10-MPLS Command Reference

HomeSupportReference GuidesCommand ReferencesH3C MSR1000[2600][3600] Routers Command Reference(V9)-R9119-6W10010-MPLS Command Reference
08-MPLS L3VPN commands
Title Size Download
08-MPLS L3VPN commands 312.02 KB

Contents

MPLS L3VPN commands· 1

address-family ipv4 (VPN instance view) 1

address-family vpnv4· 1

advertise route-reoriginate· 2

apply-label 3

dampening ibgp· 5

description (VPN instance view) 6

display bgp routing-table ipv4 unicast inlabel 6

display bgp routing-table ipv4 unicast outlabel 7

display bgp routing-table vpnv4· 9

display bgp routing-table vpnv4 inlabel 19

display bgp routing-table vpnv4 outlabel 20

display ip vpn-instance· 22

display ip vpn-instance mpls statistics· 24

display ospf sham-link· 25

display vpn-peer 26

domain-id (OSPF view) 28

export route-policy· 29

ext-community-type (OSPF view) 30

import route-policy· 30

ip binding vpn-instance· 31

ip vpn-instance (system view) 32

mpls per-vrf-label range· 33

mpls statistics enable· 33

nesting-vpn· 34

network· 35

peer advertise vpn-reoriginate ibgp (BGP VPNv4 address family view) 36

peer next-hop-invariable (BGP VPNv4 address family view) 37

peer next-hop-vpn· 37

peer upe· 38

peer upe route-policy· 39

policy vpn-target 40

reset ip vpn-instance mpls statistics· 41

route-distinguisher 41

route-replicate (public instance IPv4 address family view) 42

route-replicate (VPN instance IPv4 address family view) 44

route-replicate enable· 45

route-tag (OSPF view) 46

routing-table limit 47

rr-filter (BGP VPNv4 address family view) 48

sham-link (OSPF area view) 49

snmp context-name· 51

snmp-agent trap enable l3vpn· 52

tnl-policy· 53

ttl-mode· 54

vpn popgo· 55

vpn-id· 55

vpn-peer 56

vpn-route cross multipath· 57

vpn-target 58

 

 


MPLS L3VPN commands

address-family ipv4 (VPN instance view)

Use address-family ipv4 to enter VPN instance IPv4 address family view.

Use undo address-family ipv4 to remove all configurations from VPN instance IPv4 address family view.

Syntax

address-family ipv4

undo address-family ipv4

Views

VPN instance view

Predefined user roles

network-admin

Usage guidelines

In VPN instance IPv4 address family view, you can configure IPv4 VPN parameters such as inbound and outbound routing policies.

Examples

# Enter VPN instance IPv4 address family view.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4

[Sysname-vpn-ipv4-vpn1]

Related commands

address-family ipv6 (VPN instance view)

address-family vpnv4

Use address-family vpnv4 in BGP view to create the BGP VPNv4 address family and enter its view, or enter the view of the existing BGP VPNv4 address family.

Use address-family vpnv4 in BGP-VPN instance view to create the BGP-VPN VPNv4 address family and enter its view, or enter the view of the existing BGP-VPN VPNv4 address family.

Use undo address-family vpnv4 to remove the BGP VPNv4 address family or BGP-VPN VPNv4 address family, and all settings in address family view.

Syntax

address-family vpnv4

undo address-family vpnv4

Default

The BGP VPNv4 address family or BGP-VPN VPNv4 address family does not exist.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Usage guidelines

A VPNv4 address consists of an RD and an IPv4 prefix. VPNv4 routes are routes that carry VPNv4 addresses.

For a PE to exchange BGP VPNv4 routes with a BGP peer, enable that peer by executing the peer enable command in BGP VPNv4 or BGP-VPN VPNv4 address family view.

In BGP VPNv4 address family view, you can configure the following settings:

·     BGP VPNv4 route attributes, such as the preferred value.

·     Whether to allow the local AS number to appear in the AS_PATH attribute of received route updates.

The settings in BGP VPNv4 address family view control VPNv4 route exchange between PEs.

The settings in BGP-VPN VPNv4 address family view control VPNv4 route exchange between provider PE and provider CE in nested MPLS L3VPN.

Examples

# Create the BGP VPNv4 address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4]

advertise route-reoriginate

Use advertise route-reoriginate to re-originate the BGP unicast routes from other VPN instances.

Use undo advertise route-reoriginate to restore the default.

Syntax

advertise route-reoriginate [ route-policy route-policy-name ] [ replace-rt ]

undo advertise route-reoriginate

Default

A VPN instance cannot re-originate the BGP unicast routes from other VPN instances.

Views

BGP-VPN IPv4 unicast address family view

Predefined user roles

network-admin

Parameters

route-policy route-policy-name: Specifies a routing policy to filter the routes to be re-originated. The route-policy-name argument represents the name of the routing policy, a case-sensitive string of 1 to 63 characters.

replace-rt: Changes the route target attribute of re-originated routes to that of the current VPN instance. If you do not specify this keyword, re-originated routes use their original route target attributes.

Usage guidelines

By default, BGP routes in different VPN instances are isolated. In some networks, a device might need to advertise routes across VPN instances or advertise the routes in a VPN instance through other VPN instances to hide the routing information of the VPN instance.

After you configure this feature, the current VPN instance will re-originate the BGP unicast routes from other VPN instances that have the same route target as the current VPN instance. Locally redistributed routes (such as the IGP routes redistributed by using the import-route command) will not be re-originated. The re-originated routes can be advertised to BGP peers. You can also select whether to change the route target attributes of re-originated routes.

This command re-originates IPv4 unicast routes.

A route received from an IBGP peer will not be advertised to other IBGP peers after being re-originated. To advertise the route to IBGP peers, you must execute the peer advertise vpn-reoriginate ibgp command.

Both the advertise route-reoriginate and route-replicate enable commands can implement BGP route redistribution between different VPN instances. The differences are as follows:

·     The advertise route-reoriginate command only re-originates BGP routes in VPN instances. The route-replicate enable command can replicate BGP routes in the public network to a VPN instance.

·     After you execute the route-replicate enable command to replicate a route received from an IBGP peer to a VPN instance, the route cannot be advertised to other IBGP peers. You can execute the advertise route-reoriginate and peer advertise vpn-reoriginate ibgp commands together to re-originate the routes received from an IBGP peer and then advertise the re-originated routes to other IBGP peers.

You can execute the advertise route-reoriginate and route-replicate enable commands together to redistribute BGP routes in the public network to a VPN instance, re-originate the redistributed routes, and advertise the re-originated routes to any BGP peer.

Examples

# In VPN instance vpn1, re-originate the BGP unicast routes from other VPN instances.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4

[Sysname-bgp-default-ipv4-vpn1] advertise route-reoriginate

Related commands

peer advertise vpn-reoriginate ibgp (BGP EVPN address family view) (EVPN Command Reference)

peer advertise vpn-reoriginate ibgp (BGP VPNv4 address family view)

route-replicate enable

apply-label

Use apply-label to specify a label allocation mode.

Use undo apply-label to restore the default.

Syntax

apply-label { per-instance [ static static-label-value ] | per-route }

undo apply-label

Default

BGP allocates labels on a per-next-hop basis.

Views

VPN instance IPv4 address family view

Predefined user roles

network-admin

Parameters

per-instance: Allocates a label to each VPN instance. All routes in the VPN instance use the same label.

static static-label-value: Specifies a static label value. The value range for the static-label-value argument is 16 to 1048575. If you do not specify this option, BGP randomly allocates a label value to the VPN instance.

per-route: Allocates a label to each route. Each route in the VPN instance uses an exclusive label.

Usage guidelines

CAUTION

CAUTION:

Executing this command will re-advertise all routes in the VPN instance, which will cause temporary interruption of running services in the VPN instance. Please be cautious.

 

BGP supports the following label allocation modes:

·     Per-next-hop—Allocates a label to each next hop. Use this mode when the number of labels required by the per-route mode exceeds the maximum number of labels supported by the device.

·     Per-route—Allocates a label to each route.

·     Per-VPN-instance—Allocates a label to each VPN instance. Use this mode when a large number of VPN routes exist on the PE.

When you specify the per-route or per-next-hop label allocation mode, you can execute the vpn popgo command to specify the POPGO forwarding mode on an egress PE. The egress PE will pop the label for each packet and forward the packet out of the interface corresponding to the label.

When you specify the per-VPN-instance label allocation mode, do not execute the vpn popgo command because it is mutually exclusive with the apply-label per-instance command. The egress PE will pop the label for each packet and forward the packet through the FIB table.

Examples

# In VPN instance IPv4 address family view, allocate static label 10000 to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4

[Sysname-vpn-ipv4-vpn1] apply-label per-instance static 10000

This configuration causes service interruption. Continue? [Y/N]:y

Related commands

vpn popgo

dampening ibgp

Use dampening ibgp to configure BGP VPNv4 route dampening.

Use undo dampening ibgp to restore the default.

Syntax

dampening ibgp [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] *

undo dampening ibgp

Default

BGP VPNv4 route dampening is not configured.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

half-life-reachable: Specifies a half-life for active routes, in the range of 1 to 45 minutes. By default, the value is 15 minutes.

half-life-unreachable: Specifies a half-life for suppressed routes, in the range of 1 to 45 minutes. By default, the value is 15 minutes.

reuse: Specifies a reuse threshold value for suppressed routes, in the range of 1 to 20000. The default value is 750. A suppressed route whose penalty value decreases under the value is reused. The reuse threshold must be smaller than the suppression threshold.

suppress: Specifies a suppression threshold in the range of 1 to 20000. The default value is 2000. A route with a penalty value greater than this threshold is suppressed.

ceiling: Specifies a ceiling penalty value in the range of 1001 to 20000. The default value is 16000. The value must be greater than the suppression threshold.

route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

This command applies only to IBGP routes.

If an IBGP peer goes down after you configure this feature, VPNv4 routes coming from the peer are dampened but not deleted.

Examples

# In BGP VPNv4 address family view, configure BGP route dampening. Set the half-life for both active and suppressed routes to 10 minutes, the reuse threshold to 1000, the suppression threshold to 2000, and the ceiling penalty to 10000.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] dampening ibgp 10 10 1000 2000 10000

Related commands

display bgp dampening parameter (Layer 3—IP Routing Command Reference)

description (VPN instance view)

Use description to configure a description for a VPN instance.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured for a VPN instance.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 79 characters.

Examples

# Configure a description of This is vpn1 for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] description This is vpn1

display bgp routing-table ipv4 unicast inlabel

Use display bgp routing-table ipv4 unicast inlabel to display incoming labels for BGP IPv4 unicast routes.

Syntax

display bgp [ instance instance-name ] routing-table ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] inlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays incoming labels for BGP IPv4 unicast routes in the default BGP instance.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays incoming labels for BGP IPv4 unicast routes on the public network.

Usage guidelines

This command displays incoming labels for BGP IPv4 unicast routes regardless of whether the unicast keyword is specified or not.

Examples

# Display incoming labels for all BGP IPv4 unicast routes on the public network.

<Sysname> display bgp routing-table ipv4 inlabel

 

 Total number of routes: 1

 

 BGP local router ID is 3.3.3.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

     Network            NextHop         OutLabel        InLabel

 

* >  2.2.2.9/32         1.1.1.2         1151            1279

Table 1 Command output

Field

Description

BGP local router ID

Router ID of the local BGP router.

Status codes

Route status codes:

·     * - valid—Valid route.

·     > - best—Common optimal route.

·     d – damped—Route damped for route flap.

·     h - history—History route.

·     i - internal—Internal route.

·     e - external—External route.

·     s - suppressed—Suppressed route.

·     S - Stale—Stale route.

Origin

Route origin:

·     i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP.

·     e - EGP—Learned through EGP.

·     ? - incomplete—Redistributed from IGP protocols.

OutLabel

Outgoing label.

InLabel

Incoming label.

display bgp routing-table ipv4 unicast outlabel

Use display bgp routing-table ipv4 unicast outlabel to display outgoing labels for BGP IPv4 unicast routes.

Syntax

display bgp [ instance instance-name ] routing-table ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] outlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays outgoing labels for BGP IPv4 unicast routes in the default BGP instance.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays outgoing labels for BGP IPv4 unicast routes on the public network.

Usage guidelines

This command displays outgoing labels for BGP IPv4 unicast routes regardless of whether the unicast keyword is specified or not.

Examples

# Display outgoing labels for all public BGP IPv4 unicast routes in the default BGP instance.

<Sysname> display bgp routing-table ipv4 outlabel

 

 Total number of routes: 1

 

 BGP local router ID is 3.3.3.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

     Network            NextHop         OutLabel

 

* >  2.2.2.9/32         1.1.1.2         1151

Table 2 Command output

Field

Description

BGP local router ID

Router ID of the local BGP router.

Status codes

Route status codes:

·     * - valid—Valid route.

·     > - best—Common optimal route.

·     d – damped—Route damped for route flap.

·     h - history—History route.

·     i - internal—Internal route.

·     e - external—External route.

·     s - suppressed—Suppressed route.

·     S - Stale—Stale route.

Origin

Route origin:

·     i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP.

·     e - EGP—Learned through EGP.

·     ? - incomplete—Redistributed from IGP protocols.

OutLabel

Outgoing label.

display bgp routing-table vpnv4

Use display bgp routing-table vpnv4 to display BGP VPNv4 routing information.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 [ [ route-distinguisher route-distinguisher ] [ ipv4-address [ mask-length | mask ] [ longest-match ] | ipv4-address [ mask-length | mask ] advertise-info | as-path-acl { as-path-acl-number | as-path-acl-name } | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } ] | [ vpn-instance vpn-instance-name ] peer ipv4-address { advertised-routes | received-routes } [ ipv4-address [ mask-length | mask ] | statistics ] | statistics ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays BGP VPNv4 routes in the default BGP instance.

route-distinguisher route-distinguisher: Specifies an RD, a string of 3 to 21 characters in one of the following formats:

·     16-bit AS number:32-bit user-defined number. For example, 101:3.

·     32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

·     32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

ipv4-address: Specifies the destination IPv4 address.

mask-length: Specifies the length of the network mask, in the range of 0 to 32.

mask: Specifies the network mask, in dotted decimal notation.

longest-match: Displays the longest matching BGP VPNv4 route. The system first ANDs the specified network address with the mask of each route, and then selects the longest matching BGP VPNv4 route as follows:

·     If you specify a mask, a route is matched if the AND result is the same as the network address of the route and the mask of the route is shorter than or equal to the specified mask. In this case, the command displays brief information about the route with the longest mask among the matching routes.

·     If you do not specify a mask, a route is matched if the AND result is the same as the network address of the route. In this case, the command displays detailed information about the route with the longest mask among the matching routes.

advertise-info: Displays advertisement information for BGP VPNv4 routes.

as-path-acl as-path-acl-number: Displays BGP VPNv4 routes that match the AS path list specified by its number in the range of 1 to 256.

as-path-acl as-path-acl-name: Displays BGP VPNv4 routes that match the AS path list specified by its name, a case-sensitive string of 1 to 51 characters. The name cannot contain only digits.

community-list: Displays BGP VPNv4 routes that match a BGP community list.

basic-community-list-number: Specifies a basic community list by its number in the range of 1 to 99.

comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters.

whole-match: Displays BGP VPNv4 routes exactly matching the specified community list. If you do not specify this keyword, the command displays BGP VPNv4 routes whose COMMUNITY attributes include the specified community list.

adv-community-list-number: Specifies an advanced community list by its number in the range of 100 to 199.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays BGP VPNv4 routes advertised to or received from the specified peer on the public network.

peer: Displays BGP VPNv4 routing information advertised to or received from a peer.

ipv4-address: Specifies the peer IPv4 address.

advertised-routes: Displays BGP VPNv4 routing information advertised to the specified peer.

received-routes: Displays BGP VPNv4 routing information received from the specified peer.

statistics: Displays BGP VPNv4 routing statistics.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all BGP VPNv4 routes.

If you specify ipv4-address mask or ipv4-address mask-length, this command displays detailed information about the BGP VPNv4 route that exactly matches the specified address and mask.

If you specify only ipv4-address, the system ANDs the network address with the mask of a route. If the result matches the network address of the route, this command displays detailed information about the BGP VPNv4 route.

Examples

# Display brief information about all BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Total number of routes from all PEs: 8

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 6

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >  10.1.1.0/24        10.1.1.2        0                     32768   ?

*  e                    10.1.1.1        0                     0       65410?

* >  10.1.1.2/32        127.0.0.1       0                     32768   ?

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >e 192.168.1.0        10.1.1.1        0                     0       65410?

*  i                    3.3.3.9         0          100        0       65420?

 

 Route distinguisher: 200:1

 Total number of routes: 2

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >i 192.168.1.0        3.3.3.9         0          100        0       65420?

# Display brief information about BGP VPNv4 routes with RD 100:1 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 route-distinguisher 100:1

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 6

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >  10.1.1.0/24        10.1.1.2        0                     32768   ?

*  e                    10.1.1.1        0                     0       65410?

* >  10.1.1.2/32        127.0.0.1       0                     32768   ?

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >e 192.168.1.0        10.1.1.1        0                     0       65410?

*  i                    3.3.3.9         0          100        0       65420?

# Display information about BGP VPNv4 routes matching AS_PATH list 1 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 as-path-acl 1

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Total number of routes from all PEs: 8

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 6

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >  10.1.1.0/24        10.1.1.2        0                     32768   ?

*  e                    10.1.1.1        0                     0       65410?

* >  10.1.1.2/32        127.0.0.1       0                     32768   ?

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >e 192.168.1.0        10.1.1.1        0                     0       65410?

*  i                    3.3.3.9         0          100        0       65420?

 

 Route distinguisher: 200:1

 Total number of routes: 2

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >i 192.168.1.0        3.3.3.9         0          100        0       65420?

# Display information about BGP VPNv4 routes matching BGP community list 100 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 community-list 100

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Total number of routes from all PEs: 8

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 6

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >  10.1.1.0/24        10.1.1.2        0                     32768   ?

*  e                    10.1.1.1        0                     0       65410?

* >  10.1.1.2/32        127.0.0.1       0                     32768   ?

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >e 192.168.1.0        10.1.1.1        0                     0       65410?

*  i                    3.3.3.9         0          100        0       65420?

 

 Route distinguisher: 200:1

 Total number of routes: 2

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >i 192.168.1.0        3.3.3.9         0          100        0       65420?

# Display information about public BGP VPNv4 routes advertised to peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 advertised-routes

 

 Total number of routes: 2

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Route distinguisher: 100:1

 Total number of routes: 2

 

     Network            NextHop         MED        LocPrf             Path/Ogn

 

* >  10.1.1.0/24        10.1.1.2        0                             ?

* >e 192.168.1.0        10.1.1.1        0                             65410?

# Display information about public BGP VPNv4 routes received from peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 received-routes

 

 Total number of routes: 2

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Route distinguisher: 200:1

 Total number of routes: 2

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >i 10.3.1.0/24        3.3.3.9         0          100        0       ?

* >i 192.168.1.0        3.3.3.9         0          100        0       65420?

Table 3 Command output

Field

Description

BGP local router ID

Router ID of the local BGP router.

Status codes

Route status codes:

·     * - valid—Valid route.

·     > - best—Common optimal route.

·     d – damped—Route damped for route flap.

·     h - history—History route.

·     i - internal—Internal route.

·     e - external—External route.

·     s - suppressed—Suppressed route.

·     S - Stale—Stale route.

Origin

Route origin:

·     i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP.

·     e - EGP—Learned through EGP.

·     ? - incomplete—Redistributed from IGP protocols.

Total number of routes from all PEs

Total number of VPNv4 routes from all PEs.

Network

Network address.

NextHop

Next hop address.

MED

MULTI_EXIT_DISC attribute.

LocPrf

Local preference value.

PrefVal

Preferred value.

Path/Ogn

AS_PATH and Origin attributes.

# Display detailed information about BGP VPNv4 routes to 10.3.1.0/24 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 10.3.1.0 24

 

 BGP local router ID: 1.1.1.9

 Local AS number: 100

 

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 1

 Paths:   1 available, 1 best

 

 BGP routing table information of 10.3.1.0/24:

 From            : 3.3.3.9 (3.3.3.9)

 Rely nexthop    : 172.1.1.2

 Original nexthop: 3.3.3.9

 OutLabel        : 1279

 Ext-Community   : <RT: 111:1>

 AS-path         : (null)

 Origin          : incomplete

 Attribute value : MED 0, localpref 100, pref-val 0

 State           : valid, internal, best

 IP precedence   : N/A

 QoS local ID    : N/A

 Traffic index   : N/A

 

 Route distinguisher: 200:1

 Total number of routes: 1

 Paths:   1 available, 1 best

 

 BGP routing table information of 10.3.1.0/24:

 From            : 3.3.3.9 (3.3.3.9)

 Rely nexthop    : 172.1.1.2

 Original nexthop: 3.3.3.9

 OutLabel        : 1279

 Ext-Community   : <RT: 111:1>

 AS-path         : (null)

 Origin          : incomplete

 Attribute value : MED 0, localpref 100, pref-val 0

 State           : valid, internal, best

 IP precedence   : N/A

 QoS local ID    : N/A

 Traffic index   : N/A

# Display detailed information about the BGP VPNv4 route to 10.3.1.0/24 and with RD 100:1 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 route-distinguisher 100:1 10.3.1.0 24

 

 BGP local router ID: 1.1.1.9

 Local AS number: 100

 

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 1

 Paths:   1 available, 1 best

 

 BGP routing table information of 10.3.1.0/24:

 From            : 3.3.3.9 (3.3.3.9)

 Rely nexthop    : 172.1.1.2

 Original nexthop: 3.3.3.9

 OutLabel        : 1279

 Ext-Community   : <RT: 111:1>

 AS-path         : (null)

 Origin          : incomplete

 Attribute value : MED 0, localpref 100, pref-val 0

 State           : valid, internal, best

 IP precedence   : N/A

 QoS local ID    : N/A

 Traffic index   : N/A

Table 4 Command output

Field

Description

Rely Nexthop

Recursive next hop. If no recursive next hop is found, this field displays not resolved.

Original nexthop

Original next hop. If the route is learned from a BGP update, it is the next hop in the update message.

Ext-Community

Extended community attribute:

·     RT—Route Target extended community.

·     RT Import—VRF Route Import extended community used for multicast VPN.

·     SrcAs—Source AS extended community used for multicast VPN.

Origin

Route origin:

·     igp—Originated in the AS. The origin of routes advertised by the network command is IGP.

·     egp—Learned through EGP.

·     incomplete—Redistributed from IGP protocols.

Attribute value

BGP route attribute information:

·     MED—MED attribute.

·     localpref—Local preference.

·     pref-val—Preferred value.

·     pre—Protocol preference.

State

Route status:

·     valid—Valid route.

·     internal—Internal route.

·     external—External route.

·     local—Locally generated route.

·     synchronize—Synchronized route.

·     best—Optimal route.

·     localredist—VPNv4 route generated based on local route.

·     remoteredist—VPNv4 route generated based on remote route.

·     not preferred for reason—Reason why the route is not selected as the optimal route. For more information, see Table 5.

·     not ECMP for reason—Reason why the route does not form ECMP routes with other routes. For more information, see Table 6.

IP precedence

IP priority of a route, in the range of 0 to 7. N/A indicates that the route does not support this field.

QoS local ID

QoS local ID attribute of a route, in the range of 1 to 4095. N/A indicates that the route does not support this field.

Traffic index

Index of the traffic, in the range of 1 to 64. N/A indicates that the route does not support this field.

Table 5 Reason why the route is not selected as the optimal route

Reason

Description

preferred-value

Routes with larger preferred values exist.

local-preference

Routes with larger local preference values exist.

local-origin-route

There are routes whose local-origin-route attribute has a higher priority.

BGP selects the optimal route from local routes in this order: route generated by the network command, route redistributed by the import-route command, and summary route.

aigp

Routes carrying the AIGP attribute or routes with smaller AIGP attribute values exist.

as-path

Routes with smaller AS_PATH attribute values exist.

origin

There are routes whose origin has a higher priority. The route origins are IGP, EGP, and INCOMPLETE in descending order of priority.

med

Routes with smaller MED values exist.

remote-route

There are routes whose remote-route attribute has a higher priority.

BGP selects the optimal route from remote routes in this order:

·     Route learned from an EBGP peer.

·     Route learned from a confederation EBGP peer.

·     Route learned from a confederation IBGP peer.

·     Route learned from an IBGP peer.

igp-cost

Routes with smaller IGP metrics exist.

relydepth

Routes with smaller recursion depth values exist.

rfc5004

A route received from an EBGP peer is the current optimal route. BGP does not change the optimal route when it receives routes from other EBGP peers.

router-id

Routes with smaller router IDs exist.

If one of the routes is advertised by a route reflector, BGP compares the ORIGINATOR_ID of the route with the router IDs of other routes. Then, BGP selects the route with the smallest ID as the optimal route.

cluster-list

Routes with smaller CLUSTER_LIST attribute values exist.

peer-address

Routes advertised by peers with lower IP addresses exist.

redist-route

Routes of the current VPN instance exist.

rpki

Routes with higher RPKI validation state preferences exist.

received

Earlier learned routes exist.

evpn-macip-mobile

There are EVPN MAC/IP advertisement routes carrying the MAC mobility extended community attribute.

evpn-macip-mobile-static

There are EVPN MAC/IP advertisement routes whose static flag in the MAC mobility extended community attribute is set.

evpn-macip-mobile-seq

There are EVPN MAC/IP advertisement routes carrying a larger sequence number in the MAC mobility extended community attribute.

evpn-macip-mobile-routerid

There are EVPN MAC/IP advertisement routes carrying a smaller router ID in the MAC mobility extended community attribute.

encap-type

There are routes encapsulated by SRv6 or MPLS.

color-relay

There are routes that carry color attributes.

srv6-route

There are routes that carry non-local SIDs.

Table 6 Reason why the route does not form ECMP routes with other routes

Reason

Description

preferred-value

The preferred value of the route is different than other routes.

local-preference

The local preference of the route is different than other routes.

local-origin-route

The way for generating the route is different than other routes.

aigp

The AIGP attribute state (whether or not the attribute is carried) or the AIGP attribute value of the route is different than other routes.

as-path

The AS_PATH attribute of the route is different than other routes.

origin

The ORIGIN attribute of the route is different than other routes.

med

The MED attribute of the route is different than other routes.

remote-route

The route comes from a different EBGP, confederation EBGP, confederation IBGP, or IBGP peer than other routes.

igp-cost

The IGP metric of the route is different than other routes.

local-redist-route

The route is redistributed from another VPN instance.

label-route

The labeling state of the route is different than other routes.

samenexthop

The route has the same next hop with another route.

evpn-macip-label

The L3VNI state (whether or not L3VNI is carried) of the route is different than other routes.

evpn-other-type

The route is the only EVPN MAC/IP advertisement route or the route is not an EVPN MAC/IP advertisement route.

color-relay

The color attribute state (whether or not color attribute is carried) of the route is different than other routes.

srv6-route

The non-local SID carrying state (whether or not non-local SID is carried) of the route is different than other routes.

# Display advertisement information for BGP VPNv4 routes to 10.1.1.0/24 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 10.1.1.0 24 advertise-info

 

 BGP local router ID: 1.1.1.9

 Local AS number: 100

 

 

 Route distinguisher: 100:1

 Total number of routes: 1

 Paths:   1 best

 

 BGP routing table information of 10.1.1.0/24:

 Advertised to VPN peers (1 in total):

    3.3.3.9

 Inlabel         : 1279

Table 7 Command output

Field

Description

Paths

Number of routes to the specified destination network.

BGP routing table information of 10.1.1.0/24

Advertisement information for the BGP route to 10.1.1.0/24.

Advertised to VPN peers (1 in total)

VPNv4 peers to which the route is advertised, and the number of peers.

Inlabel

Incoming label of the route.

# Display statistics about public BGP VPNv4 routes advertised to peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 advertised-routes statistics

 

 Advertised routes total: 2

# Display statistics about public BGP VPNv4 routes received from peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 received-routes statistics

 

 Received routes total: 2

Table 8 Command output

Field

Description

Advertised routes total

Total number of routes advertised to the specified peer.

Received routes total

Total number of routes received from the specified peer.

# Display statistics about public BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 statistics

 Total number of routes from all PEs: 8

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 6

 

 Route distinguisher: 200:1

 Total number of routes: 2

Table 9 Command output

Field

Description

Total number of routes from all PEs

Total number of VPNv4 routes from all PEs.

Total number of routes

Total number of VPNv4 routes with the specified RD.

Related commands

ip as-path (Layer 3—IP Routing Command Reference)

display bgp routing-table vpnv4 inlabel

Use display bgp routing-table vpnv4 inlabel to display incoming labels for BGP VPNv4 routes.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 inlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays incoming labels for all BGP VPNv4 routes in the default BGP instance.

Examples

# Display incoming labels for all BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 inlabel

 

 Total number of routes: 2

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Route distinguisher: 100:1

 Total number of routes: 2

 

     Network            NextHop         OutLabel        InLabel

 

* >  10.1.1.0/24        10.1.1.2        NULL            1279

* >e 192.168.1.0        10.1.1.1        NULL            1278

Table 10 Command output

Field

Description

BGP local router ID

Router ID of the local BGP router.

Status codes

Route status codes:

·     * - valid—Valid route.

·     > - best—Common optimal route.

·     d – damped—Route damped for route flap.

·     h - history—History route.

·     i - internal—Internal route.

·     e - external—External route.

·     s - suppressed—Suppressed route.

·     S - Stale—Stale route.

Origin

Route origin:

·     i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP.

·     e - EGP—Learned through EGP.

·     ? - incomplete—Redistributed from IGP protocols.

OutLabel

Outgoing label. If the peer PE assigns a null label, this field displays NULL.

InLabel

Incoming label.

display bgp routing-table vpnv4 outlabel

Use display bgp routing-table vpnv4 outlabel to display outgoing labels for BGP VPNv4 routes.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 outlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays outgoing labels for all BGP VPNv4 routes in the default BGP instance.

Examples

# Display outgoing labels for all BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 outlabel

 

 BGP local router ID is 1.1.1.9

 Status codes: * - valid, > - best, d - dampened, h - history,

               s - suppressed, S - stale, i - internal, e - external

               Origin: i - IGP, e - EGP, ? - incomplete

 

 Total number of routes from all PEs: 4

 

 Route distinguisher: 100:1(vpn1)

 Total number of routes: 2

 

     Network            NextHop         OutLabel

 

* >i 10.3.1.0/24        3.3.3.9         1279

*  i 192.168.1.0        3.3.3.9         1278

 

 Route distinguisher: 200:1

 Total number of routes: 2

 

     Network            NextHop         OutLabel

 

* >i 10.3.1.0/24        3.3.3.9         1279

* >i 192.168.1.0        3.3.3.9         1278

Table 11 Command output

Field

Description

BGP local router ID

Router ID of the local BGP router.

Status codes

Route status codes:

·     * - valid—Valid route.

·     > - best—Common optimal route.

·     d – damped—Route damped for route flap.

·     h - history—History route.

·     i - internal—Internal route.

·     e - external—External route.

·     s - suppressed—Suppressed route.

·     S - Stale—Stale route.

Origin

Route origin:

·     i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP.

·     e - EGP—Learned through EGP.

·     ? - incomplete—Redistributed from IGP protocols.

OutLabel

Outgoing label. If the peer PE assigns a null label, this field displays NULL.

display ip vpn-instance

Use display ip vpn-instance to display information about VPN instances.

Syntax

display ip vpn-instance [ instance-name vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-name vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays brief information about all VPN instances.

Examples

# Display brief information about all VPN instances.

<Sysname> display ip vpn-instance

  Total VPN-Instances configured : 1

  Total IPv4 VPN-Instances configured : 1

  Total IPv6 VPN-Instances configured : 0

  VPN-Instance Name     RD              Address family      Create time

  abc                   1:1             IPv4                2011/05/18 10:48:17

Table 12 Command output

Field

Description

VPN-Instance Name

Name of the VPN instance.

RD

RD of the VPN instance.

Address family

Name of the IPv4 or IPv6 address family.

If no IPv4 or IPv6 VPN instances exist, this field displays N/A.

The display ip vpn-instance command does not display brief information about IPv4 flowspec VPN instances. For information about IPv4 flowspec VPN instances, see flowspec configuration in ACL and QoS Configuration Guide.

Create Time

Time when the VPN instance was created.

# Display detailed information about VPN instance vpn1.

<Sysname> display ip vpn-instance instance-name vpn1

  VPN-Instance Name and Index : vpn1, 2

  Route Distinguisher : 100:1

  VPN ID : 1:1

  Description : vpn1

  Interfaces : GigabitEthernet0/0/2

  TTL-mode: pipe

  Address-family IPv4:

   Export VPN Targets :

       2:2

   Import VPN Targets :

       3:3

   Export Route Policy : outpolicy

   Import Route Policy : inpolicy

   Tunnel Policy : tunnel1

   Maximum Routes Limit : 500

   Threshold Value(%): 50

  Address-family IPv6:

   Export VPN Targets :

       2:2

   Import VPN Targets :

       3:3

   Export Route Policy : outpolicy

   Import Route Policy : inpolicy

   Tunnel Policy : tunnel1

   Maximum Routes Limit :500

   Threshold Value(%): 50

Table 13 Command output

Field

Description

Route Distinguisher

Route distinguisher of the VPN instance.

Interfaces

Interfaces that are associated with the VPN instance.

TTL-mode

TTL processing mode used by the tunnel associated with the VPN instance. This field displays a hyphen (-) if no TTL processing mode is specified.

Address-family IPv4

IPv4 VPN information.

Address-family IPv6

IPv6 VPN information.

Address-family IPv4 Flowspec

IPv4 flowspec VPN instance information. For more information about IPv4 flowspec VPN instances, see flowspec configuration in ACL and QoS Configuration Guide.

Export Route Policy

Routing policy in the outbound direction.

Import Route Policy

Routing policy in the inbound direction.

Maximum Routes Limit

Maximum number of routes.

Threshold Value(%)

Alarm threshold for number of active routes.

display ip vpn-instance mpls statistics

Use display ip vpn-instance mpls statistics to display MPLS label forwarding statistics for VPN instances.

Syntax

display ip vpn-instance mpls statistics [ instance-name vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-name vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays statistics about all VPN instances.

Examples

# Display MPLS label forwarding statistics for all VPN instances.

<Sysname> display ip vpn-instance mpls statistics

VPN instance name: vpn1

VPN instance index: 2

Inbound statistics:

  Octets    : 10600

  Packets   : 100

  Errors    : 0

  Discards  : 0

Outbound statistics:

  Octets    : 12600

  Packets   : 100

  Errors    : 0

  Discards  : 0

Table 14 Command output

Field

Description

Inbound statistics

MPLS label forwarding statistics for the VPN instance in inbound direction:

·     Octets—Number of received octets.

·     Packets—Number of received packets.

·     Errors—Number of received error packets.

·     Discards—Number of discarded packets.

Inbound statistics are about the labeled packets that the local PE receives from the remote PE. The local PE forwards these packets to the CE of the VPN instance according to the incoming label of the packets.

Outbound statistics

MPLS label forwarding statistics for the VPN instance in outbound direction:

·     Octets—Number of sent octets.

·     Packets—Number of sent packets.

·     Errors—Number of sent error packets.

·     Discards—Number of discarded packets.

Outbound statistics are about the labeled packets that the local PE sends to the remote PE. After the local PE receives packets from the CE of the VPN instance, it labels the packets and then forwards the labeled packets to the remote PE.

Related commands

mpls statistics enable

mpls statistics interval

reset ip vpn-instance mpls statistics

display ospf sham-link

Use display ospf sham-link to display OSPF sham link information.

Syntax

display ospf [ process-id ] sham-link [ area area-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

process-id: Specifies an OSPF process by its ID. The process ID is in the range of 1 to 65535. If you do not specify a process, this command displays sham link information for all OSPF processes.

area area-id: Specifies an OSPF area by its ID, which is an IP address, or an integer. The integer is in the range of 0 to 4294967295. If you do not specify an area, this command displays sham link information for all OSPF areas.

Usage guidelines

If you do not specify any processes or areas, this command displays information about all OSPF sham links.

Examples

# Display information about all OSPF sham links.

<Sysname> display ospf sham-link

 

          OSPF Process 1 with Router ID 125.1.1.1

                  Sham link

 

 Area            Neighbor ID     Source IP       Destination IP  State  Cost

 0.0.0.0         95.1.1.1        125.2.1.1       95.2.1.1        P-2-P  1

# Display OSPF sham link information for OSPF area 1.

<Sysname> display ospf sham-link area 1

 

          OSPF Process 100 with Router ID 100.1.1.2

 

 Sham link: 3.3.3.3 --> 5.5.5.5

 Neighbor ID: 120.1.1.2        State: Full

 Area: 0.0.0.1

 Cost: 1  State: P-2-P  Type: Sham

 Timers: Hello 10, Dead 40, Retransmit 5, Transmit Delay 1

 Request list: 0  Retransmit list: 0

 GTSM: Enabled, maximum number of hops: 2

 Cryptographic authentication: Enabled, inherited

    The last key is 3.

    The rollover is in progress, 1 neighbor(s) left.

Table 15 Command output

Field

Description

State

Neighbor state for the sham link: Down, Init, 2-way, ExStart, Exchange, Loading, or Full.

Cost

Cost of the sham link.

State

Sham link state: Down or P-2-P.

Timers

Timers for the sham link, in seconds. The timers include Hello timer, Dead timer, Retransmit timer, and Transmit Delay timer.

GTSM: Enabled, maximum number of hops: 2

OSPF GTSM is enabled, and the maximum number of hops is 2.

If OSPF GTSM is disabled, this field displays GTSM: Disabled.

Cryptographic authentication: Enabled, inheritedMD5 authentication enabled

Cryptographic authentication mode (MD5, HMAC-MD5, or HMAC-SHA-256) is used by the sham link. The inherited attribute indicates that the sham link uses the authentication mode specified for the area to which the sham link belongs.

If the sham link uses the simple authentication mode, this field displays Simple authentication: Enabled, inherited.

display vpn-peer

Use display vpn-peer to display VPN peer information.

Syntax

display vpn-peer [ peer-id vpn-peer-id | peer-name vpn-peer-name | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vpn-peer-id: Specifies a VPN peer by its ID in the range of 1 to 134217727.

vpn-peer-name: Specifies a VPN peer by its name, a case-sensitive string of 1 to 31 characters.

verbose: Displays detailed information about all VPN peers.

Usage guidelines

If you do not specify any parameters, the command displays brief information about all VPN peers.

Examples

# Display brief information about all VPN peers.

<Sysname> display vpn-peer

Total VPN peer count(s): 2

VPN peer name                   Peer-id   User-profile                    State

010-020                         1         up10M                           Online

030-040                         2         up20M                           Offline

Table 16 Command output

Field

Description

VPN peer name

VPN peer name.

Peer-id

VPN peer ID.

User-profile

Configuration file used by the VPN peer.

State

VPN peer state:

·     Offline.

·     Online.

# Display detailed information about all VPN peers.

<Sysname> display vpn-peer verbose

Total VPN peer count(s): 2

 

VPN peer name: 010-020

Peer-id: 1

User-profile: up10M

State: Online

Outbound statistics:

  Pass packets: 12600

  Pass bytes  : 100

  Drop packets: 0

  Drop bytes  : 0

 

VPN peer name: 030-040

Peer-id: 2

User-profile: up20M

State: Offline

Outbound statistics:

  Pass packets: 12600

  Pass bytes  : 100

  Drop packets: 0

  Drop bytes  : 0

Table 17 Command output

Field

Description

VPN peer name

VPN peer name.

Peer-id

VPN peer ID.

User-profile

Configuration file used by the VPN peer.

State

VPN peer state:

·     Offline.

·     Online.

Outbound statistics

Outbound packet statistics of the VPN peer, including the number of sent bytes, sent packets, dropped bytes, and dropped packets.

domain-id (OSPF view)

Use domain-id to set an OSPF domain ID.

Use undo domain-id to delete an OSPF domain ID.

Syntax

domain-id domain-id [ secondary ]

undo domain-id [ domain-id ]

Default

The OSPF domain ID is 0.

Views

OSPF view

Predefined user roles

network-admin

Parameters

domain-id: Specifies an OSPF domain ID, in one of the following formats:

·     Integer, in the range of 0 to 4294967295. For example, 1.

·     Dotted decimal notation. For example, 0.0.0.1.

·     A string of 9 to 21 characters in the dotted decimal notation:16-bit user-defined number format. The value range for the 16-bit user-defined number is 0 to 65535. For example, 0.0.0.1:512.

secondary: Specifies a secondary domain ID. If you do not specify this keyword, the command specifies a primary domain ID.

Usage guidelines

When you redistribute OSPF routes into BGP, BGP adds the primary domain ID to the redistributed BGP VPNv4 routes as a BGP extended community attribute. Then, BGP advertises the routes to the peer PE.

When the peer PE receives the routes, it compares the OSPF domain ID in the routes with the locally configured primary and secondary domain IDs. OSPF advertises these routes in Network Summary LSAs (Type 3) if both the following conditions exist:

·     The primary or secondary domain ID is the same as the received domain ID.

·     The received routes are intra-area or inter-area routes.

Otherwise, OSPF advertises these routes in AS External LSAs (Type 5) or NSSA External LSAs (Type 7).

If you do not specify any parameters, the undo domain-id command restores the default.

Examples

# Set the OSPF domain ID to 234.

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] domain-id 234

export route-policy

Use export route-policy to apply an export routing policy to a VPN instance.

Use undo export route-policy to restore the default.

Syntax

export route-policy route-policy

undo export route-policy

Default

No export routing policy is applied to a VPN instance.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

route-policy: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can specify an export routing policy to filter advertised routes or modify their route attributes for the VPN instance.

If you execute this command multiple times, the most recent configuration takes effect.

An export routing policy specified in VPN instance view applies to both IPv4 VPN and IPv6 VPN. An export routing policy specified in VPN instance IPv4 address family view applies only to the IPv4 VPN. An export routing policy specified in VPN instance IPv6 address family view applies only to the IPv6 VPN.

IPv4 VPN prefers the export routing policy specified in VPN instance IPv4 address family view over the one specified in VPN instance view.

IPv6 VPN prefers the export routing policy specified in VPN instance IPv6 address family view over the one specified in VPN instance view.

Examples

# Apply export routing policy poly-1 to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] export route-policy poly-1

Related commands

import route-policy

route-policy (Layer 3—IP Routing Command Reference)

ext-community-type (OSPF view)

Use ext-community-type to configure the type code of an OSPF extended community attribute.

Use undo ext-community-type to restore the default.

Syntax

ext-community-type { domain-id type-code1 | router-id type-code2 | route-type type-code3 }

undo ext-community-type [ domain-id | router-id | route-type ]

Default

The type codes for domain ID, router ID, and route type are hex numbers 0005, 0107, and 0306, respectively.

Views

OSPF view

Predefined user roles

network-admin

Parameters

domain-id type-code1: Specifies the type code for domain ID. Valid values are hex numbers 0005, 0105, 0205, and 8005.

router-id type-code2: Specifies the type code for router ID. Valid values are hex numbers 0107 and 8001.

route-type type-code3: Specifies the type code for route type. Valid values are hex numbers 0306 and 8000.

Examples

# Configure the type codes of domain ID, router ID, and route type as hex numbers 8005, 8001, and 8000, respectively, for OSPF process 100.

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] ext-community-type domain-id 8005

[Sysname-ospf-100] ext-community-type router-id 8001

[Sysname-ospf-100] ext-community-type route-type 8000

import route-policy

Use import route-policy to apply an import routing policy to a VPN instance.

Use undo import route-policy to restore the default.

Syntax

import route-policy route-policy

undo import route-policy

Default

All routes matching the import target attribute are accepted.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

route-policy: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can specify an import routing policy to filter received routes or modify their route attributes for the VPN instance.

If you execute this command multiple times, the most recent configuration takes effect.

An import routing policy specified in VPN instance view applies to both IPv4 VPN and IPv6 VPN. An import routing policy specified in VPN instance IPv4 address family view applies only to the IPv4 VPN. An import routing policy specified in VPN instance IPv6 address family view applies only to the IPv6 VPN.

IPv4 VPN prefers the import routing policy specified in VPN instance IPv4 address family view over the one specified in VPN instance view.

IPv6 VPN prefers the import routing policy specified in VPN instance IPv6 address family view over the one specified in VPN instance view.

Examples

# Apply import routing policy poly-1 to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] import route-policy poly-1

Related commands

export route-policy

route-policy (Layer 3—IP Routing Command Reference)

ip binding vpn-instance

Use ip binding vpn-instance to associate an interface with a VPN instance.

Use undo ip binding vpn-instance to restore the default.

Syntax

ip binding vpn-instance vpn-instance-name

undo ip binding vpn-instance

Default

An interface is associated with no VPN instance and belongs to the public network.

Views

Interface view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

CAUTION

CAUTION:

This command or its undo form clears the IP address and routing protocol configuration on the interface.

 

Use this command to associate the VPN instance with the interface connected to the CE.

The specified VPN instance must have been created by using the ip vpn-instance command in system view.

To associate a new VPN instance with an interface, first execute the undo ip binding vpn-instance command to remove the existing association.

Examples

# Associate GigabitEthernet 0/0/1 with VPN instance vpn1.

<Sysname> system-view

[Sysname] interface gigabitethernet 0/0/1

[Sysname-GigabitEthernet0/0/1] ip binding vpn-instance vpn1

Related commands

ip vpn-instance (system view)

ip vpn-instance (system view)

Use ip vpn-instance to create a VPN instance and enter its view, or enter the view of an existing VPN instance.

Use undo ip vpn-instance to delete a VPN instance.

Syntax

ip vpn-instance vpn-instance-name

undo ip vpn-instance vpn-instance-name

Default

No VPN instances exist.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies a VPN instance name, a case-sensitive string of 1 to 31 characters.

Examples

# Create a VPN instance named vpn1 and enter its view.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1]

Related commands

route-distinguisher

mpls per-vrf-label range

Use mpls per-vrf-label range to specify a label range for all VPN instances.

Use undo mpls per-vrf-label range to restore the default.

Syntax

mpls per-vrf-label range minimum maximum

undo mpls per-vrf-label range

Default

No label range is configured for VPN instances.

Views

System view

Predefined user roles

network-admin

Parameters

minimum: Specifies the minimum label value. The value range for this argument is 10241 to 1048574.

maximum: Specifies the maximum label value. The value range for this argument is 10242 to 1048575.

Usage guidelines

Configure this command to specify the range of labels that a PE can allocate to VPN instances.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the label range for all VPN instances to 100000 to 104095.

<Sysname> system-view

[Sysname] mpls per-vrf-label range 100000 104095

Related commands

apply-label

mpls statistics enable

Use mpls statistics enable to enable MPLS label forwarding statistics for a VPN instance.

Use undo mpls statistics enable to disable MPLS label forwarding statistics for a VPN instance.

Syntax

mpls statistics enable

undo mpls statistics enable

Default

MPLS label forwarding statistics are disabled for all VPN instances.

Views

VPN instance view

Predefined user roles

network-admin

Usage guidelines

MPLS label forwarding statistics for a VPN instance include inbound and outbound statistics.

·     Inbound statistics provide information about the labeled packets that the local PE receives from the remote PE. The local PE forwards these packets to the CE of the VPN instance according to the incoming label of the packets.

·     Outbound statistics provide information about the labeled packets that the local PE sends to the remote PE. After the local PE receives packets from the CE of the VPN instance, it labels the packets and then forwards the labeled packets to the remote PE.

To display MPLS label forwarding statistics for a VPN instance by using the display ip vpn-instance mpls statistics command, you must perform the following tasks:

·     Use the mpls statistics enable command to enable the MPLS label forwarding statistics feature for the VPN instance.

·     Use the mpls statistics interval command to set the MPLS label forwarding statistics collection interval.

Examples

# Enable MPLS label forwarding statistics for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] mpls statistics enable

Related commands

display ip vpn-instance mpls statistics

mpls statistics interval

reset ip vpn-instance mpls statistics

nesting-vpn

Use nesting-vpn to enable the nested VPN feature.

Use undo nesting-vpn to disable the nested VPN feature.

Syntax

nesting-vpn

undo nesting-vpn

Default

The nested VPN feature is disabled.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Usage guidelines

To exchange VPNv4 routes with a peer in nested VPN, enable nested VPN, and then execute the peer enable command to enable that peer in BGP-VPN VPNv4 address family view.

Examples

# Enable nested VPN.

<Sysname> system-view

[Sysname] bgp 10

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] nesting-vpn

network

Use network to specify a local network to be advertised in the public instance or a VPN instance.

Use undo network to remove the local network to be advertised in the public instance or a VPN instance.

Syntax

network ipv4-address [ mask-length | mask ]

undo network ipv4-address [ mask-length | mask ]

Default

No local network in the public instance or a VPN instance will be advertised.

Views

Public instance IPv4 address family view

VPN instance IPv4 address family view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies a network by its IPv4 address. If you do not specify a mask or mask length, the natural network mask will be used.

mask-length: Specifies a mask length in the range of 0 to 32.

mask: Specifies a mask in dotted decimal notation.

Usage guidelines

This command specifies a local network of the public instance or a VPN instance. Then, you can configure BGP to redistribute the network (by using the import-route local-aggregate command) and advertise the network.

The specified local network route must exist and be active in the routing table of the public instance or VPN instance.

Examples

# Specify the local network to be advertised in VPN instance vpn1 as network 10.0.0.0/16.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4

[Sysname-vpn-ipv4-vpn1] network 10.0.0.0 255.255.0.0

Related commands

import-route (Layer 3—IP Routing Command Reference)

peer advertise vpn-reoriginate ibgp (BGP VPNv4 address family view)

Use peer advertise vpn-reoriginate ibgp to enable advertising the BGP routes reoriginated for a VPN instance to an IBGP peer or peer group.

Use undo peer advertise vpn-reoriginate ibgp to cancel the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] } advertise vpn-reoriginate ibgp

undo { group-name | ipv4-address [ mask-length ] } peer advertise vpn-reoriginate ibgp

Default

The device does not advertise the BGP routes reoriginated for a VPN instance to IBGP peers or peer groups.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.

ipv4-address: Specifies a peer by its IPv4 address. The peer must exist.

mask-length: Specifies a mask length in the range of 0 to 32. To specify a subnet, you must specify both the ipv4-address and mask-length arguments.

Usage guidelines

For application scenarios of this command, see advertise route-reoriginate. For this command to take effect, you must also execute the advertise route-reoriginate command.

This command enables the device to advertise the BGP routes reoriginated for VPN instances to IBGP peers after the advertise route-reoriginate command is executed for the VPN instances.

Examples

# In BGP VPNv4 address family view, enable advertising the BGP routes reoriginated for VPN instances to IBGP peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 advertise vpn-reoriginate ibgp

Related commands

advertise route-reoriginate

peer next-hop-invariable (BGP VPNv4 address family view)

Use peer next-hop-invariable to configure the device to not change the next hop of routes advertised to peers.

Use undo peer next-hop-invariable to configure the device to use its address as the next hop of routes advertised to peers.

Syntax

peer { group-name | ipv4-address [ mask-length ] } next-hop-invariable

undo peer { group-name | ipv4-address [ mask-length ] } next-hop-invariable

Default

The device uses its address as the next hop of routes advertised to peers.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies a peer by its IP address.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ip-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, the device does not change the next hop of routes advertised to the dynamic peers in the subnet.

Usage guidelines

On an RR in an inter-AS option C scenario, you must configure next-hop-invariable to not change the next hop of VPNv4 routes advertised to BGP peers and RR clients.

This command is exclusive with the peer next-hop-local command.

Examples

# Configure the device to not change the next hop of routes advertised to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-af-vpnv4] peer 1.1.1.1 next-hop-invariable

Related commands

peer next-hop-local (Layer 3—IP Routing Command Reference)

peer next-hop-vpn

Use peer next-hop-vpn to change the next hop of a BGP VPNv4 route received from a peer or peer group to an IP address in the VPN instance.

Use undo peer next-hop-vpn to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn

undo peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn

Default

The device does not change the next hop of a received BGP VPNv4 route, and the next hop belongs to the public network.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies a peer by its IPv4 address.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command changes the next hop of BGP VPNv4 routes received from the dynamic peers in the subnet.

Usage guidelines

By default, the device does not change the next hop attribute of a received BGP VPNv4 route. The next hop address of a BGP VPNv4 route is a public address. This command changes the next hop address of a BGP VPNv4 route received from a peer or peer group to a VPN instance address. The outgoing label of the VPNv4 route is also changed to an invalid value. For example, the device received a VPNv4 route and its next hop address is 10.1.1.1, which is a public address by default. After this command is executed, the next hop address changes to private address 10.1.1.1.

After this command is executed, the following applies:

·     The device re-establishes the BGP sessions to the specified peer or to all peers in the specified peer group.

·     The device receives a BGP VPNv4 route only when its RD is the same as a local RD.

·     When advertising a BGP VPNv4 route received from the specified peer or peer group, the device does not change the route target attribute of the route.

·     If you delete a VPN instance or its RD, BGP VPNv4 routes received from the specified peer or peer group and in the VPN instance will be deleted.

Examples

# In BGP VPNv4 address family view, change the next hop of BGP VPNv4 routes received from peer 1.1.1.1 to a VPN instance address.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 next-hop-vpn

peer upe

Use peer upe to configure BGP peers as HoVPN UPEs.

Use undo peer upe to delete HoVPN UPEs.

Syntax

peer { group-name | ip-address [ mask-length ] } upe

undo peer { group-name | ip-address [ mask-length ] } upe

Default

No BGP peer is configured as a UPE.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The specified peer group must exist.

ip-address: Specifies a peer by its IP address. The specified peer must exist.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ip-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command configures all dynamic peers in the subnet as UPEs.

Usage guidelines

A UPE is a special VPNv4 peer. It can accept one default route for each related VPN instance and routes permitted by the routing policy on the SPE. An SPE is a common VPN peer.

Examples

# Configure peer 1.1.1.1 as a UPE.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 upe

peer upe route-policy

Use peer upe route-policy to advertise routes permitted by a routing policy to UPEs.

Use undo peer upe route-policy to remove the configuration.

Syntax

peer { group-name | ip-address [ mask-length ] } upe route-policy route-policy-name export

undo peer { group-name | ip-address [ mask-length ] } upe route-policy [ route-policy-name ] export

Default

No routes are advertised to any peers.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.

ip-address: Specifies a peer by its IP address. The peer must exist.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ip-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command advertises routes permitted by a routing policy to all dynamic peers in the subnet.

route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

export: Applies the filtering policy to routes to be advertised.

Usage guidelines

This command must be used with the peer upe command.

Examples

# Configure peer 1.1.1.1 as a UPE, and advertise routes permitted by routing policy hope to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 200

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 enable

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 upe

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 upe route-policy hope export

Related commands

peer upe

route-policy (Layer 3—IP Routing Command Reference)

policy vpn-target

Use policy vpn-target to enable route target filtering of received VPNv4 routes. Only VPNv4 routes whose export route target attribute matches local import route target attribute are added to the routing table.

Use undo policy vpn-target to disable route target filtering, permitting all incoming VPNv4 routes.

Syntax

policy vpn-target

undo policy vpn-target

Default

The route target filtering feature is enabled for received VPNv4 routes.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Usage guidelines

In an inter-AS option B scenario, an ASBR must save all incoming VPNv4 routes and advertise those routes to the peer ASBR. For this purpose, you must execute the undo policy vpn-target command on the ASBR to disable route target filtering.

Examples

# Disable route target filtering of received VPNv4 routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] undo policy vpn-target

reset ip vpn-instance mpls statistics

Use reset ip vpn-instance mpls statistics to clear MPLS label forwarding statistics for VPN instances.

Syntax

reset ip vpn-instance mpls statistics [ instance-name vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

instance-name vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears statistics about all VPN instances.

Examples

# Clear MPLS label forwarding statistics for VPN instance vpn1.

<Sysname> reset ip vpn-instance mpls statistics instance-name vpn1

Related commands

display ip vpn-instance mpls statistics

mpls statistics enable

mpls statistics interval

route-distinguisher

Use route-distinguisher to configure a route distinguisher (RD).

Use undo route-distinguisher to restore the default.

Syntax

route-distinguisher route-distinguisher

undo route-distinguisher

Default

No RD is configured.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

route-distinguisher: Specifies an RD for the VPN instance, a string of 3 to 21 characters in one of the following formats:

·     16-bit AS number:32-bit user-defined number. For example, 101:3.

·     32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

·     32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

Usage guidelines

RDs enable VPNs to use the same address space. An RD and an IPv4 prefix form a unique VPN-IPv4 prefix.

If you configure an RD for a VPN instance, all address families in the VPN instance must use the same RD as the VPN instance.

If you do not configure an RD for a VPN instance, address families in the VPN instance can use different RDs.

To configure an RD for a VPN instance, make sure either of the following conditions exists:

·     No RDs have been configured for address families in the VPN instance.

In this case, the RD of the VPN instance will be synchronized to all address families in the VPN instance.

·     All address families in the VPN instance use the same RD.

In this case, you must configure the same RD as the address families for the VPN instance.

When you remove the RD from an address family, the RD will also be removed from the VPN instance of the address family.

To guarantee global uniqueness for a VPN-IPv4 address, do not set the AS number or IP address in an RD to any private AS number or private IP address.

To modify an RD, execute the undo route-distinguisher command to remove the RD and then execute the route-distinguisher command.

Examples

# Configure RD 22:1 for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] route-distinguisher 22:1

route-replicate (public instance IPv4 address family view)

Use route-replicate to replicate routes from a VPN instance to the public network.

Use undo route-replicate to cancel the configuration.

Syntax

route-replicate from vpn-instance vpn-instance-name protocol { bgp as-number | direct | static | { isis | ospf | rip } process-id } [ advertise ] [ route-policy route-policy-name ]

undo route-replicate from vpn-instance vpn-instance-name protocol { bgp as-number | direct | static | { isis | ospf | rip } process-id }

Default

The public network cannot replicate routes from VPN instances.

Views

Public instance IPv4 address family view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

protocol: Replicates routes of the specified routing protocol.

bgp: Replicates BGP routes.

as-number: Specifies an AS number in the range of 1 to 4294967295.

direct: Replicates direct routes.

static: Replicates static routes.

isis: Replicates IS-IS routes.

ospf: Replicates OSPF routes.

rip: Replicates RIP routes.

process-id: Specifies a process by its ID, in the range of 1 to 65535.

advertise: Allows the public instance to advertise replicated routes. If you do not specify this keyword, the public instance cannot advertise replicated routes.

route-policy route-policy-name: Applies a routing policy to replicated routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

Configure this command to enable the public network to communicate with a VPN instance by replicating routes from the VPN instance.

Examples

# Replicate OSPF routes from VPN instance vpn1 to the public network.

<Sysname> system-view

[Sysname] ip public-instance

[Sysname-public-instance] address-family ipv4

[Sysname-public-instance-ipv4] route-replicate from vpn-instance vpn1 protocol ospf 1

route-replicate (VPN instance IPv4 address family view)

Use route-replicate to enable a VPN instance to redistribute routes from the public network or other VPN instances.

Use undo route-replicate to cancel the configuration.

Syntax

route-replicate from { public | vpn-instance vpn-instance-name } protocol eigrp eigrp-as [ advertise ] [ route-policy route-policy-name ]

route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp as-number | direct | static | unr | { isis | ospf | rip } process-id } [ advertise ] [ route-policy route-policy-name ]

undo route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp as-number | direct | eigrp eigrp-as | static | unr | { isis | ospf | rip } process-id }

Default

A VPN instance cannot redistribute routes of the public network or other VPN instances.

Views

VPN instance IPv4 address family view

Predefined user roles

network-admin

Parameters

public: Redistributes routes from the public network.

vpn-instance vpn-instance-name: Redistributes routes from a VPN instance. The vpn-instance-name argument specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

protocol: Redistributes routes of the specified routing protocol.

bgp: Redistributes BGP routes.

as-number: Specifies an AS number in the range of 1 to 4294967295.

direct: Redistributes direct routes.

eigrp: Redistributes EIGRP routes.

static: Redistributes static routes.

unr: Redistributes customer network routes.

isis: Redistributes IS-IS routes.

ospf: Redistributes OSPF routes.

rip: Redistributes RIP routes.

eigrp-as: Specifies an EIGRP process by its ID, in the range of 1 to 65535.

process-id: Specifies a process by its ID, in the range of 1 to 65535.

advertise: Allows the VPN instance to advertise redistributed routes. If you do not specify this keyword, the VPN instance cannot advertise redistributed routes.

route-policy route-policy-name: Applies a routing policy to redistributed routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

In a BGP/MPLS L3VPN network, only VPN instances that have matching route targets can communicate with each other.

This command allows a VPN instance to communicate with the public network or other VPN instances by redistributing routing information of the public network or other VPN instances.

In an intelligent traffic control network, traffic of different tenants is assigned to different VPNs. To enable the tenants to communicate with the public network, configure this command to redistribute routes from the public network to the VPN instances.

Examples

# Redistribute OSPF routes from the public network to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4

[Sysname-vpn-ipv4-vpn1] route-replicate from public protocol ospf 1

route-replicate enable

Use route-replicate enable to enable BGP route replication between public and VPN instances.

Use undo route-replicate enable to disable BGP route replication between public and VPN instances.

Syntax

route-replicate enable

undo route-replicate enable

Default

BGP route replication between public and VPN instances is disabled.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

In traffic cleaning scenarios, traffic between the public and private networks are filtered by firewalls and traffic of different tenants is assigned to different VPNs. To enable the tenants to communicate with the public network under the protection of firewalls, you can configure BGP route replication between public and VPN instances.

After you configure this feature, the public and VPN instances that have matching route targets replicate all BGP routes including route attributes from each other. This command also enables BGP route replication between VPN instances, so VPNs cannot be isolated. Use this command only in specific scenarios.

Both the advertise route-reoriginate and route-replicate enable commands can implement BGP route redistribution between different VPN instances. The differences are as follows:

·     The advertise route-reoriginate command only re-originates BGP routes in VPN instances. The route-replicate enable command can replicate BGP routes in the public network to a VPN instance.

·     After you execute the route-replicate enable command to replicate a route received from an IBGP peer to a VPN instance, the route cannot be advertised to other IBGP peers. You can execute the advertise route-reoriginate and peer advertise vpn-reoriginate ibgp commands together to re-originate the routes received from an IBGP peer and then advertise the re-originated routes to other IBGP peers.

You can execute the advertise route-reoriginate and route-replicate enable commands together to redistribute BGP routes in the public network to a VPN instance, re-originate the redistributed routes, and advertise the re-originated routes to any BGP peer.

Examples

# In BGP instance view, enable mutual route replication between public and VPN instances.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] route-replicate enable

Related commands

advertise route-reoriginate

route-tag (OSPF view)

Use route-tag to configure an external route tag for redistributed VPN routes.

Use undo route-tag to restore the default.

Syntax

route-tag tag-value

undo route-tag

Default

If BGP runs within an MPLS backbone, and the BGP AS number is not greater than 65535, the first two octets of the external route tag are 0xD000, and the last two octets are the local BGP AS number. For example, if the local BGP AS number is 100, the external route tag value is 3489661028 (100 + the decimal value of 0xD0000000). If the AS number is greater than 65535, the external route tag is 0.

Views

OSPF view

Predefined user roles

network-admin

Parameters

tag-value: Specifies the external route tag for redistributed VPN routes, in the range of 0 to 4294967295.

Usage guidelines

In a dual-homed scenario where OSPF runs between the CE and the connected PEs (PE-A and PE-B, for example), you can use external route tags to avoid routing loops.

PE-A redistributes BGP routes from the peer PE into OSPF, and advertises these routes in the Type 5 or 7 LSAs to the CE. In these LSAs, PE-A adds the local external route tag.

When PE-B receives the Type 5 or 7 LSAs advertised by the CE, it compares the external route tag in the LSAs with the local external route tag. If the two tags have the same value (including the value of 0), PE-B ignores the LSA in route calculation to avoid routing loops.

The commands used to configure the external route tag (in the descending order of tag priority) are as follows:

·     import-route

·     route-tag (for PEs) and default tag (for CEs and MCEs)

As a best practice, configure the same external route tag for PEs in the same area.

An external route tag is not transferred in any BGP extended community attribute. It takes effect only on the PEs that receive BGP routes and generate OSPF Type 5 or 7 LSAs.

You can configure the same external route tag for different OSPF processes.

Examples

# In OSPF process 100, set the external route tag to 100 for redistributed VPN routes.

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] route-tag 100

Related commands

default (Layer 3—IP Routing Command Reference)

import-route (Layer 3—IP Routing Command Reference)

routing-table limit

Use routing-table limit to set the maximum number of active routes in a VPN instance.

Use undo routing-table limit to restore the default.

Syntax

routing-table limit number { warn-threshold | simply-alert }

undo routing-table limit

Default

The number of active routes in a VPN instance is not limited.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of active routes. The value range for this argument is 1 to 51024.

warn-threshold: Specifies a warning threshold in the range of 1 to 100 in percentage. When the percentage of the existing active routes to the maximum active routes exceeds the threshold, the system gives a log message but still allows new active routes. If active routes in the VPN instance reach the maximum, no more active routes are added.

simply-alert: Specifies that when active routes exceed the maximum number, the system still accepts active routes but generates a log message.

Usage guidelines

Setting the maximum number of active routes for a VPN instance can prevent a PE from learning too many routes.

A limit configured in VPN instance view applies to both the IPv4 VPN and the IPv6 VPN. A limit configured in VPN instance IPv4 address family view applies only to the IPv4 VPN. A limit configured in VPN instance IPv6 address family view applies only to the IPv6 VPN.

IPv4 VPN prefers the limit configured in VPN instance IPv4 address family view over the limit configured in VPN instance view.

IPv6 VPN prefers the limit configured in VPN instance IPv6 address family view over the limit configured in VPN instance view.

Examples

# Specify that VPN instance vpn1 supports a maximum of 1000 active routes. When active routes exceed this limit, the device can receive new active routes but generates a log message.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] route-distinguisher 100:1

[Sysname-vpn-instance-vpn1] routing-table limit 1000 simply-alert

rr-filter (BGP VPNv4 address family view)

Use rr-filter to create a route reflector (RR) reflection policy.

Use undo rr-filter to restore the default.

Syntax

rr-filter { ext-comm-list-number | ext-comm-list-name }

undo rr-filter

Default

An RR does not filter reflected routes.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

ext-comm-list-number: Specifies an extended community list number in the range of 1 to 65535.

ext-comm-list-name: Specifies an extended community list name, a case-sensitive string of 1 to 63 characters. The name cannot contain only digits.

Usage guidelines

After this command is executed, only the VPNv4 routes that are permitted by the specified extended community list are reflected.

By configuring different RR reflection policies on RRs in a cluster, you can implement load balancing among the RRs.

For more information about extended community lists, see Layer 3—IP Routing Configuration Guide.

Examples

# Configure the RR to reflect only VPNv4 routes that are permitted by extended community list 10.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] rr-filter 10

Related commands

ip extcommunity-list (Layer 3—IP Routing Command Reference)

sham-link (OSPF area view)

Use sham-link to create an OSPF sham link.

Use undo sham-link to remove an OSPF sham link or restore the defaults of specified parameters for an OSPF sham link.

Syntax

sham-link source-ip-address destination-ip-address [ cost cost-value | dead dead-interval | hello hello-interval | { { hmac-md5 | hmac-sha-256 | md5 } key-id { cipher | plain } string | keychain keychain-name | simple { cipher | plain } string } | retransmit retrans-interval | trans-delay delay | ttl-security hops hop-count ] *

undo sham-link source-ip-address destination-ip-address [ cost | dead | hello | { { hmac-md5 | hmac-sha-256 | md5 } key-id | keychain | simple } | retransmit | trans-delay | ttl-security ] *

Default

No OSPF sham links exist.

Views

OSPF area view

Predefined user roles

network-admin

Parameters

source-ip-address: Specifies the source IP address of the sham link.

destination-ip-address: Specifies the destination IP address of the sham link.

cost cost-value: Specifies the cost of the sham link, in the range of 1 to 65535. The default cost is 1.

dead dead-interval: Specifies the dead interval in the range of 1 to 32768 seconds. The default is 40 seconds. The dead interval configured on the two ends of the sham link must be identical, and it must be at least four times the hello interval.

hello hello-interval: Specifies the interval for sending hello packets, in the range of 1 to 8192 seconds. The default is 10 seconds. The hello interval configured on the two ends of the sham link must be identical.

hmac-md5: Specifies the HMAC-MD5 authentication algorithm.

hmac-sha-256: Specifies the HMAC-SHA-256 authentication algorithm.

md5: Specifies the MD5 authentication algorithm.

simple: Enables simple authentication.

key-id: Specifies a key ID in the range of 1 to 255.

cipher: Specifies a key in encrypted form.

plain: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. This argument is case sensitive.

·     In simple authentication mode, the plaintext form of the key is a string of 1 to 8 characters. The encrypted form of the key is a string of 33 to 41 characters.

·     In MD5/HMAC-MD5 authentication mode, the plaintext form of the key is a string of 1 to 16 characters. The encrypted form of the key is a string of 33 to 53 characters.

·     In HMAC-SHA-256 authentication mode, the plaintext form of the key is a string of 1 to 255 characters. The encrypted form of the key is a string of 33 to 373 characters.

keychain: Enables keychain authentication.

keychain-name: Specifies a keychain by its name. A keychain name is a case-sensitive string of 1 to 63 characters.

retransmit retrans-interval: Specifies the interval for retransmitting LSAs, in the range of 1 to 3600 seconds. The default is 5 seconds.

trans-delay delay: Specifies the delay interval before the interface sends an LSA, in the range of 1 to 3600 seconds. The default is 1 second.

ttl-security hops hop-count: Enables OSPF GTSM and specifies the maximum number of hops to the sham link neighbor. The value range for the hop-count argument is 1 to 254. By default, OSPF GTSM is disabled.

Usage guidelines

When a backdoor link exists between the two sites of a VPN, traffic is forwarded through the backdoor link. To forward VPN traffic over the backbone, you can create a sham link between PEs. A sham link is considered an OSPF intra-area route.

This command can configure MD5/HMAC-MD5/HMAC-SHA-256 authentication, simple authentication, or keychain authentication for the sham link.

For MD5/HMAC-MD5/HMAC-SHA-256 authentication, you can configure multiple keys by executing this command multiple times, but a key ID can be specified only once.

To modify the MD5/HMAC-MD5 authentication key of a sham link, perform the following tasks:

1.     Configure a new key for the sham link on the local device. If the neighbor on the sham link has not been configured with the new key, this configuration triggers a key rollover process, during which, OSPF advertises both the new and old keys so the neighbor can pass authentication and the neighbor relationship is maintained.

2.     Configure the same key for the sham link on the neighbor. After the local device receives a packet carrying the new key from the neighbor, it quits the key rollover process.

3.     Execute the undo sham-link command on the local device and the neighbor to remove the old key. This operation can avoid attacks to the sham link that uses the old key and reduce bandwidth consumption by key rollover.

When keychain authentication is configured for an OSPF sham link, OSPF performs the following operations before sending a packet:

1.     Obtains a valid send key from the keychain.

OSPF does not send the packet if it fails to obtain a valid send key.

2.     Uses the key ID, authentication algorithm, and key string of the send key to authenticate the packet.

If the key ID is greater than 255, OSPF does not send the packet.

When keychain authentication is configured for an OSPF sham link, OSPF performs the following operations before accepting a received a packet:

1.     Uses the key ID carried in the packet to obtain a valid accept key from the keychain.

OSPF discards the packet if it fails to obtain a valid accept key.

2.     Uses the authentication algorithm and key string of the accept key to authenticate the packet.

If the authentication fails, OSPF discards the packet.

OSPF supports the MD5, HMAC-MD5, and HMAC-SHA-256 authentication algorithms. The ID of keys used for authentication can only be in the range of 0 to 255.

OSPF GTSM protects the device from being attacked by CPU-utilization attacks. When OSPF GTSM is enabled for a sham link, the device compares the TTL value of an OSPF packet received from the sham link against the valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded. The valid TTL range is from "255 – the configured hop count + 1" to 255. For packets sent to the sham link, the device sets the packet TTL value to 255.

You cannot configure a sham link with the same source and destination IP address for multiple OSPF processes in a VPN instance.

For an OSPF neighbor relationship to be successfully established, the sham links configured on the local and remote PEs must be in the same OSPF area.

To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values on the devices.

Examples

# Create a sham link with the source address 1.1.1.1 and destination address 2.2.2.2.

<Sysname> system-view

[Sysname] ospf

[Sysname-ospf-1] area 0

[Sysname-ospf-1-area-0.0.0.0] sham-link 1.1.1.1 2.2.2.2

Related commands

display ospf sham-link

snmp context-name

Use snmp context-name to configure an SNMP context for a VPN instance.

Use undo snmp context-name to restore the default.

Syntax

snmp context-name context-name

undo snmp context-name

Default

No SNMP context is configured for a VPN instance.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

VPN-aware features such as AAA and NAT do not know the VPN instance to which a managed MIB node belongs. To resolve this issue, configure different SNMP contexts for different VPN instances.

The device selects a MIB for an SNMP packet according to the context (for SNMPv3) or community name (for SNMPv1/v2c) in the following ways:

·     For an SNMPv3 packet:

¡     The device selects the public MIB if the packet does not carry a context.

¡     The device selects the MIB of a VPN instance if the packet meets the following conditions:

-     Carries a context that was configured with the snmp-agent context command in system view.

-     Matches the context of the VPN instance.

¡     The device does not process any MIBs in other situations.

·     For an SNMPv1/v2c packet:

¡     The device selects the public MIB if no SNMP community to SNMP context mapping was configured with the snmp-agent community-map command in system view.

¡     The device selects the MIB of a VPN instance if the SNMP community is mapped to an SNMP context and the context matches the context of the VPN instance.

¡     The device does not process any MIBs in other situations.

For more information about SNMP context and community name, see Network Management and Monitoring Configuration Guide.

Do not configure the same SNMP context for different VPN instances.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure SNMP context vpna for VPN instance vpna.

<Sysname> system-view

[Sysname] snmp-agent context vpna

[Sysname] ip vpn-instance vpna

[Sysname-vpn-instance-vpna] route-distinguisher 22:33

[Sysname-vpn-instance-vpna] snmp context-name vpna

Related commands

snmp-agent community-map (Network Management and Monitoring Command Reference)

snmp-agent context (Network Management and Monitoring Command Reference)

snmp-agent trap enable l3vpn

Use snmp-agent trap enable l3vpn to enable SNMP notifications for MPLS L3VPN.

Use undo snmp-agent trap enable l3vpn to disable SNMP notifications for MPLS L3VPN.

Syntax

snmp-agent trap enable l3vpn

undo snmp-agent trap enable l3vpn

Default

SNMP notifications for MPLS L3VPN are enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To report critical MPLS L3VPN events to an NMS, enable SNMP notifications for MPLS L3VPN. For MPLS L3VPN event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see the network management and monitoring configuration guide for the device.

Examples

# Enable SNMP notifications for MPLS L3VPN.

<Sysname> system-view

[Sysname] snmp-agent trap enable l3vpn

tnl-policy

Use tnl-policy to associate a VPN instance with a tunnel policy.

Use undo tnl-policy to restore the default.

Syntax

tnl-policy tunnel-policy-name

undo tnl-policy

Default

No tunnel policy is associated with a VPN instance.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a tunnel policy by its name, a case-sensitive string of 1 to 19 characters.

Usage guidelines

The VPN instance uses the specified tunnel policy to select tunnels for traffic.

If a VPN instance is not associated with any tunnel policies or the associated tunnel policy is not configured, the VPN instance selects tunnels according to the default tunnel policy. The default tunnel policy selects only one tunnel in this order: LSP tunnel, GRE tunnel, CRLSP tunnel.

A tunnel policy specified in VPN instance view applies to both the IPv4 VPN and the IPv6 VPN. A tunnel policy specified in VPN instance IPv4 address family view applies only to the IPv4 VPN. A tunnel policy specified in VPN instance IPv6 address family view applies only to the IPv6 VPN.

IPv4 VPN prefers the tunnel policy specified in VPN instance IPv4 address family view over the tunnel policy specified in VPN instance view.

IPv6 VPN prefers the tunnel policy specified in VPN instance IPv6 address family view over the tunnel policy specified in VPN instance view.

Examples

# Associate VPN instance vpn1 with tunnel policy po1.

<Sysname> system-view

[Sysname] tunnel-policy po1

[Sysname-tunnel-policy-po1] select-seq lsp load-balance-number 1

[Sysname-tunnel-policy-po1] quit

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] route-distinguisher 22:33

[Sysname-vpn-instance-vpn1] tnl-policy po1

[Sysname-vpn-instance-vpn1] quit

Related commands

tunnel-policy

ttl-mode

Use ttl-mode to configure the TTL processing mode for the tunnel associated with a VPN instance.

Use undo ttl-mode to restore the default.

Syntax

ttl-mode { pipe | uniform }

undo ttl-mode { pipe | uniform }

Default

The TTL processing mode for the tunnel associated with a VPN instance is pipe.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

pipe: Specifies the pipe TTL processing mode.

uniform: Specifies the uniform TTL processing mode.

Usage guidelines

In the current software version, you can configure a TTL processing mode for only SRv6 tunnels associated with VPN instances.

The tunnel associated with a VPN instance supports the following TTL processing modes:

·     Pipe—When an IP or IPv6 packet enters the tunnel of the VPN instance, the ingress node adds a new header to the packet. The ingress node sets the TTL value or hop limit in the new header to 255 or the value specified by the encapsulation source-address ip-ttl command in SRv6 view. When the packet leaves the tunnel of the VPN instance, the egress node does not change the TTL value or the hop limit according to the remaining TTL value in the new header. Therefore, the public network nodes are invisible to user networks, and the tracert facility cannot show the real path in the public network.

·     Uniform—When an IP or IPv6 packet enters the tunnel of the VPN instance, the ingress node adds a new header to the packet. The ingress node copies the TTL value or the hop limit of the original packet to the TTL or hop limit field of the new header. When the packet leaves the tunnel of the VPN instance, the egress node copies the remaining TTL value or hop limit back to the original packet. The TTL value or hop limit can reflect how many hops the packet has traversed in the public network. The tracert facility can show the real path along which the packet has traveled.

Examples

# Configure the TTL processing mode for the tunnel associated with VPN instance vpn1 to uniform.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] ttl-mode uniform

vpn popgo

Use vpn popgo to specify the VPN label processing mode as POPGO forwarding on an egress PE. In POPGO forwarding mode, the egress PE pops the label for each packet and forwards the packet out of the interface corresponding to the label.

Use undo vpn popgo to restore the default.

Syntax

vpn popgo

undo vpn popgo

Default

The VPN label processing mode is POP forwarding on an egress PE, which will pop the label for each packet and forward the packet through the FIB table.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

After you execute the vpn popgo command, the egress PE disconnects and re-establishes BGP sessions to re-learn VPN routes, and it does not support load sharing among VPN BGP peers.

Examples

# Specify the VPN label processing mode on the egress PE as POPGO forwarding.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] vpn popgo

vpn-id

Use vpn-id to configure a VPN ID for a VPN instance.

Use undo vpn-id to restore the default.

Syntax

vpn-id vpn-id

undo vpn-id

Default

No VPN ID is configured for a VPN instance.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

vpn-id: Specifies a VPN ID for the VPN instance, a string of 3 to 15 characters in the form of OUI:Index. The OUI is a hexadecimal number in the range of 0 to FFFFFF, and the index is a hexadecimal number in the range of 0 to FFFFFFFF.

Usage guidelines

A VPN ID uniquely identifies a VPN instance. Different VPN instances must have different VPN IDs.

A VPN ID cannot be 0:0.

Examples

# Configure VPN ID 20:1 for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] vpn-id 20:1

Related commands

display ip vpn-instance

vpn-peer

Use vpn-peer to create a VPN peer.

Use undo vpn-peer to remove a VPN peer.

Syntax

vpn-peer vpn-peer-name vpn-peer-id vpn-peer-id user-profile profile-name

undo vpn-peer vpn-peer-name

Default

No VPN peers exist.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-peer-name: Specifies a name for the VPN peer, a case-sensitive string of 1 to 31 characters.

vpn-peer-id: Specifies an ID for the VPN peer, in the range of 1 to 134217727.

profile-name: Specifies a user profile for the VPN peer. The user profile name is a case-sensitive string of 1 to 31 characters that can contain letters, digits, and underlines (_). The name must start with a letter or digit and cannot contain only digits.

Usage guidelines

Two virtual private clouds (VPCs) that communicate with each other through MPLS L3VPN are called VPN peers of each other.

You can configure routes to carry a VPN peer ID by using a routing policy. Packets that match the routes will be processed based on the user profile associated with the VPN peer.

For more information about routing policies, see Layer 3—IP Routing Configuration Guide.

For more information about user profiles, see Security Configuration Guide.

Examples

# Create a VPN peer, set its name and ID to vpn-010-020 and 1, and associate the VPN peer with user profile UP010-020.

<Sysname> system-view

[Sysname] vpn-peer vpn-010-020 vpn-peer-id 1 user-profile UP010-020

Related commands

apply vpn-peer-id (Layer 3—IP Routing Command Reference)

user-profile (Security Command reference)

vpn-route cross multipath

Use vpn-route cross multipath to enable ECMP VPN route redistribution.

Use undo vpn-route cross multipath to disable ECMP VPN route redistribution.

Syntax

vpn-route cross multipath

undo vpn-route cross multipath

Default

ECMP VPN route redistribution is disabled. If multiple routes have the same prefix and RD, a VPN redistributes only the optimal route to its routing table.

Views

BGP instance view

BGP IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Usage guidelines

This feature enables a VPN instance to redistribute multiple routes that have the same prefix and RD into its routing table. Then, you can configure load sharing among the ECMP routes or MPLS L3VPN FRR.

Examples

# In BGP-VPN IPv4 unicast address family view, enable ECMP route redistribution.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4

[Sysname-bgp-default-ipv4-vpn1] vpn-route cross multipath

vpn-target

Use vpn-target to configure route targets for a VPN instance.

Use undo vpn-target to remove the specified or all route targets of a VPN instance.

Syntax

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

undo vpn-target { all | vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] }

Default

No route targets are configured for a VPN instance.

Views

VPN instance view

VPN instance IPv4 address family view

IPv4 flowspec VPN view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

vpn-target&<1-8>: Specifies a space-separated list of up to eight route targets.

A route target is a string of 3 to 21 characters in one of the following formats:

·     16-bit AS number:32-bit user-defined number. For example, 101:3.

·     32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

·     32-bit AS number:16-bit user-defined number, where the AS number must not be less than 65536. For example, 65536:1.

both: Uses the specified route targets as both import targets and export targets. The both keyword is also used when you do not specify any of the following keywords: both, export-extcommunity, and import-extcommunity.

export-extcommunity: Uses the specified route targets as export targets.

import-extcommunity: Uses the specified route targets as import targets.

all: Removes all route targets.

Usage guidelines

MPLS L3VPN uses route targets to control the advertisement of VPN routing information. A PE adds the configured export targets into the route target attribute of routes advertised to a peer. The peer uses the local import targets to match the route targets of received routes. If a match is found, the peer adds the routes to the routing table of the VPN instance.

If you repeat this command, all the configured route targets take effect.

Route targets configured in VPN instance view apply to the IPv4 VPN, the IPv4 flowspec VPN, and the IPv6 VPN. Route targets configured in VPN instance IPv4 address family view apply only to the IPv4 VPN. Route targets configured in IPv4 flowspec VPN view apply only to the IPv4 flowspec VPN. Route targets configured in VPN instance IPv6 address family view apply only to the IPv6 VPN.

IPv4 VPN prefers the route targets configured in VPN instance IPv4 address family view over those configured in VPN instance view.

IPv4 flowspec VPN prefers the route targets configured in IPv4 flowspec VPN view over those configured in VPN instance view.

IPv6 VPN prefers the route targets configured in VPN instance IPv6 address family view over those configured in VPN instance view.

Examples

# Configure route targets for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[Sysname-vpn-instance-vpn1] vpn-target 4:4 import-extcommunity

[Sysname-vpn-instance-vpn1] vpn-target 5:5 both

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网