- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
07-Tunnel policy commands | 118.31 KB |
Tunnel policy commands
binding-destination
Use binding-destination to bind tunnels to a destination IP address in a tunnel policy, so the tunnels can be used only for a specific VPN service.
Use undo binding-destination to remove the tunnel bindings for a destination IP address.
Syntax
binding-destination dest-ip-address { sr-policy group sr-policy-group-id | te { tunnel number }&<1-16> } [ ignore-destination-check ] [ down-switch ]
undo binding-destination dest-ip-address
Default
A tunnel policy does not bind tunnels to a destination IP address.
Views
Tunnel policy view
Predefined user roles
network-admin
Parameters
dest-ip-address: Specifies a destination IP address.
sr-policy group sr-policy-group-id: Specifies the SR-MPLS TE policy group to be bound with the specified destination IP address. The sr-policy-group-id argument represents the ID of the SR-MPLS TE policy group, in the range of 1 to 4294967295.
te: Specifies TE tunnels for binding.
tunnel number: Specifies a tunnel to be bound with the specified destination IP address. The number argument represents an existing tunnel interface number on the device.
&<1-16>: Indicates that you can specify a maximum of 16 tunnels. Traffic will be load shared among the bound tunnels.
ignore-destination-check: Ignores destination check. After this keyword is specified, a TE tunnel can be selected even if the tunnel's or SR-MPLS TE policy group's destination IP address is different from the destination IP address of the tunnel policy. If you do not specify this keyword, the destination address of a bound TE tunnel or SR-MPLS TE policy group must be the same as the destination IP address of the tunnel policy.
down-switch: Enables automatic tunnel switchover within the tunnel policy when the bound TE tunnels or SR-MPLS TE policy group tunnels are not available. After this keyword is specified, the tunnel policy selects a tunnel by using the following methods in descending order of priority: bound tunnel—preferred tunnel—load sharing. If you do not specify this keyword, the device selects tunnels only from the bound tunnels of the tunnel policy.
Usage guidelines
After a tunnel is bound to a destination IP address, traffic destined for the destination IP address will be forwarded only by the bound tunnel.
You can bind tunnels to multiple destination IP addresses in a tunnel policy. Tunnels bound to the same destination address will load share the traffic.
You can bind only one SR-MPLS TE policy group to a destination IP address in a tunnel policy.
If you bind different types of tunnels to the same destination IP address in the same tunnel policy, the most recent configuration takes effect.
Before binding MPLS TE tunnels to a destination IP address, first execute the mpls te reserved-for-binding command for the tunnels.
If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:
· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.
· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.
· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Example
# In tunnel policy policy1, bind destination address 100.1.1.9 to four TE tunnels. Ignore destination check, and allow tunnel selection using other tunnel selection methods within the tunnel policy when the bound TE tunnels are not available.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1] binding-destination 100.1.1.9 te tunnel 1 tunnel 2 tunnel 3 tunnel 4 ignore-destination-check down-switch
Related commands
mpls te reserved-for-binding
preferred-path
display mpls tunnel
Use display mpls tunnel to display tunnel information.
Syntax
display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays all tunnels. MPLS TE tunnel information is displayed only when the network layer is up.
statistics: Displays tunnel statistics.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays tunnel information for the public network.
destination: Displays the tunnel destined for the specified address.
ipv4-address: Specifies the tunnel destination IPv4 address.
ipv6-address: Specifies the tunnel destination IPv6 address.
Examples
# Display information about all tunnels.
<Sysname> display mpls tunnel all
Destination Type Tunnel/NHLFE VPN Instance
2.2.2.2 LSP NHLFE1024 -
3.3.3.3 CRLSP Tunnel2 -
Table 1 Command output
Field |
Description |
Destination |
Tunnel destination address. |
Type |
Tunnel type: · LSP. · CRLSP. · SRLSP. · SRPolicy (SR-MPLS TE policy). · SRPGroup (SR-MPLS TE policy group). |
Tunnel/NHLFE |
Tunnel, tunnel bundle, NHLFE entry, or SR-TR policy group ID. NHLFEnumber represents the ingress LSP or SR-MPLS TE policy group tunnel that matches the NHLFE entry with NID of number. |
VPN Instance |
VPN instance name. If the tunnel belongs to the public network, this field displays a hyphen (-). |
# Display tunnel statistics.
<Sysname> display mpls tunnel statistics
LSP : 1
GRE : 0
CRLSP: 0
SRLSP : 0
SRPOLICY: 0
SRPGROUP: 0
Table 2 Command output
Field |
Description |
LSP |
Number of LSP tunnels. |
GRE |
This field is not supported in the current software version. Number of GRE tunnels. |
CRLSP |
Number of CRLSP tunnels. |
SRLSP |
Number of SRLSP tunnels. |
SRPOLICY |
Number of SR-MPLS TE policy tunnels. |
SRPGROUP |
Number of SR-MPLS TE policy group tunnels. |
mpls te reserved-for-binding
Use mpls te reserved-for-binding to reserve an MPLS TE tunnel for binding tunnels of a tunnel policy.
Use undo mpls te reserved-for-binding to restore the default.
Syntax
mpls te reserved-for-binding
undo mpls te reserved-for-binding
Default
An MPLS TE tunnel can be used by any tunnel policy implementation methods.
Views
Tunnel interface view
Predefined user roles
network-admin
Usage guidelines
You must execute this command for a TE tunnel before the tunnel can be specified as a bound tunnel of a tunnel policy.
After you execute this command for a TE tunnel, the tunnel can only be used as a bound tunnel of a tunnel policy. For more information about bound tunnels, see the binding-destination command.
Examples
# Reserve an MPLS TE tunnel for bound tunnels of a tunnel policy.
<Sysname> system-view
[Sysname] interface tunnel 10 mode mpls-te
[Sysname-Tunnel10] mpls te reserved-for-binding
Related commands
binding-destination
preferred-path
Use preferred-path to configure a tunnel as a preferred tunnel.
Use undo preferred-path to remove the preferred tunnel setting for a tunnel.
Syntax
preferred-path { tunnel number | tunnel-bundle number }
undo preferred-path { tunnel number | tunnel-bundle number }
Default
No preferred tunnels are configured.
Views
Tunnel policy view
Predefined user roles
network-admin
Parameters
tunnel number: Specifies an MPLS TE tunnel by its tunnel interface number.The value range for the tunnel interface number is 0 to 9214.
tunnel-bundle number: Specifies a tunnel bundle by its tunnel bundle interface number. The value range for the number argument is 0 to 1023.
Usage guidelines
You can specify an MPLS TE tunnel or a tunnel bundle as a preferred tunnel of a tunnel policy.
As a best practice for an MPLS VPN, configure a preferred tunnel and make sure the destination address of the tunnel interface identifies the peer PE. In this method, the local PE forwards traffic destined for the peer PE over the preferred tunnel.
For a tunnel policy to solely use a tunnel, do not configure the tunnel as the preferred tunnel in other tunnel policies.
If you configure multiple preferred tunnels that have the same destination address in a tunnel policy, only the first configured tunnel takes effect. If the first tunnel is not available, the second tunnel is used, and so forth. No load balancing will be performed on these tunnels.
You can configure a maximum of 128 preferred tunnels in a tunnel policy.
If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:
· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.
· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.
· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Examples
# Configure tunnel 1 and tunnel 2 as preferred tunnels for tunnel policy policy1.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1] preferred-path tunnel 1
[Sysname-tunnel-policy-policy1] preferred-path tunnel 2
select-seq load-balance-number
Use select-seq load-balance-number to configure the tunnel selection order and set the number of tunnels for load balancing.
Use undo select-seq to restore the default.
Syntax
select-seq [ strict ] { cr-lsp | lsp | sr-lsp | sr-policy } * load-balance-number number
undo select-seq
Default
The device selects only one tunnel in LSP—CRLSP—SRLSP—SR TE policy order.
Views
Tunnel policy view
Predefined user roles
network-admin
Parameters
strict: Uses the same type of tunnels for load balancing.
cr-lsp: Uses CRLSP tunnels.
lsp: Uses LSP tunnels.
sr-lsp: Uses SRLSP tunnels.
sr-policy: Uses SR-MPLS TE policy tunnels.
load-balance-number number: Specifies the number of tunnels for load balancing.The value range for the number argument is 1 to 256. The number of tunnels actually used for load balancing is the value set for the number argument or the number of ECMP routes on the device, whichever is smaller.
Usage guidelines
A tunnel type closer to the select-seq keyword has a higher priority. The strict keyword determines whether the tunnel policy can select a hybrid of the specified types of tunnels for load balancing.
For example, the select-seq lsp cr-lsp load-balance-number 3 command specifies three tunnels for load balancing and gives LSP tunnels higher priority over CRLSP tunnels.
· If you specify the strict keyword, the tunnel policy selects only one type of tunnels. The tunnel policy will not select CRLSP tunnels when the number of LSP tunnels is less than 3 unless no LSP tunnels are available.
· If you do not specify the strict keyword, the tunnel policy can select CRLSP tunnels to remedy the deficiency of LSP tunnels.
Tunnels selected by this method are not fixed, making it hard to plan VPN traffic. As a best practice, do not use this method.
If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:
· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE. For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group.
· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.
· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.
Examples
# Configure tunnel policy policy1 to use only MPLS TE tunnels, and set the load balancing number to 2.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1] select-seq cr-lsp load-balance-number 2
tunnel-policy (system view)
Use tunnel-policy to create a tunnel policy and enter its view, or enter the view of an existing tunnel policy.
Use undo tunnel-policy to delete a tunnel policy.
Syntax
tunnel-policy tunnel-policy-name [ default ]
undo tunnel-policy tunnel-policy-name
Default
No tunnel policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
tunnel-policy-name: Specifies a name for the tunnel policy, a case-sensitive string of 1 to 19 characters.
default: Uses the policy as the default tunnel policy.
Examples
# Create tunnel policy policy1 and enter its view.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1]
Tunnel selector commands
apply tunnel-policy
Use apply tunnel-policy to specify a tunnel policy for a tunnel selector.
Use undo apply tunnel-policy to restore the default.
Syntax
apply tunnel-policy tunnel-policy-name
undo apply tunnel-policy
Default
No tunnel policy is specified for a tunnel selector.
Views
Tunnel selector view
Predefined user roles
network-admin
Parameters
tunnel-policy-name: Specifies a tunnel policy by its name, a case-sensitive string of 1 to 19 characters.
Usage guidelines
If you specify a nonexistent tunnel policy for a tunnel selector, use the tunnel-policy command to create the policy and then configure the policy.
Examples
# Specify tunnel policy policy1 for tunnel selector ts1.
<Sysname> system-view
[Sysname] tunnel-policy policy1
[Sysname-tunnel-policy-policy1] select-seq cr-lsp lsp load-balance-number 1
[Sysname-tunnel-policy-policy1] quit
[Sysname] tunnel-selector ts1 permit node 10
[Sysname-tunnel-selector-ts1-10] if-match rd-list 1
[Sysname-tunnel-selector-ts1-10] apply tunnel-policy policy1
Related commands
display tunnel-selector
tunnel-policy
tunnel-selector
apply tunnel-selector
Use apply tunnel-selector to apply a tunnel selector to BGP VPNv4 routes, BGP VPNv6 routes, or labeled BGP IPv4 or IPv6 unicast routes.
Use undo apply tunnel-selector to cancel the application.
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:
apply tunnel-selector tunnel-selector-name [ all ]
undo apply tunnel-selector
In BGP VPNv4 address family view/BGP VPNv6 address family view:
apply tunnel-selector tunnel-selector-name
undo apply tunnel-selector
Default
No tunnel selector is applied to BGP VPNv4 routes, BGP VPNv6 routes, or labeled BGP IPv4 or IPv6 unicast routes.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
Predefined user roles
network-admin
Parameters
tunnel-selector-name: Specifies a tunnel selector by its name, a case-sensitive string of 1 to 40 characters.
all: Applies the tunnel selector to all BGP unicast routes, including labeled routes and subnet routes.
Usage guidelines
This command can perform route recursion for BGP VPNv4, BGP VPNv6, or labeled BGP IPv4 or IPv6 unicast routes to select expected types of tunnels.
This command is mainly applicable to the following BGP/MPLS L3VPN scenarios:
· In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.
· In an HoVPN, an SPE needs to apply a tunnel policy to the BGP VPNv4 or VPNv6 routes received from UPEs.
· In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.
In an inter-AS Option C network, to perform tunnel load balancing for BGP labeled routes, execute the apply tunnel-selector tunnel-selector-name all command on the ASBR.
Deleting the applied tunnel selector might cause VPN service interruption because the routes cannot recurse to tunnels.
Examples
# In BGP IPv4 unicast address family view, apply tunnel selector ts1 to BGP labeled routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] apply tunnel-selector ts1
Related commands
tunnel-selector
display ip rd-list
Use display ip rd-list to display RD list information.
Syntax
display ip rd-list [ rd-list-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
rd-list-number: Specifies an RD list by its number, in the range of 1 to 65535. If you do not specify an RD list, this command displays information about all RD lists.
Examples
# Display information about all RD lists.
<Sysname> display ip rd-list
Route Distinguisher List Number 1
Index: 1 permit 1.1.1.1:1 2.2.2.2:* 100:1 200:*
Route Distinguisher List Number 2
Index: 2 deny 1:1 2:2
Table 3 Command output
Field |
Description |
Route Distinguisher List Number |
RD list number. |
Index |
Index of an RD list item. |
permit |
Match mode of the RD list item: · Permit. · Deny. |
Related commands
ip rd-list
display tunnel-selector
Use display tunnel-selector to display tunnel selector information.
Syntax
display tunnel-selector [ tunnel-selector-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
tunnel-selector-name: Specifies a tunnel selector by its name, a case-sensitive string of 1 to 40 characters. If you do not specify a tunnel selector, this command displays information about all tunnel selectors.
Examples
# Display information about all tunnel selectors.
<Sysname> display tunnel-selector
Tunnel-selector: ts1
Permit : 1
if-match ip next-hop prefix-list ipv4prefix1
apply tunnel-policy policy1
Tunnel-selector: ts2
Permit : 2
if-match ip address acl 2222
if-match ip rd-list 2
apply tunnel-policy policy2
Table 4 Command output
Field |
Description |
Tunnel-selector |
Tunnel selector name. |
Permit |
Node match mode and node number of the tunnel selector. The node match mode can be Permit or Deny. |
if-match |
Match criterion configured by the if-match clause. |
apply |
The action to be applied to the matching routes. |
Related commands
tunnel-selector
if-match community
Use if-match community to configure a community list match criterion for BGP routes
Use undo if-match community to delete a community list match criterion for BGP routes.
Syntax
if-match community { { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number }&<1-32>
undo if-match community [ { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number ]&<1-32>
Default
No BGP community list match criterion is configured.
Views
Tunnel selector view
Predefined user roles
network-admin
Parameters
basic-community-list-number: Specifies a basic community list by its number, in the range of 1 to 99.
adv-community-list-number: Specifies an advanced community list by its number, in the range of 100 to 199.
name comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters that cannot contain only numbers.
whole-match: Exactly matches the specified community list. All of the specified communities and only those communities must be present.
&<1-32>: Indicates that you can specify a maximum of 32 community lists.
Usage guidelines
If the specified community list number or name does not exist, use the ip community-list command to create it.
The whole-match keyword takes effect only on the community list specified in front of this keyword. If you specify multiple community lists and require exact match for each community list, add this keyword after each filter. This keyword takes effect only on basic community lists.
Examples
# Configure community list 1 to permit BGP routes with community number 100 or 200. Then configure node 10 in permit mode for tunnel selector ts1 to use community list 1 to match BGP routes.
<Sysname> system-view
[Sysname] ip community-list 1 permit 100 200
[Sysname] tunnel-selector ts1 permit node 10
[Sysname-tunnel-selector-ts1-10] if-match community 1
Related commands
ip community-list (Layer 3—IP Routing Command Reference)
if-match ip
Use if-match ip to configure an IPv4 route match criterion.
Use undo if-match ip to delete the specified IPv4 route match criterion.
Syntax
if-match ip { address | next-hop } { acl ipv4-acl-number | prefix-list prefix-list-name }
undo if-match ip { address | next-hop } [ acl | prefix-list ]
Default
No IPv4 route match criterion is configured.
Views
Tunnel selector view
Predefined user roles
network-admin
Parameters
address: Matches the destination address of IPv4 routes.
next-hop: Matches the next hop of IPv4 routes.
acl ipv4-acl-number: Specifies an ACL by its number. The value range for the ipv4-acl-number argument is 2000 to 3999 for the address keyword, and 2000 to 2999 for the next-hop keyword.
prefix-list prefix-list-name: Specifies an IP prefix list by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
If the specified ACL or IP prefix list does not exist, use the acl command or the ip prefix-list command to create it.
Examples
# Create a tunnel selector named ts1, and configure node 10 for the tunnel selector to permit IPv4 routes whose next hop matches IP prefix list p1.
<Sysname> system-view
[Sysname] tunnel-selector ts1 permit node 10
[Sysname-tunnel-selector-ts1-10] if-match ip next-hop prefix-list p1
Related commands
acl (ACL and QoS Command Reference)
ip prefix-list (Layer 3—IP Routing Command Reference)
if-match ipv6
Use if-match ipv6 to configure an IPv6 route match criterion.
Use undo if-match ipv6 to delete the specified IPv6 route match criterion.
Syntax
if-match ipv6 { address | next-hop } { acl ipv6-acl-number | prefix-list prefix-list-name }
undo if-match ipv6 { address | next-hop } [ acl | prefix-list ]
Default
No IPv6 route match criterion is configured.
Views
Tunnel selector view
Predefined user roles
network-admin
Parameters
address: Matches the destination address of IPv6 routes.
next-hop: Matches the next hop of IPv6 routes.
acl ipv6-acl-number: Specifies an IPv6 ACL by its number. The value range for the ipv6-acl-number argument is 2000 to 3999 for the address keyword, and 2000 to 2999 for the next-hop keyword.
prefix-list prefix-list-name: Specifies an IPv6 prefix list by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
If the specified IPv6 ACL or IPv6 prefix list does not exist, use the acl command or the ipv6 prefix-list command to create it.
Examples
# Create a tunnel selector named ts1, and configure node 10 for the tunnel selector to permit IPv6 routes whose next hop matches IPv6 prefix list p1.
<Sysname> system-view
[Sysname] tunnel-selector ts1 permit node 10
[Sysname-tunnel-selector-ts1-10] if-match ipv6 next-hop prefix-list p1
Related commands
acl (ACL and QoS Command Reference)
ipv6 prefix-list (Layer 3—IP Routing Command Reference)
if-match rd-list
Use if-match rd-list to configure an RD list match criterion for BGP routes.
Use undo if-match rd-list to delete the RD list match criterion.
Syntax
if-match rd-list rd-list-number
undo if-match rd-list
Default
No RD list match criterion is configured for BGP routes.
Views
Tunnel selector view
Predefined user roles
network-admin
Parameters
rd-list-number: Specifies an RF list by its number, in the range of 1 to 65535.
Usage guidelines
When you configure an RD list match criterion for BGP route filtering, the following applies:
· If the specified RD list is not configured (by using the ip rd-list command), routes are permitted by the RD list.
· If the RD list is well configured but a route does not match any RD specified in the list, the route is denied by the RD list.
· The relation between the RDs specified in an RD list are logical OR in route matching, because each route has only one RD.
Examples
# Configure RD list 1 to permit BGP routes with RD 1:1. Create tunnel selector ts1, and configure node 10 for the tunnel selector to permit BGP routes that match RD list 1.
<Sysname> system-view
[Sysname] ip rd-list 1 permit 1:1
[Sysname] tunnel-selector ts1 permit node 10
[Sysname-tunnel-selector-ts1-10] if-match rd-list 1
Related commands
ip rd-list
ip rd-list
Use ip rd-list to configure an RD list.
Use undo ip rd-list to delete an RD list.
Syntax
ip rd-list rd-list-number [ index index-number ] { deny | permit } route-distinguisher&<1-10>
undo ip rd-list rd-list-number [ index index-number ] [ { deny | permit } route-distinguisher&<1-10> ]
Default
No RD lists exist.
Views
System view
Predefined user roles
network-admin
Parameters
rd-list-number: Specifies the RD list number, in the range of 1 to 65535.
index index-number: Specifies the index number for an RD list item. The value range for the index-number argument is 1 to 4294967295. An item with a smaller index number is matched first. If you do not specify this option, the system automatically assigns index numbers starting from 10 and in steps of 10. If the maximum value has been assigned, the system assigns index numbers from the available values, in ascending order.
deny: Sets the match mode of the RD list to deny.
permit: Sets the match mode of the RD list to permit.
route-distinguisher&<1-10>: Specifies up to 10 RDs. An RD is a string of 3 to 21 characters, and can be configured in one of the following formats:
· 16-bit AS number:32-bit user-defined number. For example, 101:3.
· 16-bit AS number:wildcard. For example, 101:*.
· 32-bit IPv4 address:16-bit user-defined number. For example, 192.168.122.15:1.
· 32-bit IPv4 address:wildcard. For example, 192.168.122.15:*.
· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.
· 32-bit AS number:wildcard, where the minimum value of the AS number is 65536. For example, 65536:*.
Usage guidelines
After you configure RD lists by using the ip rd-list command, you can implement BGP route filtering by using a tunnel selector as follows:
1. Use the if-match rd-list command to specify a created RD list to configure an RD list match criterion in tunnel selector view.
2. Applies the tunnel selector to BGP routes.
If an RD list is used for route filtering, the following applies:
· If the RD list is not configured, routes are permitted by the RD list.
· If the RD list is well configured but a route does not match any RD specified in the list, the route is denied by the RD list.
· The relation between the RDs specified in an RD list are logical OR in route matching, because each route has only one RD.
Examples
# Create RD list 1 to permit routes with RD 100:1.
<Sysname> system-view
[Sysname] ip rd-list 1 permit 100:1
Related commands
· display ip rd-list
· if-match rd-list
tunnel-selector
Use tunnel-selector to create a tunnel selector and enter its view, or enter the view of an existing tunnel selector.
Use undo tunnel-selector to delete a tunnel selector.
Syntax
tunnel-selector tunnel-selector-name { deny | permit } node node-number
undo tunnel-selector tunnel-selector-name { deny | permit } node node-number
Default
No tunnel selectors exist.
Views
System view
Predefined user roles
network-admin
Parameters
tunnel-selector-name: Specifies the tunnel selector name, a case-sensitive string of 1 to 40 characters.
deny: Sets the match mode of the tunnel selector to deny. If a route matches all the if-match clauses of a node, the route is denied and does not match the next node. If a route does not match an if-match clause of a node, the route continues to match the next node.
permit: Sets the match mode of the tunnel selector to permit. If a route matches all the if-match clauses of a node, the route matches the node. If a route does not match an if-match clause of a node, the route continues to match the next node.
node node-number: Specifies a node number for the tunnel selector. The value range for node-number argument is 0 to 65535. The node with a smaller node number is matched first.
Usage guidelines
A tunnel selector is needed in the following BGP/MPLS L3VPN scenarios:
· In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.
· In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.
Examples
# Create a tunnel selector and enter its view. Specify the tunnel selector name as ts1, node number as 10, and match mode as permit.
<Sysname> system-view
[Sysname] tunnel-selector ts1 permit node 10
[Sysname-tunnel-selector-ts1-10]
Related commands
display tunnel-selector