of 6~65535 (seconds). By default it is 15 seconds.

session-hold session-holdtime: Time interval for Session hold timer to send a session packet, in the range of 1~65535 (seconds). By default it is 60 seconds.

targeted-hello: Hold time (i.e. timeout time) of the Targeted-hello hold timer, in the range of 1~65535 (seconds). By default holdtime is 45 seconds and interval is 13 seconds.

targeted-session-hold: Time interval for Targeted-session hold timer to send a session packet, in the range of 1~65535 (seconds). By default holdtime is 60 seconds and interval is 24 seconds.

holdtime: Time interval for the hold timer.

interval: Time interval to send a Keepalive packet.

Description

Use the mpls ldp timer command to set the hold time for the Hello hold timer and Session hold timer.

Use the undo mpls ldp timer command to restore the default values.

The timeout of the Hello hold timer means that the adjacency with the peer goes down; the timeout of the Session hold timer means the session with the peer goes down.

targeted-hello interval refers to the time interval to send a targeted-hello packet. It cannot be greater than (targeted-hello holdtime) ´ 0.3, so the maximum value is 65535´ 0.3 = 19660.5.

targeted-session-hold interval refers to the time interval to send a Keepalive packet. It cannot be greater than (targeted-session-hold holdtime) ´ 0.4.

In general, the time interval to send a hello/keepalive packet is one third of the hold time of Hello/Session hold timer.

You can usually use the default values if not in special cases, Note that you must reset the session to validate new values if you do modify these timer parameters.

Related command: mpls ldp and mpls ldp enable.

Example

# Modify the hold time of the Hello timer to 30 seconds.

<H3C>system-view

[H3C] interface vlan-interface 201

[H3C-Vlan-interface201] mpls ldp timer hello 30

1.2.18 mpls ldp transport-ip

Syntax

mpls ldp transport-ip { interface | ip-address }

undo mpls ldp transport-ip

View

VLAN interface

Parameter

interface: Sets the IP address of the current interface as the transport address.

ip-address: Sets the IP address as the transport address.

Description

Use the mpls ldp transport-ip command to configure an LDP transport address.

Use the undo mpls ldp transport-ip command to restore the default LDP transport address.

By default, LSR ID is set as a transport address.

When there are multiple directly-connected and MPLS LDP-enabled links between two LSR neighbors, all these links must be configured with the same transport address (it is recommended to adopt the default LSR ID as the transport address). Otherwise, the system may be unable to set up a steady LDP session.

For a Remote-peer, the transport address cannot be configured and is fixed to the LSR ID.

By default, an LSR ID is the address of some Loopback interface and the Remote peer can route to this address for a session. For a Local peer, the address of the local interface or the Router ID of LSR can be adopted as its transport address.

Example

# Set the address of the current interface as a transport address.

<H3C>system-view

[H3C] interface vlan-interface 201

[Quidwa-Vlan-interface201] mpls ldp transport-ip interface

# Set the address of another interface as a transport address.

[H3C-Vlan-interface201] mpls ldp transport-ip 10.1.11.2

1.2.19 remote-ip

Syntax

remote-ip remoteip

View

remote-peer view

Parameter

remoteip: IP address of the Remote-peer.

Description

Use the remote-ip command to configure a Remote-IP address. The address should be the lsr-id of the remote LSR. As Remote Peers adopt LSR ID as their transport addresses, the last two Remote Peers use the lsr-id as their transport addresses for creating TCP connection.

Related command: mpls ldp remote-peer.

Example

# Configure the address of remote-peer.

<H3C>system-view

[H3C] mpls ldp remote-peer 12

[H3C-mpls-remote12] remote-ip 192.168.1.1

Chapter 2 BGP/MPLS VPN Configuration Commands

& Note:

Refer to the 05-Routing Protocol Commands Module of the H3C S9500 Switches Command Manual for the details about the if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply local-preference, apply origin, apply tag commands and the related commands.

2.1.1 aggregate

Syntax

aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]*

undo aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]*

View

VPN-instance subaddress family view

Parameter

address: IP address of an aggregated route, in dotted decimal format.

mask: Network mask of an aggregated route, in dotted decimal format.

as-set: Generates routes with AS sets.

detail-suppressed: Advertises only aggregated routes.

suppress-policy route-policy-name: Suppresses advertisement of some selected specific routes.

origin-policy route-policy-name: Selects source route for aggregation.

attribute-policy route-policy-name: Sets the attributes of an aggregated route.

Description

Use the aggregate command to create an aggregation entry in the BGP routing table of VPN instance.

Use the undo aggregate command to disable this function.

By default, route aggregation is not enabled.

The function of the keywords involved in the above commands is shown in the following table:

Table 2-1 Keywords function

Keyword	Function
as-set	By setting this keyword, you can create an aggregated route whose AS path contains the information of all the aggregation routes. This keyword is not recommended when aggregating many AS paths because frequent changes of the specific route may result in routing oscillation.
detail-suppressed	This keyword suppresses advertisement of all the specific routes, but not of the aggregated routes. Using the peer filter-policy command, you can suppress some specific routes.
suppress-policy	This keyword enables the creation of an aggregate route but disables the advertising of the specified routes. Using the if-match clause in the route-policy command, you can choose to suppress advertisement of some specific routes.
origin-policy	Using this command, you can only choose the specific routes matching the Route-policy to create aggregated route.
attribute-policy	Using this keyword, you can set the attributes of the aggregation route. The peer route-policy command can also enables you to complete the same setting.

Example

# Create an aggregation entry in the BGP routing table of VPN instance.

[H3C-bgp-af-vpn-instance] aggregate 192.213.0.0 255.255.0.0

2.1.2 apply mpls-label

Syntax

apply mpls-label

undo apply mpls-label

View

Route-policy view

Parameter

None

Description

Use the apply mpls-label command to configure the system to assign MPLS labels to the public network routes that meet the filer condition of Route-policy.

Use the undo apply mpls-label command to cancel this configuration.

By default, the public network routes carry no labels.

Related command: if-match mpls-label.

Example

# Define an Apply clause to assign labels to routes meeting the Route-policy filter condition.

[H3C-route-policy] apply mpls-label

2.1.3 debugging bgp

Syntax

debugging bgp { all | event | normal | { keepalive | mp-update | open | packet | route-refresh | update } [ receive | send ] [ verbose ] }

undo debugging bgp { all | event | normal | keepalive | mp-update | open | packet | route-refresh | update }

View

User view

Parameter

all: Enables all types of BGP debugging.

event: Enables BGP event debugging.

normal: Enables BGP common function debugging.

keepalive: Enables BGP Keepalive packet debugging.

mp-update: Enables multi-protocol BGP Update packet debugging.

open: Enables BGP Open packet debugging.

packet: Enables BGP packet debugging.

route-refresh: Enables BGP Route-Refresh packet debugging.

update: Enables BGP Update packet debugging.

receive: Displays receive information.

send: Displays send information.

verbose: Displays detailed information.

Description

Use the debugging bgp command to enable BGP debugging..

Use the undo debugging bgp command to disable BGP debugging.

Caution should be taken in deciding to enable BGP debugging, since debugging affects system performance. Remember to disable the debugging when it is completed.

Example

# Enable the debugging on the detailed information about BGP Keepalive packets.

<H3C> debugging bgp keepalive verbose

2.1.4 default local-preference

Syntax

default local-preference value

undo default local-preference

View

VPNv4 subaddress family view

Parameter

value: Value of the local precedence, ranging from 0 to 4294967295. A greater value enjoys higher precedence. The default local precedence is 100.

Description

Use the default local-preference command to configure the local precedence for BGP routing in VPN.

Use the undo default local-preference command to restore the default configuration.

The value of the local precedence is advertised between IBGP peers and you can affect the BGP routing in VPN by changing the precedence.

Example

# Set the local precedence to be 180, so that the system-advertised routing information will be preferred.

[H3C-bgp-af-vpn] default local-preference 180

2.1.5 default med

Syntax

default med med-value

undo default med

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

med-value: MED value, ranging from 0 to 4294967295. The default value is 0.

Description

Use the default med command to configure the MED value of the system.

Use the undo default med command to restore the default value.

MED attributes, switched between autonomous system (AS), is an external measurement for routes and does not leave AS once entering it. The route with smaller MED value will be selected as the external one for AS when other conditions hold.

Example

# The routers RTA and RTB belong to AS100 and the router RTC belongs to AS200. RTC associates with RTA and RTB. Set the MED value of RTA 25. This makes the RTC prefer the route sent by RTB.

[H3C-bgp-af-vpn-instance] default med 25

2.1.6 description

Syntax

description vpn-instance-description

undo description

View

VPN-instance view

Parameter

vpn-instance-description: Specifies the description of a specified VPN instance.

Description

Use the description command to configure description for a specified VPN instance.

Use the undo description command to remove the description of this VPN instance.

Example

# Display the VPN description.

[H3C-vpn-vpna] description test

2.1.7 display bgp vpnv4

Syntax

display bgp vpnv4 { all | route-distinguisher rd-value | vpn-instance vpn-instance-name } { group [ group-name ] | network | peer [ [ peer-address ] verbose ] | routing-table [ options ] }

View

Any view

Parameter

all: Displays all the VPNv4 routings.

route-distinguisher rd-value: Displays the information related to RD.

vpn-instance vpn-instance-name: Displays the information related to VPN instance.

group: Displays the information of a neighbor peer group.

network: Displays the advertised routing information.

peer: Displays the peer information.

verbose: Displays detailed peer information.

routing-table: Displays routing information.

options: Configures to view the routing information.

Description

Use the display bgp vpnv4 command to view the VPN address in BGP table.

Example

# Display all the BGP VPNv4 routing tables.

<H3C> display bgp vpnv4 all routing-table

Flags: # - valid ^ - active I - internal

D - damped H - history S - aggregate suppressed

In/out As

Dest/mask Next-hop Med Local-pref label path

Route Distinguisher:1.1.1.1:1 (VPN instance:v1)

#^ 1.0.0.0 0.0.0.0 -/1024

Routes total: 1

2.1.8 display bgp routing-table label

Syntax

display bgp routing-table label

View

Any view

Parameters

None

Description

Use the display bgp routing-table label command to view the routing information and label information in the BGP routing table. For an unlabelled common IPv4 route, the label in the displayed information is null. If you use the display bgp routing-table address [ mask ] command to view the BGP routing information, the label information will be displayed if the route has a label.

Example

# View the BGP routing information.

<H3C> display bgp routing-table label

Flags: # - valid ^ - active I - internal

D - damped H - history S - aggregate suppressed

In/out

Dest/Mask Next-Hop Label

--------------------------------------------------------------

#^ 9.0.0.1/32 0.0.0.0 1024/-

# View the detailed BGP routing information.

<H3C> display bgp routing-table 9.0.0.1

BGP routing table entry information of 9.0.0.1/32

Age : 00:00:32

From : local

State : valid, sourced, active,

Nexthop : 0.0.0.0

Origin : INC

As-path : (null)

Med : 1563

In/Out label : 1024/-

2.1.9 display ip routing-table vpn-instance

Syntax

display ip routing-table vpn-instance vpn-instance-name [ [ ip-address ] | [ verbose ] statistics ]

View

Any view

Parameter

vpn-instance-name: Name assigned to VPN-instance.

ip-address: Displays information of the a specified address.

statistics: Displays statistics of routes.

verbose: Displays detailed information.

Description

Use the display ip routing-table VPN-instance command to view the specified information in the IP routing table of vpn-instance.

Example

# Display the IP routing table associated with the VPN-instance.

<PEA> disp ip routing-table vpn-instance vpna-ce1

vpna-ce1 Route Information

Routing Table: vpna-ce1 Route-Distinguisher: 100:1

Destination/Mask Protocol Pre Cost Nexthop Interface

20.20.20.0/24 BGP 256 0 40.40.40.40 Vlan-interface24

40.40.40.0/24 DIRECT 0 0 40.40.40.10 Vlan-interface24

40.40.40.10/32 DIRECT 0 0 127.0.0.1 InLoopBack0

80.80.80.0/24 BGP 256 0 40.40.40.40 Vlan-interface24

200.200.200.0/24 BGP 256 0 40.40.40.40 Vlan-interface24

VPN Routing Table: Route-Distinguisher: 100:2

20.20.20.0/24 BGP 256 0 2.2.2.2 InLoopBack0

30.30.30.0/24 BGP 256 0 2.2.2.2 InLoopBack0

2.1.10 display ip vpn-instance

Syntax

display ip vpn-instance [ vpn-instance-name | verbose ]

View

Any view

Parameter

vpn-instance-name: Name assigned to VPN-instance.

verbose: Displays detailed information.

Description

Use the display ip vpn-instance command to view the information related to VPN-instance, such as RD, description, and interfaces of the VPN instance.

Example

# Display the information about VPN-instance VPN 1.

<H3C> display ip vpn-instance vpn1

VPN-Instance : vpn1

No description

Route-Distinguisher : 100:6

Interfaces :

Vlan-interface1100

2.1.11 display mpls l3vpn-lsp

Syntax

display mpls l3vpn-lsp [ vpn-instance vpn-instance-name ] [ transit | egress | ingress ] [ include text | verbose ]

View

Any view

Parameter

transit: LSP for the ASBR (Autonomous System Boundary Router).

egress: LSP of egress VPN.

ingress: LSP of ingress VPN.

vpn-instance: Specifies the name of VPN routing/forwarding VPN-instance

include text: Only matches the string including the specified information.

verbose: Displays detailed information.

Description

Use the display mpls l3vpn-lsp command to view the information of MPLS L3VPN LSPs of the specified VPN-instance.

Example

# Display MPLS L3VPN transit lsp information on the ASBR.

<H3C> display mpls l3vpn-lsp transit

-----------------------------------------------------------------------

LSP Information: Ebgp Transit Lsp

-----------------------------------------------------------------------

NO I/O-LABEL NEXTHOP IN-INTERFACE OUT-INTERFACE

1 1025/3 30.30.1.2 ------- Vlan20

2 1024/3 10.10.1.2 ------- Vlan10

3 1026/1024 30.30.1.2 ------- Vlan20

TOTAL: 3 Record(s) Found.

Table 2-2 Description of the command information on display

Field	Description
NO	Number
I/O-LABEL	Incoming/Outgoing label. VPN labels (labels advertised with VPNV4 routes) will be displayed in case of uni-hop EBGP cross-AS MPLS L3 VPN networking, and tunneling labels (labels advertised with unicast routes and labels advertised by LDP protocol) will be displayed in case of multi-hop EBGP cross-AS MPLS L3 VPN networking.
NEXTHOP	Next hop
IN-INTERFACE	Ingress interface
OUT-INTERFACE	Egress interface

# Display MPLS L3VPN ingress lsp information on PE (Provider Edge).

<H3C> display mpls l3vpn-lsp ingress

-----------------------------------------------------------------------

LSP Information: L3vpn Ingress Lsp

-----------------------------------------------------------------------

Vpn-instance Name: vpna Route Distinguisher: 100:1

NO FEC NEXTHOP OUTER-LABEL OUT-INTERFACE

1 168.3.1.0/24 10.10.1.1 1026(vpn) Vlan10

TOTAL: 1 Record(s) Found.

Table 2-3 Description of command information on display

Field	Description
NO	Number
FEC	Forwarding equivalent class
NEXTHOP	Next hop
OUTER-LABEL	Outer label (MPLS Tunneling Label)
OUT-INTERFACE	Egress interface

# Display MPLS L3VPN egress lsp information on PE

<H3C> display mpls l3vpn-lsp egress

---------------------- -------------------------------------------------

LSP Information: L3vpn Egress Lsp

-----------------------------------------------------------------------

NO VRFNAME INNER-LABEL NEXTHOP OUT-INTERFACE

1 vpna 4096 0.0.0.0 InLoop0

TOTAL: 1 Record(s) Found.

Table 2-4 Description of command information on display

Field	Description
NO	Number
VRFNAME	Name of VPN Instance
INNER-LABEL	Inner label (VPN label)
NEXTHOP	Next hop
OUT-INTERFACE	Egress interface

2.1.12 display rip vpn-instance

Syntax

display rip vpn-instance vpn-instance-name

View

Any view

Parameter

vpn-instance vpn-instance-name: Specifies a VPN instance name.

Description

Use the display rip vpn-instance command to view the configuration related to VPN instance of RIP.

Example

# View the specified VPN instance configuration of RIP.

<H3C> disp rip vpn vpn1

RIP is running

private net VPN-Instance: vpn1

Checkzero is on Default cost : 1

Summary is on Preference : 100

Period update timer : 30

Timeout timer : 180

Garbage-collection timer : 120

No peer router

Network :

192.168.0.0

2.1.13 domain-id

Syntax

domain-id { id-number | id-addr }

undo domain-id

View

OSPF protocol view

Parameter

id-number: Domain-id for a VPN instance, an integer in the range of 0 to 4294967295. By default, it is 0.

id-addr: IP address format of Domain-id for a VPN instance. By default, it is 0.0.0.0.

Description

Use the domain-id command to specify Domain-id for a VPN instance.

Use the undo domain-id command to restore the default Domain-id.

For standard BGP/OSPF interoperability, when BGP routes are imported to OSPF at PE, their original OSPF attributes cannot be restored. As these BGP VPN IP routes are issued to CE as ASE LSA (type-5 LSA), OSPF cannot distinguish them from the routes imported from other route domains. In order to distinguish external routes from OSPF internal routes, it is required to restore the attributes of BGP routes when they are imported to OSPF at the remote end. To achieve this goal, we can configure a Domain-id for each OSPF domain. A Domain-id is attached to a BGP/VPN route when an OSPF route is imported into BGP/VPN for transmission over BGP/VPN routes. Then when BGP routes are imported to the peer PE, LAS values are filled in according to the extended community attributes. If the received BGP VPN IP routes have the same Domain-id, they are from the same VPN instance route.

By default, Domain-id is 0.

Caution:

The specified Domain-id will not take effect until the reset ospf command is executed.

Example

# Set Domain-id 100 to OSPF process 100.

[H3C-ospf-100] domain-id 100

[H3C-ospf-100] domain-id 0.0.0.100

2.1.14 filter-policy export

Syntax

filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]

undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]

View

VPNv4 subaddress family view, VPN instance subaddress family view

Parameter

acl-number: ACL number, ranging from 2000 to 3999, matching the destination address of routing.

ip-prefix-name: Name of IP prefix to match the destination of routing information.

protocol: Specifies the routing protocol whose routing information will be filtered. You can specify one of the following protocols: direct, static, isis, ospf, ospf-ase, ospf-nssa, or rip. If you specify ospf, ospf-ase, or ospf-nssa, the OSPF process ID is needed.

Description

Use the filter-policy export command to configure to filter routing information redistribute by a certain protocol. Only the filtered routing information can be advertised. Use the undo filter-policy export command to cancel the configuration.

By default, the redistribute routing will not be filtered.

Related command: filter-policy import.

Example

# Define that only the routes that can pass the filtering of ACL 3 can be received by BGP.

[H3C-bgp-af-vpn-instance] filter-policy 3 export

2.1.15 filter-policy import

Syntax

filter-policy [ ip-prefix ip-prefix-name ] gateway ip-prefix-name import

undo filter-policy [ ip-prefix ip-prefix-name ] gateway ip-prefix-name import

filter-policy { acl-number | ip-prefix ip-prefix-name } import

undo filter-policy { acl-number | ip-prefix ip-prefix-name } import

View

VPNv4 subaddress family view, VPN instance subaddress family view

Parameter

acl-number: ACL number, ranging from 2000 to 3999 to match the destination address of routing.

ip-prefix ip-prefix-name: Name of IP prefix list to match destination of routing.

gateway ip-prefix-name: Name of the IP prefix list for the neighboring routers whose routing information will be filtered.

Description

Use the filter-policy gateway import command to filter the information imported from specified routers.

Use the undo filter-policy gateway import command to cancel the setting.

Use the filter-policy import command to set the filtering conditions to filter routing information.

Use the undo filter-policy import command to cancel the setting on filtering conditions.

By default, no filtering is performed to the received information.

Related command: filter-policy export.

Example

# Define a filtering rule for receiving routing information: Only the routing information matching the IP prefix ACL P1 can it be received by VPN.

[H3C-bgp-af-vpn-instance] filter-policy ip-prefix p1 import

2.1.16 group

syntax

group group-name [ internal | external ]

undo group group-name

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group. It can be expressed in string of letters and numbers from 1 to 47 in length.

internal: Creates an internal peer group.

external: Creates an external peer group including other sub-AS groups in federation.

Description

Use the group command to create a BGP peer group in VPN-instance.

Use the undo group command to delete a specified BGP peer group.

By default, the MP-IBGP peer is created.

Members in one peer group must have the same routing export policy as the group does, but can have different ingress policies.

Example

# Create an MP-EBGP peer group named test.

[H3C-bgp-af-vpn-instance] group test external

2.1.17 if-match mpls-label

Syntax

if-match mpls-label

undo if-match mpls-label

View

Route-policy view

Parameter

None

Description

Use the if-match mpls-label command to configure the system to match only the public network routes that carries an MPLS label.

Use the undo if-match mpls-label command to cancel this configuration.

Related command: apply mpls-label.

Example

# Define an if-match clause to allow label-carrying routes to pass the filtering of this clause.

[H3C-route-policy] if-match mpls-label

2.1.18 if-match vpn-target

Syntax

if-match vpn-target { vpn-target | begin vpn-target count }

undo if-match vpn-target

View

route-policy view

Parameter

vpn-target: Route VPN-target attribute values used for matching, in ASN:nn or IP-address:nn format.

count: Number of the route VPN-target values used for matching, in the range of 2 to 65535.

Description

Use the if-match vpn-target command to match the route's vpn-target attribute. The match for a route succeeds only when the route's vpn-target attribute is a subset of the configured values, otherwise, if the route has no vpn-target attribute or has at least one attribute value that is not in the configuration range, the match fails. The if-match vpn-target command applicable only to the PE devices on nested VPN network to limit VPNV4 routes with the VPN-Target attribute from the CE devices.

Use the undo if-match vpn-target command to cancel the configuration.

Use the if-match vpn-target vpn-target command to list up to 10 vpn-target attribute values to be matched.

Use the if-match vpn-target begin vpn-target count command to set the start value and the total number of the vpn-target values to be matched.

Example

# Define an if-match clause to match the following VPN-target attribute values: 100:1, 200:1, 300:1, 300:2 and 400:3.

[H3C-route-policy] if-match vpn-target 100:1 200:1 300:1 300:2 400:3

With the above configuration, if a route's attribute value is 100:1 300:1, the route will pass the matching; if the route's attribute value is 200:1 500:1, it will not pass the matching because 500:1 is not one of the attribute values that have been configured.

# Define an if-match clause to match ten VPN-target attribute values starting from 100:1, that is, 100:1 to 100:10.

[H3C-route-policy] if-match vpn-target begin 100:1 10

# Define an if-match clause to match five VPN-target attribute values starting from 1.1.1.1:65533, that is, 1.1.1.1:65533, 1.1.1.1:65534, 1.1.1.1:65535, 1.1.1.2:0, and 1.1.1.2:1.

[H3C-route-policy] if-match vpn-target begin 1.1.1.1:65533 5

2.1.19 import-route

syntax

import-route { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip | static } [med value | route-policy route-policyname ]

undo import-route { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip | static }

View

VPN-instance subaddress family view

Parameter

process-id: OSPF process ID, ranging from 1 to 65535. By default, it is 1.

ospf: Imports only the ASE internal route discovered by the OSPF process process-id as the external route.

ospf-ase: Imports only the OSPF-ASE route discovered by OSPF process with process-id as the external route.

ospf-nssa: Imports only the OSPF-NSSA route discovered by OSPF process with process-id as the external route.

med value: Route cost value, ranging from 0 to 4294967295.

route-policyname: name of Route-policy, consisting of 1 to 19 characters

Description

Use the import-route ospf command to enable to import OSPF route.

Use the undo import-route ospf command to disable to import OSPF route.

Caution:

By default, the process ID is 1.

Example

# Enable to import an OSPF route with process ID 100.

[H3C]ip vpn-instance sphinx

[H3C-vpn-sphinx]route-distinguisher 168.168.55.1:85

[H3C-vpn-sphinx]quit

[H3C]bgp 352

[H3C-bgp]ip vpn-instance sphinx

[H3C-bgp-af-vpn-instance] import-route ospf 100

2.1.20 ip binding vpn-instance

Syntax

ip binding vpn-instance vpn-instance-name

undo ip binding vpn-instance vpn-instance-name

View

VLAN interface view

Parameter

vpn-instance-name: Name assigned to VPN-instance.

Description

Use the ip binding vpn-instance command to bind a VLAN interface to a VPN-instance.

Use the undo ip binding vpn-instance command to delete the binding.

By default, global routing table is used.

You need to reconfigure the IP address for an interface since this command deletes the original IP address.

Example

# Bind the VLAN201 interface to the VPN-instance VPN 1.

[H3C] interface vlan-interface 201

[H3C-Vlan-interface201] ip binding vpn-instance vpn1

2.1.21 ip route-static vpn-instance

Syntax

ip route-static vpn-instance vpn-instance-name [ vpn-instance-name ] … destination-ip-address { mask | mask-length } [ interface-name | vpn-instance vpn-nexthop-name ] nexthop-ip-address [ preference preference-value | public ] [ reject | blackhole ]

undo ip route-static vpn-instance vpn-instance-name [vpn-instance-name] … destination-ip-address { mask | mask-length } [ interface-name | vpn-instance vpn-nexthop-name ] nexthop-ip-address [ preference preference-value| public ] [ reject | blackhole ]

View

System view

Parameter

vpn-instance-name: Name of VPN-instance. 6 names can be configured at most, and this value of character string is ranging from 1 to 19 characters.

destination-ip-address: Destination address of a static route.

mask: Subnet mask.

mask-length: Length of the mask, ranging to 0 to 32. As it requires consecutive 1s in a 32-bit mask, the mask in dotted decimal format can be substituted by mask-length (mask-length is represented by the number of consecutive 1s in the mask).

interface-name: Outgoing interface name of a static route. You can specify the interface of a public network or other VPN-instance as the outgoing-interface of the static route .NULL 0 shows the outgoing-interface is null.

vpn-nexthop-name: Specifies VPN-instance of the next hop for the static route.

nexthop-ip-address: Specifies IP address of the next hop for the static route.

preference-value: Specifies preference value, ranging from 1 to 255, By default it is 60.

public: Configures a route as public network route.

reject: Configures a route as unreachable.

blackhole: Configures a route as blackhole.

Description

Use the ip route-static vpn-instance command to configure a static route by specifying an interface of a private network as a egress interface.

Use the undo ip route-static vpn-instance command to delete the configuration of this static route.

Example

# Configure a static route with destination address 100.1.1.1 and next hop address 1.1.1.2.

[H3C] ip route-static vpn-instance vpn1 100.1.1.1 16 vpn-instance vpn1 1.1.1.2

2.1.22 ip vpn-instance

Syntax

ip vpn-instance vpn-instance-name

undo ip vpn-instance vpn-instance-name

View

System view

Parameter

vpn-instance-name: Name assigned to VPN-instance.

Description

Use the ip vpn-instance command to create a VPN instance and enter VPN instance view.

Use the undo ip vpn-instance command to delete the specified VPN instance.

By default, VPN-instance is not defined. Neither input nor output list is associated with VPN-instance. No Route-map is associated with VPN-instance.

Use the ip vpn-instance command to create a VPN-instance named vpn-name.

Example

# Create the VPN instance VPN 1.

[H3C] ip vpn-instance vpn1

[H3C-vpn-vpn1]

2.1.23 ipv4-family

Syntax

BGP view, VPN-instance sub-address family view or VPNv4 sub-address family view:

ipv4-family { vpn-instance vpn-instance-name | vpnv4 [ unicast ] }

undo ipv4-family { vpn-instance vpn-instance-name | vpnv4 [ unicast ] }

RIP view:

ipv4-family [ unicast ] vpn-instance vpn-instance-name

undo ipv4-family [ unicast ] vpn-instance vpn-instance-name

View

BGP view, VPN-instance sub-address family view or VPNv4 sub-address family view, and RIP view.

Parameter

vpn-instance vpn-instance-name: Associates a specified VPN-instance with the MBGP address family. This parameter is used to enter MBGP VPN-instance subaddress family view.

vpnv4: Enters MBGP VPNv4 address family view.

unicast: Uses unicast sub–address family.

Description

Use the ipv4-family vpn-instance command to enter MBGP VPN-instance subaddress family view.

Use the undo ipv4-family vpn-instance command to delete the association of a VPN-instance with MBGP address family, and return to BGP unicast view.

Use the ipv4-family vpnv4 command to enter MBGP VPNv4 subaddress family view. Use the undo ipv4-family vpnv4 command to delete the configuration of MBGP VPNv4 subaddress family view.

By default, unicast address is used when VPNv4 address family is configured.

By default, use the unicast address when configuring the MBGP address family.

Use this command to enter address family view and configure parameters related to BGP address family in this view.

Related command: peer enable.

Example

# Associate a specified VPN-instance with MBGP address family to enter MBGP VPN-instance subaddress family view. You must first configure VPN-instance before you perform that configuration.

[H3C] bgp 100

[H3C–bgp] ipv4-family vpn-instance abc

[H3C-bgp-af-vpn-instance]

# Enter VPNv4 subaddress family view.

[H3C] bgp 100

[H3C-bgp] ipv4-family vpnv4 unicast

[H3C-bgp-af-vpn]

2.1.24 nesting-vpn

Syntax

nesting-vpn

undo nesting-vpn

View

BGP-VPNv4 sub-address family view

Parameter

None

Description

Use the nesting-vpn command to enable the nested VPN function.

Use the undo nesting-vpn command to disable this function.

By default, the nested VPN function is disabled.

If VPNv4 route advertisement is needed for a CE connected to a PE, the nested VPN function must be enabled on the PE.

Example

# Enable the nested VPN function.

[H3C-bgp-af-vpn] nesting-vpn

2.1.25 network

Syntax

network ip-address [ address-mask ] [ route-policy policy-name ]

undo network ip-address [ address-mask ] [ route-policy policy-name ]

View

VPN-instance subaddress family view

Parameter

ip-address: Network address advertised by BGP in dotted decimal format.

address-mask: Mask of the network address.

policy-name: Name of the routing policy applied to the advertised route.

Description

Use the network command to configure the network route advertised to the outside by local BGP.

Use the undo network command to cancel the configuration.

By default, local BGP does not advertise any route to the outside.

Example

# Configure local router to advertise the routing with the destination network segment 10.0.0.0/16.

[H3C-bgp-af-vpn-instance] network 10.0.0.1 255.255.0.0

2.1.26 ospf

Syntax

ospf process-id [ router-id router-id-number ] [ vpn-instance vpn-instance-name ]

undo ospf process-id

View

System view

Parameter

process-id: OSPF Process ID. The default process ID is 1.

router-id-number: Router ID for an OSPF process. It is optional.

vpn-instance-name: VPN instance bound to an OSPF process.

Description

Use the ospf command to enable an OSPF process.

Use the undo ospf command to disable an OSPF process.

After enabling an OSPF process, you can perform the configuration related to OSPF in the OSPF protocol view.

By default, OSPF protocol is not used in the system.

COMWARE Software supports multiple OSPF processes, so you can specify different process IDs to enable multiple OSPF processes on a router.

You are recommended to specify Route-id in a process using Router-id when enabling the OSPF process. If you want to enable multiple processes on a router, you are recommended to specify different Router IDs for different processes.

To enable an OSPF process belonging to a public network without a Router ID, the following conditions should be satisfied:

l RM (Route Manage) is configured with a Router ID.

l There is an interface that is configured with an IP address.

If you enable an OSPF process without specifying a Router ID, and the process is to be bound to a VPN instance, the VPN instance should have an interface that is configured with an IP address.

If you want to bind a process to a VPN instance, you must specify the VPN instance name.

One VPN instance may include several processes. For example, for VPN1, you can configure the commands OSPF 1 VPN-instance VPN1, OSPF2 VPN-instance VPN1, and OSPF3 VPN-instance VPN1. Accordingly, VPN instance VPN1 will include the OSPF processes 1, 2, and 3.

But one process belongs to one instance only. If you have configured OSPF 1 VPN-instance VPN1, you cannot configure OSPF 1 VPN-instance VPN2. Otherwise, the system prompts: “Wrong configuration. Process 1 has been bound to VPN-instance VPN-instance 1”. If you configure OSPF 1 first and then OSPF 1 VPN-instance VPN1, the system prompts: “Wrong configuration. Process 1 has been running in public domain”.

If you configure OSPF 1 VPN-instance VPN1 first and then OSPF 1, the system enters OSPF 1 VPN-instance VPN1 mode. That is, the commands OSPF 1 and OSPF 1 VPN-instance VPN1 are equivalent.

When an OSPF process is bound to a VPN instance, the default OSPF router is PE router. After executing the display OSPF process-id brief command, you will view the information: “PE router, connected to VPN backbone”.

Caution:

l A router can run no more than 1024 OSPF processes, with up to 10 processes enabled in each VPN instance.

l If you bind an OSPF process to a nonexistent VPN instance, the configuration for the command fails and display the errors: The specified VPN-Instance does not exist, or the VPN-Instance's Route-Distinguisher is not specified.

l When a VPN instance is deleted, all the related OSPF processes will be deleted. For example, the VPN instance VPN 1 includes the OSPF processes 1, 2 and 3. If VPN instance VPN 1 is deleted, the OSPF processes 1, 2 and 3 will all be deleted at the same time.

Related command: network.

Example

# Enable OSPF protocol with the default process ID 1.

[H3C] router id 10.110.1.8

[H3C] ospf

# Enable OSPF protocol with the process ID 120.

[H3C] router id 10.110.1.8

[H3C] ospf 120

[H3C-ospf-120]

# Enable OSPF process with the process ID 100, specify its Route ID to 2.2.2.2, and bind it to VPN instance VPN1.

[H3C] ospf 100 router-id 2.2.2.2 vpn-instance vpn1

[H3C-ospf-100]

2.1.27 peer advertise-community

Syntax

peer group-name advertise-community

undo peer group-name advertise-community

View

VPNv4 subaddress family view, VPN-instance sub-address family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

Description

Use the peer advertise-community command to configure to transmit the community attributes to a specified peer group.

Use the undo peer advertise-community command to cancel this configuration.

By default, the BGP advertiser does not transmit the community attributes to peer group.

Related command: if-match community-list and apply community.

Example

# Transmit the community attributes to the peer group test.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test advertise-community

2.1.28 peer allow-as-loop

Syntax

peer { group-name | peer-address } allow-as-loop [asn-limit]

undo peer { group-name | peer-address } allow-as-loop

View

VPNv4 subaddress family view, VPN-instance sub-address family view

Parameter

group-name: Name of a peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: IP address of a specified peer.

asn-limit: Maximum times for which autonomous system (AS) number is allowed to receive in route updates.

Description

Use the peer allow-as-loop command to allow loop in the route updates in the Hub & Spoke networking mode.

Use the undo peer allow-as-loop command to prohibit loop in the route updates.

By default, loop is prohibited in the received routing updates; by using the peer allow-as-loop command, loop is allowed in the received routing updates. The default value of asn-limit argument is 3.

Standard BGP tests loop using AS number. However, on a Hub & Spoke network running EBGP between PE and CE, PE carries its own AS number when advertising route information to CE. Accordingly, the updated route information will contain PE’s AS number when it is sent from CE. In this case, PE will not accept the route updates.

You can avoid this by using the peer allow-as-loop command, which makes PE router allow the route updates from CE to contain its AS number. You can define asn-imit to control the maximum times for which AS number is received by PE.

Example

# Enable route loop.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer 1.1.1.1 allow-as-loop 1

2.1.29 peer as-number

Syntax

peer { group-name | [ peer-address group group-name ] }as-number as-number

undo peer { group-name | [ peer-address group group-name ] }as-number as-number

View

VPN-instance subaddress family view

Parameter

group-name: Name of a peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: IP address of peer group.

as-number: Opposite AS number of a peer (group).

Description

Use the peer as-number command to configure the opposite AS number of a specified peer (group).

Use the undo peer as-number command to remove the opposite AS number of a specified peer (group).

By default, the opposite end of a peer (group) has no AS number.

Example

# Set the opposite AS number of a specified peer (group) to 100.

[H3C-bgp] ipv4-family vpn-instance test

[H3C-bgp-af-vpn-instance] peer test as-number 100

2.1.30 peer as-path-acl export

Syntax

peer group-name as-path-acl acl-number export

undo peer group-name as-path-acl acl-number export

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

acl-number: AS regular expression ACL number, ranging 1 to 199.

Description

Use the peer as-path-acl export command to apply the routing filtering policy based on AS path list to the advertised routing information.

Use the undo peer as-path-acl export command to cancel the configuration.

By default, there is no filtering policy based on AS path list.

You can only use the peer as-path-acl export command in the peer group.

Related command: peer as-path-acl import.

Example

# Configure the test peer group to filter the advertised routing information with the AS path ACL 3.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test as-path-acl 3 export

2.1.31 peer as-path-acl import

Syntax

peer { group-name | peer-address } as-path-acl acl-number import

undo peer { group-name | peer-address } as-path-acl acl-number import

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: IP address of the peer group in dotted decimal format.

acl-number: AS regular expression ACL number, ranging 1 to 199.

import: Filters the received routes with AS path list.

Description

Use the peer as-path-acl import command to configure peers from filter received routing information with routing filtering policy based on AS path list.

Use the undo peer as-path-acl import command to cancel the configuration.

By default, there is no filtering policy based on AS path list.

The incoming filtering policy applied to peers takes precedence over the configuration to peer groups.

Example

# Configure the test peer group to filter the received routes with AS path ACL 3.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test as-path-acl 3 import

2.1.32 peer connect-interface

Syntax

peer { group-name | ip-address } connect-interface { interface-type interface_num }

undo peer { group-name | ip-address } connect-interface

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

ip-address: Peer IP address.

interface-type interface-number: Interface type, interface number.

Description

Use the peer connect-interface command to configure to allow the internal BGP session to use any operable interface for a TCP connection.

Use the undo peer connect-interface command to restore the optimum local address for a TCP connection.

By default, BGP uses the optimum local address to implement a TCP connection.

Generally, BGP uses the optimum local address to implement a TCP connection. In order to make the TCP connection valid even when the interface fails, you can configure to allow the internal BGP session to use any operable interface for the TCP connection. Usually, Loopback interface is used.

Example

# Allow the internal BGP session to use any operable interface for a TCP connection.

[H3C-bgp] ipv4-family vpn-instance test

[H3C-bgp-af-vpn-instance] peer 1.1.1.1 connect-interface loopback 0

2.1.33 peer default-route-advertise

Syntax

peer group-name default-route-advertise

undo peer group-name default-route-advertise

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

Description

Use the peer default-route-advertise command to enable a peer (group) to transmit a default route.

Use the undo peer default-route-advertise command to remove the existing configuration.

By default, a peer (group) does not transmit a default route.

This command does not require any default route in the routing table but transmits a default route whose next hop address is itself to the peer unconditionally.

Example

# Enable the peer group test to transmit a default route.

[H3C-bgp] ipv4-family vpn-instance a

[H3C-bgp-af-vpn-instance] peer test default-route-advertise

2.1.34 peer default-route-advertise vpn-instance

Syntax

peer ip-address default-route-advertise vpn-instance vpn-instance name

undo peer ip-address default-route-advertise vpn-instance vpn-instance name

View

VPNv4 subaddress family view

Parameter

ip-address: Peer IP address.

vpn-instance name: Name of the created VPN instance.

Description

Use the peer default-route-advertise vpn-instance command to enable a peer to import a default route.

Use the undo peer default-route-advertise vpn-instance to restore the configuration.

By default, a peer does not import a default route.

This command does not require any default route in the routing table but transmits a default route whose next hop address is itself to the peer unconditionally.

Example

# Enable the peer test to import a default route.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer 10.1.1.1 default-route-advertise vpn-instance test

2.1.35 peer description

Syntax

peer { group-name | peer-address } description description-line

undo peer { group-name | peer-address } description

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address, in dotted decimal format.

description-line: Description of the configuration, up to 79 characters in length.

Description

Use the peer description command to set the description of a peer (group).

Use the undo peer description command to delete the description.

By default, there is no description for a peer (group).

The peer description is independent of the peer's group description.

Related command: display bgp peer verbose and display bgp group.

Example

# Set description of the peer group group1 to be city 1.

[H3C-bgp-af-vpn-instance] peer group1 description city1

2.1.36 peer ebgp-max-hop

Syntax

peer group-name ebgp-max-hop [ ttl ]

undo peer group-name ebgp-max-hop

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address.

ttl: The maximum hops, in the rang of 1 to 255 and is 64 by default.

Description

Use the peer ebgp-max-hop command to enable to establish an EBGP connection with a specified neighbor which is attached to the network indirectly.

Use the undo peer ebgp-max-hop command to restore the default setting.

By default, you can only make a connection with a direct accessing EBGP neighbor.

Example

# Enable the router to connect the EBGP peer group test that is attached to the network indirectly.

[H3C-bgp] ipv4-family vpn-instance test

[H3C-bgp-af-vpn-instance] peer test ebgp-max-hop

2.1.37 peer enable

Syntax

peer group-name enable

undo peer group-name enable

View

VPNv4 subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

Description

Use the peer enable command to enable a specified peer group.

Use the undo peer enable command to disable a specified peer group.

For IPv4 address family, address switching is enabled by default.

Example

# Enable the peer group 168.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer 168 enable

2.1.38 peer filter-policy export

Syntax

peer group-name filter-policy acl-number export

undo peer group-name filter-policy acl-number export

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

acl-number: IP ACL number ranging from 2000 to 3999. That is, you can use basic ACL or advanced ACL.

export: Uses the filtering policy for the advertised route and this policy is only effective for peer groups.

Description

Use the peer filter-policy export command to apply the ACL-based filtering policy to the advertised route for the peer group.

Use the undo peer filter-policy export command to cancel the configuration.

By default, there is no ACL-based filtering policy.

You can only use the peer filter-policy export command to configure peer group.

Related command: ip as-path-acl, peer as-path-acl and peer filter-policy export.

Example

# Configure the test peer group to filter the advertised route with ACL 3000.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test filter-policy 3000 export

2.1.39 peer filter-policy import

Syntax

peer { group-name | peer-address } filter-policy acl-number import

undo peer { group-name | peer-address } filter-policy acl-number import

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address, in dotted decimal format.

acl-number: IP ACL number from 2000 to 3999, that is, you can use basic or advanced ACL.

import: Performs the filtering policy on the received routes.

Description

Use the peer filter-policy import command to apply the ACL-based filtering policy to the received routing information for peers.

Use the undo peer filter-policy import command to cancel the application.

By default, there is no ACL-based filtering policy.

Related command: ip as-path-acl and peer as-path-acl.

The incoming filtering policy configured for peers take precedence over the configuration for peer groups.

Example

# Configure the test peer group to filter the received route with ACL 3000.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test filter-policy 3000 import

2.1.40 peer group

Syntax

peer peer-address group group-name [ as-number as-number ]

undo peer peer-address

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address in dotted decimal format.

as-number: Peer AS number in the range of 1 to 65535. This parameter is only effective in the BGP view and VPN-instance subaddress family view.

Description

Use the peer group command to add a peer to an existing peer group.

Use the undo peer command to delete a specified peer from the group.

In BGP view and VPN-instance subaddress family view, when adding a peer to an external group out of an AS, you need to specify an AS number. When adding a peer to an internal group or an external group in an AS, the AS number is not needed.

A peer must have been added in a group in BGP view before it can be added to another group in multicast subaddress family view or VPNv4 subaddress family view.

In different address families, one peer can be in different groups and one group may have different peers.

Example

# Add the peer with IP address 10.1.1.1 to the peer group test. In this example, the peer group is IBGP peer by default, thus you need not to specify the AS number when adding peers.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer 10.1.1.1 group test

2.1.41 peer ip-prefix export

Syntax

peer group-name ip-prefix prefixname export

undo peer group-name ip-prefix prefixname export

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

prefixname: Name of prefix list, a string of one to 19 characters.

Description

Use the peer ip-prefix export command to apply the routing filtering policy based on IP prefix list to advertised routing information for peer groups.

Use the undo peer ip-prefix export command to cancel the setting.

By default, the peer group does not perform the routing filtering policy.

you can only configure the peer ip-prefix export command to the peer group.

Related command: peer ip-prefix import.

Example

# Configure the peer group group1 to filter the advertised routing information with the IP prefix list list1.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer group1 ip-prefix list1 export

2.1.42 peer ip-prefix import

Syntax

peer { group-name | peer-addess } ip-prefix prefixname import

undo peer { group-name | peer-addess } ip-prefix prefixname import

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address in dotted decimal format.

prefixname: Name of the prefix list, a string of one to 19 characters.

Description

Use the peer ip-prefix import command to apply the filtering policy based on IP prefix list to the advertised route for peer groups.

Use the undo peer ip-prefix import command to cancel the configuration.

By default, the peer dose not use the routing filtering policy.

The incoming filtering policy configured for peers take precedence over the configuration for peer groups.

Related command: peer ip-prefix export.

Example

# Configure the peer group group1 to filter the received route with the IP prefix list 1.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer group1 ip-prefix list1 import

2.1.43 peer label-route-capability

Syntax

peer group-name label-route-capability

undo peer group-name label-route-capability

View

BGP view

Parameter

group-name: Name of a neighbor peer group.

Description

Use the peer label-route-capability command to enable a peer group to handle the label-carried IPv4 routes.

Use the undo peer label-route-capability command to disable a peer group from handling the label-carried IPv4 routes.

By default, a BGP peer group cannot handle label-carried IPv4 routes.

Example

# Enable IBGP peer group and EBGP peer group to handle the label-carried IPv4 routes.

[H3C-bgp] group ibgp internal

[H3C-bgp] peer ibgp label-route-capability

[H3C-bgp] group ebgp external

[H3C-bgp] peer ebgp label-route-capability

2.1.44 peer next-hop-local

Syntax

peer group-name next-hop-local

undo peer group-name next-hop-local

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

Description

Use the peer next-hop-local command to cancel the processing of the next hop in the routes that BGP advertises to a peer group and configure to use its own address as the next-hop.

Use the undo peer next-hop-local command to cancel the existing setting.

Example

# Specify the current BGP address as the next-hop in its route advertising to a peer group.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test next-hop-local

2.1.45 peer password

Syntax

peer { group-name | peer-address } password { cipher | simple } password

undo peer { group-name | peer-address } password

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address in dotted decimal format.

cipher: Displays the password in cipher text.

simple: Displays the password in plain text.

password: Password string. When you choose the cipher parameter and input the password in plain text, or you choose the simple parameter, the password is one to 16 characters in length. When you choose the cipher parameter, and input the password in cipher text, the password is to be 24 in length.

Description

Use the peer password command to enable BGP to perform the MD5 authentication when making a TCP connection.

Use the undo peer password command to cancel this function.

By default, BGP does not perform the MD5 authentication when setting up a TCP connection.

When the MD5 authentication is enabled, both parties must have the same authentication mode and password, otherwise, no TCP connection can be established because the MD5 authentication cannot be passed.

A specified peer can perform the MD5 authentication only when the group to which the peer belongs is not set the authentication. Otherwise, the configuration of the peer group applies.

Example

# Assign MD5 authentication to a TCP connection between the local router 10.1.100.1 and the peer 10.1.100.2.

[H3C-bgp-af-vpn-instance] peer 10.1.100.2 password simple test

# Perform a similar configuration to the remote end.

[H3C-bgp-af-vpn-instance] peer 10.1.100.1 password simple test

2.1.46 peer public-as-only

Syntax

peer group-name public-as-only

undo peer group-name public-as-only

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

Description

Use the peer public-as-only command to configure BGP not to carry private AS numbers when transmitting update packets.

Use the undo peer public-as-only command to configure BGP to carry private AS numbers when transmitting update packets.

By default, private AS numbers are carried when BGP transmits update packets.

Generally, BGP carries AS number (either public or private AS number) when transmitting BGP update packets. BGP can be configured not to carry private AS number so that some egress routers may ignore private AS number when transmitting BGP update packets.

Example

# Send MBGP update packets without bearing private AS numbers.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer 168 public-as-only

2.1.47 peer reflect-client

Syntax

peer group-name reflect-client

undo peer group-name reflect-client

View

VPNv4 subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

Description

Use the peer reflect-client command to set a specified peer group to be a client of a router reflector.

Use the undo peer reflect-client command to cancel this setting.

By default, no router reflector exists in AS.

This configuration only applies to IBGP peer group.

Related command: reflect between-clients and reflect cluster-id.

Example

# Set the peer group test as a client of a router reflector.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test reflect-client

2.1.48 peer route-policy export

Syntax

peer group-name route-policy policy-name export

undo peer group-name route-policy policy-name export

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

policy-name: Name of a routing policy.

Description

Use the peer route-policy export command to apply the routing policy to peer group for advertised routing information.

Use the undo peer route-policy export command to cancel the configuration.

By default, there is no routing policy.

The peer route-policy export command is only used to configure peer groups.

Related command: peer route-policy import.

Example

# Apply the routing policy test-policy to the outgoing routes of the peer group test.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test route-policy test-policy export

2.1.49 peer route-policy import

Syntax

peer { group-name | peer-address } route-policy policy-name import

undo peer { group-name | peer-address } route-policy policy-name import

View

VPNv4 subaddress family view, VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address in dotted decimal format.

policy-name: Name of the applied routing policy.

Description

Use the peer route-policy import command to apply a routing policy to peer for received routing information.

Use the undo peer route-policy import command to delete the setting.

By default, there is no routing policy.

The incoming filtering policy configured for peers take precedence over the configuration for peer groups.

Related command: peer route-policy export.

Example

# Apply the routing policy test-policy to the incoming routes of the peer group test.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer test route-policy test-policy import

2.1.50 peer route-update-interval

Syntax

peer group-name route-update-interval seconds

undo peer group-name route-update-interval

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

seconds: Update interval in seconds, ranging from 0 to 600.

Description

Use the peer route-update-interval command to set the Update interval for peers.

Use the undo peer route-update-interval command to restore the default setting.

By default, the Update interval is 5 seconds for IBGP peer group, and for EBGP it is 30 seconds.

Example

# Set the minimum interval for sending routing update packet to the BGP peer group group1 to be 10 seconds.

[H3C-bgp-af-vpn-instance] peer group1 route-update-interval 10

2.1.51 peer timer

Syntax

peer { group-name | peer-address } timer keep-alive keepalive-interval hold holdtime-interval

undo peer { group-name | peer-address } timer

View

VPN-instance subaddress family view

Parameter

group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.

peer-address: Peer IP address in dotted decimal format.

keepalive-interval: Interval of sending the Keepalive message. It is in seconds, ranging from 1 to 65535, and with the default value 60.

holdtime-interval: Holdtime, ranging from 3 to 65535 in seconds, and with the default value 180 seconds.

Description

Use the peer timer command to set the Keepalive interval and holdtime for peers.

Use the undo peer timer command to restore the default setting.

The timer set with the peer timer command enjoys higher precedence than the timer with the timer command.

Related command: timer keep-alive hold.

Example

# Set the Keepalive interval and holdtime for the peer group test.

[H3C-bgp-af-vpn-instance] peer test timer keep-alive 60 hold 180

2.1.52 peer upe

Syntax

peer peer-address upe

undo peer peer-address upe

View

VPNv4 subaddress family view

Parameter

peer-address: Peer IP address.

Description

Use the peer upe command to configure BGP peer as the UPE of hierarchical BGP/MPLS VPN.

Use the undo peer upe command to delete this configuration.

Example

# Configure BGP peer as the UPE of hierarchical BGP/MPLS VPN.

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer 1.1.1.1 upe

2.1.53 peer vpn-instance enable

Syntax

peer group-name vpn-instance vpn-instance-name enable

undo peer group-name vpn-instance vpn-instance-name enable

View

BGP-VPNv4 sub-address family view

Parameter

group-name: Name of a peer group.

vpn-instance-name: Name of the VPN instance the CE peer belongs to.

enable: Enable VPNv4 function for the CE.

Description

Use the peer vpn-instance enable command to enable the VPNv4 function for the BGP peer group of a CE.

Use the undo peer vpn-instance enable command to disable the function.

By default, the VPNv4 function is disabled.

Example

# Enable the VPNv4 function for the peer group of a CE.

[H3C-bgp] ipv4-family vpn-instance vrf1

[H3C-bgp-af-vpn-instance] group ebgp external

[H3C-bgp-af-vpn-instance] quit

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer ebgp vpn-instance vrf1 enable

2.1.54 peer vpn-instance group

Syntax

peer peer-address vpn-instance vpn-instance-name group group-name

undo peer peer-address vpn-instance vpn-instance-name

View

BGP-VPNv4 sub-address family view

Parameter

peer-address: IP address of a peer, in dotted decimal notation.

vpn-instance-name: Name of the VPN instance the CE peer belongs to.

group-name: Name of a peer group.

Description

Use the peer vpn-instance group command to join a CE neighbor into a BGP peer group.

Use the undo peer vpn-instance group command to clear the CE neighbor from the BGP peer group.

By default, a CE neighbor does not belong to any peer group.

Example

# Join a CE neighbor into a peer group.

[H3C-bgp] ipv4-family vpn-instance vrf1

[H3C-bgp-af-vpn-instance] peer 1.1.1.1 group ebgp as-number 600

[H3C-bgp-af-vpn-instance] quit

[H3C-bgp] ipv4-family vpnv4

[H3C-bgp-af-vpn] peer 1.1.1.1 vpn-instance vrf1 group ebgp

2.1.55 peer vpn-instance route-policy import

Syntax

peer { peer-address | group-name } vpn-instance vpn-instance-name route-policy policy-name import

undo peer { peer-address | group-name } vpn-instance vpn-instance-name route-policy policy-name import

View

BGP-VPNv4 sub-address family view

Parameter

peer-address: IP address of a peer, in dotted decimal.

group-name: Name of a peer group.

vpn-instance-name: Name of the VPN instance the CE peer belongs to.

policy-name: Name of the routing policy to be applied.

Description

Use the peer vpn-instance route-policy import command to configure the routing policy applied by the CE peer to VPNv4 routes it received.

Use the undo peer vpn-instance route-policy import command to cancel the configuration.

By default, no routing policy is configured.

The ingress routing policy configured for a peer takes precedence over the configuration for the peer group.

Example

# Configure the peer group ebgp to apply the routing policy named comtest to the ingress routes.

[H3C-bgp-af-vpn] peer ebgp vpn-instance vrf1 route-policy comtest import

2.1.56 peer vpn-instance substitute-as

Syntax

peer group-name vpn-instance vpn-instance-name substitute-as

undo peer group-name vpn-instance vpn-instance-name substitute-as

View

BGP-VPNv4 sub-address family view

Parameter

group-name: Name of a peer group.

vpn-instance-name: Name of the VPN instance the CE peer belongs to.

policy-name: Name of the routing policy to be applied.

Description

Use the peer vpn-instance substitute-as command to enable the BGP AS number substitution on the PE.

Use the undo peer vpn-instance substitute-as command to disable the function.

By default, the BGP AS number substitution function is disabled.

After this function is enabled, when the PE advertises the specified peer the route information and the routed AS path has the same AS number as that of the peer, the AS number in the AS path will be replaced by the AS number of the PE before being advertised.

These commands take effect once being executed.

Example

# Enable the BGP AS number substitution for the peer group 20.

[H3C-bgp-af-vpn] peer 20 vpn-instance vrf1 substitute-as

2.1.57 policy vpn-target

Syntax

policy vpn-target

undo policy vpn-target

View

BGP-VPNv4 subaddress family view

Parameter

None

Description

Use the policy vpn-target command to configure to filter the VPN-target extended community attributes of received routing information.

Use the undo policy vpn-target command to cancel the setting.

By default, the filtering of VPN-target extended community attribute is conducted.

Example

# Filter the VPN-target extended community attributes of the received routing information.

[H3C-bgp-af-vpn] policy vpn-target

2.1.58 port trunk mpls vlan

Syntax

port trunk mpls vlan from vlan-id [ to ] vlanid

undo port trunk mpls

View

Ethernet port view

Parameters

vlan-id: The vlan-id range of MPLS/VPN VLANs allowed to the port. The value ranges from vlan-id to vlan-id+1023.

Description

Use the port trunk mpls vlan command to set the vlan-id range of MPLS/VPN VLANs allowed to pass the port. The port trunk mpls vlan command is only applicable to fast Ethernet ports of cards with the suffix of C.

Use the undo port trunk mpls command to restore the default value of vlan-id. The default value is 0.

By default, the range of MPLS/VPN VLANs is from 0 to 1023 and the range of vlan-id is from 1 to 3071. The command must be executed on a Trunk port. MPLS/VPN enabled VLANs and VLANs out of the configured range are excluded (By default, the Trunk port contains VLAN1, so it is not judged).

Example

# Configure the start vlan-id of the Trunk fast Ethernet port 1.

<H3C>system-view

[H3C]interface Ethernet 3/1/1

[H3C-Ethernet2/1/1] port trunk mpls vlan 3071

2.1.59 preference

Syntax

preference ebgp-preference ibgp-preference local-preference

undo preference

View

VPN-instance subaddress family view

Parameter

ebgp-preference: Preference of the routes learned from the EBGP peer, in the range 1 to 256.

ibgp-preference: Preference of the routes learned from the IBGP peer, in the range 1 to 256.

local-preference: Preference of the Local routes, in the range 1 to 256.

Description

Use the preference command to set preference value for a BGP route.

Use the undo preference command to remove the setting.

Example

# Set the preference of the preference of the routes learned from the EBGP peer to 2, the preference of the routes learned from the IBGP peer to 3 and the preference of the local routes to 4.

[H3C-bgp-af-vpn-instance] preference 2 3 4

2.1.60 reflect between-clients

Syntax

reflect between-clients

undo reflect between-clients

View

VPNv4 subaddress family view

Parameter

None

Description

Use the reflect between-clients command to allow the routing reflection between clients.

Use the undo reflect between-clients command to forbid routing reflection between clients (PE to PE).

By default, the routing reflection between clients is allowed.

The router reflector reflects one client’s route to others after configuration.

Related command: reflect cluster-id and peer reflect-client.

Example

# Disable the routing reflection from client to client.

[H3C-bgp-af-vpn] undo reflect between-clients

2.1.61 reflector cluster-id

Syntax

reflector cluster-id { cluster-id | address }

undo reflect cluster-id

View

VPNv4 subaddress family view

Parameter

cluster-id: Router reflector cluster ID in number format, in the range of 1 to 4294967295.

address: Router reflector cluster ID in IP address format.

Description

Use the reflector cluster-id command to configure a cluster ID of router reflector.

Use the undo reflector cluster-id command to delete the configuration.

By default, each router reflector uses his own ID as a cluster ID.

Usually, one cluster has one router reflector. And it is the router ID of the reflector to identify this cluster. Several router reflectors make the network more stable. If one cluster has several router reflectors, set the same cluster to all the reflectors ID with this command.

Related command: reflect between-clients and peer reflect-client.

Example

# The local router is one of the reflectors in the cluster and identifies this cluster with the cluster ID.

[H3C-bgp-af-vpn] reflect cluster-id 80

[H3C-bgp-af-vpn] peer 11.128.160.10 reflect-client

2.1.62 route-distinguisher

Syntax

route-distinguisher route-distinguisher

View

VPN-instance view

Parameter

route-distinguisher: Configures a VPN IPv4 prefix by adding an 8-byte value to a VPN IPv4 prefix.

Description

Use the route-distinguisher command to configure RD for an MPLS VPN instance. A VPN-instance cannot run until it is configured with an RD.

A route distinguisher (RD) creates route and forwarding list for a VPN and specifies the default route identifier. Add an RD to the beginning of a specific IPv4 prefix to make it a globally unique VPN IPv4 prefix.

If an RD is associated with an autonomous system number (ASN), it is composed of the ASN and an arbitrary number; if the RD is associated with an IP address, it is a combination of the IP address and an arbitrary number.

RD has the following formats:

16-bit ASN (can be 0 here): A custom 32-bit number, for example, 101:3.

32-bit IP address (can be 0.0.0.0 here): A custom 16-bit number, for example, 192.168.122.15:1.

Example

# Configure RD for an MPLS VPN instance.

[H3C] ip vpn-instance vpn-instance_blue

[H3C-vpn-vpn-instance_blue] route-distinguisher 100:3

[H3C] ip vpn-instance vpn-instance_red

[H3C-vpn-vpn-instance_red] route-distinguisher 173.13.0.12:200

2.1.63 route-tag

Syntax

route-tag tag-number

undo route-tag

View

OSPF protocol view

Parameter

tag-number: Tag value to identify VPN import route, in the range of 0 to 4294967295. By default, its first two bytes are fixed to 0xD000, while the last two bytes are the ASN of local BGP. For example, if the local BGP ASN is 100, then the default tag value in decimal is 3489661028. The value is an integer from 0 to 4294967295.

Description

Use the route-tag command to specify a tag value to identify VPN import route.

Use the undo route-tag command to restore the default value.

If a VPN Site is linked to multiple PEs, when a route learned from MPLS/BGP is advertised by a PE router via its type-5 or type-7 LSA to the VPN Site, the route may be received by another PE router. This will result in routing loop. To avoid routing loop, you should configure Route-tag and you are recommended to configure the same route-tag for the PEs in the same VPN domain. The Route-tag is included in the type-5/-7 LSA. It is not transmitted in the extended community attributes of BGP, and thus it is limited in the local area. Therefore, it can only be configured and function on the PE router which receives BGP routes and generates OSPF LSA.

Configure Route-tag in OSPF protocol view. Different processes can be configured with a same Route-tag. You can configure the same Route-tag using different commands, but they are different in priority.

l Those configured with the import-route command are of the highest priority.

l Those configured with the route-tag command are in the second place in terms of priority.

l Those configure with the default tag command are of the lowest priority.

If the Tag included in the type-5/-7 LSA is identical with its existing Tag, the LSA received will be neglected in route calculation.

Caution:

The Route-tag configured will not be validated until the reset ospf command is executed.

Related command: import-route and default.

Example

# Configure Route-tag 100 to OSPF process 100.

[H3C-ospf-100] route-tag 100

OSPF: Process 100's route tag has been changed

OSPF: Reboot the system or use the 'reset ospf ID' command for this to take

effect

2.1.64 timer

Syntax

timer keep-alive keepalive-interval hold holdtime-interval

undo timer

View

VPN-instance subaddress family view

Parameter

keepalive-interval: Time interval to send Keepalive messages, in seconds and ranging 1 to 65535. It defaults to 60 seconds.

holdtime-interval: Hold time, in seconds and ranging 3 to 65535. It defaults to 180 seconds.

Description

Use the timer command to specify the time interval and hold time for sending Keepalive messages.

Use the undo timer command to restore the default value.

The timer defined with the peer timer command takes preference over that with the timer command.

Related command: peer timer.

Example

# Set the time interval and hold time for sending Keepalive messages.

[H3C-bgp-af-vpn-instance] timer keep-alive 60 hold 180

2.1.65 traffic-redirect

Syntax

traffic-redirect inbound { link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] | ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] } interface { interface-name | interface-type interface-number } destination-vlan l3-vpn

undo traffic-redirect inbound { link-group { acl-number | acl-name } [ rule rule ] | ip-group { acl-number | acl-name } [ rule rule ] }

View

Ethernet port view

Parameter

link-group { acl-number | acl-name } [ rule rule ]: Layer 2 ACL, acl-number is in the range of 4000 to 4999. acl-name is a string beginning with English letters (a to z and A to Z) with no spaces or quotation marks between. rule rule: Optional, ACL matching statement, in the range of 0 to 127. All matching statements will be selected if you skip this keyword.

ip-group { acl-number | acl-name } [ rule rule ]: Basic or advanced ACL. acl-number is in the range of 2000 to 3999. acl-name is a string beginning with English letters (a to z and A to Z) with no spaces or quotation marks between. rule rule: Optional, ACL matching statement, in the range of 0 to 127. All matching statements will be selected if you skip this keyword.

interface { interface-name | interface-type interface-number }: Redirect a packet to a specified Ethernet port. interface-type can be GigabitEthernet and Ethernet. interface-number suggests a complete port name with interface-type.

system-index index: Intra-system index of the rule, in the range of 0~4294967295. The system assigns automatically an index to it when delivering an ACL rule, for later retrieval. You can also assign a system index to it when delivering an ACL rule with this command. However, generally you are not recommended to do so.

Description

Use the traffic-redirect command to redirect the data flow at the port of the EX card to the port of the MX card and make the port on the EX card act as an MPLS VPN CE side interface.

Use the undo traffic-redirect command to cancel this configuration.

Example

# Redirect the data flow at the Ethernet3/1/4 of the EX card to the MX card and set the port belong to VLAN 24.

[H3C-Ethernet3/1/4] traffic-redirect inbound ip-group 2000 rule 0 system-index 1 interface Ethernet5/1/4 24 l3-vpn

# Cancel the redirection configuration.

[H3C-Ethernet5/1/4] undo traffic-redirect inbound ip-group 2000 rule 0

2.1.66 routing-table limit

Syntax

routing-table limit integer { alarm-integer | syslog-alert }

undo routing-table limit

View

VPN-instance view

Parameter

integer: The Maximum routes allowed for a VPN-instance, ranging from 1 to 65536.

alarm-integer: Route threshold for alarming.

syslog-alert: When the route maximum specified for a VPN-instance exceeds the threshold, routes can be added and only a SYSLOG error message is sent out.

Description

Use the routing-table limit command to limit the route maximum in a VPN-instance.

Use the undo routing-table limit command to cancel the limitation.

It is necessary to enter a VPN-instance sub-view before using the routing-table command. Create a VPN-instance routing table in this view and allocate a route distinguisher (RD) in either of the following formats:

16-bit ASN: A 32-bit user-defined number, for example, 100:1.

32-bit IP address: A 16-bit user-defined number, for example, 172.1.1.1:1.

Create a VPN-target extended community for a VPN-instance and specify ingress or egress interface or both of them for the vpn-target command. These parameters can be used to configure ingress/egress routing information of the VPN-target extended community for a router.

Example

# Configure the maximum routes in VPN instance vpn1 to 1000.

[H3C] ip vpn-instance vpn1

[H3C-vpn-vpn1] route-distinguisher 100:1

[H3C-vpn-vpn1] vpn-target 100:1 import-extcommunity

[H3C-vpn-vpn1] routing-table limit 1000 syslog-alert

2.1.67 sham-link

Syntax

sham-link source-addr destination-addr [ cost cost-value ] [ dead seconds ] [ hello seconds ] [ md5 keyid key seconds ] [ retransimit seconds ] [ simple passwor ] [ trans-delay seconds ]

undo sham-link source-addr destination-addr

View

OSPF area view

Parameter

source-addr: Source address of a Sham-link, a Loopback interface address with a 32-bit mask.

destination-addr: Destination address of a Sham-link, a Loopback interface address with a 32-bit mask.

cost-value: Cost at Sham-link, in the range of 1 to 65535. By default, it is 1.

password: Specifies authentication in plain text at the interface, 8 characters at most. It must be consistent with the authentication of a Sham-link peer.

keyid: Specifies the MD5 authentication identifier at the interface. The keyed is in the range of 1 to 255. It must be consistent with the authentication string of Sham-link peer.

key: Specifies the authentication at the interface. keyid is from 1 to 255 and key is a string up to 16 characters. It must be consistent with the authentication of a Sham-link peer. When the display current-configuration command is executed, the system displays the 24-character MD5 authentication in cipher text. You can also input a 24-character authentication in cipher text.

dead seconds: Specifies interval for the dead timer, in the range of 1 to 8192 seconds. By default, it is 40 seconds. It must be consistent with the value of dead seconds for a Sham-link peer router.

hello seconds: Specifies interval between Hello message transmission at the interface, in the range of 1 to 8192 seconds. By default, it is 10 seconds. It must be consistent with the value of hello seconds for a Sham-link peer router.

retransmit seconds: Specifies internal for LSA packet retransmission at the interface, in the range of 1 to 8192 seconds. By default, it is 5 seconds.

trans-delay seconds: Specifies delay period for LSA packet transmission at the interface, in the range of 1 to 8192 seconds. By default, it is 1 second.

Description

Use the sham-link command to configure a Sham-link.

Use the undo sham-link command to delete a Sham-link.

In the OSPF PE-CE connection, suppose that in an OSPF area there are two sites which belong to the same VPN. They are connected to different PE routers and there is an intra-domain OSPF link (Backdoor) between them. Though there may be other routes connecting the two sites via PE routers, these routes are intra-domain routes, and OSPF will first select those routes through the Backdoor link. Sometimes, users desire to first select the routes through VPN Backbone. Hence it is required to establish Sham-links between PE routers. In this case, the routes through VPN Backbone are of the highest priority within the OSPF area.

If a Backdoor link (an OSPF link that does not pass the MPLS backbone) exists between two PE routers and you want the data to be transported over the MPLS backbone, you need to configure a Sham-link between the two PE routers. The sham link between VPN PE routers is taken as a link within the OSPF area. When configuring the Sham-link command, the optional parameters are not mutually exclusive. You can only choose in the undo command those parameters which are selected in the corresponding sham-link command.

Caution:

l The source and destination addresses of a sham link are both Loopback interface addresses with a 32-bit mask, which must be bound to a VPN instance and imported into BGP through a direct-connect route.

l In an OSPF processes of VPN, the Loopback interface routes used by the Sham-link cannot be imported directly (so the import direct command cannot be used in the OSPF processes of VPN). OSPF can only advertise the route by importing a BGP route.

l The source and destination addresses of a sham link cannot be the same.

l The same sham link cannot be configured for different OSPF processes.

l 50 sham links can be configured for an OSPF process at most.

Example

# Configure a Sham-link, with its source address 1.1.1.1 and destination address 2.2.2.2.

[H3C-ospf-100-area-0.0.0.1] sham-link 1.1.1.1 2.2.2.2 cost 100

2.1.68 summary

Syntax

summary

undo summary

View

VPN-instance subaddress family view

Parameter

None

Description

Use the summary command to enable BGP to perform auto summary to subnet routes.

Use the undo summary command to cancel this summary.

By default, BGP does not perform the auto summary to subnet routes.

After auto summary is enabled, BGP cannot receive the subnet routes imported from IGP. Using this feature, you can reduce the amount of routing information.

Example

# Perform auto summary to subnet routes.

[H3C-bgp-af-vpn-instance] summary

2.1.69 vpn-instance-capability simple

Syntax

vpn-instance-capability simple

undo vpn-instance-capability

View

OSPF protocol view

Parameter

None

Description

Use the vpn-instance-capability simple command to configure a router as Multi-VPN-Instance CE.

Use the undo vpn-instance-capability command to cancel the configuration.

OSPF multi-VPN-instance is often run at a PE router. So a CE router, on which OSPF multi-VPN-instance runs, is called Multi-VPN-Instance CE. Though they both support multi-VPN-instance, Multi-VPN-Instance CE does not necessarily support BGP/OSPF interoperability.

When an OSPF process is bound to a VPN instance, the default OSPF router is PE router. This command will remove the default setting and change a router into a Multi-VPN-Instance CE. . After the configuration, OSPF processes will reestablish all its neighbors. DN bits and Route-tag will not be checked in routing calculation. To prevent route loss, routing loop test is disabled on PE routes. MGP/OSPF interoperability is also disabled to save system resources.

After the display ospf brief command is executed successfully, the system prompts the information:

Multi-VPN-Instance enable on CE router.

Caution:

OSPF processes will set up all its neighbors again after this command is executed.

Example

# Configure OSPF process 100 as Multi-VPN-Instance CE.

[H3C-ospf-100] vpn-instance-capability simple

# Restore the OSPF process 100 as PE.

[H3C-ospf-100] undo vpn-instance-capability

2.1.70 vpn-target

Syntax

vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity | both ]

undo vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity | both ]

View

VPN-instance view

Parameter

import-extcommunity: Ingress route information from the extended community of target VPN.

export-extcommunity: Egress route information to the extended community of target VPN.

both: Imports both ingress and egress route information to the extended community of target VPN.

vpn-target-ext-community: Adds VPN-target extended community attributes to the ingress and egress of VPN-instance or the VPN-target extended community list of ingress and egress.

Description

Use the vpn-target command to create a VPN-target extended community for VPN-instance.

Use the undo vpn-target command to remove the VPN-target extended community attributes.

By default, the default value is both.

Use the vpn-target command you can create ingress and egress route target extended community lists for a specified VPN-instance. Execute this command once for each target community. Import the received routing information bearing the specific VPN-target extended community to all VPN-instances, for which an extended community is configured as ingress VPN-target. VPN-target specifies a target VPN extended community. The same as RD, an extended community is either composed of an ASN and an arbitrary number, or composed of an IP address and an arbitrary number.

RD is in either of the following formats:

16-bit ASN (can be 0 here): A custom 32-bit number, for example, 101:3.

32-bit IP address (can be 0.0.0.0 here): A custom 16-bit number, for example, 192.168.122.15:1.

Example

# Create a VPN-target extended community for the VPN-instance.

[H3C] ip vpn-instance vpn-instance_blue

[H3C-vpn-vpn-instance_blue] vpn-target 1000:1 both

[H3C-vpn-vpn-instance_blue] vpn-target 1000:2 export-extcommunity

[H3C-vpn-vpn-instance_blue] vpn-target 173.27.0.130:2 import-extcommunity

Chapter 3 MPLS L2VPN Configuration Commands

3.1 CCC Configuration Commands

3.1.1 ccc

Syntax

ccc ccc-connection-name interface vlan-interface vlan-id { transmit-lsp transmit-lsp-name receive-lsp receive-lsp-name | out-interface outinterface-type outinterface-number }

undo ccc ccc-connection-name

View

System view

Parameter

ccc-connection-name: Name of the CCC (circuit cross connect) connection, which is used to uniquely identify the CCC connection in the PE (provider edge). This argument is 1 to 20 characters in length.

vlan-id: ID of the VLAN whose interface is used to establish the connection. It must be the ID of an existing VLAN.

transmit-lsp-name: Name of transmitting LSP (the ingress LSP).

receive-lsp-name: Name of receiving LSP (the egress LSP).

outinterface-type outinterface-number: Name of the interface connecting to the second CE (custom edge).

Description

Use the ccc ccc-connection-name interface vlan-interface vlan-id transmit-lsp receive-lsp command to create a remote CCC connection.

Use the ccc ccc-connection-name interface vlan-interface vlan-id out-interface command to create a local CCC connection.

Use the undo ccc command to remove a local/remote CCC connection.

When the interface is a VLAN interface, a CCC connection encapsulates data as Ethernet packets by default.

Example

# Create a remote CCC connection, with the name of clink, the transmitting LSP of tlsp, and the receiving LSP of rlsp.

[H3C] ccc clink interface vlan-interface 201 transmit-lsp tlsp receive-lsp rlsp

# Create a local CCC connection, with the name of clink, and the interfaces connecting to the two CEs being the interfaces of VLAN 201 and VLAN 301 respectively.

[H3C] ccc clink interface vlan-interface 201 out-interface interface vlan-interface 301

3.1.2 debugging mpls l2vpn

Syntax

debugging mpls l2vpn { all | advertisement | error | event | connections [ interface vlan-interface vlan-id ] }

undo debugging mpls l2vpn { all | advertisement | error | event | connections [ interface vlan-interface vlan-id ] }

View

User view

Parameter

all: Enables/Disables all types of L2VPN Debugging.

advertisement: Enables/Disables Debugging for L2VPN BGP/LDP advertisement messages.

error: Enables/Disables Debugging for L2VPN error messages.

event: Enables/Disables Debugging for L2VPN event messages.

connections: Enables/Disables Debugging for connection messages.

vlan-id: ID of the VLAN whose interface is used to establish the connection.

Description

Use the debugging mpls l2vpn command to enable specific type of L2VPN debugging.

Use the undo debugging mpls l2vpn command to disable specific type of L2VPN debugging.

Example

# Enable all types of L2VPN Debugging.

<H3C> debugging mpls l2vpn all

3.1.3 display ccc

Syntax

display ccc [ ccc-name | type [ local | remote ] ]

View

Any view

Parameter

ccc-name: Name of the CCC connection whose information is to be displayed.

type local: Displays information about the local CCC connections only.

type remote: Displays information about the remote CCC connections only.

Description

Use the display ccc command to display the information about specified CCC connections.

Example

# Display information about the CCC connection named c-link.

<H3C> display ccc c-link

name: c-link, type: remote, state: down,

intf: Vlan-interface1003 (down), tran-lsp: ccc2 (up), rcv-lsp: ccc1 (up)

3.1.4 static-lsp egress l2vpn

Syntax

static-lsp egress lsp-name l2vpn incoming-interface vlan-interface vlan-id in-label in-label

undo static-lsp egress lsp-name

View

MPLS view

Parameter

lsp-name: Name of the label switching path (LSP).

vlan-id: ID of the VLAN whose interface is to be used to create the LSP.

in-label-value: Value of the in-label, ranging from 16 to 1,023.

Description

Use the static-lsp egress l2vpn command to create a static L2VPN LSP for the egress label switching router (LSR).

Use the undo static-lsp egress command to remove a L2VPN LSP created for the egress LSR.

You need to create two LSPs (for transmitting and receiving) before creating a remote CCC connection.

Related command: static-lsp ingress l2vpn, static-lsp transit l2vpn, debugging mpls.

Example

# Create a static LSP named bj-sh on the egress LSR.

[H3C-mpls] static-lsp egress bj-sh l2vpn incoming-interface vlan-interface 201 in-label 233

3.1.5 static-lsp ingress

Syntax

static-lsp ingress lsp-name l2vpn nexthop next-hop-addr out-label out-label

undo static-lsp ingress lsp-name

View

MPLS view

Parameter

lsp-name: Name of the LSP.

next-hop-addr: Address of the next hop.

out-label: Value of the out-label, ranging from 16 to 1,023.

Description

Use the static-lsp ingress l2vpn command to create a static L2VPN LSP for the ingress LSR.

Use the undo static-lsp command to remove a static L2VPN LSP.

You need to create two LSPs (for transmitting and receiving) before creating a remote CCC connection.

Related command: static-lsp engress l2vpn, static-lsp transit, debugging mpls.

Example

# Create a static LSP with the destination IP address of 202.25.38.1 for the ingress LSR.

[H3C-mpls] static-lsp ingress bj-sh l2vpn nexthop 1.1.1.1 out-label 100

3.1.6 static-lsp transit l2vpn

Syntax

static-lsp transit lsp-name l2vpn incoming-interface vlan-interface vlan-id in-label in-label nexthop next-hop-addr out-label out-label

undo static-lsp transit lsp-name

View

MPLS view

Parameter

lsp-name: Name of the LSP.

vlan-id: ID of the VLAN whose interface is to be used to create the LSP.

next-hop-addr: Address of the next hop.

in-label: Value of the in-label, ranging from 16 to 1,023.

out-label: Value of the out-label, ranging from 16 to 1,023.

Description

Use the static-lsp transit command to create a static L2VPN LSP for the midway transmitting LSR.

Use the undo static-lsp transit command to remove the static L2VPN LSP created for the midway transmitting LSR.

You need to create two LSPs (for transmitting and receiving) before creating a remote CCC connection. You also need to enable the two LSPs to traverse through each of the midway LSRs.

Related command: static-lsp egress l2vpn, static-lsp ingress l2vpn.

Example

# Create a static L2VPN LSP for the interface of VLAN 201 on the midway transmitting LSR, with the in-label of 123 and the out-label of 253.

[H3C-mpls] static-lsp transit bj-sh l2vpn incoming-interface vlan-interface 201 in-label 123 nexthop 202.34.114.7 out-label 253

3.2 Martini MPLS L2VPN Configuration Commands

3.2.1 display mpls l2vc

Syntax

View

Any view

Parameter

vlan-id: ID of the VLAN whose interface is used to create the virtual circuit.

verbose: Displays the detailed information.

block: Displays only the VC information in Block state.

peer: Specifies Remote Peer.

up: Displays only the VC information in UP state.

vsi: Specifies VSI instance.

Description

Use the display mpls l2vc command to display the information about the virtual circuit (VC) created using label distribution protocol (LDP).

Example

# Display the information about MPLS LDP connections.

<H3C> display mpls l2vc verbose

Interface: Vlan-interface1000State: down, Encapsulation: ethernet, Service: VLL

VC-ID: 4294967295, VC State: down, Destination: 3.3.3.3

Group ID: Local 0, Remote 0, VC Label: Local 32770, Remote 0,

Tunnel Type: LSP, Tunnel Index: 25

Interface: Vlan-interface1001State: down, Encapsulation: ethernet, Service: VLL

VC-ID: 10001, VC State: down, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 32771, Remote 0,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 2, VC State: down, Destination: 1.1.0.3

Group ID: Local 0, Remote 0, VC Label: Local 131072, Remote 0,

Tunnel Type: ---, Tunnel Index: 0

VC-ID: 2, VC State: down, Destination: 3.3.3.3

Group ID: Local 0, Remote 0, VC Label: Local 131073, Remote 0,

Tunnel Type: LSP, Tunnel Index: 25

VC-ID: 2, VC State: up, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 134138, Remote 32773,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 1, VC State: down, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 134142, Remote 0,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 3, VC State: up, Destination: 3.3.3.3

Group ID: Local 0, Remote 0, VC Label: Local 134137, Remote 131072,

Tunnel Type: LSP, Tunnel Index: 25

VC-ID: 3, VC State: down, Destination: 1.1.0.3

Group ID: Local 0, Remote 0, VC Label: Local 131077, Remote 0,

Tunnel Type: ---, Tunnel Index: 0

VC-ID: 3, VC State: up, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 134136, Remote 158987,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 4, VC State: up, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 131075, Remote 131125,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 4, VC State: up, Destination: 3.3.3.3

Group ID: Local 0, Remote 0, VC Label: Local 131076, Remote 132956,

Tunnel Type: LSP, Tunnel Index: 25

VC-ID: 4, VC State: down, Destination: 1.1.0.3

Group ID: Local 0, Remote 0, VC Label: Local 131081, Remote 0,

Tunnel Type: ---, Tunnel Index: 0

VC-ID: 5, VC State: up, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 134139, Remote 131126,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 5, VC State: up, Destination: 3.3.3.3

Group ID: Local 0, Remote 0, VC Label: Local 131080, Remote 131075,

Tunnel Type: LSP, Tunnel Index: 25

VC-ID: 5, VC State: down, Destination: 1.1.0.3

Group ID: Local 0, Remote 0, VC Label: Local 131084, Remote 0,

Tunnel Type: ---, Tunnel Index: 0

VC-ID: 6, VC State: up, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 131074, Remote 131154,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 6, VC State: up, Destination: 3.3.3.3

Group ID: Local 0, Remote 0, VC Label: Local 131083, Remote 131077,

Tunnel Type: LSP, Tunnel Index: 25

VC-ID: 6, VC State: down, Destination: 1.1.0.3

Group ID: Local 0, Remote 0, VC Label: Local 131087, Remote 0,

Tunnel Type: ---, Tunnel Index: 0

VC-ID: 7, VC State: up, Destination: 1.1.1.1

Group ID: Local 0, Remote 0, VC Label: Local 131078, Remote 131182,

Tunnel Type: LSP, Tunnel Index: 23

VC-ID: 7, VC State: up, Destination: 3.3.3.3

Group ID: Local 0, Remote 0, VC Label: Local 131086, Remote 131079,

Tunnel Type: LSP, Tunnel Index: 25

VC-ID: 7, VC State: down, Destination: 1.1.0.3

Group ID: Local 0, Remote 0, VC Label: Local 131090, Remote 0,

Tunnel Type: ---, Tunnel Index: 0

# Display the VC information when MPLS LDP goes up.

<H3C> display mpls l2vc up

Total l2vc : 12

l2vc : 5 up

l2vc : 5 block

l2vc : 2 down

VSI name : vpn3 , Service: VPLS , Service Status : Open

VC-ID Destination State Lcl-Label/Rmt-Label Tunnel/Index

3 2.2.2.2 up 131072/134137 LSP/14

VSI name : vpn4 , Service: VPLS , Service Status : Open

VC-ID Destination State Lcl-Label/Rmt-Label Tunnel/Index

4 2.2.2.2 up 132956/131076 LSP/14

VSI name : vpn5 , Service: VPLS , Service Status : Open

VC-ID Destination State Lcl-Label/Rmt-Label Tunnel/Index

5 2.2.2.2 up 131075/131080 LSP/14

VSI name : vpn6 , Service: VPLS , Service Status : Open

VC-ID Destination State Lcl-Label/Rmt-Label Tunnel/Index

6 2.2.2.2 up 131077/131083 LSP/14

VSI name : vpn7 , Service: VPLS , Service Status : Open

VC-ID Destination State Lcl-Label/Rmt-Label Tunnel/Index

7 2.2.2.2 up 131079/131086 LSP/14

3.2.2 mpls l2vc

Syntax

mpls l2vc ip-address vc-id

undo mpls l2vc

View

VLAN interface view

Parameter

ip-address: IP address of LSR-ID on the peer PE.

vc-id: ID of the VC, ranging from 1 to 4,294,967,295.

Description

Use the mpls l2vc command to create a Martini MPLS L2VPN virtual connection.

Use the undo mpls l2vc command to remove a Martini MPLS L2VPN virtual connection.

You need to enable MPLS L2VPN before using the command.

Related command: mpls l2vpn, display mpls l2vc.

Example

# Create a virtual connection with the ID of 23.

[H3C-Vlan-interface201] mpls l2vc 10.0.0.11 23

3.3 Kompella MPLS L2VPN Configuration Commands

3.3.1 ce

Syntax

ce name [ id id [ range range | default-offset offset ]

undo ce name

View

MPLS L2VPN view

Parameter

name: Name of the CE, which must be unique in the current VPN of the PE. This argument is 1 to 20 characters in length.

id: CE ID, which is used to uniquely identify a CE in the VPN. This argument ranges from 0 to 499.

offset: Specifies the default original CE offset.

range: CE Range, the maximum number of CEs that can be connected to the CE. This argument ranges from 1 to 500.

Description

Use the ce command to create a CE or modify the CE Range.

Use the undo ce command to remove a CE.

The corresponding CE view is created when you create a CE. All the CE connections are configured in CE view.

For VPN capacity expansion, you can set the range argument to a value lager than the currently required number of CEs to be connected. However, this may result in the waste of tags as the system allocates tag blocks for CEs according to the value of the range argument. You can also change the CE Range to a larger number when expanding the VPN (if the previously set CE range is not large enough). For example, if the desired CE number is 20 after the expansion, but the current CE Range is 10, you can change the CE range to 20.

Related command: mpls l2vpn encapsulation, ccc.

Example

# Create a CE for VPNA named “beijing”, with the CE ID of 1. Use the default range (10).

[H3C] mpls l2vpn

[H3C] mpls l2vpn vpna encapsulation ethernet

[H3C-mpls-l2vpn-vpna] ce beijing id 1

[H3C-mpls-l2vpn-ce-vpna-beijing]

3.3.2 connection

Syntax

connection [ ce-offset offset ] { interface vlan-interface vlan-id }

undo connection [ ce-offset offset ] { interface vlan-interface vlan-id }

View

MPLS L2VPN CE view

Parameter

offset: Specifies the ID of the remote CE of the L2VPN connection to create a remote CE connection.

vlan-id: ID of the VLAN whose interface is used to establish the connection.

Description

Use the connection command to create a connection for the CE.

Use the undo connection command to remove the specified CE connection.

You need to configure the route distinguisher (RD) for the MPLS L2VPN before creating a CE connection.

Related command: mpls l2vpn encapsulation.

Example

# Create a CE connection.

[H3C] mpls l2vpn vpna

[H3C-l2vpn-vpna] ce ce-a id 1 range 4

[H3C-l2vpn-vpna-ce-ce-a] connection interface vlan-interface 201

3.3.3 display bgp l2vpn

Syntax

display bgp l2vpn { all | peer | route-distinguisher ASN }

View

Any view

Parameter

all: Displays all the L2VPN information about the address family.

peer: Displays the information about a specified BGP Peer in brief.

route-distinguisher: Displays the information about a specified VPN RD.

ASN: Route identifier.

Description

Use the display bgp l2vpn command to display the information about Kompella L2VPN.

Example

# Display all the L2VPN information.

<H3C> display bgp l2vpn all

BGP local router ID is 172.16.1.5 , Origin codes: i - IGP, e - EGP, ? - incomplete

bgp.l2vpn: 3 destinations

CE ID Label Offset Label Base nexthop pref as-path

Route Distinguisher: 100:1

2 1 800000 1.1.1.1 100 I 200 600

3 1 500000 1.1.1.1 100 I 200 600

Route Distinguisher: 100:2

1 1 700000 1.1.1.1 100 I 200 600

3.3.4 display mpls l2vpn

Syntax

display mpls l2vpn [ vsi-name [ local-ce | remote-ce ] | connection [ vsi-name [ down | remote-ce | up | verbose ] | brief | interface Vlan-interface vlan-id ] | forwarding-info { vc-label | interface interface-type } ]

View

Any view

Parameter

vsi-name: Name of the VPN instance.

local-ce: Displays the state and configuration of the local CE of a specified VPN instance.

remote-ce: Displays the state and configuration of the remote CE of a specified VPN instance.

down: Displays the information about L2VPN whose CE interfaces are Down.

remote-ce: Displays the state and configuration of the remote CE.

up: Displays the information L2VPN whose CE interfaces are Up.

verbose: Displays detailed information about the CE interfaces.

brief: Displays the summary information about a specified connection.

Interface: Displays information about a specified CE interface.

vlan-id: ID of the VLAN whose interface is used to create the connection.

vc-label: VC label.

interface-type: Type of the interface, which can be Aux, Ethernet, LoopBack, M-Ethernet, NULL, Vlan-interface, GigabitEthernet; or 10-GigabitEthernet, Pos, and RPR.

Description

Use the display mpls l2vpn command to display the MPLS L2VPN information. The command can display the state and configuration of the local/remote CE of a specified VPN instance, and the L2VPN information about a specified CE interface.

Example

# Display the L2VPN information about a specified interface.

[DEV-UP] dis mpls l2vpn forwarding-info 10241 interface Vlan-interface 300

VCLABEL TUNNELTYPE ENTRYTYPE OUTINTERFACE OUTSLOT TOKEN CTRLWORD

--------------------------------------------------------------------------------

10241 LSP SEND Vlan-interface100 0 0 FA

LSE

1 Record(s) Found.

[DEV-UP]dis mpls l2vpn connection interface Vlan-interface 300

conn-type: remote, local vc state: up, remote vc state: up,

Local ce-id: 1, local ce name: ce1, remote ce-id: 2,

intf(state,encap): Vlan-interface300(up,ethernet),

peer id: 2.2.2.2, route-distinguisher: 100:1,

local vc label: 10242, remote vc label: 10241,

tunnel type: LSP, tunnel val: 0

3.3.5 l2vpn-family

Syntax

l2vpn-family

undo l2vpn-family

View

BGP view

Parameter

None

Description

Use the l2vpn-family command to create L2VPN address family view.

Use the undo l2vpn-family command to remove L2VPN address family view.

Example

# Create L2VPN address family view.

[H3C] bgp 100

[H3C-bgp] l2vpn-family

[H3C-bgp-af-l2vpn]

3.3.6 mpls l2vpn

Syntax

mpls l2vpn

undo mpls l2vpn

View

System view

Parameter

None

Description

Use the mpls l2vpn command to enable L2VPN.

Use the undo mpls l2vpn command to disable L2VPN.

To execute the command, you need to enable MPLS first.

Related command: mpls, mpls lsr-id.

Example

# Configure LSR ID and enable MPLS.

[H3C] mpls lsr-id 10.0.0.1

[H3C] mpls

# Enable L2VPN.

[H3C] mpls l2vpn

3.3.7 mpls l2vpn encapsulation

Syntax

mpls l2vpn vpn-name [ encapsulation { ethernet | vlan } ]

undo mpls l2vpn vpn-name

View

System view

Parameter

vpn-name: Name of the VPN, which must be unique in the PE. This argument is 1 to 20 characters in length.

encapsulation: User access encapsulation type. Two types are supported currently: Ethernet access and VLAN access. The default encapsulation type is Ethernet.

Description

Use the mpls l2vpn encapsulation command to create a Kompella MPLS L2VPN, specify the encapsulation type, and enter MPLS L2VPN view.

Use the undo mpls l2vpn command to remove a Kompella MPLS L2VPN.

Related command: ce, mtu.

& Note:

You can create a Kompella MPLS L2VPN only after you enable MPLS L2VPN. All L2VPN parameters are configured in L2VPN view.

Example

# Create a Kompella MPLS L2VPN, with the name of test, the encapsulation type of Ethernet.

[H3C] mpls l2vpn test encapsulation ethernet

[H3C-mpls-l2vpn-test]

3.3.8 mtu

Syntax

mtu mtu

View

MPLS L2VPN view

Parameter

mtu: Layer 2 MTU (maximum transmission unit) of the VPN. This argument ranges from 0 to 10,200 and the default value is 1,500.

Description

Use the mtu command to set the MTU for the Kompella MPLS L2VPN.

The same MTU value must be configured for all the PE devices of the same VPN to make sure that the configuration is valid.

Related command: mpls l2vpn encapsulation.

Example

# Set the MTU of the VPN named vpna to 1,000.

[H3C] mpls l2vpn vpna encapsulation vlan

[H3C-mpls-l2vpn-vpna] mtu 1000

3.3.9 peer enable

Syntax

peer { group-name | peer-address } enable

undo peer { group-name | peer-address } enable

View

L2VPN address family view

Parameter

group-name: Name of the peer group. This argument specifies the entire peer group.

peer-address: IP address of a peer. This argument specifies a specific peer.

Description

Use the peer enable command to activate a specified peer or peer group in L2VPN address family view.

Use the undo peer enable command to deactivate a specified peer or peer group in L2VPN address family view.

By default, the unicast peers or peer groups of IPv4 address family are active. Whereas other types of peers or peer groups are inactive.

Example

# Activate peer 192 or peer group 192 in L2VPN address family view.

[H3C-bgp] group 192 internal

[H3C-bgp] peer 192.1.1.1 group 192

[H3C-bgp] l2vpn-family

[H3C-bgp-af-l2vpn] peer 192 enable

H3C S9500 Series Routing Switches Command Manual-(V1.01)

1.1.2 display mpls interface

1.1.3 display mpls lsp

1.1.9 snmp-agent trap enable ldp

1.2.18 mpls ldp transport-ip

2.1.12 display rip vpn-instance

3.3.9 peer enable

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events