Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-MPLS L3VPN Commands | 226.48 KB |
Table of Contents
Chapter 1 MPLS L3VPN Configuration Commands
1.1 MPLS L3VPN Configuration Commands
1.1.4 default local-preference
1.1.8 display bgp routing-table label
1.1.9 display ip routing-table vpn-instance
1.1.10 display ip vpn-instance
1.1.12 display rip vpn-instance
1.1.21 ip binding vpn-instance
1.1.22 ip route-static vpn-instance
1.1.28 peer advertise-community
1.1.31 peer as-path-acl export
1.1.32 peer as-path-acl import
1.1.34 peer default-route-advertise
1.1.35 peer default-route-advertise vpn-instance
1.1.39 peer filter-policy export
1.1.40 peer filter-policy import
1.1.44 peer label-route-capability
1.1.49 peer route-policy export
1.1.50 peer route-policy import
1.1.51 peer route-update-interval
1.1.54 peer vpn-instance enable
1.1.55 peer vpn-instance group
1.1.56 peer vpn-instance route-policy import
1.1.59 port vpn-range share-mode
1.1.61 reflect between-clients
1.1.71 vpn-instance-capability simple
Chapter 1 MPLS L3VPN Configuration Commands
& Note:
For details about the related commands, such as if-match interface, if-match acl, if-match ip-prefix, if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply local-preference, and apply origin, apply tag, refer to the command manuals or the IP Routing Volume.
1.1 MPLS L3VPN Configuration Commands
1.1.1 aggregate
Syntax
aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]*
undo aggregate address mask [ as-set | attribute-policy route-policy-name | detail-suppressed | origin-policy route-policy-name | suppress-policy route-policy-name ]*
View
VPN-instance sub-address family view
Parameters
address: IP address of an aggregated route, in dotted decimal notation.
mask: Network mask of an aggregated route, in dotted decimal notation.
as-set: Generates routes with AS sets.
detail-suppressed: Advertises only aggregated routes.
suppress-policy route-policy-name: Suppresses advertisement of some selected specific routes.
origin-policy route-policy-name: Selects source route for aggregation.
attribute-policy route-policy-name: Sets the attributes of an aggregated route.
Description
Use the aggregate command to create an aggregation entry in the BGP routing table of VPN instance.
Use the undo aggregate command to disable this function.
By default, route aggregation is not enabled.
The function of the keywords involved in the above commands is shown in the following table.
|
Keyword |
Function |
|
as-set |
By setting this keyword, you can create an aggregated route whose AS path contains the information of all the aggregation routes. This keyword is not recommended when aggregating many AS paths because frequent changes of the specific route may result in routing oscillation. |
|
detail-suppressed |
This keyword suppresses advertisement of all the specific routes, but not of the aggregated routes. Using the peer filter-policy command, you can suppress some specific routes. |
|
suppress-policy |
This keyword enables the creation of an aggregate route but disables the advertising of the specified routes. Using the if-match clause in the route-policy command, you can choose to suppress advertisement of some specific routes. |
|
origin-policy |
Using this command, you can only choose the specific routes matching the Route-policy to create aggregated route. |
|
attribute-policy |
Using this keyword, you can set the attributes of the aggregation route. The peer route-policy command can also enables you to complete the same setting. |
Examples
# Create an aggregation entry in the BGP routing table of VPN instance.
[H3C-bgp-af-vpn-instance] aggregate 192.213.0.0 255.255.0.0
1.1.2 apply mpls-label
Syntax
apply mpls-label
undo apply mpls-label
View
Route-policy view
Parameters
None
Description
Use the apply mpls-label command to configure the system to assign MPLS labels to the public network routes that meet the filer condition of Route-policy.
Use the undo apply mpls-label command to cancel this configuration.
By default, the public network routes carry no labels.
Related commands: if-match mpls-label.
Examples
# Define an Apply clause to assign labels to routes meeting the Route-policy filter condition.
[H3C-route-policy] apply mpls-label
1.1.3 debugging bgp
Syntax
debugging bgp { all | event | normal | { keepalive | mp-update | open | packet | route-refresh | update } [ receive | send ] [ verbose ] }
undo debugging bgp { all | event | normal | keepalive | mp-update | open | packet | route-refresh | update }
View
User view
Parameters
all: Enables all types of BGP debugging.
event: Enables BGP event debugging.
normal: Enables BGP common function debugging.
keepalive: Enables BGP Keepalive packet debugging.
mp-update: Enables multi-protocol BGP Update packet debugging.
open: Enables BGP Open packet debugging.
packet: Enables BGP packet debugging.
route-refresh: Enables BGP Route-Refresh packet debugging.
update: Enables BGP Update packet debugging.
receive: Displays receive information.
send: Displays send information.
verbose: Displays detailed information.
Description
Use the debugging bgp command to enable BGP debugging.
Use the undo debugging bgp command to disable BGP debugging.
Caution should be taken in deciding to enable BGP debugging, since debugging affects system performance. Remember to disable the debugging when it is completed.
Examples
# Enable the debugging on the detailed information about BGP Keepalive packets.
<H3C> debugging bgp keepalive verbose
1.1.4 default local-preference
Syntax
default local-preference value
undo default local-preference
View
VPNv4 sub-address family view
Parameters
value: Value of the local precedence, ranging from 0 to 4294967295. A greater value enjoys higher precedence. The default local precedence is 100.
Description
Use the default local-preference command to configure the local precedence for BGP routing in VPN.
Use the undo default local-preference command to restore the default configuration.
The value of the local precedence is advertised between IBGP peers and you can affect the BGP routing in VPN by changing the precedence.
Examples
# Set the local precedence to be 180, so that the system-advertised routing information will be preferred.
[H3C-bgp-af-vpn] default local-preference 180
1.1.5 default med
Syntax
default med med-value
undo default med
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
med-value: MED value, ranging from 0 to 4294967295. The default value is 0.
Description
Use the default med command to configure the MED value of the system.
Use the undo default med command to restore the default value.
MED attributes, switched between autonomous system (AS), is an external measurement for routes and does not leave AS once entering it. The route with smaller MED value will be selected as the external one for AS when other conditions hold.
Examples
# The routers RTA and RTB belong to AS100 and the router RTC belongs to AS200. RTC associates with RTA and RTB. Set the MED value of RTA 25. This makes the RTC prefer the route sent by RTB.
[H3C-bgp-af-vpn-instance] default med 25
1.1.6 description
Syntax
description vpn-instance-description
undo description
View
VPN-instance view
Parameters
vpn-instance-description: Specifies the description of a specified VPN instance.
Description
Use the description command to configure description for a specified VPN instance.
Use the undo description command to remove the description of this VPN instance.
Examples
# Display the VPN description.
[H3C-vpn-vpna] description test
1.1.7 display bgp vpnv4
Syntax
display bgp vpnv4 { all | route-distinguisher rd-value | vpn-instance vpn-instance-name } { group [ group-name ] | network | peer [ [ peer-address ] verbose ] | routing-table [ options ] }
View
Any view
Parameters
all: Displays all the VPNv4 routings.
route-distinguisher rd-value: Displays the information related to RD.
vpn-instance vpn-instance-name: Displays the information related to VPN instance.
group: Displays the information of a neighbor peer group.
network: Displays the advertised routing information.
peer: Displays the peer information.
verbose: Displays detailed peer information.
routing-table: Displays routing information.
options: Options for viewing the routing information.
Description
Use the display bgp vpnv4 command to view the VPN address in BGP table.
Examples
# Display all the BGP VPNv4 routing tables.
<H3C> display bgp vpnv4 all routing-table
Flags: # - valid ^ - active I - internal
D - damped H - history S - aggregate suppressed
In/out As
Dest/mask Next-hop Med Local-pref label path
----------------------------------------------------------------
Route Distinguisher:1.1.1.1:1 (VPN instance:v1)
#^ 1.0.0.0 0.0.0.0 -/1024
Routes total: 1
1.1.8 display bgp routing-table label
Syntax
display bgp routing-table label
View
Any view
Parameters
None
Description
Use the display bgp routing-table label command to view the routing information and label information in the BGP routing table. For an unlabelled common IPv4 route, the label in the displayed information is null. If you use the display bgp routing-table address [ mask ] command to view the BGP routing information, the label information will be displayed if the route has a label.
Examples
# View the BGP routing information.
<H3C> display bgp routing-table label
Flags: # - valid ^ - active I - internal
D - damped H - history S - aggregate suppressed
In/out
Dest/Mask Next-Hop Label
--------------------------------------------------------------
#^ 9.0.0.1/32 0.0.0.0 1024/-
# View the detailed BGP routing information.
<H3C> display bgp routing-table 9.0.0.1
BGP routing table entry information of 9.0.0.1/32
Age : 00:00:32
From : local
State : valid, sourced, active,
Nexthop : 0.0.0.0
Origin : INC
As-path : (null)
Med : 1563
In/Out label : 1024/-
1.1.9 display ip routing-table vpn-instance
Syntax
display ip routing-table vpn-instance vpn-instance-name [ [ ip-address ] | [ verbose ] statistics ]
View
Any view
Parameters
vpn-instance-name: Name assigned to VPN-instance.
ip-address: Displays information of the specified address
statistics: Displays statistics of routes.
verbose: Displays detailed information.
Description
Use the display ip routing-table VPN-instance command to view the specified information in the IP routing table of vpn-instance.
Examples
# Display the IP routing table associated with the VPN-instance.
<PEA> disp ip routing-table vpn-instance vpna-ce1
vpna-ce1 Route Information
Routing Table: vpna-ce1 Route-Distinguisher: 100:1
Destination/Mask Protocol Pre Cost Nexthop Interface
20.20.20.0/24 BGP 256 0 40.40.40.40 Vlan-interface24
40.40.40.0/24 DIRECT 0 0 40.40.40.10 Vlan-interface24
40.40.40.10/32 DIRECT 0 0 127.0.0.1 InLoopBack0
80.80.80.0/24 BGP 256 0 40.40.40.40 Vlan-interface24
200.200.200.0/24 BGP 256 0 40.40.40.40 Vlan-interface24
VPN Routing Table: Route-Distinguisher: 100:2
20.20.20.0/24 BGP 256 0 2.2.2.2 InLoopBack0
30.30.30.0/24 BGP 256 0 2.2.2.2 InLoopBack0
1.1.10 display ip vpn-instance
Syntax
display ip vpn-instance [ vpn-instance-name | verbose ]
View
Any view
Parameters
vpn-instance-name: Name assigned to VPN-instance.
verbose: Displays detailed information.
Description
Use the display ip vpn-instance command to view the information related to VPN-instance, such as RD, description, and interfaces of the VPN instance.
Examples
# Display the information about VPN-instance VPN 1.
<H3C> display ip vpn-instance vpn1
VPN-Instance : vpn1
No description
Route-Distinguisher : 100:6
Interfaces :
Vlan-interface1100
1.1.11 display mpls l3vpn-lsp
Syntax
display mpls l3vpn-lsp [ vpn-instance vpn-instance-name ] [ transit | egress | ingress ] [ include text | verbose ]
View
Any view
Parameters
transit: LSP for the ASBR (Autonomous System Boundary Router).
egress: LSP of egress VPN.
ingress: LSP of ingress VPN.
vpn-instance: Specifies the name of VPN routing/forwarding VPN-instance
include text: Only matches the string including the specified information.
verbose: Displays detailed information.
Description
Use the display mpls l3vpn-lsp command to view the information of MPLS L3VPN LSPs of the specified VPN-instance.
Examples
# Display MPLS L3VPN transit lsp information on the ASBR.
<H3C> display mpls l3vpn-lsp transit
-----------------------------------------------------------------------
LSP Information: Ebgp Transit Lsp
-----------------------------------------------------------------------
NO I/O-LABEL NEXTHOP IN-INTERFACE OUT-INTERFACE
1 1025/3 30.30.1.2 ------- Vlan20
2 1024/3 10.10.1.2 ------- Vlan10
3 1026/1024 30.30.1.2 ------- Vlan20
TOTAL: 3 Record(s) Found.
Table 1-2 Description on the fields of the command
|
Field |
Description |
|
NO |
Number |
|
I/O-LABEL |
Incoming/Outgoing label. VPN labels (labels advertised with VPNV4 routes) will be displayed in case of uni-hop EBGP cross-AS MPLS L3 VPN networking, and tunneling labels (labels advertised with unicast routes and labels advertised by LDP protocol) will be displayed in case of multi-hop EBGP cross-AS MPLS L3 VPN networking. |
|
NEXTHOP |
Next hop |
|
IN-INTERFACE |
Ingress interface |
|
OUT-INTERFACE |
Egress interface |
# Display MPLS L3VPN ingress lsp information on PE (Provider Edge).
<H3C> display mpls l3vpn-lsp ingress
-----------------------------------------------------------------------
LSP Information: L3vpn Ingress Lsp
-----------------------------------------------------------------------
Vpn-instance Name: vpna Route Distinguisher: 100:1
NO FEC NEXTHOP OUTER-LABEL OUT-INTERFACE
1 168.3.1.0/24 10.10.1.1 1026(vpn) Vlan10
TOTAL: 1 Record(s) Found.
Table 1-3 Description on the fields of the command
|
Field |
Description |
|
NO |
Number |
|
FEC |
Forwarding equivalent class |
|
NEXTHOP |
Next hop |
|
OUTER-LABEL |
Outer label (MPLS Tunneling Label) |
|
OUT-INTERFACE |
Egress interface |
# Display MPLS L3VPN egress lsp information on PE.
<H3C> display mpls l3vpn-lsp egress
---------------------- -------------------------------------------------
LSP Information: L3vpn Egress Lsp
-----------------------------------------------------------------------
NO VRFNAME INNER-LABEL NEXTHOP OUT-INTERFACE
1 vpna 4096 0.0.0.0 InLoop0
TOTAL: 1 Record(s) Found.
Table 1-4 Description on the fields of the command
|
Field |
Description |
|
NO |
Number |
|
VRFNAME |
Name of VPN Instance |
|
INNER-LABEL |
Inner label (VPN label) |
|
NEXTHOP |
Next hop |
|
OUT-INTERFACE |
Egress interface |
1.1.12 display rip vpn-instance
Syntax
display rip vpn-instance vpn-instance-name
View
Any view
Parameters
vpn-instance vpn-instance-name: Specifies a VPN instance name.
Description
Use the display rip vpn-instance command to view the configuration related to VPN instance of RIP.
Examples
# View the specified VPN instance configuration of RIP.
<H3C> disp rip vpn vpn1
RIP is running
private net VPN-Instance: vpn1
Checkzero is on Default cost : 1
Summary is on Preference : 100
Period update timer : 30
Timeout timer : 180
Garbage-collection timer : 120
No peer router
Network :
192.168.0.0
1.1.13 domain-id
Syntax
domain-id { id-number | id-addr }
undo domain-id
View
OSPF protocol view
Parameters
id-number: Domain-id for a VPN instance, an integer in the range of 0 to 4294967295. By default, it is 0.
id-addr: IP address format of Domain-id for a VPN instance. By default, it is 0.0.0.0.
Description
Use the domain-id command to specify Domain-id for a VPN instance.
Use the undo domain-id command to restore the default Domain-id.
For standard BGP/OSPF interoperability, when BGP routes are imported to OSPF at PE, their original OSPF attributes cannot be restored. As these BGP VPN IP routes are issued to CE as ASE LSA (type-5 LSA), OSPF cannot distinguish them from the routes imported from other route domains. In order to distinguish external routes from OSPF internal routes, it is required to restore the attributes of BGP routes when they are imported to OSPF at the remote end. To achieve this goal, we can configure a Domain-id for each OSPF domain. A Domain-id is attached to a BGP/VPN route when an OSPF route is imported into BGP/VPN for transmission over BGP/VPN routes. Then when BGP routes are imported to the peer PE, LAS values are filled in according to the extended community attributes. If the received BGP VPN IP routes have the same Domain-id, they are from the same VPN instance route.
By default, Domain-id is 0.
Caution:
The specified Domain-id will not take effect until the reset ospf command is executed.
Examples
# Set Domain-id 100 to OSPF process 100.
[H3C-ospf-100] domain-id 100
[H3C-ospf-100] domain-id 0.0.0.100
1.1.14 export route-policy
Syntax
export route-policy route-policy-name
undo export route-policy
View
VPN-instance view
Parameters
route-policy-name: Name of an outgoing routing policy, a string of 1 to 19 alphanumeric characters.
Description
Use the export route-policy command to associate the current VPN instance with an outgoing routing policy.
Use the undo export route-policy command to remove the association between the current VPN instance and an outgoing routing policy.
When the advertisement of routing information needs to be controlled in a more accurate manner than using extended community attributes only, you can use an outgoing routing policy. The use of an outgoing routing policy may deny the selected route in the advertised routes.
There is no default for an outgoing routing policy. Without this command configured, all routes that match the VPN-target attribute are permitted.
Example
# Apply outgoing routing policy poly-1 to VPN instance vrf1.
[H3C] ip vpn-instance vrf1
[H3C-vpn-instance-vrf1] export route-policy poly
1.1.15 filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
View
VPNv4 sub-address family view, VPN instance sub-address family view
Parameters
acl-number: ACL number, ranging from 2000 to 3999, matching the destination address of routing.
ip-prefix-name: Name of IP prefix to match the destination of routing information.
protocol: Routing protocol whose routing information will be filtered. You can specify one of the following protocols: direct, static, isis, ospf, ospf-ase, ospf-nssa, or rip. If you specify ospf, ospf-ase, or ospf-nssa, the OSPF process ID is needed.
Description
Use the filter-policy export command to configure to filter routing information redistribute by a certain protocol. Only the filtered routing information can be advertised. Use the undo filter-policy export command to cancel the configuration.
By default, the redistribute routing will not be filtered.
Related commands: filter-policy import.
Examples
# Define that only the routes that can pass the filtering of ACL 3000 can be received by BGP.
[H3C-bgp-af-vpn-instance] filter-policy 3000 export
1.1.16 filter-policy import
Syntax
filter-policy [ ip-prefix ip-prefix-name ] gateway ip-prefix-name import
undo filter-policy [ ip-prefix ip-prefix-name ] gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import
View
VPNv4 sub-address family view, VPN instance sub-address family view
Parameters
acl-number: ACL number, ranging from 2000 to 3999 to match the destination address of routing.
ip-prefix ip-prefix-name: Specifies the name of IP prefix list to match destination of routing.
gateway ip-prefix-name: Specifies the name of the IP prefix list for the neighboring routers whose routing information will be filtered.
Description
Use the filter-policy gateway import command to filter the information imported from specified routers.
Use the undo filter-policy gateway import command to cancel the setting.
Use the filter-policy import command to set the filtering conditions to filter routing information.
Use the undo filter-policy import command to cancel the setting on filtering conditions.
By default, no filtering is performed on the received information.
Related commands: filter-policy export.
Examples
# Define a filtering rule for receiving routing information: Only the routing information matching the IP prefix ACL P1 can it be received by VPN.
[H3C-bgp-af-vpn-instance] filter-policy ip-prefix p1 import
1.1.17 group
syntax
group group-name [ internal | external ]
undo group group-name
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group. It can be expressed in string of letters and numbers from 1 to 47 in length.
internal: Creates an internal peer group.
external: Creates an external peer group including other sub-AS groups in federation.
Description
Use the group command to create a BGP peer group in VPN-instance.
Use the undo group command to delete a specified BGP peer group.
By default, the MP-IBGP peer is created.
Members in one peer group must have the same routing export policy as the group does, but can have different ingress policies.
Examples
# Create an MP-EBGP peer group named test.
[H3C-bgp-af-vpn-instance] group test external
1.1.18 if-match mpls-label
Syntax
if-match mpls-label
undo if-match mpls-label
View
Route-policy view
Parameters
None
Description
Use the if-match mpls-label command to configure the system to match only the public network routes that carries an MPLS label.
Use the undo if-match mpls-label command to cancel this configuration.
Related commands: apply mpls-label.
Examples
# Define an if-match clause to allow label-carrying routes to pass the filtering of this clause.
[H3C-route-policy] if-match mpls-label
1.1.19 if-match vpn-target
Syntax
if-match vpn-target { vpn-target | begin vpn-target count }
undo if-match vpn-target
View
Route-policy view
Parameters
vpn-target: Route VPN-target attribute values used for matching, in ASN:nn or IP-address:nn format.
count: Number of the route VPN-target values used for matching, in the range of 2 to 65535.
Description
Use the if-match vpn-target command to match the route's vpn-target attribute. The match for a route succeeds only when the route's vpn-target attribute is a subset of the configured values, otherwise, if the route has no vpn-target attribute or has at least one attribute value that is not in the configuration range, the match fails. The if-match vpn-target command is applicable only to the PE devices on nested VPN network to limit VPNV4 routes with the VPN-Target attribute from the CE devices.
Use the undo if-match vpn-target command to cancel the configuration.
Use the if-match vpn-target vpn-target command to list up to 10 vpn-target attribute values to be matched.
Use the if-match vpn-target begin vpn-target count command to set the start value and the total number of the vpn-target values to be matched.
Examples
# Define an if-match clause to match the following VPN-target attribute values: 100:1, 200:1, 300:1, 300:2 and 400:3.
[H3C-route-policy] if-match vpn-target 100:1 200:1 300:1 300:2 400:3
With the above-mentioned configuration, if a route's attribute value is 100:1 300:1, the route will pass the matching; if the route's attribute value is 200:1 500:1, it will not pass the matching because 500:1 is not one of the attribute values that have been configured.
# Define an if-match clause to match ten VPN-target attribute values starting from 100:1, that is, 100:1 to 100:10.
[H3C-route-policy] if-match vpn-target begin 100:1 10
# Define an if-match clause to match five VPN-target attribute values starting from 1.1.1.1:65533, that is, 1.1.1.1:65533, 1.1.1.1:65534, 1.1.1.1:65535, 1.1.1.2:0, and 1.1.1.2:1.
[H3C-route-policy] if-match vpn-target begin 1.1.1.1:65533 5
1.1.20 import-route
syntax
import-route { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip | static } [med value | route-policy route-policyname ]
undo import-route { { ospf | ospf-ase | ospf-nssa } [ process-id ] | direct | rip | static }
View
VPN-instance sub-address family view
Parameters
process-id: OSPF process ID, ranging from 1 to 65535. By default, it is 1.
ospf: Imports only the ASE internal route discovered by the OSPF process process-id as the external route.
ospf-ase: Imports only the OSPF-ASE route discovered by OSPF process with process-id as the external route.
ospf-nssa: Imports only the OSPF-NSSA route discovered by OSPF process with process-id as the external route.
med value: Specifies a route cost value, which ranges from 0 to 4294967295.
route-policyname: Name of Route-policy, consisting of 1 to 19 characters.
Description
Use the import-route ospf command to enable OSPF route import.
Use the undo import-route ospf command to disable OSPF route import.
Caution:
By default, the process ID is 1.
Examples
# Configure to import an OSPF route with process ID 100.
[H3C]ip vpn-instance sphinx
[H3C-vpn-sphinx]route-distinguisher 168.168.55.1:85
[H3C-vpn-sphinx]quit
[H3C]bgp 352
[H3C-bgp]ip vpn-instance sphinx
[H3C-bgp-af-vpn-instance] import-route ospf 100
1.1.21 ip binding vpn-instance
Syntax
ip binding vpn-instance vpn-instance-name
undo ip binding vpn-instance vpn-instance-name
View
VLAN interface view
Parameters
vpn-instance-name: Name assigned to VPN-instance.
Description
Use the ip binding vpn-instance command to bind a VLAN interface to a VPN-instance.
Use the undo ip binding vpn-instance command to delete the binding.
By default, global routing table is used.
You need to reconfigure the IP address for an interface since this command deletes the original IP address.
Examples
# Bind the VLAN201 interface to the VPN-instance VPN 1.
[H3C] interface vlan-interface 201
[H3C-Vlan-interface201] ip binding vpn-instance vpn1
1.1.22 ip route-static vpn-instance
Syntax
ip route-static [ vpn-instance vpn-instance-name-list ] ip-address { mask | mask-length } { interface-type interface-number | vpn-instance vpn-instance-name nexthop-ip-address } [ public ] [ preference preference-value | tag tag-value | public ] * [ reject | blackhole ] [ description text ]
undo ip route-static vpn-instance vpn-instance-name-list destination-ip-address { mask | mask-length } [ interface-name | vpn-instance vpn-nexthop-name ] nexthop-ip-address [ public ] [ preference preference-value ]
View
System view
Parameters
vpn-instance-name-list: Name of the VPN instance list, in the form of vpn-instance-name & <1-6>, where &<1-6> means that you can provide a maximum of 6 VPN instance names.
destination-ip-address: Destination address of a static route.
mask: Subnet mask.
mask-length: Length of the mask, ranging to 0 to 32. As it requires consecutive 1s in a 32-bit mask, the mask in dotted decimal notation can be substituted by mask-length (mask-length is represented by the number of consecutive 1s in the mask).
interface-type interface-number: Outgoing interface name of a static route. You can specify the interface of the public network or other VPN-instance as the outgoing-interface of the static route .NULL 0 shows the outgoing-interface is null.
nexthop-ip-address: Specifies IP address of the next hop for the static route.
preference-value: Specifies preference value, ranging from 1 to 255, By default it is 60.
tag-vlaue: Tag of the static route.
public: Configures a route as public network route.
reject: Configures a route as unreachable.
blackhole: Configures a route as blackhole.
description text: Descrptive information of the configuration.
Description
Use the ip route-static vpn-instance command to configure a static route by specifying an interface of a private network as an egress interface.
Use the undo ip route-static vpn-instance command to remove the configuration.
Examples
# Configure a static route with destination address 100.1.1.1 and next hop address 1.1.1.2.
[H3C] ip route-static vpn-instance vpn1 100.1.1.1 16 vpn-instance vpn1 1.1.1.2
1.1.23 ip vpn-instance
Syntax
ip vpn-instance vpn-instance-name
undo ip vpn-instance vpn-instance-name
View
System view
Parameters
vpn-instance-name: Name assigned to VPN-instance.
Description
Use the ip vpn-instance command to create a VPN instance and enter VPN instance view.
Use the undo ip vpn-instance command to delete the specified VPN instance.
By default, VPN-instance is not defined. Neither input nor output list is associated with VPN-instance. No Route-map is associated with VPN-instance.
Use the ip vpn-instance command to create a VPN-instance named vpn-name.
Examples
# Create the VPN instance VPN 1.
[H3C] ip vpn-instance vpn1
[H3C-vpn-vpn1]
1.1.24 ipv4-family
Syntax
BGP view, VPN-instance sub-address family view or VPNv4 sub-address family view:
ipv4-family { vpn-instance vpn-instance-name | vpnv4 [ unicast ] }
undo ipv4-family { vpn-instance vpn-instance-name | vpnv4 [ unicast ] }
RIP view:
ipv4-family [ unicast ] vpn-instance vpn-instance-name
undo ipv4-family [ unicast ] vpn-instance vpn-instance-name
View
BGP view, VPN-instance sub-address family view or VPNv4 sub-address family view, and RIP view.
Parameters
vpn-instance vpn-instance-name: Associates a specified VPN-instance with the MBGP address family. This parameter is used to enter MBGP VPN-instance sub-address family view.
vpnv4: Enters MBGP VPNv4 address family view.
unicast: Uses unicast sub–address family.
Description
Use the ipv4-family vpn-instance command to enter MBGP VPN-instance sub-address family view.
Use the undo ipv4-family vpn-instance command to delete the association of a VPN-instance with MBGP address family, and return to BGP unicast view.
Use the ipv4-family vpnv4 command to enter MBGP VPNv4 sub-address family view. Use the undo ipv4-family vpnv4 command to delete the configuration of MBGP VPNv4 sub-address family view.
By default, unicast address is used when VPNv4 address family is configured.
By default, use the unicast address when configuring the MBGP address family.
Use this command to enter address family view and configure parameters related to BGP address family in this view.
Related commands: peer enable.
Examples
# Associate a specified VPN-instance with MBGP address family to enter MBGP VPN-instance sub-address family view. You must first configure VPN-instance before you perform that configuration.
[H3C] bgp 100
[H3C–bgp] ipv4-family vpn-instance abc
[H3C-bgp-af-vpn-instance]
# Enter VPNv4 sub-address family view.
[H3C] bgp 100
[H3C-bgp] ipv4-family vpnv4 unicast
[H3C-bgp-af-vpn]
1.1.25 nesting-vpn
Syntax
nesting-vpn
undo nesting-vpn
View
BGP-VPNv4 sub-address family view
Parameters
None
Description
Use the nesting-vpn command to enable the nested VPN function.
Use the undo nesting-vpn command to disable this function.
By default, the nested VPN function is disabled.
If VPNv4 route advertisement is needed for a CE connected to a PE, the nested VPN function must be enabled on the PE.
Examples
# Enable the nested VPN function.
[H3C-bgp-af-vpn] nesting-vpn
1.1.26 network
Syntax
network ip-address [ address-mask ] [ route-policy policy-name ]
undo network ip-address [ address-mask ] [ route-policy policy-name ]
View
VPN-instance sub-address family view
Parameters
ip-address: Network address advertised by BGP in dotted decimal notation.
address-mask: Mask of the network address.
policy-name: Name of the routing policy applied to the advertised route.
Description
Use the network command to configure the network route advertised to the outside by local BGP.
Use the undo network command to cancel the configuration.
By default, local BGP does not advertise any route to the outside.
Examples
# Configure local router to advertise the routing with the destination network segment 10.0.0.0/16.
[H3C-bgp-af-vpn-instance] network 10.0.0.1 255.255.0.0
1.1.27 ospf
Syntax
ospf process-id [ router-id router-id-number ] [ vpn-instance vpn-instance-name ]
undo ospf process-id
View
System view
Parameters
process-id: OSPF Process ID. The default process ID is 1.
router-id-number: Router ID for an OSPF process. It is optional.
vpn-instance-name: VPN instance bound to an OSPF process.
Description
Use the ospf command to enable an OSPF process.
Use the undo ospf command to disable an OSPF process.
After enabling an OSPF process, you can perform the configuration related to OSPF in the OSPF protocol view.
By default, OSPF protocol is not used in the system.
CMW supports multiple OSPF processes, so you can specify different process IDs to enable multiple OSPF processes on a router.
You are recommended to specify Route-id in a process using Router-id when enabling the OSPF process. If you want to enable multiple processes on a router, you are recommended to specify different Router IDs for different processes.
To enable an OSPF process belonging to a public network without a Router ID, the following conditions should be satisfied:
l RM (Route Manage) is configured with a Router ID.
l There is an interface that is configured with an IP address.
If you enable an OSPF process without specifying a Router ID, and the process is to be bound to a VPN instance, the VPN instance should have an interface that is configured with an IP address.
If you want to bind a process to a VPN instance, you must specify the VPN instance name.
One VPN instance may include several processes. For example, for VPN1, you can configure the commands OSPF 1 VPN-instance VPN1, OSPF2 VPN-instance VPN1, and OSPF3 VPN-instance VPN1. Accordingly, VPN instance VPN1 will include the OSPF processes 1, 2, and 3.
However, one process belongs to one instance only. If you have configured OSPF 1 VPN-instance VPN1, you cannot configure OSPF 1 VPN-instance VPN2. Otherwise, the system prompts: “Wrong configuration. Process 1 has been bound to VPN-instance VPN-instance 1”. If you configure OSPF 1 first and then OSPF 1 VPN-instance VPN1, the system prompts: “Wrong configuration. Process 1 has been running in public domain”.
If you configure OSPF 1 VPN-instance VPN1 first and then OSPF 1, the system enters OSPF 1 VPN-instance VPN1 mode. That is, the OSPF 1 and OSPF 1 VPN-instance VPN1 commands are equivalent.
When an OSPF process is bound to a VPN instance, the default OSPF router is PE router. After executing the display OSPF process-id brief command, you will view the information: “PE router, connected to VPN backbone”.
Caution:
l A router can run no more than 1024 OSPF processes, with up to 10 processes enabled in each VPN instance.
l If you bind an OSPF process to a nonexistent VPN instance, the configuration for the command fails and display the errors: The specified VPN-Instance does not exist, or the VPN-Instance's Route-Distinguisher is not specified.
l When a VPN instance is deleted, all the related OSPF processes will be deleted. For example, the VPN instance VPN 1 includes the OSPF processes 1, 2 and 3. If VPN instance VPN 1 is deleted, the OSPF processes 1, 2 and 3 will all be deleted at the same time.
Related commands: network.
Examples
# Enable OSPF protocol with the default process ID 1.
[H3C] router id 10.110.1.8
[H3C] ospf
# Enable OSPF protocol with the process ID 120.
[H3C] router id 10.110.1.8
[H3C] ospf 120
[H3C-ospf-120]
# Enable OSPF process with the process ID 100, specify its Route ID to 2.2.2.2, and bind it to VPN instance VPN1.
[H3C] ospf 100 router-id 2.2.2.2 vpn-instance vpn1
[H3C-ospf-100]
1.1.28 peer advertise-community
peer group-name advertise-community
undo peer group-name advertise-community
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
Description
Use the peer advertise-community command to configure to transmit the community attributes to a specified peer group.
Use the undo peer advertise-community command to cancel this configuration.
By default, the BGP advertiser does not transmit the community attributes to peer group.
Related commands: if-match community, apply community.
Examples
# Transmit the community attributes to the peer group test.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test advertise-community
1.1.29 peer allow-as-loop
Syntax
peer { group-name | peer-address } allow-as-loop [asn-limit]
undo peer { group-name | peer-address } allow-as-loop
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: IP address of a specified peer.
asn-limit: Maximum times for which autonomous system (AS) number is allowed to receive in route updates.
Description
Use the peer allow-as-loop command to allow loop in the route updates in the Hub & Spoke networking mode.
Use the undo peer allow-as-loop command to prohibit loop in the route updates.
By default, loop is prohibited in the received routing updates; by using the peer allow-as-loop command, loop is allowed in the received routing updates. The default value of asn-limit argument is 3.
Standard BGP tests loop using AS number. However, on a Hub & Spoke network running EBGP between PE and CE, PE carries its own AS number when advertising route information to CE. Accordingly, the updated route information will contain PE’s AS number when it is sent from CE. In this case, PE will not accept the route updates.
You can avoid this by using the peer allow-as-loop command, which makes PE router allow the route updates from CE to contain its AS number. You can define asn-imit to control the maximum times for which AS number is received by PE.
Examples
# Enable route loop.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer 1.1.1.1 allow-as-loop 1
1.1.30 peer as-number
Syntax
peer { group-name | [ peer-address group group-name ] }as-number as-number
undo peer { group-name | [ peer-address group group-name ] }as-number as-number
View
VPN-instance sub-address family view
Parameters
group-name: Name of a peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: IP address of peer group.
as-number: Opposite AS number of a peer (group).
Description
Use the peer as-number command to configure the opposite AS number of a specified peer (group).
Use the undo peer as-number command to remove the opposite AS number of a specified peer (group).
By default, the opposite end of a peer (group) has no AS number.
Examples
# Set the opposite AS number of a specified peer (group) to 100.
[H3C-bgp] ipv4-family vpn-instance test
[H3C-bgp-af-vpn-instance] peer test as-number 100
1.1.31 peer as-path-acl export
Syntax
peer group-name as-path-acl acl-number export
undo peer group-name as-path-acl acl-number export
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
acl-number: AS regular expression ACL number, ranging 1 to 199.
Description
Use the peer as-path-acl export command to apply the routing filtering policy based on AS path list to the advertised routing information.
Use the undo peer as-path-acl export command to cancel the configuration.
By default, there is no filtering policy based on AS path list.
You can only use the peer as-path-acl export command in the peer group.
Related commands: peer as-path-acl import.
Examples
# Configure the test peer group to filter the advertised routing information with the AS path ACL 3000.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test as-path-acl 3000 export
1.1.32 peer as-path-acl import
Syntax
peer { group-name | peer-address } as-path-acl acl-number import
undo peer { group-name | peer-address } as-path-acl acl-number import
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: IP address of the peer group in dotted decimal notation.
acl-number: AS regular expression ACL number, ranging 1 to 199.
import: Filters the received routes with AS path list.
Description
Use the peer as-path-acl import command to configure peers from filter received routing information with routing filtering policy based on AS path list.
Use the undo peer as-path-acl import command to cancel the configuration.
By default, there is no filtering policy based on AS path list.
The incoming filtering policy applied to peers takes precedence over the configuration to peer groups.
Examples
# Configure the test peer group to filter the received routes with AS path ACL 3000.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test as-path-acl 3000 import
1.1.33 peer connect-interface
Syntax
peer { group-name | ip-address } connect-interface { interface-type interface_num }
undo peer { group-name | ip-address } connect-interface
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
ip-address: Peer IP address.
interface-type interface-number: Interface type and interface number.
Description
Use the peer connect-interface command to configure to allow the internal BGP session to use any operable interface for a TCP connection.
Use the undo peer connect-interface command to restore the optimum local address for a TCP connection.
By default, BGP uses the optimum local address to implement a TCP connection.
Generally, BGP uses the optimum local address to implement a TCP connection. In order to make the TCP connection valid even when the interface fails, you can configure to allow the internal BGP session to use any operable interface for the TCP connection. Usually, loopback interface is used.
Examples
# Allow the internal BGP session to use any operable interface for a TCP connection.
[H3C-bgp] ipv4-family vpn-instance test
[H3C-bgp-af-vpn-instance] peer 1.1.1.1 connect-interface loopback 0
1.1.34 peer default-route-advertise
Syntax
peer group-name default-route-advertise
undo peer group-name default-route-advertise
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
Description
Use the peer default-route-advertise command to enable a peer (group) to transmit a default route.
Use the undo peer default-route-advertise command to remove the existing configuration.
By default, a peer (group) does not transmit a default route.
This command does not require any default route in the routing table but transmits a default route whose next hop address is itself to the peer unconditionally.
Examples
# Enable the peer group test to transmit a default route.
[H3C-bgp] ipv4-family vpn-instance a
[H3C-bgp-af-vpn-instance] peer test default-route-advertise
1.1.35 peer default-route-advertise vpn-instance
Syntax
peer ip-address default-route-advertise vpn-instance vpn-instance name
undo peer ip-address default-route-advertise vpn-instance vpn-instance name
View
VPNv4 sub-address family view
Parameters
ip-address: Peer IP address.
vpn-instance name: Name of the created VPN instance.
Description
Use the peer default-route-advertise vpn-instance command to enable a peer to import a default route.
Use the undo peer default-route-advertise vpn-instance to restore the configuration.
By default, a peer does not import a default route.
This command does not require any default route in the routing table but transmits a default route whose next hop address is itself to the peer unconditionally.
Examples
# Enable the peer test to import a default route.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer 10.1.1.1 default-route-advertise vpn-instance test
1.1.36 peer description
Syntax
peer { group-name | peer-address } description description-line
undo peer { group-name | peer-address } description
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address, in dotted decimal notation.
description-line: Description of the configuration, up to 79 characters in length.
Description
Use the peer description command to set the description of a peer (group).
Use the undo peer description command to delete the description.
By default, there is no description for a peer (group).
The peer description is independent of the peer's group description.
Related commands: display bgp peer verbose, display bgp group.
Examples
# Set description of the peer group group1 to be city 1.
[H3C-bgp-af-vpn-instance] peer group1 description city1
1.1.37 peer ebgp-max-hop
Syntax
peer group-name ebgp-max-hop [ ttl ]
undo peer group-name ebgp-max-hop
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address.
ttl: Maximum hops, in the rang of 1 to 255 and is 64 by default.
Description
Use the peer ebgp-max-hop command to establish an EBGP connection with a specified neighbor which is attached to the network indirectly.
Use the undo peer ebgp-max-hop command to restore the default setting.
By default, you can only make a connection with a direct accessing EBGP neighbor.
Examples
# Enable the router to connect the EBGP peer group test that is attached to the network indirectly.
[H3C-bgp] ipv4-family vpn-instance test
[H3C-bgp-af-vpn-instance] peer test ebgp-max-hop
1.1.38 peer enable
Syntax
peer group-name enable
undo peer group-name enable
View
VPNv4 sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
Description
Use the peer enable command to enable a specified peer group.
Use the undo peer enable command to disable a specified peer group.
For IPv4 address family, address switching is enabled by default.
Examples
# Enable the peer group 168.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer 168 enable
1.1.39 peer filter-policy export
Syntax
peer group-name filter-policy acl-number export
undo peer group-name filter-policy acl-number export
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
acl-number: IP ACL number ranging from 2000 to 3999. That is, you can use basic ACL or advanced ACL.
export: Uses the filtering policy for the advertised route and this policy is only effective for peer groups.
Description
Use the peer filter-policy export command to apply the ACL-based filtering policy to the advertised route for the peer group.
Use the undo peer filter-policy export command to cancel the configuration.
By default, there is no ACL-based filtering policy.
You can only use the peer filter-policy export command to configure peer group.
Related commands: ip as-path-acl, peer filter-policy export.
Examples
# Configure the test peer group to filter the advertised route with ACL 3000.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test filter-policy 3000 export
1.1.40 peer filter-policy import
Syntax
peer { group-name | peer-address } filter-policy acl-number import
undo peer { group-name | peer-address } filter-policy acl-number import
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address, in dotted decimal notation.
acl-number: IP ACL number from 2000 to 3999, that is, you can use basic or advanced ACL.
import: Performs the filtering policy on the received routes.
Description
Use the peer filter-policy import command to apply the ACL-based filtering policy to the received routing information for peers.
Use the undo peer filter-policy import command to cancel the application.
By default, there is no ACL-based filtering policy.
The incoming filtering policy configured for peers take precedence over the configuration for peer groups.
Related commands: ip as-path-acl, peer as-path-acl export, peer as-path-acl import.
Examples
# Configure the test peer group to filter the received route with ACL 3000.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test filter-policy 3000 import
1.1.41 peer group
Syntax
peer peer-address group group-name [ as-number as-number ]
undo peer peer-address
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address in dotted decimal notation.
as-number: Peer AS number in the range of 1 to 65535. This parameter is only effective in the BGP view and VPN-instance sub-address family view.
Description
Use the peer group command to add a peer to an existing peer group.
Use the undo peer command to delete a specified peer from the group.
In BGP view and VPN-instance sub-address family view, when adding a peer to an external group out of an AS, you need to specify an AS number. When adding a peer to an internal group or an external group in an AS, the AS number is not needed.
A peer must have been added in a group in BGP view before it can be added to another group in multicast sub-address family view or VPNv4 sub-address family view.
In different address families, one peer can be in different groups and one group may have different peers.
Examples
# Add the peer with IP address 10.1.1.1 to the peer group test. In this example, the peer group is IBGP peer by default, thus you need not to specify the AS number when adding peers.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer 10.1.1.1 group test
1.1.42 peer ip-prefix export
Syntax
peer group-name ip-prefix prefixname export
undo peer group-name ip-prefix prefixname export
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
prefixname: Name of prefix list, a string of one to 19 characters.
Description
Use the peer ip-prefix export command to apply the routing filtering policy based on IP prefix list to advertised routing information for peer groups.
Use the undo peer ip-prefix export command to cancel the setting.
By default, the peer group does not perform the routing filtering policy.
you can only configure the peer ip-prefix export command to the peer group.
Related commands: peer ip-prefix import.
Examples
# Configure the peer group group1 to filter the advertised routing information with the IP prefix list list1.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer group1 ip-prefix list1 export
1.1.43 peer ip-prefix import
Syntax
peer { group-name | peer-address } ip-prefix prefixname import
undo peer { group-name | peer-address } ip-prefix prefixname import
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address in dotted decimal notation.
prefixname: Name of the prefix list, a string of one to 19 characters.
Description
Use the peer ip-prefix import command to apply the filtering policy based on IP prefix list to the advertised route for peer groups.
Use the undo peer ip-prefix import command to cancel the configuration.
By default, the peer dose not use the routing filtering policy.
The incoming filtering policy configured for peers take precedence over the configuration for peer groups.
Related commands: peer ip-prefix export.
Examples
# Configure the peer group group1 to filter the received route with the IP prefix list 1.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer group1 ip-prefix list1 import
1.1.44 peer label-route-capability
Syntax
peer group-name label-route-capability
undo peer group-name label-route-capability
View
BGP view
Parameters
group-name: Name of a neighbor peer group.
Description
Use the peer label-route-capability command to enable a peer group to handle the label-carried IPv4 routes.
Use the undo peer label-route-capability command to disable a peer group from handling the label-carried IPv4 routes.
By default, a BGP peer group cannot handle label-carried IPv4 routes.
Examples
# Enable IBGP peer group and EBGP peer group to handle the label-carried IPv4 routes.
[H3C-bgp] group ibgp internal
[H3C-bgp] peer ibgp label-route-capability
[H3C-bgp] group ebgp external
[H3C-bgp] peer ebgp label-route-capability
1.1.45 peer next-hop-local
Syntax
peer group-name next-hop-local
undo peer group-name next-hop-local
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
Description
Use the peer next-hop-local command to cancel the processing of the next hop in the routes that BGP advertises to a peer group and configure to use its own address as the next-hop.
Use the undo peer next-hop-local command to cancel the existing setting.
Examples
# Specify the current BGP address as the next-hop in its route advertising to a peer group.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test next-hop-local
1.1.46 peer password
Syntax
peer { group-name | peer-address } password { cipher | simple } password
undo peer { group-name | peer-address } password
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address in dotted decimal notation.
cipher: Displays the password in cipher text.
simple: Displays the password in plain text.
password: Password string. When you provide the cipher argument but input the password in plain text, or if you provide the simple argument, the password is one to 16 characters in length. When you provide the cipher argument and input the password in cipher text, the password must be 24 in length.
Description
Use the peer password command to enable BGP to perform the MD5 authentication when establishing a TCP connection.
Use the undo peer password command to cancel this function.
By default, BGP does not perform the MD5 authentication when setting up a TCP connection.
When the MD5 authentication is enabled, both parties must have the same authentication mode and password; otherwise, no TCP connection can be established because MD5 authentication fails.
MD5 authentication can be performed on a specific peer only when the group to which the peer belongs is not configured with MD5 authentication. Otherwise, the configuration of the peer group applies.
Examples
# Assign MD5 authentication to a TCP connection between the local router 10.1.100.1 and the peer 10.1.100.2.
[H3C-bgp-af-vpn-instance] peer 10.1.100.2 password simple test
# Perform a similar configuration to the remote end.
[H3C-bgp-af-vpn-instance] peer 10.1.100.1 password simple test
1.1.47 peer public-as-only
Syntax
peer group-name public-as-only
undo peer group-name public-as-only
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
Description
Use the peer public-as-only command to configure BGP not to carry private AS numbers when transmitting update packets.
Use the undo peer public-as-only command to configure BGP to carry private AS numbers when transmitting update packets.
By default, private AS numbers are carried when BGP transmits update packets.
Generally, BGP carries AS number (either public or private AS number) when transmitting BGP update packets. BGP can be configured not to carry private AS number so that some egress routers may ignore private AS number when transmitting BGP update packets.
& Note:
The public-as-only keyword is required for configuring EBGP and alliance, but not for configuring IBGP.
Examples
# Send MBGP update packets without carrying private AS numbers.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer 168 public-as-only
1.1.48 peer reflect-client
Syntax
peer group-name reflect-client
undo peer group-name reflect-client
View
VPNv4 sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
Description
Use the peer reflect-client command to set a specified peer group to be a client of a router reflector.
Use the undo peer reflect-client command to cancel this setting.
By default, no router reflector exists in AS.
This configuration only applies to IBGP peer group.
Related commands: reflect between-clients, reflect cluster-id.
Examples
# Set the peer group test as a client of a router reflector.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test reflect-client
1.1.49 peer route-policy export
Syntax
peer group-name route-policy policy-name export
undo peer group-name route-policy policy-name export
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
policy-name: Name of a routing policy.
Description
Use the peer route-policy export command to apply the routing policy to peer group for advertised routing information.
Use the undo peer route-policy export command to cancel the configuration.
By default, there is no routing policy.
The peer route-policy export command is only used to configure peer groups.
Related commands: peer route-policy import.
Examples
# Apply the routing policy test-policy to the outgoing routes of the peer group test.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test route-policy test-policy export
1.1.50 peer route-policy import
Syntax
peer { group-name | peer-address } route-policy policy-name import
undo peer { group-name | peer-address } route-policy policy-name import
View
VPNv4 sub-address family view, VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address in dotted decimal notation.
policy-name: Name of the applied routing policy.
Description
Use the peer route-policy import command to apply a routing policy to peer for received routing information.
Use the undo peer route-policy import command to delete the setting.
By default, there is no routing policy.
The incoming filtering policy configured for peers take precedence over the configuration for peer groups.
Related commands: peer route-policy export.
Examples
# Apply the routing policy test-policy to the incoming routes of the peer group test.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer test route-policy test-policy import
1.1.51 peer route-update-interval
Syntax
peer group-name route-update-interval seconds
undo peer group-name route-update-interval
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
seconds: Update interval in seconds, ranging from 0 to 600.
Description
Use the peer route-update-interval command to set the Update interval for peers.
Use the undo peer route-update-interval command to restore the default setting.
By default, the Update interval is 5 seconds for IBGP peer group, and for EBGP it is 30 seconds.
Examples
# Set the minimum interval for sending routing update packet to the BGP peer group group1 to be 10 seconds.
[H3C-bgp-af-vpn-instance] peer group1 route-update-interval 10
1.1.52 peer timer
Syntax
peer { group-name | peer-address } timer keep-alive keepalive-interval hold holdtime-interval
undo peer { group-name | peer-address } timer
View
VPN-instance sub-address family view
Parameters
group-name: Name of a neighbor peer group, consisting of 1 to 47 alphanumeric characters.
peer-address: Peer IP address in dotted decimal notation.
keepalive-interval: Interval, in seconds, of sending the Keepalive message. It ranges from 1 to 65535 and defaults to 60.
holdtime-interval: Holdtime, in seconds. It ranges from 3 to 65535 and defaults to 180.
Description
Use the peer timer command to set the Keepalive interval and holdtime for peers.
Use the undo peer timer command to restore the default setting.
The timer set with the peer timer command enjoys higher precedence than the timer with the timer command.
Examples
# Set the Keepalive interval and holdtime for the peer group test.
[H3C-bgp-af-vpn-instance] peer test timer keep-alive 60 hold 180
1.1.53 peer upe
Syntax
peer peer-address upe
undo peer peer-address upe
View
VPNv4 sub-address family view
Parameters
peer-address: Peer IP address.
Description
Use the peer upe command to configure BGP peer as the UPE of hierarchical MPLS L3VPN.
Use the undo peer upe command to delete this configuration.
Examples
# Configure BGP peer as the UPE of hierarchical MPLS L3VPN.
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer 1.1.1.1 upe
1.1.54 peer vpn-instance enable
Syntax
peer group-name vpn-instance vpn-instance-name enable
undo peer group-name vpn-instance vpn-instance-name enable
View
BGP-VPNv4 sub-address family view
Parameters
group-name: Name of a peer group.
vpn-instance-name: Name of the VPN instance the CE peer belongs to.
enable: Enables VPNv4 function for the CE.
Description
Use the peer vpn-instance enable command to enable the VPNv4 function for the BGP peer group of a CE.
Use the undo peer vpn-instance enable command to disable the function.
By default, the VPNv4 function is disabled.
Examples
# Enable the VPNv4 function for the peer group of a CE.
[H3C-bgp] ipv4-family vpn-instance vrf1
[H3C-bgp-af-vpn-instance] group ebgp external
[H3C-bgp-af-vpn-instance] quit
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer ebgp vpn-instance vrf1 enable
1.1.55 peer vpn-instance group
Syntax
peer peer-address vpn-instance vpn-instance-name group group-name
undo peer peer-address vpn-instance vpn-instance-name
View
BGP-VPNv4 sub-address family view
Parameters
peer-address: IP address of a peer, in dotted decimal notation.
vpn-instance-name: Name of the VPN instance the CE peer belongs to.
group-name: Name of a peer group.
Description
Use the peer vpn-instance group command to join a CE neighbor into a BGP peer group.
Use the undo peer vpn-instance group command to clear the CE neighbor from the BGP peer group.
By default, a CE neighbor does not belong to any peer group.
Examples
# Add a CE neighbor to a peer group.
[H3C-bgp] ipv4-family vpn-instance vrf1
[H3C-bgp-af-vpn-instance] peer 1.1.1.1 group ebgp as-number 600
[H3C-bgp-af-vpn-instance] quit
[H3C-bgp] ipv4-family vpnv4
[H3C-bgp-af-vpn] peer 1.1.1.1 vpn-instance vrf1 group ebgp
1.1.56 peer vpn-instance route-policy import
Syntax
peer { peer-address | group-name } vpn-instance vpn-instance-name route-policy policy-name import
undo peer { peer-address | group-name } vpn-instance vpn-instance-name route-policy policy-name import
View
BGP-VPNv4 sub-address family view
Parameters
peer-address: IP address of a peer, in dotted decimal.
group-name: Name of a peer group.
vpn-instance-name: Name of the VPN instance the CE peer belongs to.
policy-name: Name of the routing policy to be applied.
Description
Use the peer vpn-instance route-policy import command to configure the routing policy applied by the CE peer to VPNv4 routes it received.
Use the undo peer vpn-instance route-policy import command to cancel the configuration.
By default, no routing policy is configured.
The ingress routing policy configured for a peer takes precedence over the configuration for the peer group.
Examples
# Configure the peer group ebgp to apply the routing policy named comtest to the ingress routes.
[H3C-bgp-af-vpn] peer ebgp vpn-instance vrf1 route-policy comtest import
1.1.57 policy vpn-target
Syntax
policy vpn-target
undo policy vpn-target
View
BGP-VPNv4 sub-address family view
Parameters
None
Description
Use the policy vpn-target command to configure to filter the VPN-target extended community attributes of received routing information.
Use the undo policy vpn-target command to cancel the setting.
By default, the filtering of VPN-target extended community attribute is conducted.
Examples
# Filter the VPN-target extended community attributes of the received routing information.
[H3C-bgp-af-vpn] policy vpn-target
1.1.58 port trunk mpls vlan
Syntax
port trunk mpls vlan from vlan-id [ to ] vlanid
undo port trunk mpls
View
Ethernet port view
Parameters
vlan-id: vlan-id range of MPLS/VPN VLANs allowed to the port. The value ranges from vlan-id to vlan-id+1023.
Description
Use the port trunk mpls vlan command to set the vlan-id range of MPLS/VPN VLANs allowed to pass through the port. The port trunk mpls vlan command is only applicable to fast Ethernet ports of cards with the suffix of C.
Use the undo port trunk mpls command to restore the default value of vlan-id. The default value is 0.
By default, the range of MPLS/VPN VLANs is from 0 to 1023 and the range of vlan-id is from 1 to 3071. The command must be executed on a Trunk port. MPLS/VPN enabled VLANs and VLANs out of the configured range are excluded.
Examples
# Configure the start vlan-id of the Trunk fast Ethernet port 1.
<H3C> system-view
[H3C] interface Ethernet 3/1/1
[H3C-Ethernet2/1/1] port trunk mpls vlan from 3071
1.1.59 port vpn-range share-mode
Syntax
port vpn-range share-mode enable
undo port vpn-range share-mode enable
View
Fast Ethernet port view
Parameters
None
Description
Use the port vpn-range share-mode command to set the range of MPLS/VPN VLAN vlan-id on the interface to 4K.
Use the undo port vpn-range share-mode command to restore the default MPLS/VPN VLAN vlan-id range, which is 0 to 1023.
& Note:
l This command is only applicable to the ports on the cards with suffix C.
l Ports supporting this function stop supporting the application of ACL rules.
l After you cancel the port vpn-range share-mode configuration, the label range does not take effect if the VLAN configuration on the port exceeds 1K. In this case, you need to delete the labels manually.
Examples
# Enable the range of MPLS/VPN VLAN vlan-id on Ethernet3/1/1 as 4K.
<H3C> system-view
[H3C] interface Ethernet 3/1/1
[H3C-Ethernet3/1/1] port vpn-range share-mode enable
1.1.60 preference
Syntax
preference ebgp-preference ibgp-preference local-preference
undo preference
View
VPN-instance sub-address family view
Parameters
ebgp-preference: Preference of the routes learned from the EBGP peer, in the range 1 to 256.
ibgp-preference: Preference of the routes learned from the IBGP peer, in the range 1 to 256.
local-preference: Preference of the Local routes, in the range 1 to 256.
Description
Use the preference command to set preference value for a BGP route.
Use the undo preference command to remove the setting.
Examples
# Set the preference of the preference of the routes learned from the EBGP peer to 2, the preference of the routes learned from the IBGP peer to 3 and the preference of the local routes to 4.
[H3C-bgp-af-vpn-instance] preference 2 3 4
1.1.61 reflect between-clients
Syntax
reflect between-clients
undo reflect between-clients
View
VPNv4 sub-address family view
Parameters
None
Description
Use the reflect between-clients command to allow the routing reflection between clients.
Use the undo reflect between-clients command to forbid routing reflection between clients (PE to PE).
By default, the routing reflection between clients is allowed.
The router reflector reflects one client’s route to others after configuration.
Related commands: reflect cluster-id, peer reflect-client.
Examples
# Disable the routing reflection from client to client.
[H3C-bgp-af-vpn] undo reflect between-clients
1.1.62 reflector cluster-id
Syntax
reflector cluster-id { cluster-id | address }
undo reflect cluster-id
View
VPNv4 sub-address family view
Parameters
cluster-id: Router reflector cluster ID in number format, in the range of 1 to 4294967295.
address: Router reflector cluster ID in IP address format.
Description
Use the reflector cluster-id command to configure a cluster ID of router reflector.
Use the undo reflector cluster-id command to delete the configuration.
By default, each router reflector uses his own ID as a cluster ID.
Usually, one cluster has one router reflector. And it is the router ID of the reflector to identify this cluster. Several router reflectors make the network more stable. If one cluster has several router reflectors, set the same cluster to all the reflectors ID with this command.
Related commands: reflect between-clients, peer reflect-client.
Examples
# The local router is one of the reflectors in the cluster and identifies this cluster with the cluster ID.
[H3C-bgp-af-vpn] reflect cluster-id 80
[H3C-bgp-af-vpn] peer 11.128.160.10 reflect-client
1.1.63 route-distinguisher
Syntax
route-distinguisher route-distinguisher
View
VPN-instance view
Parameters
route-distinguisher: Configures a VPN IPv4 prefix by adding an 8-byte value to a VPN IPv4 prefix.
Description
Use the route-distinguisher command to configure RD for an MPLS VPN instance. A VPN-instance cannot run until it is configured with an RD.
A route distinguisher (RD) creates route and forwarding list for a VPN and specifies the default route identifier. Add an RD to the beginning of a specific IPv4 prefix to make it a globally unique VPN IPv4 prefix.
If an RD is associated with an autonomous system number (ASN), it is composed of the ASN and an arbitrary number; if the RD is associated with an IP address, it is a combination of the IP address and an arbitrary number.
RD has the following formats:
16-bit ASN (can be 0 here): A custom 32-bit number, for example, 101:3.
32-bit IP address (can be 0.0.0.0 here): A custom 16-bit number, for example, 192.168.122.15:1.
Examples
# Configure RD for an MPLS VPN instance.
[H3C] ip vpn-instance vpn-instance_blue
[H3C-vpn-vpn-instance_blue] route-distinguisher 100:3
[H3C] ip vpn-instance vpn-instance_red
[H3C-vpn-vpn-instance_red] route-distinguisher 173.13.0.12:200
1.1.64 route-tag
Syntax
route-tag tag-number
undo route-tag
View
OSPF protocol view
Parameters
tag-number: Tag value to identify VPN import route, in the range of 0 to 4294967295. By default, its first two bytes are fixed to 0xD000, while the last two bytes are the ASN of local BGP. For example, if the local BGP ASN is 100, then the default tag value in decimal is 3489661028. The value is an integer from 0 to 4294967295.
Description
Use the route-tag command to specify a tag value to identify VPN import route.
Use the undo route-tag command to restore the default value.
If a VPN Site is linked to multiple PEs, when a route learned from MPLS/BGP is advertised by a PE router via its type-5 or type-7 LSA to the VPN Site, the route may be received by another PE router. This will result in routing loop. To avoid routing loop, you should configure Route-tag and you are recommended to configure the same route-tag for the PEs in the same VPN domain. The Route-tag is included in the type-5/-7 LSA. It is not transmitted in the extended community attributes of BGP, and thus it is limited in the local area. Therefore, it can only be configured and function on the PE router which receives BGP routes and generates OSPF LSA.
Configure Route-tag in OSPF protocol view. Different processes can be configured with a same Route-tag. You can configure the same Route-tag using different commands, but they are different in priority.
l Those configured with the import-route command are of the highest priority.
l Those configured with the route-tag command are in the second place in terms of priority.
l Those configure with the default tag command are of the lowest priority.
If the Tag included in the type-5/-7 LSA is identical with its existing Tag, the LSA received will be neglected in route calculation.
Caution:
The Route-tag configured will not be validated until the reset ospf command is executed.
Related commands: import-route, default med.
Examples
# Configure Route-tag 100 to OSPF process 100.
[H3C-ospf-100] route-tag 100
OSPF: Process 100's route tag has been changed
OSPF: Reboot the system or use the 'reset ospf ID' command for this to take
effect
1.1.65 timer
Syntax
timer keep-alive keepalive-interval hold holdtime-interval
undo timer
View
VPN-instance sub-address family view
Parameters
keepalive-interval: Time interval, in seconds, of sending Keepalive messages. It ranges from 1 to 65535 and defaults to 60.
holdtime-interval: Hold time, in seconds. It ranges from 3 to 65535 and defaults to 180.
Description
Use the timer command to specify the time interval and hold time for sending Keepalive messages.
Use the undo timer command to restore the default value.
The timer defined with the peer timer command takes preference over that with the timer command.
Related commands: peer timer.
Examples
# Set the time interval and hold time for sending Keepalive messages.
[H3C-bgp-af-vpn-instance] timer keep-alive 60 hold 180
1.1.66 traffic-redirect
Syntax
traffic-redirect inbound { link-group { acl-number | acl-name } [ rule rule [ system-index index ] ] | ip-group { acl-number | acl-name } [ rule rule [ system-index index ] ] } interface { interface-name | interface-type interface-number } destination-vlan l3-vpn
undo traffic-redirect inbound { link-group { acl-number | acl-name } [ rule rule ] | ip-group { acl-number | acl-name } [ rule rule ] }
View
Ethernet port view
Parameters
link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer 2 ACL, acl-number is in the range of 4000 to 4999. acl-name is a string beginning with English letters (a to z and A to Z) with no spaces or quotation marks between. rule rule: Optional, ACL matching statement, in the range of 0 to 127. All matching statements will be selected if you skip this keyword.
ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL. acl-number is in the range of 2000 to 3999. acl-name is a string beginning with English letters (a to z and A to Z) with no spaces or quotation marks between. rule rule: Optional, ACL matching statement, in the range of 0 to 127. All matching statements will be selected if you skip this keyword.
interface { interface-name | interface-type interface-number }: Specifies to redirect a packet to a specified Ethernet port. interface-type can be GigabitEthernet and Ethernet. interface-number suggests a complete port name with interface-type.
system-index index: Specifies an intra-system index of the rule, in the range of 0 to 4294967295. The system assigns automatically an index to it when delivering an ACL rule, for later retrieval. You can also assign a system index to it when delivering an ACL rule with this command. However, generally you are not recommended to do so.
Description
Use the traffic-redirect command to redirect the data flow at the port of the EX card to the port of the MX card and make the port on the EX card act as an MPLS VPN CE side interface.
Use the undo traffic-redirect command to cancel this configuration.
Examples
# Redirect the data flow at the Ethernet3/1/4 of the EX card to the MX card and set the port belong to VLAN 24.
[H3C-Ethernet3/1/4] traffic-redirect inbound ip-group 2000 rule 0 system-index 1 interface Ethernet5/1/4 24 l3-vpn
# Cancel the redirection configuration.
[H3C-Ethernet5/1/4] undo traffic-redirect inbound ip-group 2000 rule 0
1.1.67 routing-table limit
Syntax
routing-table limit integer { alarm-integer | syslog-alert }
undo routing-table limit
View
VPN-instance view
Parameters
integer: The Maximum routes allowed for a VPN-instance, ranging from 1 to 65536.
alarm-integer: Route threshold for alarming.
syslog-alert: When the route maximum specified for a VPN-instance exceeds the threshold, routes can be added and only a SYSLOG error message is sent out.
Description
Use the routing-table limit command to limit the route maximum in a VPN-instance.
Use the undo routing-table limit command to cancel the limitation.
It is necessary to enter a VPN-instance sub-view before using the routing-table command. Create a VPN-instance routing table in this view and allocate a route distinguisher (RD) in either of the following formats:
16-bit ASN: A 32-bit user-defined number, for example, 100:1.
32-bit IP address: A 16-bit user-defined number, for example, 172.1.1.1:1.
Create a VPN-target extended community for a VPN-instance and specify ingress or egress interface or both of them for the vpn-target command. These parameters can be used to configure ingress/egress routing information of the VPN-target extended community for a router.
Examples
# Configure the maximum routes in VPN instance vpn1 to 1000.
[H3C] ip vpn-instance vpn1
[H3C-vpn-vpn1] route-distinguisher 100:1
[H3C-vpn-vpn1] vpn-target 100:1 import-extcommunity
[H3C-vpn-vpn1] routing-table limit 1000 syslog-alert
1.1.68 sham-link
Syntax
sham-link source-addr destination-addr [ cost cost-value ] [ dead seconds ] [ hello seconds ] [ md5 keyid key seconds ] [ retransimit seconds ] [ simple password ] [ trans-delay seconds ]
undo sham-link source-addr destination-addr
View
OSPF area view
Parameters
source-addr: Source address of a Sham-link, a Loopback interface address with a 32-bit mask.
destination-addr: Destination address of a Sham-link, a Loopback interface address with a 32-bit mask.
cost-value: Cost at Sham-link, in the range of 1 to 65535. By default, it is 1.
password: Authentication in plain text on the interface, 8 characters at most. It must be consistent with the authentication of a Sham-link peer.
keyid: MD5 authentication identifier on the interface. The keyed is in the range of 1 to 255. It must be consistent with the authentication string of Sham-link peer.
key: Authentication on the interface. keyid is from 1 to 255 and key is a string up to 16 characters. It must be consistent with the authentication of a Sham-link peer. When the display current-configuration command is executed, the system displays the 24-character MD5 authentication in cipher text. You can also input a 24-character authentication in cipher text.
dead seconds: Specifies the interval, in seconds, for the dead timer. This value ranges from 1 to 8192 and defaults 40. It must be consistent with the value of dead seconds for a Sham-link peer router.
hello seconds: Specifies the interval, in seconds, between Hello message transmission through the interface. This value ranges from 1 to 8192 and defaults to 10. It must be consistent with the value of hello seconds for a Sham-link peer router.
retransmit seconds: Specifies the internal, in seconds, for LSA packet retransmission through the interface. This value ranges from 1 to 8192 and defaults to 5.
trans-delay seconds: Specifies the delay period, in seconds, for LSA packet transmission through the interface. This value ranges from 1 to 8192 and defaults to 1.
Description
Use the sham-link command to configure a Sham-link.
Use the undo sham-link command to delete a Sham-link.
In the OSPF PE-CE connection, suppose that in an OSPF area there are two sites which belong to the same VPN. They are connected to different PE routers and there is an intra-domain OSPF link (Backdoor) between them. Though there may be other routes connecting the two sites via PE routers, these routes are intra-domain routes, and OSPF will first select those routes through the Backdoor link. Sometimes, users desire to first select the routes through VPN Backbone. Hence it is required to establish Sham-links between PE routers. In this case, the routes through VPN Backbone are of the highest priority within the OSPF area.
If a Backdoor link (an OSPF link that does not pass the MPLS backbone) exists between two PE routers and you want the data to be transported over the MPLS backbone, you need to configure a Sham-link between the two PE routers. The sham link between VPN PE routers is taken as a link within the OSPF area. When configuring the Sham-link command, the optional parameters are not mutually exclusive. You can only choose in the undo command those parameters which are selected in the corresponding sham-link command.
Caution:
l The source and destination addresses of a sham link are both Loopback interface addresses with a 32-bit mask, which must be bound to a VPN instance and imported into BGP through a direct-connect route.
l In an OSPF processes of VPN, the Loopback interface routes used by the Sham-link cannot be imported directly (so the import direct command cannot be used in the OSPF processes of VPN). OSPF can only advertise the route by importing a BGP route.
l The source and destination addresses of a sham link cannot be the same.
l The same sham link cannot be configured for different OSPF processes.
l 50 sham links can be configured for an OSPF process at most.
Examples
# Configure a Sham-link, with its source address 1.1.1.1 and destination address 2.2.2.2.
[H3C-ospf-100-area-0.0.0.1] sham-link 1.1.1.1 2.2.2.2 cost 100
1.1.69 summary
Syntax
summary
undo summary
View
VPN-instance sub-address family view
Parameters
None
Description
Use the summary command to enable BGP to perform auto summary of subnet routes.
Use the undo summary command to cancel this summary.
By default, BGP does not perform the auto summary of subnet routes.
After auto summary is enabled, BGP cannot receive the subnet routes imported from IGP. Using this feature reduces the amount of routing information.
Examples
# Perform auto summary of subnet routes.
[H3C-bgp-af-vpn-instance] summary
1.1.70 vlan vpn-range
Syntax
vlan vpn-range slot slot-number enable
undo vlan vpn-range slot slot-number enable
View
System view
Parameters
slot-number: Slot number of interface card.
Description
Use the vlan vpn-range command to set the MPLS label range on the interface on the card.
Use the undo vlan vpn-range command to restore the default MPLS label range for the card.
After vpn-range is enabled on the card, the range of MPLS/VPN VLAN vlan-id that can be configured on the 12 interfaces on the card is 4K, but not the default value of 1K.
Related commands: port trunk mpls vlan.
& Note:
l This command is only applicable to fast Ethernet ports on the cards with suffix C.
l This command is actually effective for only the first 12 ports on the card. When you configure MPLS/VPN VLAN vlan-id on subsequent ports, only the MPLS/VPN VLAN range enabled for one VLAN will take effect. If you remove MPLS/VPN configuration from an active port, no subsequent port will take effect automatically either, and you have to reconfigure the ports to update their states.
l Restart the card after issuing a command or its corresponding undo command to ensure that the configuration takes effect.
l After the configuration on the card is canceled, if the VLAN configured on a port exceeds 1K, which is the default value, the configuration will be deleted automatically.
l In aggregation mode, VPN-range configuration will not be synchronized automatically and you can manually make/remove the configuration on an individual port.
Examples
# Configure the range of MPLS/VPN VLAN vlan-id on slot 5 as 4K.
<H3C> system-view
[H3C] vlan vpn-range slot 5 enable
1.1.71 vpn-instance-capability simple
Syntax
vpn-instance-capability simple
undo vpn-instance-capability
View
OSPF protocol view
Parameters
None
Description
Use the vpn-instance-capability simple command to configure a router as Multi-VPN-Instance CE.
Use the undo vpn-instance-capability command to cancel the configuration.
OSPF multi-VPN-instance is often run at a PE router. Therefore, a CE router, on which OSPF multi-VPN-instance runs, is called Multi-VPN-Instance CE. Though they both support multi-VPN-instance, Multi-VPN-Instance CE does not necessarily support BGP/OSPF interoperability.
When an OSPF process is bound to a VPN instance, the default OSPF router is PE router. This command will remove the default setting and change a router into a Multi-VPN-Instance CE. . After the configuration, OSPF processes will reestablish all its neighbors. DN bits and Route-tag will not be checked in routing calculation. To prevent route loss, routing loop test is disabled on PE routes. BGP/OSPF interoperability is also disabled to save system resources.
After the display ospf brief command is executed successfully, the system prompts the following information:
Multi-VPN-Instance enable on CE router.
Caution:
OSPF processes will set up all its neighbors again after this command is executed.
Examples
# Configure OSPF process 100 as Multi-VPN-Instance CE.
[H3C-ospf-100] vpn-instance-capability simple
# Restore the OSPF process 100 as PE.
[H3C-ospf-100] undo vpn-instance-capability
1.1.72 vpn-target
Syntax
vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity | both ]
undo vpn-target vpn-target-ext-community [ import-extcommunity | export-extcommunity | both ]
View
VPN-instance view
Parameters
import-extcommunity: Specifies ingress route information from the extended community of target VPN.
export-extcommunity: Specifies egress route information to the extended community of target VPN.
both: Imports both ingress and egress route information to the extended community of target VPN.
vpn-target-ext-community: VPN-target extended community attributes to be added to the ingress and egress of VPN-instance or the VPN-target extended community list of ingress and egress.
Description
Use the vpn-target command to create a VPN-target extended community for VPN-instance.
Use the undo vpn-target command to remove the VPN-target extended community attributes.
By default, the default value is both.
Use the vpn-target command to create ingress and egress route target extended community lists for a specified VPN-instance. Execute this command once for each target community. Import the received routing information carrying the specific VPN-target extended community to all VPN-instances, for which an extended community is configured as ingress VPN-target. VPN-target specifies a target VPN extended community. The same as RD, an extended community is either composed of an ASN and an arbitrary number, or composed of an IP address and an arbitrary number.
RD is in either of the following formats:
16-bit ASN (can be 0 here): A custom 32-bit number, for example, 101:3.
32-bit IP address (can be 0.0.0.0 here): A custom 16-bit number, for example, 192.168.122.15:1.
Examples
# Create a VPN-target extended community for the VPN-instance.
[H3C] ip vpn-instance vpn-instance_blue
[H3C-vpn-vpn-instance_blue] vpn-target 1000:1 both
[H3C-vpn-vpn-instance_blue] vpn-target 1000:2 export-extcommunity
[H3C-vpn-vpn-instance_blue] vpn-target 173.27.0.130:2 import-extcommunity
