Use bgp update-delay wait-other-protocol to configure the time that BGP must wait for other protocols to complete GR or NSR after BGP completes GR or NSR.

Use undo bgp update-delay wait-other-protocol to restore the default.

Syntax

bgp update-delay wait-other-protocol seconds

undo bgp update-delay wait-other-protocol

Default

After BGP completes GR or NSR, it must wait a maximum of 300 seconds for other protocols to complete GR or NSR.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

seconds: Specifies the time that BGP must wait for other protocols to complete GR or NSR after BGP completes GR or NSR. The value range is 60 to 1200 seconds.

Usage guidelines

After BGP completes GR or NSR, it advertises the updated routes. If the routes rely on other protocols, for example, redistributed OSPF routes, BGP starts a wait timer for the other protocols to complete GR or NSR. This ensures that incorrect and unreachable routes are not advertised. When the following conditions exist, BGP might advertise incomplete routes after completing GR or NSR:

· The routes rely on other protocols.

· BGP maintains a large amount of routing information. In this case, BGP and the protocols take a long time to complete GR or NSR.

For BGP to correctly advertise the routes after BGP and the protocols complete GR or NSR, set a larger wait timer for BGP.

Examples

# Configure BGP to wait a maximum of 600 seconds for other protocols to complete GR or NSR after BGP completes GR or NSR.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] bgp update-delay wait-other-protocol 600

Related commands

bgp update-delay on-startup

bmp server

Use bmp server to create a BGP monitoring protocol (BMP) server and enter BMP server view.

Use undo bmp server to remove a BMP server and all its configurations.

Syntax

bmp server server-number

undo bmp server server-number

Default

No BMP servers exist.

Views

System view

Predefined user roles

network-admin

Parameters

server-number: Specifies a BMP server by its number in the range of 1 to 8.

Examples

# Create BMP server 5 and enter its view.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5]

check-origin-validation

Use check-origin-validation to enable BGP RPKI validation.

Use undo check-origin-validation to disable BGP RPKI validation.

Syntax

check-origin-validation

undo check-origin-validation

Default

BGP RPKI validation is disabled.

Views

BGP RPKI view

Predefined user roles

network-admin

Usage guidelines

This command enables BGP to validate the prefix and origin AS number of a received route and place the route to one of the following validation states:

· Not-found—No ROA matches the prefix.

· Valid—One or multiple ROAs match both the prefix and origin AS number.

· Invalid—One or multiple ROAs match the prefix, but none of these ROAs matches the origin AS number.

You can configure a routing policy to filter routes based on the BGP RPKI validation state.

Examples

# Enable BGP RPKI validation.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki] check-origin-validation

display bgp bmp server

Use display bgp bmp server to display BMP server information.

Syntax

display bgp [ instance instance-name ] bmp server server-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays BMP server information for the default BGP instance.

server-number: Specifies a BMP server by its number in the range of 1 to 8.

Examples

# Display information about BMP server 1.

<Sysname> display bgp bmp server 1

BMP server number: 1

Server VPN instance name: vpna

Server address: 100.1.1.1 Server port: 6895

Client address: 100.1.1.2 Client port: 21452

BMP server state: Connected Up for 00h41m53s

Message statistics:

Total messages sent: 15

INITIATION: 1

TERMINATION: 0

STATS-REPORT: 0

PEER-UP: 4

PEER-DOWN: 3

ROUTE-MON: 7

BMP monitor BGP peers:

10.1.1.1

Table 1 Command output

Field	Description
Server VPN instance name	Name of the VPN instance to which the BMP server belongs. If the VPN instance name is followed by character string (Deleted), the VPN instance has been deleted. This field displays -- if the BMP server belongs to the public network.
Server address	IP address of the BMP server used by the TCP connection to the BMP client.
Server port	Port number of the BMP server used by the TCP connection to the BMP client.
Client address	IP address of the BMP client used by the TCP connection to the BMP server.
Client port	Port number of the BMP client used by the TCP connection to the BMP server.
BMP server current state	TCP connection status: · Connected. · Not connected.
Up for	Duration of the TCP connection.
Total messages sent	Number of messages that BGP sends to the BMP server.
INITIATION	Number of initiation messages that BGP sends to the BMP server.
TERMINATION	Number of termination messages that BGP sends to the BMP server.
STATS-REPORT	Number of statistics messages that BGP sends to the BMP server.
PEER-UP	Number of peer-up messages that BGP sends to the BMP server.
PEER-DOWN	Number of peer-down messages that BGP sends to the BMP server.
ROUTE-MON	Number of route monitoring messages that BGP sends to the BMP server.
BMP monitor BGP peers	Peers that are monitored by the BMP server.

‌

Related commands

reset bgp bmp server statistics

display bgp link-state

Use display bgp link-state to display BGP LS information.

Syntax

display bgp [ instance instance-name ] link-state [ ls-prefix [ advertise-info ] | peer { ipv4-address | ipv6-address } { advertised | received } [ statistics ] | statistics ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays BGP LS information for the default BGP instance.

ls-prefix: Specifies an LS prefix. If you do not specify this argument, the command displays all BGP LS information.

advertise-info: Displays advertisement information for the specified LS prefix.

ipv4-address: Specifies a peer by its IPv4 address.

ipv6-address: Specifies a peer by its IPv6 address.

advertised: Displays advertised LS information.

received: Displays received LS information.

statistics: Displays statistics about LS messages.

Usage guidelines

If you do not specify any parameters, this command displays brief BGP LS information.

Examples

# Display brief BGP LS information for the public network.

<Sysname> display bgp link-state

Total number of routes: 2

BGP local router ID is 1.1.2.1

Status codes: * - valid, > - best, d – dampened, h – history,

s – suppressed, S – stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Prefix codes: E link, V node, T IP reachable route, u/U unknown,

I Identifier, N local node, R remote node, L link, P prefix,

L1/L2 ISIS level-1/level-2, O OSPF, D direct, S static,

a area-ID, , l link-ID, t topology-ID, s ISO-ID,

c confed-ID/ASN, b bgp-identifier, r router-ID,

i if-address, n peer-address, o OSPF Route-type, p IP-prefix

d designated router address

* >e Network : [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376

NextHop : 1.1.1.2 LocPrf :

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: 20i

* >e Network : [T][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]][P[o0x1][p1.1.1.0/24]]/480

NextHop : 1.1.1.2 LocPrf :

PrefVal : 0 OutLabel : NULL

MED :

Path/Ogn: 20i

Table 2 Command output

Field	Description
Status codes	Status codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a - additional-path—Add-Path optimal route.
Prefix codes	Route status codes: · E – link. · V – node. · T – IP reachable route. · u/U – unknown. · I – Identifier. · N – local node. · R – remote node. · L – link. · P – prefix. · L1/L2 – ISIS level-1/level-2. · O – OSPF. · D – direct. · S – static. · a – area-ID. · l – link-ID. · t – topology-ID. · s – ISO-ID. · c – confed-ID/ASN. · b – bgp-identifier. · r – router-ID. · i – if-address. · n – peer-address. · o – OSPF Route-type. · p – IP-prefix. · d – designated router address. · a - additional-path.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is INCOMPLETE.
Network	NLRI for the LS.
NextHop	Next hop IP address.
LocPrf	Local preference.
OutLabel	Outgoing label of the route.
MED	MED attribute.
Path/Ogn	AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed, which avoids routing loops. · ORIGIN—Identifies the origin of the route.

‌

# Display detailed BGP LS information with the specified LS prefix.

<Sysname> display bgp link-state [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376

BGP local router ID: 1.1.1.2

Local AS number: 20

Paths: 1 available, 1 best

BGP LS information of [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376:

Imported route.

Original nexthop: 0.0.0.0

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0xffffffff

LS : Node flag bits: 30[EA]

AS-path : (null)

Origin : igp

Attribute value : pref-val 32768

State : valid, local, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Table 3 Command output

Field	Description
Paths	Number of routes: · available—Number of valid routes. · best—Number of optimal routes.
BGP LS information of	NLRI prefix.
Original nexthop	Original next hop of the route. If the route was obtained from a BGP update message, the original next hop is the next hop IP address in the message.
LS	LS attribute: · Node flag bits—Node attribute in hexadecimal format: ¡ 10[A]—OSPF ABR bit. ¡ 30[E]—OSPF External bit. · Metric—Link or prefix cost.
RxPathID	Add-path ID of received routes.
TxPathID	Add-path ID of advertised routes.
AS-path	AS_PATH attribute of the route, which records the ASs the route has passed and avoids routing loops.
Attribute value	BGP path attributes: · MED—MED value. · localpref—Local preference value. · pref-val—Preferred value. · pre—Route preference.
State	Current state of the route: · valid. · internal. · external. · local. · synchronize. · best.
IP precedence	IP precedence in the range of 0 to 7. N/A indicates that the route does not support this field.
QoS local ID	QoS local ID in the range of 1 to 4095. N/A indicates that the route does not support this field.
Traffic index	Traffic index in the range of 1 to 64. N/A indicates that the route does not support this field.

‌

# Display advertisement information for the specified LS prefix.

<Sysname> display bgp link-state [E][B][I0x0][N[r1.1.1.2]][c65008][R[r44.33.22.11]][c65009]][L[i2.1.1.3][n1.1.1.3]]/536 advertise-info

BGP local router ID: 1.1.1.2

Local AS number: 65008

Paths: 1 best

BGP LS information of [E][B][I0x0][N[r1.1.1.2]][c65008][R[r44.33.22.11]][c65009]][L[i2.1.1.3][n1.1.1.3]]/536

(TxPathID:0):

Advertised to peers (1 in total):

10.1.1.2

LS attribute :

Peer node segment identifier : Flag c0[VL], Metric 0, Label 23001

Table 4 Command output

Field	Description
Paths	Number of routes: · available—Number of valid routes. · best—Number of optimal routes.
BGP LS information of	NLRI prefix.
Advertised to peers (1 in total)	Peers to which the information has been advertised, and the total number of such peers.
Peer node segment identifier	Peer node SID: · Flag c0[VL]: ¡ V—Value flag. If set, the SID carries a label value. ¡ L—Local flag. If set, the SID has local significance. · Metric—Link cost. · Label—Label value.
TxPathID	Add-path ID of advertised routes.

‌

display bgp non-stop-routing status

Use display bgp non-stop-routing status to display BGP NSR status information.

Syntax

display bgp [ instance instance-name ] non-stop-routing status

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays BGP NSR status information for the default BGP instance.

Examples

# Display BGP NSR status information.

<Sysname> display bgp non-stop-routing status

BGP NSR status: Not ready

Location of preferred standby process: -

TCP NSR status: Not ready

Table 5 Command output

Field	Description
BGP NSR status	BGP NSR status: · Ready—BGP NSR has backed up BGP neighbor and routing information from the active process to the standby process. In this state, BGP NSR can ensure continuous routing when an active/standby process switchover occurs. · Not ready—BGP NSR is backing up BGP neighbor and routing information from the active process to the standby process. If an active/standby process switchover occurs in this state, traffic is interrupted and the BGP session will be re-established. · Not configured—BGP NSR is disabled.
Location of preferred standby process	ID of the slot where the preferred standby process resides. This field displays - if no standby processes exist.
TCP NSR status	TCP NSR status: · Ready—TCP NSR has backed up TCP connection information from the active process to the standby process. · Not ready—TCP NSR is backing up TCP connection information from the active process to the standby process.

‌

display bgp peer received prefix-list

Use display bgp peer received prefix-list to display the ORF prefix information received by a peer.

Syntax

display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] ipv4-address received prefix-list

display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] ipv6-address received prefix-list

display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] ipv6-address received prefix-list

display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] ipv4-address received prefix-list

display bgp [ instance instance-name ] peer { vpnv4 | vpnv6 } ipv4-address received prefix-list

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays ORF prefix information for the default BGP instance.

ipv4: Displays BGP IPv4 peer information.

ipv6: Displays BGP IPv6 peer information.

vpnv4: Displays BGP VPNv4 peer information.

vpnv6: Displays BGP VPNv6 peer information.

unicast: Displays BGP unicast peer information.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify an instance, this command displays information for the public network.

ipv4-address: Specifies a peer by its IPv4 address.

ipv6-address: Specifies a peer by its IPv6 address.

Examples

# Display the ORF prefix information received by peer 10.110.25.20.

<Sysname> display bgp peer ipv4 10.110.25.20 received prefix-list

ORF prefix list entries: 2

index: 10 prefix 1.1.1.0/24 ge 26 le 32

index: 20 prefix 2.1.1.0/24 ge 26 le 32

Table 6 Command output

Field	Description
ORF prefix list entries	Number of ORF prefixes.
index	Prefix index.
prefix	Prefix information.
ge	Greater than or equal to.
le	Less than or equal to.

‌

display bgp routing-table ipv6 unicast inlabel

Use display bgp routing-table ipv6 unicast inlabel to display incoming labels for BGP IPv6 unicast routes.

Syntax

display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] inlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays incoming labels of BGP IPv6 unicast routes in the default BGP instance.

Usage guidelines

This command displays incoming labels for BGP IPv6 unicast routes regardless of whether the unicast keyword is specified.

Examples

# Display incoming labels for all BGP IPv6 unicast routes.

<Sysname> display bgp routing-table ipv6 inlabel

Total number of routes: 2

BGP local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

* > Network : 1::1 PrefixLen : 128

NextHop : 10::1 OutLabel : NULL

InLabel : 1279

* > Network : 10:: PrefixLen : 64

NextHop : :: OutLabel : NULL

InLabel : 1278

Table 7 Command output

Field	Description
Status codes	Status codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a - additional-path—Add-Path optimal route.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is INCOMPLETE.
Network	Destination network address.
PrefixLen	Prefix length of the destination network address.
NextHop	Next hop IPv6 address.
OutLabel	Outgoing label of the IPv6 unicast route, which is assigned by the peer 6PE device.
InLabel	Incoming label of the IPv6 unicast route, which is assigned by the local 6PE device.

‌

display bgp routing-table ipv6 unicast outlabel

Use display bgp routing-table ipv6 unicast outlabel to display outgoing labels for BGP IPv6 unicast routes.

Syntax

display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] outlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command display outgoing labels of BGP IPv6 unicast routes in the default BGP instance.

Usage guidelines

This command displays outgoing labels for BGP IPv6 unicast routes regardless of whether the unicast keyword is specified.

Examples

# Display outgoing labels for all BGP IPv6 unicast routes.

<Sysname> display bgp routing-table ipv6 outlabel

Total number of routes: 2

BGP local router ID is 2.2.2.2

Status codes: * - valid, > - best, d - dampened, h - history

s - suppressed, S - stale, i - internal, e - external

a - additional-path

Origin: i - IGP, e - EGP, ? - incomplete

* >i Network : 4::4 PrefixLen : 128

NextHop : ::FFFF:3.3.3.3 OutLabel : 1279

* >i Network : 20:: PrefixLen : 64

NextHop : ::FFFF:3.3.3.3 OutLabel : 1278

Table 8 Command output

Field	Description
Status codes	Status codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a - additional-path—Add-Path optimal route.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is INCOMPLETE.
Network	Destination network address.
PrefixLen	Prefix length of the destination network address.
NextHop	Next hop IPv6 address.
OutLabel	Outgoing label of the IPv6 unicast route, which is assigned by the peer 6PE device.

‌

display bgp rpki server

Use display bgp rpki table to display information about connections to RPKI servers.

Syntax

display bgp [ instance instance-name ] rpki server [ [ vpn-instance vpn-instance-name ] { ipv4-address | ipv6-address } ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays information for the default BGP instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays information for the public network.

ipv4-address: Specifies an RPKI server by its IPv4 address.

ipv6-address: Specifies an RPKI server by its IPv6 address.

Examples

# Display brief information about connections to RPKI servers.

<Sysname> display bgp rpki server

Server VPN-index Port State Time ROAs(IPv4/IPv6)

1.1.1.2 0 1234 Establish 00:05:51 1/0

2.2.2.2 0 1234 Establish 00:06:07 3/1

Table 9 Command output

Field	Description
Server	IP address of the RPKI server.
VPN-index	VPN index.
Port	Port number of the RPKI server.
State	Connection state: · Establish—BGP has established a connection to the RPKI server. · Connect—BGP is establishing a connection to the RPKI server. · Shutdown—BGP has not established a connection to the RPKI server.
Time	Duration of the current connection state.
ROAs(IPv4/IPv6)	Number of IPv4/IPv6 ROAs.

‌

# Display detailed information about the connection to RPKI server 2.2.2.1.

<Sysname> display bgp rpki server 2.2.2.1

RPKI Cache-Server 2.2.2.1

Port: TCP port 1234

Local addr: 2.2.2.2, Local port: 14342

Connect state: Establish

Total byte Rx: 72

Total byte Tx: 8

Session ID: 1

Serial number: 1

Last PDU type 7, Time: 00:00:15

Last disconnect reason: Response timer expired

Table 10 Command output

Field	Description
RPKI Cache-Server	IP address of the RPKI server.
Port	Port number of the RPKI server.
Local addr	Local IP address of the connection.
Local port	Local port number of the connection.
Connect state	Connection state: · Establish—BGP has established a connection to the RPKI server. · Connect—BGP is establishing a connection to the RPKI server. · Shutdown—BGP has not established a connection to the RPKI server.
Total byte Rx	Number of received bytes.
Total byte Tx	Number of sent bytes.
Session ID	Session ID assigned by the RPKI server.
Serial number	Serial number assigned by the RPKI server.
Last PDU Type	Type of the most recently received PDU.
Time	Duration of the current connection state.
Last disconnect reason	Reason for the most recent connection interruption: · Configure reset—The port number used to establish the connection was changed or the reset bgp rpki server command was executed. · Receive error report PDU—Received error report packets from the server. · Response timer expired—No response was received within the response time from the RPKI server. · Receive error PDU—Received error packets. · TCP connect failed—The TCP connection was down. · Shutdown port—No port number was specified. · Not enough memory—The memory was insufficient. · Receive cache reset PDU—Received reset packets from the RPKI server.

‌

display bgp rpki table

Use display bgp rpki table to display the ROA information obtained from RPKI servers.

Syntax

display bgp [ instance instance-name ] rpki table { ipv4 [ ipv4-address min min-length max max-length ] | ipv6 [ ipv6-address min min-length max max-length ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv4: Displays information about ROAs with IPv4 prefixes.

ipv4-address: Specifies an IPv4 prefix.

ipv6: Displays information about ROAs with IPv6 prefixes.

ipv6-address: Specifies an IPv6 prefix.

min-length: Specifies the minimum prefix length. The value range for this argument is 0 to 32 for IPv4 prefixes and 0 to 128 for IPv6 prefixes.

max-length: Specifies the maximum prefix length. The value range for this argument is 0 to 32 for IPv4 prefixes and 0 to 128 for IPv6 prefixes.

Examples

# Display brief information about ROAs with IPv4 prefixes.

<Sysname> display bgp rpki table ipv4

Total number of entries: 4

Status codes: S - stale, U - used

Network Mask-range Origin-AS Server Status

1.2.3.4 8-32 100 1.1.1.2 U

5.2.3.4 8-32 100 2.2.2.2 U

6.6.6.6 8-32 100 2.2.2.2 U

7.7.7.7 8-32 20 2.2.2.2 U

Table 11 Command output

Field	Description
Total number of entries	Total number of ROAs.
Network	Network address.
Mask-range	Mask or prefix length range.
Server	IP address of the RPKI server.
Status	ROA state: · U—The ROA is available. · S—The ROA is in aging state.

‌

# Display detailed information about ROAs with IPv4 prefixes.

<Sysname> display bgp rpki table ipv4 5.2.3.4 min 8 max 32

RPKI ROA entry for 5.2.3.4/8-32

Origin-AS: 100 from 2.2.2.1, used

Table 12 Command output

Field

Description

Origin-AS

ROA information:

· AS number.

· IP address of the RPKI server.

· ROA state:

¡ used—The ROA is available.

¡ stale—The ROA is in aging state.

‌

display ttl-security statistics

Use display ttl-security statistics to display GTSM discarded packet statistics.

Syntax

display ttl-security statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays GTSM discarded packet statistics for all cards.

Examples

# Display statistics for packets discarded after GTSM is enabled on slot 1.

<Sysname> display ttl-security statistics slot 1

Slot 1

Protocol Drop Counters

BGP 56

BGP4+ 83

OSPF 15

OSPFv3 0

LDP 0

LDPv6 0

Table 13 Command output

Field

Description

Protocol

Protocol name. Options include the following:

· BGP.

· BGP4+.

· LDP. (This protocol is not supported in the current software version.)

· LDPv6. (This protocol is not supported in the current software version.)

· OSPF.

· OSPFv3.

Drop Counters

Number of discarded packets for the protocol.

‌

Related commands

ospf ttl-security

peer ttl-security

reset ttl-security statistics

ttl-security

domain-distinguisher

Use domain-distinguisher to specify an AS number and a router ID for BGP LS messages.

Use undo domain-distinguisher to restore the default.

Syntax

domain-distinguisher as-number:router-id

undo domain-distinguisher

Default

The AS number and router ID of the current BGP process are used.

Views

BGP LS address family view

Predefined user roles

network-admin

Parameters

as-number:router-id: Specifies the AS number and router ID. The value range for the as-number argument is 1 to 4294967295, and the router ID is in IP address format.

Examples

# Set the AS number and router ID for BGP LS messages to 65009 and 1.1.1.1, respectively.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family link-state

[Sysname-bgp-default-ls] domain-distinguisher 65009:1.1.1.1

ebgp-interface-sensitive

Use ebgp-interface-sensitive to enable immediate re-establishment of direct EBGP sessions.

Use undo ebgp-interface-sensitive to disable immediate re-establishment of direct EBGP sessions.

Syntax

ebgp-interface-sensitive

undo ebgp-interface-sensitive

Default

Immediate re-establishment of direct EBGP sessions is enabled.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

When a direct link to an EBGP peer fails, BGP tears down the session and re-establishes a session to the peer immediately. If the feature is not enabled, the router does not tear down the session until the hold time expires. However, disabling this feature can prevent routing flaps from affecting EBGP session state.

This command applies only to direct EBGP sessions.

Examples

# Enable immediate re-establishment of direct EBGP sessions.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ebgp-interface-sensitive

fast-reroute route-policy

Use fast-reroute route-policy to apply a routing policy to fast reroute (FRR) for a BGP address family.

Use undo fast-reroute route-policy to restore the default.

Syntax

fast-reroute route-policy route-policy-name

undo fast-reroute route-policy

Default

No routing policy is applied to FRR.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Parameters

route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can use the following methods to configure BGP FRR:

· Method 1—Execute the pic command in BGP address family view. BGP calculates a backup next hop for a BGP route in the address family if there are two or more unequal-cost routes to reach the destination.

· Method 2—Execute the fast-reroute route-policy command to use a routing policy in which a backup next hop is specified by using the command apply [ ipv6 ] fast-reroute backup-nexthop. For BGP to generate a backup next hop for the primary route, the backup next hop calculated by BGP must be the same as the specified backup next hop. You can also configure if-match clauses in the routing policy to identify the routes protected by FRR.

If both methods are configured, Method 2 takes precedence over Method 1.

Examples

# Apply routing policy frr-policy to FRR in BGP IPv4 unicast address family view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4

[Sysname-bgp-default-ipv4] fast-reroute route-policy frr-policy

Related commands

apply fast-reroute

apply ipv6 fast-reroute

pic

route-policy

flush suboptimal-route

Use flush suboptimal-route to enable BGP to flush the suboptimal BGP route to the RIB.

Use undo flush suboptimal-route to disable BGP from flushing the suboptimal BGP route to the RIB.

Syntax

flush suboptimal-route

undo flush suboptimal-route

Default

BGP is disabled from flushing the suboptimal BGP route to the RIB. Only the optimal route is flushed to the RIB.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

This command flushes the suboptimal BGP route to the RIB when the following conditions are met:

· The optimal route is generated by the network command or is redistributed by the import-route command.

· The suboptimal route is received from a BGP peer.

After the suboptimal route is flushed to the RIB on a network, BGP immediately switches traffic to the suboptimal route when the optimal route fails.

For example, the device has a static route to the subnet 1.1.1.0/24 that has a higher priority than a BGP route. BGP redistributes the static route and receives a route to 1.1.1.0/24 from a peer. After the flush suboptimal-route command is executed, BGP flushes the received BGP route to the RIB as the suboptimal route. When the static route fails, BGP immediately switches traffic to the suboptimal route if inter-protocol FRR is enabled. For more information about inter-protocol FRR, see Layer 3—IP Routing Configuration Guide.

Examples

# Enable BGP to flush the suboptimal BGP route to the RIB.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] flush suboptimal-route

graceful-restart

Use graceful-restart to enable BGP Graceful Restart (GR) capability.

Use undo graceful-restart to disable BGP GR capability.

Syntax

graceful-restart

undo graceful-restart

Default

BGP GR capability is disabled.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

GR ensures continuous forwarding when BGP restarts or an active/standby switchover occurs.

BGP peers exchange Open messages containing GR information. If both parties have GR capability, they establish a GR-capable session.

After you execute this command, the device re-establishes BGP sessions.

Examples

# Enable GR capability for BGP process 100.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] graceful-restart

Related commands

graceful-restart timer purge-time

graceful-restart timer restart

graceful-restart timer wait-for-rib

graceful-restart peer-reset

Use graceful-restart peer-reset to enable BGP to reset peer sessions gracefully.

Use undo graceful-restart peer-reset to disable BGP from resetting peer sessions gracefully.

Syntax

graceful-restart peer-reset [ all ]

undo graceful-restart peer-reset

Default

BGP does not reset peer sessions gracefully.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

all: Enables BGP to reset peer sessions gracefully when the TCP connection goes down, the hold timer expires, or the support for a new address family is added. If you do not specify this keyword, BGP resets peer sessions gracefully only when the support for a new address family is added.

Usage guidelines

When the TCP connection goes down, the hold timer expires, or the support for a new address family is added, BGP tears down and then re-establishes the peer sessions, which will cause traffic interruption. To avoid traffic interruption in these cases, execute this command to enable BGP to reset peer sessions gracefully.

Examples

# Enable BGP to reset peer sessions gracefully.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] graceful-restart

[Sysname-bgp-default] graceful-restart peer-reset

Related commands

graceful-restart

graceful-restart timer purge-time

Use graceful-restart timer purge-time to set the Routing Information Base (RIB) purge timer.

Use undo graceful-restart timer purge-time to restore the default.

Syntax

graceful-restart timer purge-time timer

undo graceful-restart timer purge-time

Default

The RIB purge timer is 480 seconds.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

timer: Sets the RIB purge timer in the range of 1 to 6000 seconds.

Usage guidelines

BGP starts the RIB purge timer when an active/standby switchover occurs or BGP restarts. If BGP route exchange is not completed within the RIB purge timer, the GR restarter quits the GR process. It updates the RIB with the BGP routes already learned, and removes the stale routes from RIB.

Enable BGP GR before you execute this command.

Set the RIB purge timer to be long enough to complete GR, especially when large numbers of BGP routes exist.

As a best practice, set the RIB purge timer in the following way:

· Set the timer to be greater than the timer set by the graceful-restart timer wait-for-rib command

· Set the timer to be less than the timer set by the protocol lifetime command.

Examples

# Set the RIB purge timer to 300 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] graceful-restart

[Sysname-bgp-default] graceful-restart timer purge-time 300

Related commands

graceful-restart

graceful-restart timer restart

graceful-restart timer wait-for-rib

protocol lifetime (Layer 3—IP Routing Command Reference)

graceful-restart timer restart

Use graceful-restart timer restart to configure the GR timer.

Use undo graceful-restart timer restart to restore the default.

Syntax

graceful-restart timer restart timer

undo graceful-restart timer restart

Default

The GR timer is 150 seconds.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

timer: Specifies the GR timer in the range of 3 to 600 seconds.

Usage guidelines

The GR restarter sends the GR timer to the GR helper in an Open message. When the GR helper detects that an active/standby switchover or a BGP restart occurred on the GR restarter, the GR helper performs the following operations:

1. Marks all routes learned from the GR restarter as stale.

2. Starts the GR timer.

3. If no BGP session is established before the GR timer expires, the GR helper removes the stale routes.

Before you configure this command, enable the BGP GR capability.

To apply a new GR timer, you must re-establish BGP sessions.

Examples

# Set the GR timer to 300 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] graceful-restart

[Sysname-bgp-default] graceful-restart timer restart 300

Related commands

graceful-restart

graceful-restart timer purge-time

graceful-restart timer wait-for-rib

Use graceful-restart timer wait-for-rib to configure the time to wait for the End-of-RIB marker.

Use undo graceful-restart timer wait-for-rib to restore the default.

Syntax

graceful-restart timer wait-for-rib timer

undo graceful-restart timer wait-for-rib

Default

The time to wait for the End-of-RIB marker is 600 seconds.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

timer: Specifies the time to wait for the End-of-RIB marker, in the range of 3 to 3600 seconds.

Usage guidelines

BGP uses this timer to control the time to receive updates from the peer. The timer is not advertised to the peer.

After the GR restarter and GR helper re-establish a BGP session, they start this timer. If they do not complete route exchange within the time period, the GR restarter does not receive new routes. It updates its routing table and forwarding table with learned BGP routes, and the GR helper removes the stale routes. Set a large value for the maximum time to wait for the End-of-RIB marker when a large number of routes exist.

This command controls the routing convergence speed. A smaller timer value means faster routing convergence but possibly results in incomplete routing information.

Before configuring this command, you must enable the BGP GR capability.

Examples

# Set the time to wait for the End-of-RIB marker on the local end to 100 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] graceful-restart

[Sysname-bgp-default] graceful-restart timer wait-for-rib 100

Related commands

graceful-restart

graceful-restart timer purge-time

graceful-restart timer restart

ignore all-peers

Use ignore all-peers to disable BGP session establishment with all peers and peer groups.

Use undo ignore all-peers to restore the default.

Syntax

ignore all-peers [ graceful graceful-time { community { community-number | aa:nn } | local-preference preference | med med } * ]

undo ignore all-peers

Default

BGP can establish sessions to all peers and peer groups.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

graceful graceful-time: Gracefully shuts down BGP sessions to all peers and peer groups in the specified graceful shutdown period of time. The value range for the graceful-time argument is 60 to 65535 seconds. If you do not specify this option, the command immediately shuts down the sessions to all peers and peer groups.

community { community-number | aa:nn }: Specifies the community attribute for routes advertised to all peers and peer groups. The community-number argument represents the community sequence number in the range of 1 to 4294967295. The aa:nn argument represents the community number. Both aa and nn are in the range of 0 to 65535. If you do not specify this option, the command does not change the community attribute for routes advertised to all peers and peer groups.

local-preference preference: Specifies the local preference for routes advertised to all peers and peer groups, in the range of 0 to 4294967295. A larger value represents a higher preference. If you do not specify this option, the command does not change the local preference for routes advertised to all peers and peer groups.

med med: Specifies the MED value for routes advertised to all peers and peer groups, in the range of 0 to 4294967295. The smaller the MED value, the higher the route priority. If you do not specify this option, the command does not change the MED value for routes advertised to all peers and peer groups.

Usage guidelines

CAUTION:

Executing the ignore all-peers command tears down all existing sessions to peers and peer groups and clears all related routing information.

This command enables you to temporarily tear down the BGP sessions to all peers and peer groups. You can perform network upgrade and maintenance without needing to delete and reconfigure the peers and peer groups. To recover the sessions, execute the undo ignore all-peers command.

If you specify the graceful keyword in the ignore all-peers command, BGP performs the following tasks:

· Gracefully shuts down the sessions to all peers and peer groups in the specified graceful shutdown period of time.

· Advertises all routes to all peers and peer groups and changes the attribute for the advertised routes to the specified value.

For a BGP peer or peer group, the configuration made by the peer ignore command takes precedence over the configuration made by the ignore all-peers command.

Examples

# In BGP instance view, configure BGP to gracefully shut down the sessions to all peers and peer groups in 60 seconds, advertise all routes to all peers and peer groups, and change the community attribute and local preference for the advertised routes to 1:1 and 200, respectively.

<Sysname> system-view

[Sysname] bgp 1

[Sysname-bgp-default] ignore all-peers graceful 60 community 1:1 local-preference 200

Related commands

peer ignore

label-allocation-mode

Use label-allocation-mode to specify a label allocation mode.

Use undo label-allocation-mode to restore the default.

Syntax

label-allocation-mode { per-prefix | per-vrf }

undo label-allocation-mode

Default

BGP allocates labels on a per-next-hop basis.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

per-prefix: Allocates a label to each route prefix.

per-vrf: Allocates a label to each VPN instance.

Usage guidelines

CAUTION:

A change to the label allocation mode enables BGP to re-advertise all routes, which will cause temporary service interruption. Use this command with caution.

BGP supports the following label allocation modes:

· Per-prefix—Allocates a label to each route prefix.

· Per-next-hop—Allocates a label to each next hop. This mode is applicable when the number of labels required by the per-prefix mode exceeds the maximum number of labels supported by the device.

· Per-VPN-instance—Allocates a label to each VPN instance. This mode is applicable when the number of labels required by the per-next-hop mode exceeds the maximum number of labels supported by the device.

When you specify the per-prefix or per-next-hop label allocation mode, you can execute the vpn popgo command to specify the POPGO forwarding mode on an egress PE. The egress PE will pop the label for each packet and forward the packet out of the interface corresponding to the label.

When you specify the per-VPN instance label allocation mode, do not execute the vpn popgo command because it is mutually exclusive with the label-allocation-mode per-vrf command. The egress PE will pop the label for each packet and forward the packet through the FIB table.

Examples

# Specify the per-prefix label allocation mode.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] label-allocation-mode per-prefix

labeled-route ignore-no-tunnel

Use labeled-route ignore-no-tunnel to disable optimal route selection for labeled routes without tunnel information.

Use undo labeled-route ignore-no-tunnel to restore the default.

Syntax

labeled-route ignore-no-tunnel

undo labeled-route ignore-no-tunnel

Default

Labeled routes without tunnel information can participate in optimal route selection.

Views

BGP instance view

Predefined user roles

network-admin

Examples

# Disable optimal route selection for labeled routes without tunnel information.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] labeled-route ignore-no-tunnel

nexthop recursive-lookup delay

Use nexthop recursive-lookup delay to set the delay time for responding to recursive next hop changes.

Use undo nexthop recursive-lookup delay to disable BGP from delaying responding to recursive next hop changes.

Syntax

nexthop recursive-lookup [ non-critical-event ] delay [ delay-value ]

undo nexthop recursive-lookup [ non-critical-event ] delay

Default

BGP responds to recursive next hop changes immediately.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP-VPN VPNv4 address family view

BGP IPv6 unicast address family view

BGP LS address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

non-critical-event: Delays responding to noncritical next hop changes. If you do not specify this keyword, BGP delays responding to both critical and noncritical next hop changes.

Next hop changes include the following types:

· Critical route recursion changes—Changes that cause route unreachability and service interruption. For example, a BGP route cannot find a recursive next hop or tunnel because of network failures.

· Noncritical route recursion changes—A recursive or related route changes but the change will not cause route unreachability or service interruption. For example, the recursive interface or tunnel of a BGP route changes but traffic forwarding is not affected.

delay-value: Specifies a delay time in the range of 1 to 240 seconds. The default delay time is 5 seconds.

Usage guidelines

When recursive or related routes change frequently, configure this command to reduce unnecessary path selection and update messages and prevent traffic loss.

To avoid traffic loss, do not configure this command if only one route is available to a specific destination.

Set an appropriate delay time based on your network condition. A short delay time cannot reduce unnecessary path selection or update messages, and a long delay time might cause traffic loss.

When you configure both the nexthop recursive-lookup delay and nexthop recursive-lookup non-critical-event delay commands for an address family, follow these guidelines:

· BGP delays responding to both critical and noncritical next hop changes in the address family.

· For noncritical next hop changes, the delay time specified by the nexthop recursive-lookup non-critical-event delay command takes effect.

If you execute the nexthop recursive-lookup delay command multiple times, the most recent configuration takes effect.

If you execute the nexthop recursive-lookup non-critical-event delay command multiple times, the most recent configuration takes effect.

Examples

# In BGP IPv4 unicast address family view, set the delay time for responding to recursive next hop changes to 100 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] nexthop recursive-lookup delay 100

non-stop-routing

Use non-stop-routing to enable BGP nonstop routing (NSR).

Use undo non-stop-routing to disable BGP NSR.

Syntax

non-stop-routing

undo non-stop-routing

Default

BGP NSR is disabled.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

BGP NSR ensures continuous routing by synchronizing BGP state and data information from the active BGP process to the standby BGP process. The standby BGP process can seamlessly take over all services when the active process fails.

Examples

# Enable BGP NSR.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] non-stop-routing

Related commands

display bgp non-stop-routing status

passwords

Use passwords to set the MD5 authentication password.

Use undo passwords to restore the default.

Syntax

passwords { cipher | simple } string

undo passwords

Default

The MD5 authentication password is not set.

Views

BGP RPKI server view

Predefined user roles

network-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.

Usage guidelines

This command can enhance security in the following ways:

· Perform MD5 authentication when establishing TCP connections. Only the two parties that have the same password configured can establish TCP connections.

· Perform MD5 calculation on the packets transmitted over the TCP connections to avoid packet modification.

Examples

# In BGP RPKI server view, set the MD5 authentication password.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki] server tcp 1.1.1.1

[Sysname-bgp-default-rpki-server] passwords simple 123456

peer additional-paths

Use peer additional-paths to configure the BGP Additional Paths capabilities.

Use undo peer additional-paths to remove the configuration.

Syntax

In BGP-VPN VPNv4 address family view/BGP VPNv6 address family view:

peer { group-name | ipv4-address [ mask-length ] } additional-paths { receive | send } *

undo peer { group-name | ipv4-address [ mask-length ] } additional-paths { receive | send } *

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } additional-paths { receive | send } *

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } additional-paths { receive | send } *

Default

No BGP Additional Paths capabilities are configured.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP-VPN VPNv4 address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command configures the BGP Additional Paths capabilities for all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command configures the BGP Additional Paths capabilities for all dynamic peers in the subnet.

receive: Enables the BGP additional path receiving capability.

send: Enables the BGP additional path sending capability.

Usage guidelines

You can enable the BGP additional path sending, receiving, or both sending and receiving capabilities on a BGP router. For two BGP peers to successfully negotiate the Additional Paths capabilities, make sure one end has the sending capability and the other end has the receiving capability.

Examples

# In BGP IPv4 unicast address family view, enable the BGP additional path receiving capability.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] peer 1.1.1.1 additional-paths receive

peer advertise additional-paths best

Use peer advertise additional-paths best to set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group.

Use undo peer advertise additional-paths best to remove the configuration.

Syntax

In BGP-VPN VPNv4 address family view/BGP VPNv6 address family view:

peer { group-name | ipv4-address [ mask-length ] } advertise additional-paths best number

undo peer { group-name | ipv4-address [ mask-length ] } advertise additional-paths best

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise additional-paths best number

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise additional-paths best

Default

A maximum of one Add-Path optimal route can be advertised to a peer or peer group.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP-VPN VPNv4 address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command sets the maximum number of Add-Path optimal routes that can be advertised to all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command sets the maximum number of Add-Path optimal routes that can be advertised to all dynamic peers in the subnet.

number: Specifies the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group, in the range of 2 to 32.

Usage guidelines

If the number of Add-Path optimal routes advertised to a peer or peer group exceeds the number of optimal routes, the number of optimal routes takes effect.

Examples

# In BGP IPv4 unicast address family view, set the maximum number to 3 for Add-Path optimal routes that can be advertised to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] peer 1.1.1.1 advertise additional-paths best 3

Related commands

additional-paths select-best

peer additional-paths

peer advertise origin-as-validation

Use peer advertise origin-as-validation to configure BGP to advertise the BGP RPKI validation state to a peer or peer group.

Use undo peer advertise origin-as-validation to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise origin-as-validation

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise origin-as-validation

Default

BGP does not advertise the BGP RPKI validation state to any peer or peer groups.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

Usage guidelines

BGP advertises the BGP RPKI validation state to a peer or peer group through the extended community attribute. To configure this command, you must first enable BGP to advertise the extended community attribute to the peer or peer group.

In the current software version, BGP can advertise the BGP RPKI validation state only to IBGP peers and peer groups.

Examples

# In BGP IPv4 unicast address family view, configure BGP to advertise the BGP RPKI validation state to peer group test.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] peer test advertise-ext-community

[Sysname-bgp-default-ipv4] peer test advertise origin-as-validation

peer bfd

Use peer bfd to enable BFD for the link to a BGP peer or peer group.

Use undo peer bfd to remove the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bfd [ echo | multi-hop | single-hop ]

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bfd

Default

BFD is disabled for the link to a BGP peer or peer group.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables BFD for links to all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables BFD for links to all dynamic peers in the subnet.

echo: Specifies the echo packet mode for BFD.

multi-hop: Specifies the control packet mode for multi-hop BFD.

single-hop: Specifies the control packet mode for single-hop BFD.

Usage guidelines

When you do not specify the multi-hop, single-hop, or echo keyword:

· If an IBGP peer or peer group is specified, this command enables multi-hop BFD in control packet mode for the IBGP peer or peer group.

· If a directly connected EBGP peer or peer group is specified and the peer ebgp-max-hop command is not configured, this command enables single-hop BFD in control packet mode for the EBGP peer or peer group. If the EBGP peer or peer group is not directly connected or the peer ebgp-max-hop command is configured, this command enables multi-hop BFD in control packet mode for the EBGP peer or peer group.

Follow these restrictions and guidelines when you configure echo packet mode BFD:

· Echo packet mode BFD is applicable only to directly connected BGP peers.

· Echo packet mode BFD is not applicable to BGP peers established by using a link-local address or loopback interface.

· For successful BFD session establishment, make sure a source address has been specified for echo packets by using the bfd echo-source-ip or bfd echo-source-ipv6 command.

To establish a control packet mode BFD session to a BGP peer, you must configure the same BFD detection mode (multi-hop or single-hop) on the local router and the BGP peer.

For more information about BFD, see BFD configuration in High Availability Configuration Guide.

BFD helps speed up BGP routing convergence upon link failures. However, if you have enabled GR, use BFD with caution. BFD might detect a failure before the system performs GR, resulting in GR failure. If you have enabled both BFD and GR for BGP, do not disable BFD during a GR process to avoid GR failure.

To establish a BFD session to a BGP peer, you must configure the same BFD detection mode (multi-hop or single-hop) on the local router and the BGP peer.

Examples

# In BGP instance view, enable control packet mode single-hop BFD for the link to BGP peer group test.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer test bfd single-hop

Related commands

bfd echo-source-ip (High Availability Command Reference)

bfd echo-source-ipv6 (High Availability Command Reference)

display bfd session (High Availability Command Reference)

display bgp peer

peer bmp server

Use peer bmp server to specify a peer or peer group to be monitored by the specified BMP servers.

Use undo peer bmp server to remove the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bmp server server-number-list

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bmp server

Default

No peer or peer group is specified.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

server-number-list: Specifies a list of up to 8 BMP servers. The value range for the BMP server number is 1 to 8. The BMP servers must have been created.

Usage guidelines

If you execute this command multiple times for a peer or peer group, the most recent configuration takes effect.

Examples

# In BGP instance view, configure BMP server 1 to monitor peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 bmp server 1

Related commands

bmp server

peer capability-advertise conventional

Use peer capability-advertise conventional to disable the BGP multi-protocol extension, route refresh, and 4-byte AS number features for a peer or peer group.

Use undo peer capability-advertise conventional to enable the BGP multi-protocol extension, route refresh, and 4-byte AS number features for a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise conventional

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise conventional

Default

The BGP multi-protocol extension, route refresh, and 4-byte AS number features are enabled.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command disables BGP multi-protocol extension and route refresh for all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command disables BGP multi-protocol extension and route refresh for all dynamic peers in the subnet.

Usage guidelines

The route refresh feature enables BGP to send and receive Route-refresh messages and implement BGP session soft-reset.

The multi-protocol extension feature enables BGP to advertise and receive routing information for various protocols (for example, IPv6 routing information).

The 4-byte AS number feature enables BGP to use 4-byte AS numbers in the range of 1 to 4294967295.

If both the peer capability-advertise conventional and peer capability-advertise route-refresh commands are executed, the most recent configuration takes effect.

Examples

# In BGP instance view, disable the multi-protocol extension, route refresh, and 4-byte AS number features for peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 100

[Sysname-bgp-default] peer 1.1.1.1 capability-advertise conventional

Related commands

display bgp peer

peer capability-advertise route-refresh

peer capability-advertise orf non-standard

Use peer capability-advertise orf non-standard to enable nonstandard ORF capabilities negotiation for a peer or peer group.

Use undo peer capability-advertise orf non-standard to disable nonstandard ORF capabilities negotiation for a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf non-standard

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf non-standard

Default

Nonstandard ORF capabilities negotiation is disabled for a peer or peer group.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ip-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP to negotiate nonstandard ORF capabilities with all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP to negotiate nonstandard ORF capabilities with all dynamic peers in the subnet.

Usage guidelines

To enable BGP peers to negotiate nonstandard ORF capabilities, you must configure this command together with the peer capability-advertise orf prefix-list command.

Examples

# Enable nonstandard ORF capabilities negotiation for peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 capability-advertise orf non-standard

Related commands

peer capability-advertise orf prefix-list

Use peer capability-advertise orf prefix-list to enable BGP ORF capabilities negotiation for a peer or peer group.

Use undo peer capability-advertise orf prefix-list to disable BGP ORF capabilities negotiation for a peer or peer group.

Syntax

In BGP VPNv4 address family view/BGP VPNv6 address family view:

peer { group-name | ipv4-address [ mask-length ] } capability-advertise orf prefix-list { both | receive | send }

undo peer { group-name | ipv4-address [ mask-length ] } capability-advertise orf prefix-list { both | receive | send }

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }

Default

BGP ORF capabilities are disabled.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

both: Enables BGP to send and receive route fresh messages that carry the ORF information.

receive: Enables BGP to receive route fresh messages that carry the ORF information.

send: Enables BGP to send route fresh messages that carry the ORF information.

Usage guidelines

After you configure this command, the BGP peers negotiate the ORF capabilities through Open messages. After completing the negotiation process, the BGP peers can exchange ORF information through route refresh messages. To enable the peers to exchange nonstandard ORF information, you must also configure the peer capability-advertise orf non-standard command.

Examples

# Enables BGP ORF capabilities negotiation for peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4

[Sysname-bgp-default-ipv4] peer 1.1.1.1 capability-advertise orf prefix-list both

Related commands

peer capability-advertise orf non-standard

peer capability-advertise route-refresh

Use peer capability-advertise route-refresh to enable BGP route refresh for a peer or peer group.

Use undo peer capability-advertise route-refresh to disable BGP route refresh for a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise route-refresh

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise route-refresh

Default

BGP route refresh is enabled.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP route refresh for all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP route refresh for all dynamic peers in the subnet.

Usage guidelines

The route refresh feature enables BGP to send and receive Route-refresh messages.

BGP uses the route refresh feature to implement BGP session soft-reset. After a policy is modified, the router advertises a Route-refresh message to the peers. The peers resend their routing information to the router. After receiving the routing information, the router filters the routing information by using the new policy. This method allows you to refresh the BGP routing table and apply the new route selection policy without tearing down BGP sessions.

BGP route refresh requires that both the local router and the peer support route refresh.

If both the peer capability-advertise route-refresh and peer capability-advertise conventional commands are executed, the most recent configuration takes effect.

Examples

# In BGP instance view, enable BGP route refresh for peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 100

[Sysname-bgp-default] peer 1.1.1.1 capability-advertise route-refresh

Related commands

display bgp peer

peer capability-advertise conventional

peer keep-all-routes

refresh bgp

peer capability-advertise suppress-4-byte-as

Use peer capability-advertise suppress-4-byte-as to enable 4-byte AS number suppression.

Use undo peer capability-advertise suppress-4-byte-as to disable 4-byte AS number suppression.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise suppress-4-byte-as

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise suppress-4-byte-as

Default

The 4-byte AS number suppression feature is disabled.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables 4-byte AS number suppression for all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables 4-byte AS number suppression for all dynamic peers in the subnet.

Usage guidelines

BGP supports 4-byte AS numbers. The 4-byte AS number occupies four bytes, in the range of 1 to 4294967295. By default, a device sends an Open message to the peer device for session establishment. The Open message indicates that the device supports 4-byte AS numbers. If the peer device supports 2-byte AS numbers instead of 4-byte AS numbers, the session cannot be established. To resolve this issue, enable the 4-byte AS number suppression feature. The device then sends an Open message to inform the peer that it does not support 4-byte AS numbers, so the BGP session can be established.

If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression feature. If this feature is enabled, the BGP session cannot be established.

Examples

# In BGP instance view, enable 4-byte AS number suppression for peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 100

[Sysname-bgp-default] peer 1.1.1.1 capability-advertise suppress-4-byte-as

Related commands

display bgp peer

peer dscp

Use peer dscp to set a DSCP value for outgoing BGP packets.

Use undo peer dscp to remove the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } dscp dscp-value

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } dscp

Default

The DSCP value for outgoing BGP packets is 48.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies a DSCP value for outgoing BGP packets to all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies a DSCP value for outgoing BGP packets to all dynamic peers in the subnet.

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet. A larger DSCP value represents a higher priority.

Examples

# In BGP instance view, set the DSCP value to 10 for outgoing BGP packets to peer group test.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer test dscp 10

peer flap-dampen

Use peer flap-dampen to configure flap dampening for a peer or peer group.

Use undo peer flap-dampen to disable flap dampening for a peer or peer group.

Syntax

peer { group-name | ipv4-address | ipv6-address } flap-dampen [ max-idle-time max-time | min-established-time min-time ]*

undo peer { group-name | ipv4-address | ipv6-address } flap-dampen

Default

Flap dampening is disabled for all peers and peer groups.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

max-time: Specifies the maximum time during which a BGP peer remains in idle state. The value range for this argument is 1 to 65536 seconds, and the default value is 1800 seconds.

min-time: Specifies the minimum time during which a BGP peer remains in Established state so as to exit the dampened state. The value range for this argument is 1 to 4294967295 seconds, and the default value is 600 seconds.

Usage guidelines

Execute this command to dampen a BGP peer when the peer state frequently changes between up and down. BGP increases the idle time of the peer each time the peer comes up until the maximum idle time is reached. To exit the dampened state, the peer must remain in Established state for a time period longer than the minimum established time. After the peer exits the dampened state, BGP resets the idle time of the peer when the peer comes up again.

Set a maximum idle time and a minimum established time based on your network condition.

Examples

# In BGP instance view, enable flap dampening for peer group test, and set the maximum idle time and minimum established time to 800 seconds and 2000 seconds, respectively.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer test flap-dampen max-idle-time 800 min-established-time 2000

peer graceful-restart timer restart extra

Use peer graceful-restart timer restart extra to set the extra time to wait after the restart timer expires.

Use undo peer graceful-restart timer restart extra to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } graceful-restart timer restart extra { time | no-limit }

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } graceful-restart timer restart extra

Default

The extra time to wait after the restart timer expires is 0 seconds.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

time: Specifies the extra time to wait after the restart timer expires, in the range of 0 to 86400 seconds.

no-limit: Sets an unlimited time to wait for BGP session re-establishment.

Usage guidelines

After the active/standby switchover or BGP restart completes, the GR helper marks the routes it learned from the GR restarter as stale routes. If the GR helper fails to establish a BGP session after both the GR timer and the extra timer to wait expire, the GR helper removes the stale routes.

Examples

# Set the extra time to wait after the restart timer expires to 100 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 10.1.100.2 graceful-restart timer restart extra 100

Related commands

graceful-restart timer restart

peer ignore

Use peer ignore to disable BGP session establishment with a peer or peer group.

Use undo peer ignore to enable BGP session establishment with a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ignore [ graceful graceful-time { community { community-number | aa:nn } | local-preference preference | med med } * ]

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ignore

Default

BGP can establish a session to a peer or peer group.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, BGP tears down sessions to all dynamic peers in the subnet.

graceful graceful-time: Gracefully shuts down the session to a peer or peer group in the specified graceful shutdown period of time. The value range for the graceful-time argument is 60 to 65535 seconds. If you do not specify this option, the command immediately shuts down the session to the peer or peer group.

community { community-number | aa:nn }: Specifies the community attribute for advertised routes. The community-number argument represents the community sequence number in the range of 1 to 4294967295. The aa:nn argument represents the community number. Both aa and nn are in the range of 0 to 65535. If you do not specify this option, the command does not change the community attribute for advertised routes.

local-preference preference: Specifies the local preference for advertised routes, in the range of 0 to 4294967295. A larger value represents a higher preference. If you do not specify this option, the command does not change the local preference for advertised routes.

med med: Specifies the MED value for advertised routes, in the range of 0 to 4294967295. The smaller the MED value, the higher the route priority. If you do not specify this option, the command does not change the MED value for advertised routes.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet in this command, BGP tears down sessions to all dynamic peers in the subnet.

Usage guidelines

CAUTION:

· If a session has been established to a peer, executing this command for the peer tears down the session and clears all related routing information.

· If sessions have been established to a peer group, executing this command for the peer group tears down the sessions to all peers in the group and clears all related routing information.

This command enables you to temporarily tear down the BGP session to a peer or peer group. You can perform network upgrade and maintenance without needing to delete and reconfigure the peer or peer group. To recover the session, execute the undo peer ignore command.

If you specify the graceful keyword in the peer ignore command, BGP performs the following tasks:

· Gracefully shuts down the session to the specified peer or peer group in the specified graceful shutdown period of time.

· Advertises all routes to the specified peer or peer group and changes the attribute for the advertised routes to the specified value.

· Advertises routes from the specified peer or peer group to other IBGP peers and peer groups and changes the attribute for the advertised routes to the specified value.

For a BGP peer or peer group, the configuration made by the peer ignore command takes precedence over the configuration made by the ignore all-peers command.

Examples

# In BGP instance view, disable session establishment with peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 ignore

# In BGP instance view, configure BGP to gracefully shut down the session to peer 1.1.1.1 in 60 seconds, advertise all routes to peer 1.1.1.1, and change the community attribute and local preference for the advertised routes to 1:1 and 200, respectively.

<Sysname> system-view

[Sysname] bgp 1

[Sysname-bgp-default] peer 1.1.1.1 ignore graceful 60 community 1:1 local-preference 200

Related commands

ignore all-peers

peer ipsec-profile

Use peer ipsec-profile to apply an IPsec profile to an IPv6 BGP peer or peer group.

Use undo peer ipsec-profile to remove the IPsec profile from an IPv6 BGP peer or peer group.

Syntax

peer { group-name | ipv6-address [ prefix-length ] } ipsec-profile profile-name

undo peer { group-name | ipv6-address [ prefix-length ] } ipsec-profile

Default

No IPsec profile is configured for any IPv6 BGP peers or peer groups.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command applies an IPsec profile to all dynamic peers in the subnet.

profile-name: Specifies an IPsec profile by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

IPsec can protect IPv6 BGP packets from data eavesdropping, tampering, and attacks caused by forged IPv6 BGP packets.

When two IPv6 BGP neighbor devices, for example Device A and Device B, are configured with IPsec, Device A encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully receives and decapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A or learns IPv6 BGP routes to Device A. If Device B receives but fails to decapsulate the packet, or receives a packet not protected by IPsec, it discards the packet.

To use IPsec to protect IPv6 BGP packets, take the following steps:

1. Configure an IPsec transform set.

2. Configure a manual IPsec profile.

3. Execute this command to apply the IPsec profile to an IPv6 BGP peer or peer group.

For more information about IPsec transform sets and IPsec profiles, see Security Configuration Guide.

This command supports only IPsec profiles in manual mode.

If you configure IPsec on a device, you must configure IPsec on its IPv6 BGP peer. Otherwise, the peer cannot receive IPv6 BGP packets from the device.

Examples

# In BGP instance view, apply IPsec profile profile001 to peer group test.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer test ipsec-profile profile001

Related commands

display bgp group

display bgp peer

peer keep-all-routes

Use peer keep-all-routes to save all route updates from a peer or peer group, regardless of whether the routes have passed the configured routing policy.

Use undo peer keep-all-routes to remove the configuration.

Syntax

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } keep-all-routes

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } keep-all-routes

Default

Route updates from a peer or peer group are not saved.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command saves all route updates from all dynamic peers in the subnet, regardless of whether the routes have passed the configured routing policy.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command saves all route updates from all dynamic peers in the subnet, regardless of whether the routes have passed the configured routing policy.

Usage guidelines

To implement BGP session soft-reset when the local router and a peer or peer group do not support the route refresh feature, use the peer keep-all-routes command. The command saves all route updates received from the peer or peer group. After modifying the route selection policy, filter all saved routes with the new policy to refresh the routing table. This method avoids tearing down BGP sessions.

Examples

# In BGP IPv4 unicast address family view, save all route updates from peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] peer 1.1.1.1 keep-all-routes

Related commands

peer capability-advertise route-refresh

refresh bgp

peer keychain

Use peer keychain to enable keychain authentication for a BGP peer or peer group.

Use undo peer keychain to remove keychain authentication for a BGP peer or peer group.

Syntax

peer { group-name | ip-address [ mask-length ] | ipv6-address [ prefix-length ] } keychain keychain-name

undo peer { group-name | ip-address [ mask-length ] | ipv6-address [ prefix-length ] } keychain

Default

Keychain authentication is disabled.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ip-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ip-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables keychain authentication for all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables keychain authentication for all dynamic peers in the subnet.

keychain-name: Specifies a keychain by its name, a case-sensitive string of 1 to 63 characters. The keychain must have been created.

Usage guidelines

Keychain authentication enhances the security of BGP in the following ways:

· BGP peers can establish TCP connections only when they use the same key for keychain authentication.

· The keys used by the BGP peers at the same time must have the same ID.

· The keys with the same ID must use the same authentication algorithm and key string.

BGP supports the HMAC-MD5 and MD5 authentication algorithms. To specify an authentication algorithm for a key, use the authentication-algorithm command.

The ID of keys used for authentication can only be in the range of 0 to 63. To create a key, use the key command.

The peer keychain and peer password commands are mutually exclusive.

Examples

# In BGP instance view, configure peer 10.1.1.1 to use keychain abc for authentication.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 10.1.1.1 as-number 100

[Sysname-bgp-default] peer 10.1.1.1 keychain abc

Related commands

authentication-algorithm (Security Command Reference)

key (Security Command Reference)

peer label-route-capability

Use peer label-route-capability to enable BGP to exchange labeled routes with a peer or peer group.

Use undo peer label-route-capability to disable BGP from exchanging labeled routes with a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] } label-route-capability

undo peer { group-name | ipv4-address [ mask-length ] } label-route-capability

Default

BGP cannot exchange labeled routes with a peer or peer group.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, BGP exchanges labeled routes with all dynamic peers in the subnet.

Usage guidelines

On an inter-AS option C network, use this command in BGP IPv4 unicast or BGP-VPN IPv4 unicast address family view to exchange labeled IPv4 unicast routes for inter-AS public LSP establishment.

On a 6PE network, use this command in BGP IPv6 unicast address family view to exchange labeled IPv6 unicast routes for forwarding IPv6 packets over an IPv4 network.

Examples

# In BGP IPv4 unicast address family view, enable BGP to exchange labeled IPv4 routes with peer 2.2.2.2.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4

[Sysname-bgp-default-ipv4] peer 2.2.2.2 label-route-capability

peer low-memory-exempt

Use peer low-memory-exempt to configure BGP to protect EBGP peers or peer groups when the memory usage reaches level 2 threshold.

Use undo peer low-memory-exempt to remove the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } low-memory-exempt

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } low-memory-exempt

Default

When the memory usage reaches level 2 threshold, BGP tears down an EBGP session to release memory resources periodically.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, BGP protects all dynamic peers in the subnet when the memory usage reaches level 2 threshold.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet in this command, BGP protects all dynamic peers in the subnet when the memory usage reaches level 2 threshold.

Usage guidelines

When level 2 memory usage threshold is reached, BGP tears down an EBGP session to release memory resources periodically until the memory usage is exempt from level 2 threshold. You can use this command to avoid tearing down the BGP session to an EBGP peer when memory usage reaches level 2 threshold. For more information about thresholds, see Fundamentals Configuration Guide.

Examples

# In BGP instance view, configure BGP to protect EBGP peer 1.1.1.1 when the memory usage reaches level 2 threshold.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 200

[Sysname-bgp-default] peer 1.1.1.1 low-memory-exempt

peer mpls-local-ifnet disable

Use peer mpls-local-ifnet disable to disable MPLS local IFNET tunnel establishment to the specified EBGP peer or peer group.

Use undo peer mpls-local-ifnet disable to restore the default.

Syntax

peer { group name | ipv4-address [ mask-length ] } mpls-local-ifnet disable

undo peer { group name | ipv4-address [ mask-length ] } mpls-local-ifnet disable

Default

MPLS local IFNET tunnel establishment is enabled. Two MP-EBGP peers automatically establish an MPLS local IFNET tunnel after they exchange labeled routes and VPNv4 routes.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, the command takes effect on all dynamic peers in the subnet.

Usage guidelines

An MPLS local IFNET tunnel is automatically established between MP-EBGP peers. Only directly connected MP-EBGP peers are able to forward traffic through this tunnel.

For two indirectly connected MP-EBGP peers, traffic between them is interrupted upon failover to the MPLS local IFNET tunnel. To avoid this issue, you can disable BGP from establishing MPLS local IFNET tunnels to the specified EBGP peer or peer group.

When you configure this command, follow these restrictions and guidelines:

· Disabling MPLS local IFNET tunnel establishment deletes the MPLS local IFNET tunnels already established to the specified EBGP peer or peer group.

· Disabling BGP from establishing MPLS local IFNET tunnels to directly connected EBGP peers and peer groups will cause traffic loss. Make sure you fully understand the impact before performing the operation.

Examples

# In BGP instance view, create an EBGP peer 1.1.1.1, and then disable MPLS local IFNET tunnel establishment to EBGP peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 200

[Sysname-bgp-default] peer 1.1.1.1 mpls-local-ifnet disable

Related commands

display mpls lsp (MPLS Command Reference)

peer nexthop-recursive-policy disable

Use peer nexthop-recursive-policy disable to disable route recursion policy control for routes received from the specified peer or peer group.

Use undo peer nexthop-recursive-policy disable to remove the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } nexthop-recursive-policy disable

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } nexthop-recursive-policy disable

Default

The route recursion policy applies to routes received from the specified peer or peer group.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

Usage guidelines

If you configure routing policy-based recursive lookup for BGP routes, this route recursion policy applies to BGP routes learned from all peers. This command allows you to disable route recursion policy control for routes learned from certain peers, for example, direct EBGP peers.

Examples

# In BGP instance view, disable route recursion policy control for routes received from peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 200

[Sysname-bgp-default] peer 1.1.1.1 nexthop-recursive-policy disable

Related commands

protocol nexthop recursive-lookup

peer password

Use peer password to enable MD5 authentication for a BGP peer or peer group.

Use undo peer password to remove MD5 authentication for a BGP peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password { cipher | simple } password

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password

Default

MD5 authentication is disabled.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

password: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.

Usage guidelines

You can enable MD5 authentication to enhance security using the following methods:

· Perform MD5 authentication when establishing TCP connections. Only the two parties that have the same password configured can establish TCP connections.

· Perform MD5 calculation on TCP segments to avoid modification to the encapsulated BGP packets.

The peer password and peer keychain commands are mutually exclusive.

Examples

# In BGP instance view, perform MD5 authentication on the TCP connection between local router 10.1.100.1 and peer router 10.1.100.2. Set the authentication password to aabbcc in plaintext form.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 10.1.100.2 password simple aabbcc

peer reflect-nearby-group

Use peer reflect-nearby-group to specify a peer or peer group as a client of the nearby cluster.

Use undo peer reflect-nearby-group to remove a peer or peer group from the nearby cluster.

Syntax

peer { group-name | ipv4-address [ mask-length ] } reflect-nearby-group

undo peer { group-name | ipv4-address [ mask-length ] } reflect-nearby-group

Default

The nearby cluster does not have any clients.

Views

BGP VPNv4 address family view

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet as clients of the nearby cluster.

Usage guidelines

The RR does not change the next hop of routes reflected to clients in the nearby cluster.

After you specify the RR as the next hop of routes to be reflected, you can execute this command to add a peer or peer group to the nearby cluster. Then, the RR does not change the next hop of routes reflected to the peer or peer group.

To specify the RR as the next hop of routes to be reflected, perform one of the following tasks:

· Execute the reflect change-path-attribute command on the RR to allow the RR to change the attributes of routes to be reflected. Then, execute the peer next-hop-local command to set the local router as the next hop of routes sent to a peer or peer group.

· Execute the reflect change-path-attribute command on the RR to allow the RR to change the attributes of routes to be reflected. Then, use a routing policy to set the RR as the next hop of routes to be reflected.

Examples

# In BGP VPNv4 address family view, specify peer 1.1.1.1 as a client of the nearby cluster.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 reflect-nearby-group

peer route-mode

Use peer route-mode enable BGP to send routes exchanged with the specified monitored peer or peer group to the BMP server

Use undo peer route-mode to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-mode { adj-rib-in { pre-policy | post-policy | both } | adj-rib-out { pre-policy | post-policy | both } } *

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-mode

Default

BGP determines whether to send routes exchanged with a peer or peer group to the BMP server based on the following configurations:

· Configuration of the route-mode adj-rib-in command in BMP server view.

· Configuration of the route-mode adj-rib-out command in BMP server view.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

adj-rib-in: Sends routes received from the specified monitored peer or peer group to the BMP server.

adj-rib-out: Sends routes advertised to the specified monitored peer and peer group to the BMP server.

pre-policy: Sends routes to the BMP server without route filtering.

post-policy: Sends routes to the BMP server after route filtering.

both: Sends both filtered and unfiltered routes to the BMP server.

Usage guidelines

To enable BGP to send routes exchanged with a peer or peer group to the BMP server, make sure BGP has established a TCP connection to the BMP server.

The configuration of the route-mode adj-rib-in or route-mode adj-rib-out command in BMP server view takes effect on all peers and peer groups. The configuration of the peer route-mode command in BGP instance view or BGP-VPN instance view takes effect only on the specified peer or peer group. The configuration of the peer route-mode command takes precedence over the configuration of the route-mode adj-rib-in or route-mode adj-rib-out command.

If you execute this command multiple times for a peer or peer group, the most recent configuration takes effect.

Examples

# Send routes received from peer 1.1.1.1 to the BMP server without route filtering.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] peer 1.1.1.1 route-mode adj-rib-in pre-policy

peer soo

Use peer soo to configure the Site of Origin (SoO) attribute for a BGP peer or peer group.

Use undo peer soo to remove the configuration.

Syntax

In BGP-VPN VPNv4 address family view/BGP VPNv6 address family view:

peer { group-name | ipv4-address [ mask-length ] } soo site-of-origin

undo peer { group-name | ipv4-address [ mask-length ] } soo

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } soo site-of-origin

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } soo

In BGP-VPN IPv6 unicast address family view:

peer { group-name | ipv6-address [ prefix-length ] } soo site-of-origin

undo peer { group-name | ipv6-address [ prefix-length ] } soo

Default

No SoO attribute is configured for a peer or peer group.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP-VPN VPNv4 address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

site-of-origin: Specifies the SoO attribute, a string of 3 to 24 characters. The SoO attribute has the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 100:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

· 32-bit IP address/IPv4 address mask length:16-bit user-defined number. For example, 192.168.122.15/24:1.

· 32-bit AS number in dotted format:16-bit user-defined number. For example, 65535.65535:1.

Usage guidelines

The SoO attribute specifies the site where the route was originated. It prevents advertising a route back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops.

After you configure the SoO attribute for a BGP peer or peer group, BGP adds the SoO attribute into the route updates received from the BGP peer or peer group. Before advertising route updates to the peer or peer group, BGP checks the SoO attribute of the route update against the configured SoO attribute. If they are the same, BGP does not advertise the route updates to the BGP peer or peer group to avoid loops.

If a PE configured with AS number substitution connects to multiple CEs in the same VPN site through different interfaces, routing loops will occur. To avoid routing loops, configure the same SoO attribute for the CEs on the PE.

Examples

# In BGP IPv4 unicast address family view, set the SoO attribute to 100:1 for peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4

[Sysname-bgp-default-ipv4] peer 1.1.1.1 soo 100:1

Related commands

peer substitute-as

peer ttl-security

Use peer ttl-security to configure Generalized TTL Security Mechanism (GTSM) for a BGP peer or peer group.

Use undo peer ttl-security to disable BGP GTSM for a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ttl-security hops hop-count

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ttl-security hops

Default

GTSM is disabled for BGP.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

hops hop-count: Specifies the maximum number of hops to the specified peer, in the range of 1 to 254.

Usage guidelines

GTSM protects a BGP session by comparing the TTL value of an incoming IP packet against the valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded.

The valid TTL range is from 255 – the configured hop count + 1 to 255.

When GTSM is configured, the BGP packets sent by the device have a TTL of 255.

When GTSM is configured, the local device can establish an EBGP session to the peer after they pass GTSM check, regardless of whether the maximum number of hops is reached.

To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values for them.

Examples

# In BGP instance view, enable GTSM for BGP peer group test and set the maximum number of hops to the specified peer in the peer group to 1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer test ttl-security hops 1

Related commands

peer ebgp-max-hop

pic

Use pic to enable BGP FRR for a BGP address family.

Use undo pic to disable BGP FRR for a BGP address family.

Syntax

pic

undo pic

Default

BGP FRR is disabled.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Usage guidelines

FRR is used in a dual-homing network to protect a primary route with a backup route. It uses ARP (for IPv4), ND (for IPv6), or echo-mode BFD (for IPv4) to detect the connectivity of the primary route. When the primary route fails, BGP directs packets to the backup route.

After you enable FRR, BGP calculates a backup route for each BGP route in the address family if there are two or more unequal-cost routes to reach the destination.

You can also configure BGP FRR by using the fast-reroute route-policy command, which takes precedence over the pic command. For more information about routing policies, see Layer 3—IP Routing Configuration Guide.

Use the pic command with caution because it might cause routing loops in specific scenarios.

Examples

# Enable BGP FRR in BGP IPv4 unicast address family view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] pic

Related commands

fast-reroute route-policy

port

Use port to specify the port number of the RPKI server.

Use undo port to restore the default.

Syntax

port port-number

undo port

Default

The port number of the RPKI server is not specified.

Views

BGP RPKI server view

Predefined user roles

network-admin

Parameters

port-number: Specifies the port number of the RPKI server, in the range of 1 to 65535.

Usage guidelines

After you specify the IP address and port number of the RPKI server, the device automatically establishes a TCP connection to the server.

Make sure the specified port number is the same as the port number used by the RPKI server.

Changing the port number will cause temporary connection interruption.

Examples

# In BGP RPKI server view, specify 1234 as the port number of the RPKI server.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki] server tcp 1.1.1.1

[Sysname-bgp-default-rpki-server] port 1234

Related commands

server tcp

primary-path-detect bfd

Use primary-path-detect bfd to configure BGP FRR to use BFD to detect next hop connectivity for the primary route.

Use undo primary-path-detect bfd to restore the default.

Syntax

primary-path-detect bfd { ctrl | echo }

undo primary-path-detect bfd

Default

BGP FRR uses ARP to detect the connectivity to the next hop of the primary route.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

ctrl: Uses control-mode BFD to detect the connectivity to the next hop of the primary route.

echo: Uses echo-mode BFD to detect the connectivity to the next hop of the primary route.

Examples

# In BGP instance view, configure BGP FRR to use echo-mode BFD to detect next hop connectivity for the primary route.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] primary-path-detect bfd echo

Related commands

fast-reroute route-policy

pic

purge-time

Use purge-time to set the aging time for the ROA information.

Use undo purge-time to restore the default.

Syntax

purge-time purge-time

undo purge-time

Default

The aging time for the ROA information is 60 seconds.

Views

BGP RPKI server view

Predefined user roles

network-admin

Parameters

purge-time: Specifies the aging time for the ROA information, in the range of 30 to 360 seconds.

Usage guidelines

When the connection between a router and an RPKI server goes down (except when the shutdown command is executed), the router takes the following actions:

· Attempts to reconnect to the server.

· Places the ROA information obtained from the server in aging state, and starts the aging timer for the ROA information.

If the router reconnects to the server before the aging timer expires, it releases the ROA information from the aging state. If the router fails to reconnect to the server when the aging timer expires, it deletes the ROA information obtained from the server.

Examples

# Set the aging time for the ROA information to 150 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki] server tcp 1.1.1.1

[Sysname-bgp-default-rpki-server] purge-time 150

refresh bgp

Use refresh bgp to manually soft-reset BGP sessions.

Syntax

refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } ipv4 [ rtfilter | sr-policy | [ flowspec | unicast ] [ vpn-instance vpn-instance-name ] ]

refresh bgp [ instance instance-name ] ipv6-address [ mask-length ] { export | import } ipv4 [ unicast ] [ vpn-instance vpn-instance-name ]

refresh bgp [ instance instance-name ] { ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } ipv6 [ flowspec | unicast ] [ vpn-instance vpn-instance-name ]

refresh bgp [ instance instance-name ] ipv4-address [ mask-length ] { export | import } ipv6 [ unicast ] [ vpn-instance vpn-instance-name ]

refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } link-state

refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } vpnv4 [ flowspec | vpn-instance vpn-instance-name ]

refresh bgp [ instance instance-name ] ipv6-address [ prefix-length ] { export | import } vpnv4

refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } vpnv6 [ flowspec ]

refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } l2vpn evpn

Views

User view

Predefined user roles

network-admin

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command soft-resets BGP sessions for the default BGP instance.

ipv4-address: Soft-resets the BGP session to a peer specified by its IP address.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command soft-resets BGP sessions to all dynamic peers in the subnet.

ipv6-address: Soft-resets the BGP session to a peer specified by its IPv6 address.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command soft-resets BGP sessions to all dynamic peers in the subnet.

all: Soft-resets all BGP sessions.

external: Soft-resets all EBGP sessions.

group group-name: Soft-resets the BGP sessions to the peers of the specified peer group. The group-name argument refers to the name of a peer group, a case-sensitive string of 1 to 47 characters.

internal: Soft-resets all IBGP sessions.

export: Performs outbound soft-reset (filters routes advertised to the specified peer or peer group by using the new configuration).

import: Performs inbound soft-reset (filters routes received from the specified peer or peer group by using the new configuration).

ipv4: Soft-resets BGP sessions for IPv4 address family.

ipv6: Soft-resets BGP sessions for IPv6 address family.

link-state: Soft-resets BGP sessions for LS address family.

rtfilter: Soft-resets BGP sessions for IPv4 RT filter address family.

sr-policy: Soft-resets BGP sessions for IPv4 SR policy address family.

unicast: Soft-resets BGP sessions for unicast address family.

vpnv4: Soft-resets BGP sessions for VPNv4 address family.

vpnv6: Soft-resets BGP sessions for VPNv6 address family.

l2vpn: Soft-resets BGP sessions for L2VPN address family.

evpn: Soft-resets BGP sessions for EVPN address family.

flowspec: Soft-resets BGP sessions for flowspec address family

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command soft-resets BGP sessions for the specified address family on the public network.

Usage guidelines

A soft-reset operation enables the router to apply a new route selection policy without tearing down BGP connections.

To apply a new policy to outbound BGP sessions, execute this command with the export keyword. The router uses the new policy to filter routing information and sends the routing information that passes the filtering to the BGP peers.

To apply a new policy to inbound sessions, execute this command with the import keyword. The router advertises a route-refresh message to the peer and the peer resends its routing information to the router. After receiving the routing information, the router uses the new policy to filter the routing information.

This command requires that both the local router and the peer support route refresh.

If the peer keep-all-routes command is configured, the refresh bgp import command does not take effect.

By default, the unicast keyword is used if none of the flowspec, unicast, or sr-policy keyword is specified.

Examples

# Soft-reset all inbound BGP sessions for the IPv4 unicast address family.

<Sysname> refresh bgp all import ipv4

Related commands

peer capability-advertise route-refresh

peer keep-all-routes

refresh-time

Use refresh-time to set the RPKI connection check interval.

Use undo refresh-time to restore the default.

Syntax

refresh-time refresh-time

undo refresh-time

Default

The RPKI connection check interval is 600 seconds.

Views

BGP RPKI server view

Predefined user roles

network-admin

Parameters

refresh-time: Specifies the RPKI connection check interval in the range of 15 to 3600 seconds.

Usage guidelines

After a router establishes a TCP connection with an RPKI server, the router checks the connection at the specified interval. If the router does not receive a response from the RPKI server within the specified time period, it tears down the connection to the RPKI server.

Examples

# Set the RPKI connection check interval to 15 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki] server tcp 1.1.1.1

[Sysname-bgp-default-rpki-server] refresh-time 15

Related commands

response-time

reset bgp bmp server statistics

Use reset bgp bmp server statistics to clear BMP server statistics.

Syntax

reset bgp [ instance instance-name ] bmp server server-number statistics

Views

User view

Predefined user roles

network-admin

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command clears the BMP server statistics of the default BGP instance.

server-number: Specifies a BMP server by its number in the range of 1 to 8.

Examples

# Clear the statistics of BMP server 1.

<Sysname> reset bgp bmp server 1 statistics

Related commands

display bgp bmp server

reset bgp rpki server

Use reset bgp rpki server to reset BGP RPKI sessions.

Syntax

reset bgp [ instance instance-name ] rpki server [ vpn-instance vpn-instance-name ] tcp { ipv4 address | ipv6 address }

Views

User view

Predefined user roles

network-admin

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command resets BGP RPKI sessions for the default BGP instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command resets BGP RPKI sessions for the public network.

ipv4-address: Specifies an RPKI server by its IPv4 address.

ipv6-address: Specifies an RPKI server by its IPv6 address.

Usage guidelines

After you execute this command, the device will delete and re-establish the specified BGP RPKI session and cause temporary session interruption.

Examples

# Reset the BGP RPKI session to RPKI server 2.2.2.1.

<Sysname> reset bgp rpki server tcp 2.2.2.1

reset ttl-security statistics

Use reset ttl-security statistics to clear GTSM discarded packet statistics.

Syntax

reset ttl-security statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears GTSM discarded packet statistics for all cards.

Examples

# Clear all GTSM discarded packet statistics.

<Sysname> reset ttl-security statistics

Related commands

display ttl-security statistics

ospf ttl-security

peer ttl-security

ttl-security

response-time

Use response-time to set the time to wait for the response from the RPKI server.

Use undo response-time to restore the default.

Syntax

response-time response-time

undo response-time

Default

The time to wait for the response from the RPKI server is 30 seconds.

Views

BGP RPKI server view

Predefined user roles

network-admin

Parameters

response-time: Specifies the time to wait for the response from the RPKI server, in the range of 15 to 3600 seconds.

Usage guidelines

A router checks the connection to an RPKI server at the check interval. If the router does not receive a response from the RPKI server within the specified time period, it tears down the connection to the RPKI server.

Examples

# Set the time to wait for the response from RPKI server 1.1.1.1 to 15 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki] server tcp 1.1.1.1

[Sysname-bgp-default-rpki-server] response-time 15

Related commands

refresh-time

retain local-label

Use retain local-label to set an update delay for local MPLS labels.

Use undo retain local-label to restore the default.

Syntax

retain local-label retain-time

undo retain local-label

Default

The update delay is 60 seconds.

Views

BGP instance view

Predefined user roles

network-admin

Parameters

retain-time: Specifies the update delay in the range of 1 to 21845 seconds.

Usage guidelines

BGP includes local MPLS labels in advertised VPNv4 routes, VPNv6 routes, labeled IPv4 unicast routes, and labeled IPv6 unicast routes.

When a local label is changed, BGP removes the old label and advertises the new label. Traffic interruption occurs if BGP peers use the old label to forward packets before they learn the new label. To resolve this issue, configure an update delay for local MPLS labels. BGP does not remove the old label before the update delay timer expires.

Examples

# Set the update delay for local MPLS labels to 100 seconds.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] retain local-label 100

route-mode adj-rib-in

Use route-mode adj-rib-in to enable BGP to send routes received from all the monitored peers and peer groups to the BMP server.

Use undo route-mode adj-rib-in to restore the default.

Syntax

route-mode adj-rib-in [ pre-policy | post-policy | both ]

undo route-mode adj-rib-in

Default

BGP sends routes received from all the monitored peers and peer groups to the BMP server without route filtering.

Views

BMP server view

Predefined user roles

network-admin

Parameters

pre-policy: Sends routes to the BMP server without route filtering.

post-policy: Sends routes to the BMP server after route filtering.

both: Sends both filtered and unfiltered routes to the BMP server.

Usage guidelines

To enable BGP to send routes received from all monitored peers and peer groups to the BMP server, make sure BGP has established a TCP connection to the BMP server.

If you do not specify any parameters, the command sends routes received from all the monitored peers and peer groups to the BMP server without route filtering.

The configuration of the route-mode adj-rib-in command takes effect on all peers and peer groups. The configuration of the peer route-mode command in BGP instance view or BGP-VPN instance view takes effect only on the specified peer or peer group. The configuration of the peer route-mode command takes precedence over the configuration of the route-mode adj-rib-in command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable BGP to send routes received from all the monitored peers and peer groups to the BMP server after route filtering.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] route-mode adj-rib-in post-policy

route-mode adj-rib-out

Use route-mode adj-rib-out to enable BGP to send routes advertised to all the monitored peers and peer groups to the BMP server.

Use undo route-mode adj-rib-out to restore the default.

Syntax

route-mode adj-rib-out [ pre-policy | post-policy | both ]

undo route-mode adj-rib-out

Default

BGP does not send routes advertised to a monitored peer or peer group to the BMP server.

Views

BMP server view

Predefined user roles

network-admin

Parameters

pre-policy: Sends routes to the BMP server without route filtering.

post-policy: Sends routes to the BMP server after route filtering.

both: Sends both filtered and unfiltered routes to the BMP server.

Usage guidelines

To enable BGP to send routes advertised to all monitored peers and peer groups to the BMP server, make sure BGP has established a TCP connection to the BMP server.

If you do not specify any parameters, the command sends routes advertised to all the monitored peers and peer groups to the BMP server after route filtering.

The configuration of the route-mode adj-rib-out command takes effect on all peers and peer groups. The configuration of the peer route-mode command in BGP instance view or BGP-VPN instance view takes effect only on the specified peer or peer group. The configuration of the peer route-mode command takes precedence over the configuration of the route-mode adj-rib-out command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Enable BGP to send routes advertised to all the monitored peers and peer groups to the BMP server without route filtering.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] route-mode adj-rib-out pre-policy

route-mode loc-rib

Use route-mode loc-rib to configure BGP to send the optimal routes in the routing table to the BMP server.

Use undo route-mode loc-rib to restore the default.

Syntax

route-mode loc-rib

undo route-mode loc-rib

Default

BGP does not send the optimal routes in the routing table to the BMP server.

Views

BMP server view

Predefined user roles

network-admin

Usage guidelines

Before executing this command, make sure BGP has established a TCP connection to the BMP server.

With this command configured, BGP sends all routes to the BMP server first. If routes update later, BGP sends only the optimal routes to the server.

This command takes effect only on BGP IPv4 unicast and BGP-VPN IPv4 unicast routes.

Examples

# Configure BGP to send the optimal routes in the routing table to the BMP server.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] route-mode loc-rib

route-select delay

Use route-select delay to configure optimal route selection delay.

Use undo route-select delay to restore the default.

Syntax

route-select delay delay-value

undo route-select delay

Default

The optimal route selection delay timer is 0 seconds, which means optimal route selection is not delayed.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv4 address family view

BGP VPNv6 address family view

BGP LS address family view

BGP IPv4 RT filter address family view

BGP IPv4 SR policy address family view

Predefined user roles

network-admin

Parameters

delay-value: Specifies the optimal route selection delay timer in the range of 0 to 600 seconds. A value of 0 means optimal route selection is not delayed.

Usage guidelines

To avoid packet loss caused by path switchover, configure this command to delay optimal route selection upon a route change.

Follow these restrictions and guidelines when you configure the command:

· The optimal route selection delay setting applies only when multiple effective routes with the same prefix exist after a route change occurs.

· For routes being delayed for optimal route selection, modifying the optimal route selection delay timer has the following effects:

¡ If you modify the delay timer to a non-zero value, the routes are not affected, and they still use the original delay timer.

¡ If you execute the undo form of the command or modify the delay timer to 0, the device performs optimal route selection immediately.

· If you execute the command multiple times for an address family, the most recent configuration takes effect.

· The optimal route selection delay configuration does not apply to the following conditions:

¡ A route change is caused by execution of a command or by route withdrawal.

¡ After a route change occurs, only one route exists for a specific destination network.

¡ An active/standby process switchover occurs.

¡ A route change occurs among equal-cost routes.

¡ Only the optimal and suboptimal routes exist when FRR is configured.

¡ Optimal route selection is triggered by a redistributed route.

¡ The next hop of the optimal route changes and a route with the same prefix is waiting for the delay timer to expire.

Examples

# In BGP IPv4 unicast address family view, set the optimal route selection delay timer to 100 seconds.

<Sysname> system-view

[Sysname] bgp 65009

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] route-select delay 100

rpki

Use rpki to enter BGP RPKI view.

Use undo rpki to remove all configurations in BGP RPKI view.

Syntax

rpki

undo rpki

Views

BGP view

Predefined user roles

network-admin

Examples

# Enter BGP RPKI view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki]

server

Use server to configure an IP address and port number for a BMP server.

Use undo server to remove the configuration.

Syntax

server address ipv4-address port port-number

undo server

Default

No IP address and port number are configured for the BMP server.

Views

BMP server view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies an IP address for the BMP server.

port-number: Specifies a port number for the BMP server, in the range of 1 to 65535.

Usage guidelines

After you configure an IP address and port number for a BMP server, the BMP client establishes a TCP connection to the BMP server and sends BMP messages to the BMP server.

Examples

# Configure IP address 100.1.1.1 and port number 8888 for BMP server 5.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] server address 100.1.1.1 port 8888

server connect-interface

Use server connect-interface to specify the source interface of TCP connections to the BMP server.

Use undo server connect-interface to restore the default.

Syntax

server connect-interface interface-type interface-number

undo server connect-interface

Default

BGP uses the primary IPv4 address of the output interface in the optimal route to the BMP server as the source address of TCP connections to the BMP server.

Views

BMP server view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

After you configure this command, BGP uses the address of the specified interface to establish TCP connections to the BMP server.

For a BMP server, this command does not take effect if the VPN instance of the specified interface is different from that specified by the server vpn-instance command.

Do not specify a virtual template (VT) interface for this command.

Examples

# Configure Loopback 0 as the source interface of TCP connections to BMP server 5.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] server address 100.1.1.1 port 8888

[Sysname-bmpserver-5] server connect-interface loopback0

Related commands

display bgp bmp server

ip vpn-instance (system view) (MPLS Command Reference)

server password

Use server password to specify the authentication mode and key for BGP to establish TCP connections to the BMP server.

Use undo server password to restore the default.

Syntax

server password { keychain keychain-name | md5 { cipher | simple } string }

undo server password

Default

BGP establishes TCP connections to the BMP server without authentication.

Views

BMP server view

Predefined user roles

network-admin

Parameters

keychain: Specifies keychain authentication.

keychain-name: Specifies a keychain by its name, a case-sensitive string of 1 to 63 characters. The keychain must have been created.

md5: Specifies MD5 authentication.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

password: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.

Usage guidelines

Configure this command to secure the TCP connections and packets exchanged with the BMP server.

You cannot repeat the server password command to edit the authentication mode and key. To edit the authentication mode and key, first execute the undo server password command and then the server password command to configure a new authentication mode and key.

Examples

# In BMP server view, use keychain abc to authenticate the TCP connections to the BMP server.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] server password keychain abc

server tcp

Use server tcp to specify an RPKI server and enter BGP RPKI server view.

Use undo server tcp to cancel the configuration.

Syntax

server [ vpn-instance vpn-instance-name ] tcp { ipv4-address | ipv6-address }

undo server [ vpn-instance vpn-instance-name ] tcp { ipv4-address | ipv6-address }

Default

No RPKI server is specified.

Views

BGP RPKI view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command specifies an RPKI server in the public network.

ipv4-address: Specifies an RPKI server by its IPv4 address.

ipv6-address: Specifies an RPKI server by its IPv6 address.

Usage guidelines

You can execute this command multiple times to configure a router to establish TCP connections to multiple RPKI servers.

After you execute the undo server command, all configurations in BGP RPKI server view are deleted.

Examples

# Specify an RPKI server with the IP address 1.1.1.1 and enter BGP RPKI server view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] rpki

[Sysname-bgp-default-rpki] server tcp 1.1.1.1

[Sysname-bgp-default-rpki-server]

server vpn-instance

Use server vpn-instance to specify a VPN instance for a BMP server.

Use undo server vpn-instance to restore the default.

Syntax

server vpn-instance vpn-instance-name

undo server vpn-instance

Default

No VPN instance is specified for a BMP server. A BMP server belongs to the public network.

Views

BMP server view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must have been created.

Usage guidelines

If you delete the VPN instance of a BMP server, BGP disconnects from the BMP server. After you create the VPN instance again, BGP reconnects to the BMP server.

If you execute this command multiple times for a BMP server, the most recent configuration takes effect.

Examples

# Configure IP address 100.1.1.1 and port number 8888 for BMP server 5, and specify VPN instance vpna for BMP server 5.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] server address 100.1.1.1 port 8888

[Sysname-bmpserver-5] server vpn-instance vpna

Related commands

server connect-interface

statistics-interval

Use statistics-interval to set the interval at which BGP sends statistics information to the BMP server.

Use undo statistics-interval to restore the default.

Syntax

statistics-interval value

undo statistics-interval

Default

BGP does not send statistics information to the BMP server.

Views

BMP server view

Predefined user roles

network-admin

Parameters

value: Specifies the interval at which BGP sends statistics information to the BMP server, in the range of 1 to 3600 seconds.

Usage guidelines

After establishing a TCP connection to the BMP server, BGP sends statistics information to the BMP server at the specified interval.

Examples

# Set the interval to 5 seconds at which BGP sends statistics information to the BMP server.

<Sysname> system-view

[Sysname] bmp server 5

[Sysname-bmpserver-5] statistics-interval 5

06-Layer 3—IP Routing Command Reference

check-origin-validation

display bgp non-stop-routing status

fast-reroute route-policy

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us