Contents

Tunnel policy commands· 1

binding-destination· 1

display mpls tunnel 2

mpls te reserved-for-binding· 4

preferred-path· 4

select-seq load-balance-number 5

tunnel-policy (system view) 7

Tunnel selector commands· 0

apply tunnel-policy· 0

apply tunnel-selector 0

display ip rd-list 2

display tunnel-selector 2

if-match community· 3

if-match ip· 4

if-match ipv6· 5

if-match rd-list 6

ip rd-list 7

tunnel-selector 8

 

Tunnel policy commands

binding-destination

Use binding-destination to bind tunnels to a destination IP address in a tunnel policy, so the tunnels can be used only for a specific VPN service.

Use undo binding-destination to remove the tunnel bindings for a destination IP address.

Syntax

binding-destination dest-ip-address { sr-policy group sr-policy-group-id | te { tunnel number }&<1-16> } [ ignore-destination-check ] [ down-switch ]

undo binding-destination dest-ip-address

Default

A tunnel policy does not bind tunnels to a destination IP address.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

dest-ip-address: Specifies a destination IP address.

sr-policy group sr-policy-group-id: Specifies the SR-MPLS TE policy group to be bound with the specified destination IP address. The sr-policy-group-id argument represents the ID of the SR-MPLS TE policy group, in the range of 1 to 4294967295.

te: Specifies TE tunnels for binding.

tunnel number: Specifies a tunnel to be bound with the specified destination IP address. The number argument represents an existing tunnel interface number on the device.

&<1-16>: Indicates that you can specify a maximum of 16 tunnels. Traffic will be load shared among the bound tunnels.

ignore-destination-check: Ignores destination check. After this keyword is specified, a TE tunnel can be selected even if the tunnel's or SR-MPLS TE policy group's destination IP address is different from the destination IP address of the tunnel policy. If you do not specify this keyword, the destination address of a bound TE tunnel or SR-MPLS TE policy group must be the same as the destination IP address of the tunnel policy.

down-switch: Enables automatic tunnel switchover within the tunnel policy when the bound TE tunnels or SR-MPLS TE policy group tunnels are not available. After this keyword is specified, the tunnel policy selects a tunnel by using the following methods in descending order of priority: bound tunnel—preferred tunnel—load sharing. If you do not specify this keyword, the device selects tunnels only from the bound tunnels of the tunnel policy.

Usage guidelines

After a tunnel is bound to a destination IP address, traffic destined for the destination IP address will be forwarded only by the bound tunnel.

You can bind tunnels to multiple destination IP addresses in a tunnel policy. Tunnels bound to the same destination address will load share the traffic.

You can bind only one SR-MPLS TE policy group to a destination IP address in a tunnel policy.

If you bind different types of tunnels to the same destination IP address in the same tunnel policy, the most recent configuration takes effect.

Before binding MPLS TE tunnels to a destination IP address, first execute the mpls te reserved-for-binding command for the tunnels.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.

·     If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Example

# In tunnel policy policy1, bind destination address 100.1.1.9 to four TE tunnels. Ignore destination check, and allow tunnel selection using other tunnel selection methods within the tunnel policy when the bound TE tunnels are not available.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] binding-destination 100.1.1.9 te tunnel 1 tunnel 2 tunnel 3 tunnel 4 ignore-destination-check down-switch

Related commands

mpls te reserved-for-binding

preferred-path

display mpls tunnel

Use display mpls tunnel to display tunnel information.

Syntax

display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all tunnels. MPLS TE tunnel information is displayed only when the network layer is up.

statistics: Displays tunnel statistics.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays tunnel information for the public network.

destination: Displays the tunnel destined for the specified address.

ipv4-address: Specifies the tunnel destination IPv4 address.

ipv6-address: Specifies the tunnel destination IPv6 address.

Examples

# Display information about all tunnels.

<Sysname> display mpls tunnel all

Destination      Type     Tunnel/NHLFE      VPN Instance

2.2.2.2          LSP      NHLFE1024         -

3.3.3.3          CRLSP    Tunnel2           -

Table 1 Command output

Field	Description
Destination	Tunnel destination address.
Type	Tunnel type: ·     LSP. ·     CRLSP. ·     SRLSP. ·     SRPolicy (SR-MPLS TE policy). ·     SRPGroup (SR-MPLS TE policy group).
Tunnel/NHLFE	Tunnel, tunnel bundle, NHLFE entry, or SR-TR policy group ID. NHLFEnumber represents the ingress LSP or SR-MPLS TE policy group tunnel that matches the NHLFE entry with NID of number.
VPN Instance	VPN instance name. If the tunnel belongs to the public network, this field displays a hyphen (-).

 

# Display tunnel statistics.

<Sysname> display mpls tunnel statistics

LSP  :     1

GRE  :     0

CRLSP:     0

SRLSP   :     0

SRPOLICY:     0

SRPGROUP:     0

Table 2 Command output

Field	Description
LSP	Number of LSP tunnels.
GRE	This field is not supported in the current software version. Number of GRE tunnels.
CRLSP	Number of CRLSP tunnels.
SRLSP	Number of SRLSP tunnels.
SRPOLICY	Number of SR-MPLS TE policy tunnels.
SRPGROUP	Number of SR-MPLS TE policy group tunnels.

 

mpls te reserved-for-binding

Use mpls te reserved-for-binding to reserve an MPLS TE tunnel for binding tunnels of a tunnel policy.

Use undo mpls te reserved-for-binding to restore the default.

Syntax

mpls te reserved-for-binding

undo mpls te reserved-for-binding

Default

An MPLS TE tunnel can be used by any tunnel policy implementation methods.

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

You must execute this command for a TE tunnel before the tunnel can be specified as a bound tunnel of a tunnel policy.

After you execute this command for a TE tunnel, the tunnel can only be used as a bound tunnel of a tunnel policy. For more information about bound tunnels, see the binding-destination command.

Examples

# Reserve an MPLS TE tunnel for bound tunnels of a tunnel policy.

<Sysname> system-view

[Sysname] interface tunnel 10 mode mpls-te

[Sysname-Tunnel10] mpls te reserved-for-binding

Related commands

binding-destination

preferred-path

Use preferred-path to configure a tunnel as a preferred tunnel.

Use undo preferred-path to remove the preferred tunnel setting for a tunnel.

Syntax

preferred-path { tunnel number | tunnel-bundle number }

undo preferred-path { tunnel number | tunnel-bundle number }

Default

No preferred tunnels are configured.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

tunnel number: Specifies an MPLS TE tunnel by its tunnel interface number.The value range for the tunnel interface number is 0 to 9214.

tunnel-bundle number: Specifies a tunnel bundle by its tunnel bundle interface number. The value range for the number argument is 0 to 1023.

Usage guidelines

You can specify an MPLS TE tunnel or a tunnel bundle as a preferred tunnel of a tunnel policy.

As a best practice for an MPLS VPN, configure a preferred tunnel and make sure the destination address of the tunnel interface identifies the peer PE. In this method, the local PE forwards traffic destined for the peer PE over the preferred tunnel.

For a tunnel policy to solely use a tunnel, do not configure the tunnel as the preferred tunnel in other tunnel policies.

If you configure multiple preferred tunnels that have the same destination address in a tunnel policy, only the first configured tunnel takes effect. If the first tunnel is not available, the second tunnel is used, and so forth. No load balancing will be performed on these tunnels.

You can configure a maximum of 128 preferred tunnels in a tunnel policy.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.

·     If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel 1 and tunnel 2 as preferred tunnels for tunnel policy policy1.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 2

select-seq load-balance-number

Use select-seq load-balance-number to configure the tunnel selection order and set the number of tunnels for load balancing.

Use undo select-seq to restore the default.

Syntax

select-seq [ strict ] { cr-lsp | lsp | sr-lsp | sr-policy } * load-balance-number number

undo select-seq

Default

The device selects only one tunnel in LSP—CRLSP—SRLSP—SR TE policy order.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

strict: Uses the same type of tunnels for load balancing.

cr-lsp: Uses CRLSP tunnels.

lsp: Uses LSP tunnels.

sr-lsp: Uses SRLSP tunnels.

sr-policy: Uses SR-MPLS TE policy tunnels.

load-balance-number number: Specifies the number of tunnels for load balancing.The value range for the number argument is 1 to 256. The number of tunnels actually used for load balancing is the value set for the number argument or the number of ECMP routes on the device, whichever is smaller.

Usage guidelines

A tunnel type closer to the select-seq keyword has a higher priority. The strict keyword determines whether the tunnel policy can select a hybrid of the specified types of tunnels for load balancing.

For example, the select-seq lsp cr-lsp load-balance-number 3 command specifies three tunnels for load balancing and gives LSP tunnels higher priority over CRLSP tunnels.

·     If you specify the strict keyword, the tunnel policy selects only one type of tunnels. The tunnel policy will not select CRLSP tunnels when the number of LSP tunnels is less than 3 unless no LSP tunnels are available.

·     If you do not specify the strict keyword, the tunnel policy can select CRLSP tunnels to remedy the deficiency of LSP tunnels.

Tunnels selected by this method are not fixed, making it hard to plan VPN traffic. As a best practice, do not use this method.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

·     If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.

·     If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

·     If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel policy policy1 to use only MPLS TE tunnels, and set the load balancing number to 2.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] select-seq cr-lsp load-balance-number 2

tunnel-policy (system view)

Use tunnel-policy to create a tunnel policy and enter its view, or enter the view of an existing tunnel policy.

Use undo tunnel-policy to delete a tunnel policy.

Syntax

tunnel-policy tunnel-policy-name [ default ]

undo tunnel-policy tunnel-policy-name

Default

No tunnel policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a name for the tunnel policy, a case-sensitive string of 1 to 19 characters.

default: Uses the policy as the default tunnel policy.

Examples

# Create tunnel policy policy1 and enter its view.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1]

Tunnel selector commands

apply tunnel-policy

Use apply tunnel-policy to specify a tunnel policy for a tunnel selector.

Use undo apply tunnel-policy to restore the default.

Syntax

apply tunnel-policy tunnel-policy-name

undo apply tunnel-policy

Default

No tunnel policy is specified for a tunnel selector.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a tunnel policy by its name, a case-sensitive string of 1 to 19 characters.

Usage guidelines

If you specify a nonexistent tunnel policy for a tunnel selector, use the tunnel-policy command to create the policy and then configure the policy.

Examples

# Specify tunnel policy policy1 for tunnel selector ts1.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] select-seq cr-lsp lsp load-balance-number 1

[Sysname-tunnel-policy-policy1] quit

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match rd-list 1

[Sysname-tunnel-selector-ts1-10] apply tunnel-policy policy1

Related commands

display tunnel-selector

tunnel-policy

tunnel-selector

apply tunnel-selector

Use apply tunnel-selector to apply a tunnel selector to BGP VPNv4 routes, BGP VPNv6 routes, or labeled BGP IPv4 or IPv6 unicast routes.

Use undo apply tunnel-selector to cancel the application.

Syntax

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:

apply tunnel-selector tunnel-selector-name [ all ]

undo apply tunnel-selector

In BGP VPNv4 address family view/BGP VPNv6 address family view:

apply tunnel-selector tunnel-selector-name

undo apply tunnel-selector

Default

No tunnel selector is applied to BGP VPNv4 routes, BGP VPNv6 routes, or labeled BGP IPv4 or IPv6 unicast routes.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

tunnel-selector-name: Specifies a tunnel selector by its name, a case-sensitive string of 1 to 40 characters.

all: Applies the tunnel selector to all BGP unicast routes, including labeled routes and subnet routes.

Usage guidelines

This command can perform route recursion for BGP VPNv4, BGP VPNv6, or labeled BGP IPv4 or IPv6 unicast routes to select expected types of tunnels.

This command is mainly applicable to the following BGP/MPLS L3VPN scenarios:

·     In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.

·     In an HoVPN, an SPE needs to apply a tunnel policy to the BGP VPNv4 or VPNv6 routes received from UPEs.

·     In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.

In an inter-AS Option C network, to perform tunnel load balancing for BGP labeled routes, execute the apply tunnel-selector tunnel-selector-name all command  on the ASBR.

Deleting the applied tunnel selector might cause VPN service interruption because the routes cannot recurse to tunnels.

Examples

# In BGP IPv4 unicast address family view, apply tunnel selector ts1 to BGP labeled routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] apply tunnel-selector ts1

Related commands

tunnel-selector

display ip rd-list

Use display ip rd-list to display RD list information.

Syntax

display ip rd-list [ rd-list-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

rd-list-number: Specifies an RD list by its number, in the range of 1 to 65535. If you do not specify an RD list, this command displays information about all RD lists.

Examples

# Display information about all RD lists.

<Sysname> display ip rd-list

Route Distinguisher List Number 1

        Index: 1          permit 1.1.1.1:1 2.2.2.2:* 100:1 200:*

Route Distinguisher List Number 2

        Index: 2          deny   1:1 2:2

Table 3 Command output

Field	Description
Route Distinguisher List Number	RD list number.
Index	Index of an RD list item.
permit	Match mode of the RD list item: ·     Permit. ·     Deny.

 

Related commands

ip rd-list

display tunnel-selector

Use display tunnel-selector to display tunnel selector information.

Syntax

display tunnel-selector [ tunnel-selector-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel-selector-name: Specifies a tunnel selector by its name, a case-sensitive string of 1 to 40 characters. If you do not specify a tunnel selector, this command displays information about all tunnel selectors.

Examples

# Display information about all tunnel selectors.

<Sysname> display tunnel-selector

Tunnel-selector: ts1

  Permit : 1

          if-match ip next-hop prefix-list ipv4prefix1

          apply tunnel-policy policy1

Tunnel-selector: ts2

  Permit : 2

          if-match ip address acl 2222

          if-match ip rd-list 2

          apply tunnel-policy policy2

Table 4 Command output

Field	Description
Tunnel-selector	Tunnel selector name.
Permit	Node match mode and node number of the tunnel selector. The node match mode can be Permit or Deny.
if-match	Match criterion configured by the if-match clause.
apply	The action to be applied to the matching routes.

 

Related commands

tunnel-selector

if-match community

Use if-match community to configure a community list match criterion for BGP routes

Use undo if-match community to delete a community list match criterion for BGP routes.

Syntax

if-match community { { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number }&<1-32>

undo if-match community [ { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number ]&<1-32>

Default

No BGP community list match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

basic-community-list-number: Specifies a basic community list by its number, in the range of 1 to 99.

adv-community-list-number: Specifies an advanced community list by its number, in the range of 100 to 199.

name comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters that cannot contain only numbers.

whole-match: Exactly matches the specified community list. All of the specified communities and only those communities must be present.

&<1-32>: Indicates that you can specify a maximum of 32 community lists.

Usage guidelines

If the specified community list number or name does not exist, use the ip community-list command to create it.

The whole-match keyword takes effect only on the community list specified in front of this keyword. If you specify multiple community lists and require exact match for each community list, add this keyword after each filter. This keyword takes effect only on basic community lists.

Examples

# Configure community list 1 to permit BGP routes with community number 100 or 200. Then configure node 10 in permit mode for tunnel selector ts1 to use community list 1 to match BGP routes.

<Sysname> system-view

[Sysname] ip community-list 1 permit 100 200

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match community 1

Related commands

ip community-list (Layer 3—IP Routing Command Reference)

if-match ip

Use if-match ip to configure an IPv4 route match criterion.

Use undo if-match ip to delete the specified IPv4 route match criterion.

Syntax

if-match ip { address | next-hop } { acl ipv4-acl-number | prefix-list prefix-list-name }

undo if-match ip { address | next-hop } [ acl | prefix-list ]

Default

No IPv4 route match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

address: Matches the destination address of IPv4 routes.

next-hop: Matches the next hop of IPv4 routes.

acl ipv4-acl-number: Specifies an ACL by its number. The value range for the ipv4-acl-number argument is 2000 to 3999 for the address keyword, and 2000 to 2999 for the next-hop keyword.

prefix-list prefix-list-name: Specifies an IP prefix list by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If the specified ACL or IP prefix list does not exist, use the acl command or the ip prefix-list command to create it.

Examples

# Create a tunnel selector named ts1, and configure node 10 for the tunnel selector to permit IPv4 routes whose next hop matches IP prefix list p1.

<Sysname> system-view

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match ip next-hop prefix-list p1

Related commands

acl (ACL and QoS Command Reference)

ip prefix-list (Layer 3—IP Routing Command Reference)

if-match ipv6

Use if-match ipv6 to configure an IPv6 route match criterion.

Use undo if-match ipv6 to delete the specified IPv6 route match criterion.

Syntax

if-match ipv6 { address | next-hop } { acl ipv6-acl-number | prefix-list prefix-list-name }

undo if-match ipv6 { address | next-hop } [ acl | prefix-list ]

Default

No IPv6 route match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

address: Matches the destination address of IPv6 routes.

next-hop: Matches the next hop of IPv6 routes.

acl ipv6-acl-number: Specifies an IPv6 ACL by its number. The value range for the ipv6-acl-number argument is 2000 to 3999 for the address keyword, and 2000 to 2999 for the next-hop keyword.

prefix-list prefix-list-name: Specifies an IPv6 prefix list by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If the specified IPv6 ACL or IPv6 prefix list does not exist, use the acl command or the ipv6 prefix-list command to create it.

Examples

# Create a tunnel selector named ts1, and configure node 10 for the tunnel selector to permit IPv6 routes whose next hop matches IPv6 prefix list p1.

<Sysname> system-view

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match ipv6 next-hop prefix-list p1

Related commands

acl (ACL and QoS Command Reference)

ipv6 prefix-list (Layer 3—IP Routing Command Reference)

if-match rd-list

Use if-match rd-list to configure an RD list match criterion for BGP routes.

Use undo if-match rd-list to delete the RD list match criterion.

Syntax

if-match rd-list rd-list-number

undo if-match rd-list

Default

No RD list match criterion is configured for BGP routes.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

rd-list-number: Specifies an RF list by its number, in the range of 1 to 65535.

Usage guidelines

When you configure an RD list match criterion for BGP route filtering, the following applies:

·     If the specified RD list is not configured (by using the ip rd-list command), routes are permitted by the RD list.

·     If the RD list is well configured but a route does not match any RD specified in the list, the route is denied by the RD list.

·     The relation between the RDs specified in an RD list are logical OR in route matching, because each route has only one RD.

Examples

# Configure RD list 1 to permit BGP routes with RD 1:1. Create tunnel selector ts1, and configure node 10 for the tunnel selector to permit BGP routes that match RD list 1.

<Sysname> system-view

[Sysname] ip rd-list 1 permit 1:1

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match rd-list 1

Related commands

ip rd-list

ip rd-list

Use ip rd-list to configure an RD list.

Use undo ip rd-list to delete an RD list.

Syntax

ip rd-list rd-list-number [ index index-number ] { deny | permit } route-distinguisher&<1-10>

undo ip rd-list rd-list-number [ index index-number ] [ { deny | permit } route-distinguisher&<1-10> ]

Default

No RD lists exist.

Views

System view

Predefined user roles

network-admin

Parameters

rd-list-number: Specifies the RD list number, in the range of 1 to 65535.

index index-number: Specifies the index number for an RD list item. The value range for the index-number argument is 1 to 4294967295. An item with a smaller index number is matched first. If you do not specify this option, the system automatically assigns index numbers starting from 10 and in steps of 10. If the maximum value has been assigned, the system assigns index numbers from the available values, in ascending order.

deny: Sets the match mode of the RD list to deny.

permit: Sets the match mode of the RD list to permit.

route-distinguisher&<1-10>: Specifies up to 10 RDs. An RD is a string of 3 to 21 characters, and can be configured in one of the following formats:

·     16-bit AS number:32-bit user-defined number. For example, 101:3.

·     16-bit AS number:wildcard. For example, 101:*.

·     32-bit IPv4 address:16-bit user-defined number. For example, 192.168.122.15:1.

·     32-bit IPv4 address:wildcard. For example, 192.168.122.15:*.

·     32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

·     32-bit AS number:wildcard, where the minimum value of the AS number is 65536. For example, 65536:*.

Usage guidelines

After you configure RD lists by using the ip rd-list command, you can implement BGP route filtering by using a tunnel selector as follows:

1.     Use the if-match rd-list command to specify a created RD list to configure an RD list match criterion in tunnel selector view.

2.     Applies the tunnel selector to BGP routes.

If an RD list is used for route filtering, the following applies:

·     If the RD list is not configured, routes are permitted by the RD list.

·     If the RD list is well configured but a route does not match any RD specified in the list, the route is denied by the RD list.

·     The relation between the RDs specified in an RD list are logical OR in route matching, because each route has only one RD.

Examples

# Create RD list 1 to permit routes with RD 100:1.

<Sysname> system-view

[Sysname] ip rd-list 1 permit 100:1

Related commands

·     display ip rd-list

·     if-match rd-list

tunnel-selector

Use tunnel-selector to create a tunnel selector and enter its view, or enter the view of an existing tunnel selector.

Use undo tunnel-selector to delete a tunnel selector.

Syntax

tunnel-selector tunnel-selector-name { deny | permit } node node-number

undo tunnel-selector tunnel-selector-name { deny | permit } node node-number

Default

No tunnel selectors exist.

Views

System view

Predefined user roles

network-admin

Parameters

tunnel-selector-name: Specifies the tunnel selector name, a case-sensitive string of 1 to 40 characters.

deny: Sets the match mode of the tunnel selector to deny. If a route matches all the if-match clauses of a node, the route is denied and does not match the next node. If a route does not match an if-match clause of a node, the route continues to match the next node.

permit: Sets the match mode of the tunnel selector to permit. If a route matches all the if-match clauses of a node, the route matches the node. If a route does not match an if-match clause of a node, the route continues to match the next node.

node node-number: Specifies a node number for the tunnel selector. The value range for node-number argument is 0 to 65535. The node with a smaller node number is matched first.

Usage guidelines

A tunnel selector is needed in the following BGP/MPLS L3VPN scenarios:

·     In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.

·     In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.

Examples

# Create a tunnel selector and enter its view. Specify the tunnel selector name as ts1, node number as 10, and match mode as permit.

<Sysname> system-view

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10]

Related commands

display tunnel-selector