vpn-instance vpn-instance-name: Creates the Flowspec IPv4 address family for an MPLS L3VPN instance. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. To create a Flowspec IPv4 address family for the public network, do not specify this option.

Examples

# Create a Flowspec IPv4 address family for the public network and enter its view.

<Sysname> system-view

[Sysname] flowspec

[Sysname-flowspec] address-family ipv4

[Sysname-flowspec-ipv4]

address-family ipv4 flowspec (BGP instance view)

Use address-family ipv4 flowspec to create a BGP IPv4 Flowspec address family, or enter the view of an existing BGP IPv4 Flowspec address family.

Use undo address-family ipv4 flowspec to delete a BGP IPv4 Flowspec address family and all its settings.

Syntax

address-family ipv4 flowspec

undo address-family ipv4 flowspec

Default

No BGP IPv4 Flowspec address family exists.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

The settings in the view of a BGP IPv4 Flowspec address family take effect only on routes and peers of the BGP IPv4 Flowspec address family.

Examples

# Create a BGP IPv4 Flowspec address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 flowspec

[Sysname-bgp-default-ipv4-flowspec]

address-family ipv4 flowspec (BGP-VPN instance view)

Use address-family ipv4 flowspec to create a BGP-VPN IPv4 Flowspec address family, or enter the view of an existing BGP-VPN IPv4 Flowspec address family.

Use undo address-family ipv4 flowspec to delete a BGP-VPN IPv4 Flowspec address family and all its settings.

Syntax

address-family ipv4 flowspec

undo address-family ipv4 flowspec

Default

No BGP-VPN IPv4 Flowspec address family exists.

Views

BGP-VPN instance view

Predefined user roles

network-admin

Usage guidelines

The settings in the view of a BGP-VPN IPv4 Flowspec address family take effect only on routes and peers of the BGP-VPN IPv4 Flowspec address family.

Examples

# Create a BGP-VPN IPv4 Flowspec address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4 flowspec

[Sysname-bgp-default-flowspec-ipv4-vpn1]

address-family ipv4 flowspec (VPN instance view)

Use address-family ipv4 flowspec to enter the IPv4 Flowspec address family view of a VPN instance.

Use undo address-family ipv4 flowspec to delete all settings in the IPv4 Flowspec address family view of a VPN instance.

Syntax

address-family ipv4 flowspec

undo address-family ipv4 flowspec

Views

VPN instance view

Predefined user roles

network-admin

Usage guidelines

You can configure IPv4 Flowspec parameters in the IPv4 Flowspec address family view of a VPN instance. For example, you can configure route targets for a VPN instance.

Examples

# Enter the IPv4 Flowspec address family view of a VPN instance.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4 flowspec

[Sysname-vpn-flowspec-ipv4-vpn1]

address-family ipv6

Use address-family ipv6 to create a Flowspec IPv6 address family, or enter the view of an existing Flowspec IPv6 address family.

Use undo address-family ipv6 to delete a Flowspec IPv6 address family and all its settings.

Syntax

address-family ipv6 [ vpn-instance vpn-instance-name ]

undo address-family ipv6 [ vpn-instance vpn-instance-name ]

Default

No Flowspec IPv6 address family exists.

Views

Flowspec view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Creates the Flowspec IPv6 address family for an MPLS L3VPN instance. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. To create a Flowspec IPv6 address family for the public network, do not specify this option.

Examples

# Create a Flowspec IPv6 address family for the public network and enter its view.

<Sysname> system-view

[Sysname] flowspec

[Sysname-flowspec] address-family ipv6

[Sysname-flowspec-ipv6]

address-family ipv6 flowspec (BGP instance view)

Use address-family ipv6 flowspec to create a BGP IPv6 Flowspec address family, or enter the view of an existing BGP IPv6 Flowspec address family.

Use undo address-family ipv6 flowspec to delete a BGP IPv6 Flowspec address family and all its settings.

Syntax

address-family ipv6 flowspec

undo address-family ipv6 flowspec

Default

No BGP IPv6 Flowspec address family exists.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

The settings in the view of a BGP IPv6 Flowspec address family take effect only on routes and peers of the BGP IPv6 Flowspec address family.

Examples

# Create a BGP IPv6 Flowspec address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv6 flowspec

[Sysname-bgp-default-ipv6-flowspec]

address-family ipv6 flowspec (BGP-VPN instance view)

Use address-family ipv6 flowspec to create a BGP-VPN IPv6 Flowspec address family, or enter the view of an existing BGP-VPN IPv6 Flowspec address family.

Use undo address-family ipv6 flowspec to delete a BGP-VPN IPv6 Flowspec address family and all its settings.

Syntax

address-family ipv6 flowspec

undo address-family ipv6 flowspec

Default

No BGP-VPN IPv6 Flowspec address family exists.

Views

BGP-VPN instance view

Predefined user roles

network-admin

Usage guidelines

The settings in the view of a BGP-VPN IPv6 Flowspec address family take effect only on routes and peers of the BGP-VPN IPv6 Flowspec address family.

Examples

# Create a BGP-VPN IPv6 Flowspec address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv6 flowspec

[Sysname-bgp-default-flowspec-ipv6-vpn1]

Related commands

bgp (Layer 3—IP Routing Command Reference)

ip vpn-instance (MPLS Command Reference)

address-family ipv6 flowspec (VPN instance view)

Use address-family ipv6 flowspec to enter the IPv6 Flowspec address family view of a VPN instance.

Use undo address-family ipv6 flowspec to delete all settings in the IPv6 Flowspec address family view of a VPN instance.

Syntax

address-family ipv6 flowspec

undo address-family ipv6 flowspec

Views

VPN instance view

Predefined user roles

network-admin

Usage guidelines

You can configure IPv6 Flowspec parameters in the IPv6 Flowspec VPN address family view of a VPN instance. For example, you can configure route targets for a VPN instance.

Examples

# Enter the IPv6 Flowspec VPN address family view of a VPN instance.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv6 flowspec

[Sysname-vpn-flowspec-ipv6-vpn1]

Related commands

ip vpn-instance (MPLS Command Reference)

address-family vpnv4 flowspec

Use address-family vpnv4 flowspec to create a BGP VPNv4 Flowspec address family, or enter the view of an existing BGP VPNv4 Flowspec address family.

Use undo address-family vpnv4 flowspec to delete a BGP VPNv4 Flowspec address family and all its settings.

Syntax

address-family vpnv4 flowspec

undo address-family vpnv4 flowspec

Default

No BGP VPNv4 Flowspec address family exists.

Views

BGP instance view

Predefined user roles

network-admin

Examples

# Create a BGP VPNv4 Flowspec address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4 flowspec

[Sysname-bgp-default-vpnv4-flowspec]

address-family vpnv6 flowspec

Use address-family vpnv6 flowspec to create a BGP VPNv6 Flowspec address family, or enter the view of an existing BGP VPNv6 Flowspec address family.

Use undo address-family vpnv6 flowspec to delete a BGP VPNv6 Flowspec address family and all its settings.

Syntax

address-family vpnv6 flowspec

undo address-family vpnv6 flowspec

Default

No BGP VPNv6 Flowspec address family exists.

Views

BGP instance view

Predefined user roles

network-admin

Examples

# Create a BGP VPNv6 Flowspec address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6 flowspec

[Sysname-bgp-default-vpnv6-flowspec]

Related commands

bgp (Layer 3—IP Routing Command Reference)

apply

Use apply to apply an action to matching traffic in a Flowspec rule.

Use undo apply to remove an action from a Flowspec rule.

Syntax

apply action

undo apply action

Default

No action is applied in a Flowspec rule.

Views

IPv4 Flowspec rule view

IPv6 Flowspec rule view

Predefined user roles

network-admin

Parameters

action: Specifies an action. Table 1 shows available actions.

Table 1 Available actions

Action	Description
deny	Drops packets.
redirect { next-hop { ipv4-address \| ipv6-address } [ copy-mode ] \| vpn-target import-vpn-target }	Redirects packets: · next-hop { ipv4-address \| ipv6-address } [ copy-mode ]: Redirects packets to a next hop. The ipv4-address or ipv6-address argument specifies the IPv4 or IPv6 address of the next hop. The copy-mode keyword redirects copies of the packets. · vpn-target import-vpn-target: Redirects packets to a route target. The import-vpn-target argument specifies a route target, a string of 3 to 21 characters. A route target can be indicated in one of the following formats: ¡ 16-bit AS number:32-bit user-defined number, for example, 100:3. ¡ 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. ¡ 32-bit AS number:16-bit user-defined number, for example, 65536:1. The smallest AS number is 65535.
redirect next-hop { ipv4-address color color \| ipv6-address color color [ sid sid-value ] }	Redirects packets to an SR-MPLS TE policy or SRv6 TE policy: · ipv4-address: Specifies the destination node address of the SR-MPLS TE policy. · ipv6-address: Specifies the destination node address of the SRv6 TE policy. · color color: Specifies the color attribute of the SR-MPLS TE policy, in the format of CO (color-only) flag:color attribute value. The range value for the CO flag is 00 to 11. · sid sid-value: Specifies the SRv6 SID of the egress node. The device adds the SRv6 SID to the SRH header and places it after the SID list. After the packets are forwarded to the egress node, the egress node takes the forwarding action based on the SRv6 SID. For more information about SR-MPLS TE policies or SRv6 TE policies, see Segment Routing Configuration Guide.
remark-dscp dscp-value	Marks the DSCP value for packets. The dscp-value argument specifies a DSCP value, which can be a number from 0 to 63 or a keyword in Table 2.
traffic-rate rate	Limits the rate of packets. The rate argument specifies the traffic rate in the range of 1 to 100000000 kbps.

Table 2 DSCP keywords and values

Keyword	DSCP value (binary)	DSCP value (decimal)
default	000000	0
af11	001010	10
af12	001100	12
af13	001110	14
af21	010010	18
af22	010100	20
af23	010110	22
af31	011010	26
af32	011100	28
af33	011110	30
af41	100010	34
af42	100100	36
af43	100110	38
cs1	001000	8
cs2	010000	16
cs3	011000	24
cs4	100000	32
cs5	101000	40
cs6	110000	48
cs7	111000	56
ef	101110	46

Usage guidelines

If you execute this command multiple times with the same type of action in a Flowspec rule, the most recent configuration takes effect.

The relationship among different action types in a Flowspec rule is logic AND.

If both actions of redirecting to a VPN instance and redirecting to a next hop are configured, the following rules apply:

· If the VPN instance is unreachable, neither action takes effect.

· If the VPN instance is reachable but the next hop is unreachable, the action of redirecting to the VPN instance takes effect.

· If both the VPN instance and the next hop are reachable, both actions take effect.

For successful traffic redirection, make sure the next hop IP address is reachable. The redirection feature periodically looks up the routing table to verify the reachability of the next hop IP address. If the next hop IP address is detected unreachable, traffic redirection to a next hop is no longer in effect.

You can only redirect traffic to the public network by redirecting the traffic to an SR-MPLS TE policy. You can redirect traffic to the public network or a VPN instance by redirecting the traffic to an SRv6 TE policy. If you do not specify the { sid | vpnsid } sid option, traffic is redirected to the public network.

Make sure the specified SRv6 SID is correct. This value in packets does not indicate the public or private network attribute. The destination node forwards the packets according to the local SID table.

Examples

# Apply a deny action in an IPv4 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match port 23

[Sysname-flow-route-route1] apply deny

# Apply a redirection action in an IPv4 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match port 23

[Sysname-flow-route-route1] apply redirect vpn-target 4:4

# Apply an action of marking DSCP value af11 for packets in an IPv4 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match port 23

[Sysname-flow-route-route1] apply remark-dscp af11

# Apply an action of limiting the traffic rate to 419200 kbps in an IPv4 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match port 23

[Sysname-flow-route-route1] apply traffic-rate 419200

# Apply a deny action in an IPv6 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route1] if-match port 23

[Sysname-flow-route-ipv6-route1] apply deny

# Apply a redirection action in an IPv6 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route1] if-match port 23

[Sysname-flow-route-ipv6-route1] apply redirect vpn-target 4:4

# Apply an action of redirecting traffic to an SR-MPLS TE policy in an IPv4 Flowspec rule: The destination node address is 192.168.45.45, and the color attribute is 01:1.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] apply redirect next-hop 192.168.45.45 color 01:1

# Apply an action of redirecting traffic to an SRv6 TE policy in an IPv6 Flowspec rule: The destination node address is 2::2, the color attribute is 11:2, and the SRv6 SID of the egress node is 2::3.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route2] apply redirect next-hop 2::2 color 11:2 sid 2::3

check flow-route-configuration

Use check flow-route-configuration to display uncommitted match criteria and actions in a Flowspec rule.

Syntax

check flow-route-configuration

Views

IPv4 Flowspec rule view

IPv6 Flowspec rule view

Predefined user roles

network-admin

Usage guidelines

If you configure match criteria and actions for the first time in a Flowspec rule and do not commit them, this command displays all uncommitted match criteria and actions.

If some match criteria and actions are committed and others are not committed in a Flowspec rule, this command displays all match criteria and actions, including those that are committed. To display the committed match criteria and actions of a Flowspec rule, use the display this command in Flowspec rule view.

Examples

# Display uncommitted match criteria and actions in an IPv4 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] check flow-route-configuration

Traffic filtering rules:

Destination IP : 1.1.0.0 255.255.0.0

Destination port : 23

DSCP : 24

Fragment type : match fragment

ICMP code : 8

ICMP type : 10

Packet length : 150

Protocol : 2

Source IP : 1.1.0.0 255.255.0.0

Source port : 238 to 240 550

TCP flags : match 23

Traffic filtering actions:

Traffic rate : 1000(kbps)

DSCP marking : 56

Redirect VPN target : 1:2

Redirect SR-MPLS TE policy:

Nexthop: 2.2.2.3

Color : 00:56874

# Display uncommitted match criteria and actions in an IPv6 Flowspec rule.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route1] check flow-route-configuration

Traffic filtering rules:

Destination IPv6 : 88:11:11::/123

Destination port : 23

DSCP : 24

Fragment type : match fragment

ICMP code : 8

ICMP type : 10

Packet length : 150

Next header : 2

Source IPv6 : 11:33::/76

Source port : 238 to 240 550

TCP flags : match 23

Flow label : 100

Traffic filtering actions:

Traffic rate : 1000(kbps)

DSCP marking : 56

Redirect VPN target : 1:2

Redirect SRv6 TE policy:

Nexthop: 4d::56

Color : 00:156879

SID : 5a::13

Table 3 Command output

Field	Description
Traffic filtering rules	Match criteria that are not committed. For more information about match criteria, see Table 4. If no match criteria are configured or the match criteria are committed, this field displays N/A.
Traffic filtering actions	Actions that are not committed. For more information about actions, see Table 5. If no actions are configured or the actions are committed, this field displays N/A.

Field

Description

Traffic filtering rules

Match criteria that are not committed.

For more information about match criteria, see Table 4.

If no match criteria are configured or the match criteria are committed, this field displays N/A.

Traffic filtering actions

Actions that are not committed.

For more information about actions, see Table 5.

If no actions are configured or the actions are committed, this field displays N/A.

Table 4 Match criteria

Field	Description
Destination IP	Matches the destination IPv4 address.
Destination IPv6	Matches the destination IPv6 address.
Destination port	Matches the destination port.
DSCP	Matches the DSCP value.
Fragment type	Matches the fragment type: · match—Indicates that the specified fragment type is a successful match criterion. · not—Indicates that all fragment types except the specified fragment type are successful match criteria. · fragment—Matches fragmented packets. · non-fragment—Matches non-fragmented packets. · fragment-spe-first—Matches the first fragment of fragmented packets.
ICMP code	Matches the ICMP code.
ICMP type	Matches the ICMP type.
Packet length	Matches the packet length (including the Layer 3 header).
Port	Matches the source and destination ports.
Protocol	Matches the protocol number.
Source IP	Matches the source IPv4 address.
Source IPv6	Matches the source IPv6 address.
Source port	Matches the source port.
TCP flags	Matches TCP flags. · match—Indicates that the specified TCP flags are successful match criteria. · not—Indicates that all TCP flags except the specified TCP flags are successful match criteria.
Next header	Matches the protocol in an IPv6 next header.
Flow label	Matches the IPv6 flow label.

Table 5 Actions

Field	Description
Deny	Drops packets.
Traffic rate	Limits the traffic rate.
Redirect VPN target	Redirects packets to a route target.
Redirect next-hop	Redirects packets to a next hop.
DSCP marking	Marks the DSCP value for packets.
Redirect SR-TE policy	Redirect traffic to an SR-MPLS TE policy. · Nexthop—Destination node address of the SR-MPLS TE policy. · Color—Color attribute of the SR-MPLS TE policy.
Redirect SRv6-TE policy	Redirect traffic to an SRv6 TE policy: · Nexthop—Destination node address of the SRv6 TE policy. · Color—Color attribute of the SRv6 TE policy. · SID—SRv6 SID of the egress node.

Related commands

commit

Use commit to commit match criteria and actions in a Flowspec rule.

Syntax

commit

Default

Match criteria and actions in a Flowspec rule are not committed.

Views

IPv4 Flowspec rule view

IPv6 Flowspec rule view

Predefined user roles

network-admin

Usage guidelines

Match criteria and actions in a Flowspec rule can be modified dynamically. To reduce network instability caused by dynamic modification, you must execute the commit command to make the modification in a Flowspec rule take effect.

As a best practice before executing the commit command, use the check flow-route-configuration command to display the match criteria and actions that are not committed.

Multiple Flowspec rules can be applied to a Flowspec IPv4 or IPv6 address family. However, different Flowspec rules cannot have the same committed match criteria.

Examples

# Commit match criteria and actions in IPv4 Flowspec rule route1.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match port 23

[Sysname-flow-route-route1] apply traffic-rate 419200

[Sysname-flow-route-route1] commit

# Commit match criteria and actions in IPv6 Flowspec rule route1.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route1] if-match port 23

[Sysname-flow-route-ipv6-route1] apply traffic-rate 419200

[Sysname-flow-route-ipv6-route1] commit

Related commands

check flow-route-configuration

display bgp group flowspec

Use display bgp group flowspec to display BGP peer group information.

Syntax

display bgp [ instance instance-name ] group { ipv4 | ipv6 | vpnv4 | vpnv6 } flowspec [ vpn-instance vpn-instance-name ] [ group-name group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays the information for the default BGP instance.

ipv4: Displays IPv4 BGP peer group information.

ipv6: Displays IPv6 BGP peer group information.

vpnv4: Displays VPNv4 BGP peer group information.

vpnv6: Displays VPNv6 BGP peer group information.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays the information for the public network.

group-name group-name: Specifies a BGP peer group by its name, a case-sensitive string of 1 to 47 characters. If you do not specify a group, this command displays brief information about all BGP peer groups for the specified address family.

Examples

# Display brief information about all BGP IPv4 peer groups.

<Sysname> display bgp group ipv4 flowspec

BGP peer group: group1

Remote AS: 600

Authentication type configured: None

Type: external

Members:

1.1.1.10

BGP peer group: group2

Remote AS number: not specified

Type: external

Members:

2.2.2.2

Table 6 Command output

Field	Description
BGP peer group	Name of the BGP peer group.
Remote AS	AS number of the peer group.
Authentication type configured	Authentication mode of the peer group: · None. · MD5. · Keychain (keychain-name).
Type	Type of the peer group: · external—EBGP peer group. · internal—IBGP peer group.
Maximum number of prefixes allowed	Maximum number of routes allowed to learn from the peer. This field does not apply to BGP L2VPN.
Threshold	Percentage of received routes from the peer to maximum routes allowed to learn from the peer. If the percentage is reached, the system generates a log message. This field does not apply to BGP L2VPN.
Configured hold time	Configured hold interval in seconds.
Keepalive time	Keepalive interval in seconds.
Minimum time between advertisements	Minimum route advertisement interval in seconds.
Peer preferred value	Preferred value specified for routes from the peer. This field does not apply to BGP L2VPN.
Site-of-Origin	SoO for the peer group.
Routing policy configured	Routing policy configured for the peer group. If you do not specify a routing policy, this field displays No routing policy is configured. This field does not apply to BGP L2VPN.
Members	Information about peers included in the peer group.
* - Dynamically created peer	An asterisk (*) before a peer address indicates that the peer is a dynamic peer.
Peer	IPv4 or IPv6 address of the peer.
AS	AS number of the peer.
MsgRcvd	Number of messages received.
MsgSent	Number of messages sent.
OutQ	Number of messages to be sent.
PrefRcv	For the IPv4, IPv6, VPNv4, and VPNv6 address families, this field displays the number of prefixes received from the peer. For MPLS L2VPN, this field displays the number of label blocks received from the peer. For the IPv4 flowspec address family, this field displays the number of IPv4 flowspec messages received from the peer. For the IPv4 MDT address family, this field displays the number of MDT messages received from the peer.
Up/Down	Lasting time of the current BGP session state.
State	Current state of the BGP session between the local router and the peer.
IPsec profile name	IPsec profile applied to the IPv6 BGP peer group.

‌

display bgp routing-table ipv4 flowspec

Use display bgp routing-table ipv4 flowspec to display BGP IPv4 Flowspec routing information.

Syntax

display bgp [ instance instance-name ] routing-table ipv4 flowspec [ vpn-instance vpn-instance-name ] [ flowspec-prefix [ advertise-info | as-path | cluster-list | ext-community ] | statistics ]

display bgp [ instance instance-name ] routing-table ipv4 flowspec [ vpn-instance vpn-instance-name ] peer { ipv4-address | ipv6-address } { advertised-routes | received-routes } [ flowspec-prefix | statistics ]

display bgp [ instance instance-name ] routing-table ipv4 flowspec [ vpn-instance vpn-instance-name ] [ statistics ] ext-community [ color color | rt route-target ]&<1-32> [ whole-match ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

flowspec-prefix: Displays detailed BGP IPv4 Flowspec routing information. The values for this argument are the values under the Network field displayed when you do not specify this argument.

advertise-info: Displays advertisement information for BGP IPv4 Flowspec routes.

as-path: Displays AS_PATH attribute information for BGP IPv4 Flowspec routes.

cluster-list: Displays CLUSTER_LIST attribute information for BGP IPv4 Flowspec routes.

ext-community: Displays extended community attribute information for BGP IPv4 Flowspec routes.

peer: Displays BGP IPv4 Flowspec routing information advertised to or received from the specified peer.

· ipv4-address: Specifies a peer by its IPv4 address.

· ipv6-address: Specifies a peer by its IPv6 address.

advertised-routes: Displays BGP IPv4 Flowspec routing information advertised to the specified peer.

received-routes: Displays BGP IPv4 Flowspec routing information received from the specified peer.

statistics: Displays routing statistics.

color color: Sets the color extended community attribute, a string of 4 to 13 characters. The value for the color argument is in the Color-Only (CO) bit:color-value format, for example, 10:3. The value for the CO bit must be a binary number in the range of 00 to 11, and the value range for color-value is 0 to 4294967295. If you do not specify a color extended community attribute, this command displays BGP IPv4 Flowspec routes with any extended community attribute and the whole-match keyword does not take effect.

rt route-target&<1-32>: Specifies a list of up to 32 RT values. An RT is a string of 3 to 24 characters. If you do not specify an RT, this command displays BGP IPv4 Flowspec routes with any RT and the whole-match keyword does not take effect.

An RT has the following formats:

· 16-bit AS number:32-bit user-defined number, for example, 101:3. The value range for the AS number is 0 to 65535, and the value range for the user-defined number is 0 to 4294967295.

· 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. The value range for the user-defined number is 0 to 65535.

· 32-bit AS number:16-bit user-defined number, for example, 65536:1. The value range for the AS number is 65536 to 4294967295, and the value range for the user-defined number is 0 to 65535.

· 32-bit IPv4 address/mask length:16-bit user-defined number, for example, 192.168.122.15/24:1.

· 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1.

whole-match: Displays routes exactly matching the specified extended community attribute. If you do not specify this keyword, the command displays routes whose extended community attributes include the specified community attribute.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all BGP IPv4 Flowspec routes.

Examples

# Display brief information about all BGP IPv4 Flowspec routes in the default BGP instance.

<Sysname> display bgp routing-table ipv4 flowspec

Total number of routes: 1

BGP local router ID is 10.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e DEST:1.2.3.4/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 0 200?

# Display extended community attribute information for all BGP IPv4 Flowspec routes in the default BGP instance.

<Sysname> display bgp routing-table ipv4 flowspec ext-community

Total number of routes: 1

BGP local router ID is 10.1.1.1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn Ext-Community

* >e DEST:1.2.3.4/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 0 200? <RT 1:2>

Table 7 Command output

Field	Description
Status codes	Status codes: · * – valid—Valid route. · > – best—Optimal route. · d – dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ?– incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is incomplete.
Network	Destination network address.
NextHop	Next hop IP address.
MED	Multi-Exit Discriminator attribute.
LocPrf	Local preference value.
PrefVal	Preferred value of the route.
Path/Ogn	AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed. This attribute can avoid routing loops. · ORIGIN—Identifies the origin of the route.
Ext-Community	Extended community attribute.

# Display detailed information about a BGP IPv4 Flowspec route (DEST:1.1.1.0/24,DPort:=10/64) for the default BGP instance in the public network.

<Sysname> display bgp routing-table ipv4 flowspec DEST:1.1.1.0/24,DPort:=10/64

BGP local router ID: 10.1.1.1

Local AS number: 10

Paths: 1 available, 1 best

BGP routing table information of DEST:1.1.1.0/24,DPort:=10/64:

Imported route.

Original nexthop: 0.0.0.0

Out interface : NULL0

Route age : 01h55m46s

OutLabel : NULL

Ext-Community : <FLOWSPEC RATE: 2500 Bps>, <FLOWSPEC REDIRECT: Tunnel-ID(22)

Flags(0x0)>

RxPathID : 0x0

TxPathID : 0x0

Org-validation : Valid

AS-path : (null)

Origin : igp

Attribute value : pref-val 32768

State : valid, local, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

# Display extended community attribute information for a BGP IPv4 Flowspec route (DEST:1.1.1.0/24,DPort:=10/64) for the default BGP instance in the public network.

<Sysname> display bgp routing-table ipv4 flowspec DEST:1.1.1.0/24,DPort:=10/64 ext-community

BGP local router ID: 1.1.1.9

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of DEST:1.1.1.0/24,DPort:=10/64:

Ext-Community: <RT: 1:1>

# Display AS_PATH attribute information for a BGP IPv4 Flowspec route (DEST:1.1.1.0/24,DPort:=10/64) for the default BGP instance in the public network.

<Sysname> display bgp routing-table ipv4 flowspec DEST:1.1.1.0/24,DPort:=10/64 as-path

BGP local router ID: 1.1.1.9

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of DEST:1.1.1.0/24,DPort:=10/64:

As-path: 200

# Display cluster list attribute information for a BGP IPv4 Flowspec route (DEST:1.1.1.0/24,DPort:=10/64) for the default BGP instance in the public network.

<Sysname> display bgp routing-table ipv4 flowspec DEST:1.1.1.0/24,DPort:=10/64 cluster-list

BGP local router ID: 1.1.1.9

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of DEST:1.1.1.0/24,DPort:=10/64:

Cluster list: 80

Table 8 Command output

Field	Description
Paths	Number of routes: · available—Number of valid routes. · best—Number of optimal routes.
BGP routing table information of DEST:1.1.1.0/24,DPort:=10/64	Information about the BGP route to network 1.1.1.0/24.
Imported route	This route is an imported route.
Original nexthop	Original next hop of the route. If the route was obtained from a BGP UPDATE message, the original next hop is the next hop IP address in the message.
Out interface	Next hop output interface information.
Route age	Time elapsed since the most recent route update.
OutLabel	Outgoing label of the route.
Ext-community	Extended community attribute.
RxPathID	Add-path ID of received routes.
TxPathID	Add-path ID of advertised routes.
Org-validation	BGP RPKI validation state: · Valid. · Not found. · Invalid.
AS-path	AS_PATH attribute of the route, which records the ASs the route has passed and avoids routing loops.
Origin	Origin of the route: · igp—Originated in the AS. · egp—Learned through EGP. · incomplete—Unknown origin.
Attribute value	BGP path attributes: · MED—MED value. · localpref—Local preference value. · pref-val—Preferred value. · pre—Route preference.
Originator	Peer that generated the route.
Cluster list	CLUSTER_LIST attribute of the route. If the route does not carry this attribute, this field is not displayed.
Advertised to VPN peers (1 in total)	Peers to which the route has been advertised.
State	Current state of the route: · valid. · internal. · external. · local. · synchronize. · best. · delay—The route will be delayed for optimal route selection. This field is displayed only in the detailed command output. · bgp-rib-only—The route will not be flushed to the routing table. This field is displayed only in the detailed command output.
IP precedence	IP precedence in the range of 0 to 7. N/A indicates that the route does not support this field.
QoS local ID	QoS local ID in the range of 1 to 4095. N/A indicates that the route does not support this field.
Traffic index	Traffic index in the range of 1 to 64. N/A indicates that the route does not support this field.

# Display statistics for BGP IPv4 Flowspec routes advertised to peer 10.2.1.2 for the default BGP instance.

<Sysname> display bgp routing-table ipv4 flowspec peer 10.2.1.2 advertised-routes statistics

Advertised routes total: 2

# Display statistics for BGP IPv4 Flowspec routes received from peer 10.2.1.2 for the default BGP instance.

<Sysname> display bgp routing-table ipv4 flowspec peer 10.2.1.2 received-routes statistics

Received routes total: 2

Table 9 Command output

Field	Description
Advertised routes total	Total number of advertised routes.
Received routes total	Total number of received routes.

# Display statistics about all BGP IPv4 Flowspec routes with the community attribute.

<Sysname> display bgp routing-table ipv4 flowspec statistics community

Total number of routes: 4

display bgp routing-table ipv6 flowspec

Use display bgp routing-table ipv6 flowspec to display BGP IPv6 Flowspec routing information.

Syntax

display bgp [ instance instance-name ] routing-table ipv6 flowspec [ vpn-instance vpn-instance-name ] [ flowspec-prefix [ advertise-info | as-path | cluster-list | ext-community ] | statistics ]

display bgp [ instance instance-name ] routing-table ipv6 flowspec [ vpn-instance vpn-instance-name ] peer { ipv4-address | ipv6-address } { advertised-routes | received-routes } [ flowspec-prefix | statistics ] ]

display bgp [ instance instance-name ] routing-table ipv6 flowspec [ vpn-instance vpn-instance-name ] [ statistics ] ext-community [ color color | rt route-target ]&<1-32> [ whole-match ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

flowspec-prefix: Displays detailed BGP IPv6 Flowspec routing information. The values for this argument are the values under the Network field displayed when you do not specify this argument.

advertise-info: Displays advertisement information for BGP IPv6 Flowspec routes.

as-path: Displays AS_PATH attribute information for BGP IPv6 Flowspec routes.

cluster-list: Displays CLUSTER_LIST attribute information for BGP IPv6 Flowspec routes.

ext-community: Displays extended community attribute information for BGP IPv6 Flowspec routes.

peer: Displays BGP IPv6 Flowspec routing information advertised to or received from the specified peer.

· ipv4-address: Specifies a peer by its IPv4 address.

· ipv6-address: Specifies a peer by its IPv6 address.

advertised-routes: Displays BGP IPv6 Flowspec routing information advertised to the specified peer.

received-routes: Displays BGP IPv6 Flowspec routing information received from the specified peer.

statistics: Displays routing statistics.

color color: Sets the color extended community attribute, a string of 4 to 13 characters. The value for the color argument is in the Color-Only (CO) bit:color-value format, for example, 10:3. The value for the CO bit must be a binary number in the range of 00 to 11, and the value range for color-value is 0 to 4294967295. If you do not specify a color extended community attribute, this command displays BGP IPv6 Flowspec routes with any extended community attribute and the whole-match keyword does not take effect.

rt route-target&<1-32>: Specifies a list of up to 32 RT values. An RT is a string of 3 to 24 characters. If you do not specify an RT, this command displays BGP IPv6 Flowspec routes with any RT and the whole-match keyword does not take effect.

An RT has the following formats:

· 16-bit AS number:32-bit user-defined number, for example, 101:3. The value range for the AS number is 0 to 65535, and the value range for the user-defined number is 0 to 4294967295.

· 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. The value range for the user-defined number is 0 to 65535.

· 32-bit AS number:16-bit user-defined number, for example, 65536:1. The value range for the AS number is 65536 to 4294967295, and the value range for the user-defined number is 0 to 65535.

· 32-bit IPv4 address/mask length:16-bit user-defined number, for example, 192.168.122.15/24:1.

· 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all BGP IPv6 Flowspec routes.

Examples

# Display brief information about all public-network BGP IPv6 Flowspec routes in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec

Total number of routes: 1

BGP local router ID is 10::1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e DEST:11::1/64,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 0 200?

# Display information for all BGP IPv6 Flowspec routes with the extended community attribute in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec ext-community

Total number of routes: 1

BGP local router ID is 10::1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn Ext-Community

* >e DEST:11::1/64,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 0 200? <RT 1:1>

# Display information about public-network BGP IPv6 Flowspec routes advertised to peer 10::1 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec peer 10:: 1 advertised-routes

Total number of routes: 1

BGP local router ID is 10::2

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf Path/Ogn

* > DEST:11::1/64,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 200?

# Display information about public-network BGP IPv6 Flowspec routes received from peer 10::2 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec peer 10::2 received-routes

Total number of routes: 1

BGP local router ID is 10::1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e DEST:11::1/64,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 0 200?

Table 10 Command output

Field	Description
Status codes	Status codes: · * – valid—Valid route. · > – best—Optimal route. · d – dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ?– incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is incomplete.
Network	Destination network address.
NextHop	Next-hop IP address.
MED	Multi-Exit Discriminator attribute.
LocPrf	Local preference value.
PrefVal	Preferred value of the route.
Path/Ogn	AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed. This attribute can avoid routing loops. · ORIGIN—Identifies the origin of the route.
Ext-Community	Extended community attribute.

# Display information about public-network BGP IPv6 Flowspec routes to destination network with DPort as 1000/32 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec DPort:=1000/32

BGP local router ID: 1.1.1.2

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Imported route.

Original nexthop: 0.0.0.0

Out interface : NULL0

Route age : 00h00m10s

OutLabel : NULL

Ext-Community : <RT: 1:1>

RxPathID : 0x0

TxPathID : 0x0

Org-validation : Valid

PrefixSID : N/A SID <123::1>

AS-path : (null)

Origin : igp

Attribute value : pref-val 32768

State : valid, local, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

# Display extended community attribute information for public-network BGP IPv6 Flowspec routes to destination network with DPort as 1000/32 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec DPort:=1000/32 ext-community

BGP local router ID: 1.1.1.9

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Ext-Community: <RT: 1:1>

# Display AS_PATH attribute information for public-network BGP IPv6 Flowspec routes to destination network with DPort as 1000/32 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec DPort:=1000/32 as-path

BGP local router ID: 1.1.1.9

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

As-path: 200

# Display clust list attribute information for public-network BGP IPv6 Flowspec routes to destination network with DPort as 1000/32 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec DPort:=1000/32 cluster-list

BGP local router ID: 1.1.1.9

Local AS number: 100

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Cluster list: 80

Table 11 Command output

Field	Description
Paths	Number of routes: · available—Number of valid routes. · best—Number of optimal routes.
Original nexthop	Original next hop of the route. If the route was obtained from a BGP UPDATE message, the original next hop is the next hop IP address in the message.
Out interface	Next hop output interface information.
Route age	Time elapsed since the most recent route update.
OutLabel	Outgoing label of the route.
Ext-Community	Extended community attribute.
RxPathID	Add-path ID of received routes.
TxPathID	Add-path ID of advertised routes.
Org-validation	BGP RPKI validation state: · Valid. · Not found. · Invalid.
PrefixSID	Prefix SID: · Label index—Label index. · SRGB —SRGB range.
AS-path	AS_PATH attribute of the route, which records the ASs the route has passed and avoids routing loops.
Origin	Origin of the route: · igp—Originated in the AS. · egp—Learned through EGP. · incomplete—Unknown origin.
Attribute value	BGP path attributes: · MED—MED value. · localpref—Local preference value. · pref-val—Preferred value. · pre—Route preference.
Originator	Peer that generated the route.
Cluster list	CLUSTER_LIST attribute of the route. If the route does not carry this attribute, this field is not displayed.
Advertised to VPN peers (1 in total)	Peers to which the route has been advertised.
State	Current state of the route: · valid. · internal. · external. · local. · synchronize. · best. · delay—The route will be delayed for optimal route selection. This field is displayed only in the detailed command output. · bgp-rib-only—The route will not be flushed to the routing table. This field is displayed only in the detailed command output. · not preferred for reason—Reason why the route is not selected as the optimal route. · not ECMP for reason—Reason why the route does not form ECMP routes with other routes.
IP precedence	IP precedence in the range of 0 to 7. N/A indicates that the route does not support this field.
QoS local ID	QoS local ID in the range of 1 to 4095. N/A indicates that the route does not support this field.
Traffic index	Traffic index in the range of 1 to 64. N/A indicates that the route does not support this field.

# Display statistics for BGP IPv6 Flowspec routes advertised to peer 10::2 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec peer 10::2 advertised-routes statistics

Advertised routes total: 2

# Display statistics for BGP IPv6 Flowspec routes received from peer 10::2 in the default BGP instance.

<Sysname> display bgp routing-table ipv6 flowspec peer 10::2 received-routes statistics

Received routes total: 2

Table 12 Command output

Field	Description
Advertised routes total	Total number of advertised routes.
Received routes total	Total number of received routes.

# Display statistics about all BGP IPv6 Flowspec routes with the extended community attribute.

<Sysname> display bgp routing-table ipv6 flowspec statistics ext-community

Total number of routes: 1

display bgp routing-table vpnv4 flowspec

Use display bgp routing-table vpnv4 flowspec to display BGP VPNv4 Flowspec routing information.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 flowspec [ peer { ipv4-address | ipv6-address } { advertised-routes | received-routes } [ flowspec-prefix | statistics ] | [ route-distinguisher route-distinguisher ] [ flowspec-prefix [ advertise-info | as-path | cluster-list | ext-community ] ] | statistics ]

display bgp [ instance instance-name ] routing-table vpnv4 flowspec [ route-distinguisher route-distinguisher ] [ statistics ] ext-community [ color color | rt route-target ]&<1-32> [ whole-match ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

peer: Displays BGP VPNv4 Flowspec routing information advertised to or received from the specified peer.

· ipv4-address: Specifies a peer by its IPv4 address.

· ipv6-address: Specifies a peer by its IPv6 address.

advertised-routes: Displays BGP VPNv4 Flowspec routing information advertised to the specified peer.

received-routes: Displays BGP VPNv4 Flowspec routing information received from the specified peer.

route-distinguisher route-distinguisher: Displays BGP VPNv4 Flowspec routing information for the specified route distinguisher. The route-distinguisher argument is a string of 3 to 21 characters and can be specified in one of the following formats:

· 16-bit AS number:32-bit user-defined number, for example, 101:3.

· 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, for example, 65536:1. The smallest AS number is 65535.

flowspec-prefix: Displays detailed BGP VPNv4 Flowspec routing information. The values for this argument are the values under the Network field displayed when you do not specify this argument.

advertise-info: Displays advertisement information for BGP VPNv4 Flowspec routes.

as-path: Displays AS_PATH attribute information for BGP VPNv4 Flowspec routes.

cluster-list: Displays CLUSTER_LIST attribute information for BGP VPNv4 Flowspec routes.

ext-community: Displays extended community attribute information for BGP VPNv4 Flowspec routes.

statistics: Displays routing statistics.

color color: Sets the color extended community attribute, a string of 4 to 13 characters. The value for the color argument is in the Color-Only (CO) bit:color-value format, for example, 10:3. The value for the CO bit must be a binary number in the range of 00 to 11, and the value range for color-value is 0 to 4294967295. If you do not specify a color extended community attribute, this command displays BGP VPNv4 Flowspec routes with any extended community attribute and the whole-match keyword does not take effect.

rt route-target&<1-32>: Specifies a list of up to 32 RT values. An RT is a string of 3 to 24 characters. If you do not specify an RT, this command displays BGP VPNv4 Flowspec routes with any RT and the whole-match keyword does not take effect.

An RT has the following formats:

· 16-bit AS number:32-bit user-defined number, for example, 101:3. The value range for the AS number is 0 to 65535, and the value range for the user-defined number is 0 to 4294967295.

· 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. The value range for the user-defined number is 0 to 65535.

· 32-bit AS number:16-bit user-defined number, for example, 65536:1. The value range for the AS number is 65536 to 4294967295, and the value range for the user-defined number is 0 to 65535.

· 32-bit IPv4 address/mask length:16-bit user-defined number, for example, 192.168.122.15/24:1.

· 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all BGP VPNv4 Flowspec routes.

Examples

# Display brief information about all BGP VPNv4 Flowspec routes for the default BGP instance.

<Sysname> display bgp routing-table vpnv4 flowspec

BGP local router ID is 192.168.56.55

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 4

Route distinguisher: 1:3

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i DEST:1.2.3.4/32,Source:2.3.4.5/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/528

0.0.0.0 100 0 ?

* >i DEST:4.5.6.7/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 100 0 ?

Route distinguisher: 1:5(vpn1)

Total number of routes: 5

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i DEST:1.2.3.4/32,Source:2.3.4.5/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/528

0.0.0.0 100 0 ?

* >e DEST:1.2.3.4/32,Source:2.3.4.5/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4,DEST:1.2.3.4/32,Source:2.3.4.5/32,Proto

:=0|=1|=60,Port:=200,DPort:=200|=300,SPort:=100|=120|=140,ICMPType:=200|=100|=12

0|=140,ICMPCode:=200|=220|=230,TCPFlags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/105

0.0.0.0 0 100?

* > DEST:4.5.6.7/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 32768 ?

* i 0.0.0.0 100 0 ?

* e 0.0.0.0 0 100?

Route distinguisher: 1:6

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e DEST:1.2.3.4/32,Source:2.3.4.5/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4,DEST:1.2.3.4/32,Source:2.3.4.5/32,Proto

:=0|=1|=60,Port:=200,DPort:=200|=300,SPort:=100|=120|=140,ICMPType:=200|=100|=12

0|=140,ICMPCode:=200|=220|=230,TCPFlags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/105

0.0.0.0 0 100?

* >e DEST:4.5.6.7/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 0 100?

# Display information about all BGP VPNv4 Flowspec routes with the extended community attribute.

<Sysname> display bgp routing-table vpnv4 flowspec ext-community

BGP local router ID is 192.168.56.55

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 2

Route distinguisher: 1:3

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn Ext-Community

* >i DEST:1.2.3.4/32,Source:2.3.4.5/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/528

0.0.0.0 100 0 ? <RT 1:1>

* >i DEST:4.5.6.7/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 100 0 ? <RT 1:1>

Table 13 Command output

Field	Description
Status codes	Status codes: · * – valid—Valid route. · > – best—Optimal route. · d – dampened—Dampened route. · h – history—History route. · i – internal—Internal route. · e – external—External route. · s – suppressed—Suppressed route. · S – stale—Stale route.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ?– incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is incomplete.
Network	Destination network address.
NextHop	Next hop IP address.
MED	Multi-Exit Discriminator attribute.
LocPrf	Local preference value.
PrefVal	Preferred value of the route.
Path/Ogn	AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed. This attribute can avoid routing loops. · ORIGIN—Identifies the origin of the route.
Ext-Community	Extended community attribute.

# Display detailed information about BGP VPNv4 Flowspec route DEST:1.1.1.0/24,DPort:=10/64 advertised to peer 1.1.1.9.

<Sysname> display bgp routing-table vpnv4 flowspec peer 1.1.1.9 advertised-routes DEST:1.1.1.0/24,DPort:=10/64 verbose

BGP local router ID: 192.168.56.3

Local AS number: 100

Route distinguisher: 100:1

Total number of routes: 1

Paths: 1 best

BGP routing table information of DEST:1.1.1.0/24,DPort:=10/64:

Original nexthop: 0.0.0.0

Ext-Community : <RT: 12:1>, <FLOWSPEC RATE: 1250 Bps>

AS-path : (null)

Origin : igp

Attribute value : localpref 100

Advertised to VPN peers (1 in total):

1.1.1.9

# Display extended community attribute information for a BGP VPNv4 Flowspec route (DPort:=1000/32).

<Sysname> display bgp routing-table vpnv4 flowspec DPort:=1000/32 ext-community

BGP local router ID: 192.168.56.11

Local AS number: 1

Route distinguisher: 1:1(1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Ext-Community: <RT: 1:1>

# Display AS_PATH attribute information for a BGP VPNv4 Flowspec route (DPort:=1000/32).

<Sysname> display bgp routing-table vpnv4 flowspec DPort:=1000/32 as-path

BGP local router ID: 192.168.56.11

Local AS number: 1

Route distinguisher: 1:1(1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

As-path: 100

# Display cluster list attribute information for a BGP VPNv4 Flowspec route (DPort:=1000/32).

<Sysname> display bgp routing-table vpnv4 flowspec DPort:=1000/32 cluster-list

BGP local router ID: 192.168.56.11

Local AS number: 1

Route distinguisher: 1:1(1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Cluster list: 80

Table 14 Command output

Field	Description
Paths	Number of routes: · available—Number of valid routes. · best—Number of optimal routes.
BGP routing table information of DEST:1.1.1.0/24,DPort:=10/64	Information about the BGP route to network 1.1.1.0/24.
Imported route	This route is an imported route.
Original nexthop	Original next hop of the route. If the route was obtained from a BGP UPDATE message, the original next hop is the next hop IP address in the message.
Out interface	Next hop output interface information.
Route age	Time elapsed since the most recent route update.
OutLabel	Outgoing label of the route.
Ext-community	Extended community attribute.
RxPathID	Add-path ID of received routes.
TxPathID	Add-path ID of advertised routes.
Org-validation	BGP RPKI validation state: · Valid. · Not found. · Invalid.
AS-path	AS_PATH attribute of the route, which records the ASs the route has passed and avoids routing loops.
Origin	Origin of the route: · igp—Originated in the AS. · egp—Learned through EGP. · incomplete—Unknown origin.
Attribute value	BGP path attributes: · MED—MED value. · localpref—Local preference value. · pref-val—Preferred value. · pre—Route preference.
Originator	Peer that generated the route.
Cluster list	CLUSTER_LIST attribute of the route. If the route does not carry this attribute, this field is not displayed.
Advertised to VPN peers (1 in total)	Peers to which the route has been advertised.
State	Current state of the route: · valid. · internal. · external. · local. · synchronize. · best. · delay—The route will be delayed for optimal route selection. This field is displayed only in the detailed command output. · bgp-rib-only—The route will not be flushed to the routing table. This field is displayed only in the detailed command output.
IP precedence	IP precedence in the range of 0 to 7. N/A indicates that the route does not support this field.
QoS local ID	QoS local ID in the range of 1 to 4095. N/A indicates that the route does not support this field.
Traffic index	Traffic index in the range of 1 to 64. N/A indicates that the route does not support this field.

# Display statistics for BGP VPNv4 Flowspec routes advertised to peer 15.5.6.2 for the default BGP instance.

<Sysname> display bgp routing-table vpnv4 flowspec peer 15.5.6.2 advertised-routes statistics

Advertised routes total: 3

# Display statistics for BGP VPNv4 Flowspec routes received from peer 15.5.6.2 for the default BGP instance.

<Sysname> display bgp routing-table vpnv4 flowspec peer 15.5.6.2 received-routes statistics

Received routes total: 2

Table 15 Command output

Field	Description
Advertised routes total	Total number of advertised routes.
Received routes total	Total number of received routes.

# Display statistics for BGP VPNv4 Flowspec routes.

<Sysname> display bgp routing-table vpnv4 flowspec statistics

Total number of routes from all PEs: 4

Route distinguisher: 1:3

Route distinguisher: 1:5(vpn1)

Total number of routes: 5

Route distinguisher: 1:6

Total number of routes: 2

# Display statistics about all BGP VPNv4 Flowspec routes with the extended community attribute.

<Sysname> display bgp routing-table vpnv4 flowspec statistics ext-community

Total number of routes from all PEs: 4

Route distinguisher: 1:3

Total number of routes: 2

Route distinguisher: 1:5(vpn1)

Total number of routes: 5

Route distinguisher: 1:6

Total number of routes: 2

display bgp routing-table vpnv6 flowspec

Use display bgp routing-table vpnv6 flowspec to display BGP VPNv6 Flowspec routing information.

Syntax

display bgp [ instance instance-name ] routing-table vpnv6 flowspec [ peer { ipv4-address | ipv6-address } { advertised-routes | received-routes } [ flowspec-prefix | statistics ] | [ route-distinguisher route-distinguisher ] [ flowspec-prefix [ advertise-info | as-path | cluster-list | ext-community ] ] | statistics ]

display bgp [ instance instance-name ] routing-table vpnv6 flowspec [ route-distinguisher route-distinguisher ] [ statistics ] ext-community [ color color | rt route-target ]&<1-32> [ whole-match ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

peer: Displays BGP VPNv6 Flowspec routing information advertised to or received from the specified peer.

· ipv4-address: Specifies a peer by its IPv4 address.

· ipv6-address: Specifies a peer by its IPv6 address.

advertised-routes: Displays BGP VPNv6 Flowspec routing information advertised to the specified peer.

received-routes: Displays BGP VPNv6 Flowspec routing information received from the specified peer.

route-distinguisher route-distinguisher: Displays BGP VPNv6 Flowspec routing information for the specified route distinguisher. The route-distinguisher argument is a string of 3 to 21 characters and can be specified in one of the following formats:

· 16-bit AS number:32-bit user-defined number, for example, 101:3.

· 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, for example, 65536:1. The smallest AS number is 65535.

flowspec-prefix: Displays detailed BGP VPNv6 Flowspec routing information. The values for this argument are the values under the Network field displayed when you do not specify this argument.

advertise-info: Displays advertisement information for BGP VPNv6 Flowspec routes.

as-path: Displays AS_PATH attribute information for BGP VPNv6 Flowspec routes.

cluster-list: Displays CLUSTER_LIST attribute information for BGP VPNv6 Flowspec routes.

ext-community: Displays extended community attribute information for BGP VPNv6 Flowspec routes.

statistics: Displays routing statistics.

color color: Sets the color extended community attribute, a string of 4 to 13 characters. The value for the color argument is in the Color-Only (CO) bit:color-value format, for example, 10:3. The value for the CO bit must be a binary number in the range of 00 to 11, and the value range for color-value is 0 to 4294967295. If you do not specify a color extended community attribute, this command displays BGP VPNv6 Flowspec routes with any extended community attribute and the whole-match keyword does not take effect.

rt route-target&<1-32>: Specifies a list of up to 32 RT values. An RT is a string of 3 to 24 characters. If you do not specify an RT, this command displays BGP VPNv6 Flowspec routes with any RT and the whole-match keyword does not take effect.

An RT has the following formats:

· 16-bit AS number:32-bit user-defined number, for example, 101:3. The value range for the AS number is 0 to 65535, and the value range for the user-defined number is 0 to 4294967295.

· 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. The value range for the user-defined number is 0 to 65535.

· 32-bit AS number:16-bit user-defined number, for example, 65536:1. The value range for the AS number is 65536 to 4294967295, and the value range for the user-defined number is 0 to 65535.

· 32-bit IPv4 address/mask length:16-bit user-defined number, for example, 192.168.122.15/24:1.

· 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all BGP VPNv6 Flowspec routes.

Examples

# Display brief information about all BGP VPNv6 Flowspec routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 flowspec

BGP local router ID is 1::1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 4

Route distinguisher: 1:3

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i DEST:2::1/32,Source:3::1/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/528

0.0.0.0 100 0 ?

* >i DEST:4::1/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 100 0 ?

Route distinguisher: 1:5(vpn1)

Total number of routes: 5

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i DEST:2::1/32,Source:3::1/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/528

0.0.0.0 100 0 ?

* >e DEST:4::1/32,Source:3::1/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4,DEST:2::1/32,Source:3::1/32,Proto

:=0|=1|=60,Port:=200,DPort:=200|=300,SPort:=100|=120|=140,ICMPType:=200|=100|=12

0|=140,ICMPCode:=200|=220|=230,TCPFlags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/105

0.0.0.0 0 100?

* > DEST:4::1/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 32768 ?

* i 0.0.0.0 100 0 ?

* e 0.0.0.0 0 100?

Route distinguisher: 1:6

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e DEST:2::1/32,Source:3::1/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4,DEST:2::1/32,Source:3::1/32,Proto

:=0|=1|=60,Port:=200,DPort:=200|=300,SPort:=100|=120|=140,ICMPType:=200|=100|=12

0|=140,ICMPCode:=200|=220|=230,TCPFlags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/105

0.0.0.0 0 100?

* >e DEST:4::1 /32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 0 100?

# Display brief information about all BGP VPNv6 Flowspec routes with route distinguisher 1:5 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 flowspec route-distinguisher 1:5

BGP local router ID is 192.168.56.55

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 1:5(vpn1)

Total number of routes: 5

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i DEST:2::1/32,Source:3::1/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/528

0.0.0.0 100 0 ?

* >e DEST:2::1/32,Source:3::1/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4,DEST:2::1/32,Source:3::1/32,Proto

:=0|=1|=60,Port:=200,DPort:=200|=300,SPort:=100|=120|=140,ICMPType:=200|=100|=12

0|=140,ICMPCode:=200|=220|=230,TCPFlags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/105

0.0.0.0 0 100?

* > DEST:4::1/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 32768 ?

* i 0.0.0.0 100 0 ?

* e 0.0.0.0 0 100?

# Display information about all BGP VPNv6 Flowspec routes with the extended community attribute.

<Sysname> display bgp routing-table vpnv6 flowspec ext-community

BGP local router ID is 1::1

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 4

Route distinguisher: 1:3

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn Ext-Community

* >i DEST:2::1/32,Source:3::1/32,Proto:=0|=1|=60,Port:=200,DPort:=200|=300

,SPort:=100|=120|=140,ICMPType:=200|=100|=120|=140,ICMPCode:=200|=220|=230,TCPFl

ags:=255,Length:=1024,DSCP:=6|=2,Frag:=4/528

0.0.0.0 100 0 ? <RT 1:2>

* >i DEST:4::1/32,Proto:=0|=1|=60,DPort:=200,SPort:=100,ICMPType:=200/176

0.0.0.0 100 0 ? <RT 1:2>

Table 16 Command output

Field	Description
Status codes	Status codes: · * – valid—Valid route. · > – best—Optimal route. · d – dampened—Dampened route. · h – history—History route. · i – internal—Internal route. · e – external—External route. · s – suppressed—Suppressed route. · S – stale—Stale route.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ?– incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is incomplete.
Network	Destination network address.
NextHop	Next hop IP address.
MED	Multi-Exit Discriminator attribute.
LocPrf	Local preference value.
PrefVal	Preferred value of the route.
Path/Ogn	AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed. This attribute can avoid routing loops. · ORIGIN—Identifies the origin of the route.
Ext-Community	Extended community attribute.

# Display detailed information about BGP VPNv6 Flowspec route DPort:=1000/32.

<Sysname> display bgp routing-table vpnv6 flowspec DPort:=1000/32

BGP local router ID: 192.168.56.11

Local AS number: 1

Route distinguisher: 1:1(1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Imported route.

Original nexthop: 0.0.0.0

Out interface : NULL0

Route age : 00h00m26s

OutLabel : NULL

Ext-Community : <RT: 1:1>, <CO-Flag:Color(00:1)>

RxPathID : 0x0

TxPathID : 0x0

Org-validation : Valid

PrefixSID : N/A SID <111::1>

AS-path : (null)

Origin : igp

Attribute value : pref-val 32768

State : valid, local, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

# Display extended community attribute information for a BGP VPNv6 Flowspec route (DPort:=1000/32).

<Sysname> display bgp routing-table vpnv6 flowspec DPort:=1000/32 ext-cmmunity

BGP local router ID: 192.168.56.11

Local AS number: 1

Route distinguisher: 1:1(1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Ext-Community: <RT 1:1>

# Display AS-PATH attribute information for a BGP VPNv6 Flowspec route (DPort:=1000/32).

<Sysname> display bgp routing-table vpnv6 flowspec DPort:=1000/32 as-path

BGP local router ID: 192.168.56.11

Local AS number: 1

Route distinguisher: 1:1(1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

As-path: 100

# Display cluster ID attribute information for a BGP VPNv6 Flowspec route (DPort:=1000/32).

<Sysname> display bgp routing-table vpnv6 flowspec DPort:=1000/32 cluster-list

BGP local router ID: 192.168.56.11

Local AS number: 1

Route distinguisher: 1:1(1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of DPort:=1000/32:

Cluster list: 80

Table 17 Command output

Field	Description
Paths	Number of routes: · available—Number of valid routes. · best—Number of optimal routes.
Original nexthop	Original next hop of the route. If the route was obtained from a BGP UPDATE message, the original next hop is the next hop IP address in the message.
Out interface	Next hop output interface information.
Route age	Time elapsed since the most recent route update.
OutLabel	Outgoing label of the route.
Ext-Community	Extended community attribute.
RxPathID	Add-path ID of received routes.
TxPathID	Add-path ID of advertised routes.
Org-validation	BGP RPKI validation state: · Valid. · Not found. · Invalid.
PrefixSID	Prefix SID: · Label index—Label index. · SRGB—SRGB range.
AS-path	AS_PATH attribute of the route, which records the ASs the route has passed and avoids routing loops.
Origin	Origin of the route: · igp—Originated in the AS. · egp—Learned through EGP. · incomplete—Unknown origin.
Attribute value	BGP path attributes: · MED—MED value. · localpref—Local preference value. · pref-val—Preferred value. · pre—Route preference.
Originator	Peer that generated the route.
Cluster list	CLUSTER_LIST attribute of the route. If the route does not carry this attribute, this field is not displayed.
Advertised to VPN peers (1 in total)	Peers to which the route has been advertised.
State	Current state of the route: · valid. · internal. · external. · local. · synchronize. · best. · delay—The route will be delayed for optimal route selection. This field is displayed only in the detailed command output. · bgp-rib-only—The route will not be flushed to the routing table. This field is displayed only in the detailed command output. · not preferred for reason—Reason why the route is not selected as the optimal route. · not ECMP for reason—Reason why the route does not form ECMP routes with other routes.
IP precedence	IP precedence in the range of 0 to 7. N/A indicates that the route does not support this field.
QoS local ID	QoS local ID in the range of 1 to 4095. N/A indicates that the route does not support this field.
Traffic index	Traffic index in the range of 1 to 64. N/A indicates that the route does not support this field.

# Display statistics for BGP VPNv6 Flowspec routes advertised to peer 15.5.6.2 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 flowspec peer 15.5.6.2 advertised-routes statistics

Advertised routes total: 3

# Display statistics for BGP VPNv6 Flowspec routes received from peer 15.5.6.2 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 flowspec peer 15.5.6.2 received-routes statistics

Received routes total: 2

Table 18 Command output

Field	Description
Advertised routes total	Total number of advertised routes.
Received routes total	Total number of received routes.

# Display statistics for BGP VPNv6 Flowspec routes.

<Sysname> display bgp routing-table vpnv6 flowspec statistics

Total number of routes from all PEs: 4

Route distinguisher: 1:3

Total number of routes: 2

Route distinguisher: 1:5(vpn1)

Total number of routes: 5

Route distinguisher: 1:6

Total number of routes: 2

# Display statistics about all BGP VPNv6 Flowspec routes with the extended community attribute.

<Sysname> display bgp routing-table vpnv6 flowspec statistics ext-community

Total number of routes from all PEs: 4

Route distinguisher: 1:3

Total number of routes: 2

Route distinguisher: 1:5(vpn1)

Total number of routes: 5

Route distinguisher: 1:6

Total number of routes: 2

display flow-route

Use display flow-route to display Flowspec rule information on a Flowspec edge router.

Syntax

display flow-route { { ipv4 | ipv6 } all | flow-route-id } [ slot slot-number ]

display flow-route { { ipv4 | ipv6 } [ vpn-instance vpn-instance-name ] | flow-route-id } [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv4: Specifies IPv4 Flowspec rules.

ipv6: Specifies IPv6 Flowspec rules.

all: Specifies all Flowspec rules.

flow-route-id: Specifies a Flowspec rule by its ID in the range of 0 to fffffffffffffffe (hexadecimal).

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

flow-route-id: Specifies a Flowspec rule by its ID in the range of 0 to fffffffffffffffe (hexadecimal).

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the Flowspec rule information for the active MPU.

Usage guidelines

If multiple effective Flowspec rules exist, the device compares a packet with Flowspec rules in their display order in the command output.

Examples

# Display information about all IPv4 Flowspec rules.

<Sysname> display flow-route ipv4 all

Total number of IPv4 flow-routes: 5

Flow route (ID 0x0) (Failed)

Traffic filtering rules:

Destination IP : 1.2.3.4 255.255.255.255

Port : 22 33 44 55

Source IP : 2.3.4.5 255.255.255.255

Traffic filtering actions: (bgp.bgp3)

DSCP marking : 10

Redirecting to VPN instance : vpn3

Traffic filtering actions: (bgp.bgp1)(Inactive)

Traffic rate : 1000 kbps

Traffic filtering actions: (bgp.bgp2)(Inactive)

Redirecting to VPN target : 3:3

Statistics:

Matched : 0 packets, 0 bytes

Dropped : 0 packets, 0 bytes

Flow route (ID 0x1)

Traffic filtering rules:

Destination IP : 1.2.3.4 255.255.255.255

Traffic filtering actions: (bgp.bgp2)

Deny

Statistics:

Matched : 0 packets, 0 bytes

Transmitted : 0 packets, 0 bytes

Dropped : 0 packets, 0 bytes

Flow route (ID 0x2)

VPN instance : vpn1

Traffic filtering rules:

ICMP type : 23

Traffic filtering actions: (bgp.bgp2)

Traffic rate : 1000(kbps)

Redirecting to next-hop: 1.1.1.1

NID : 268435456

Statistics:

Matched : 0 packets, 0 bytes

Transmitted : 0 packets, 0 bytes

Dropped : 0 packets, 0 bytes

Flow route (ID 0x3)

BGP instance : default

VPN instance : vpn1

Traffic filtering rules:

Source port : 80

Traffic filtering actions:

Redirecting to VPN target : 3:3 (Inactive)

Statistics:

Matched : 0 packets, 0 bytes

Transmitted : 0 packets, 0 bytes

Dropped : 0 packets, 0 bytes

Flow route (ID 0x4)

VPN instance : vpn1

Traffic filtering rules:

Source port : 90

Traffic filtering actions: (bgp.bgp3)

Redirecting to SR-MPLS TE policy

NID: 16824674

Statistics:

Matched : 0 packets, 0 bytes

Transmitted : 0 packets, 0 bytes

Dropped : 0 packets, 0 bytes

# Display information about all IPv6 Flowspec rules.

<Sysname> display flow-route ipv6 all

Total number of IPv6 flow-routes: 3

Flow route (ID 0x0)

Traffic filtering rules:

Destination Ipv6 : 88:11:11::/123

Port : 22 33 44 55

Source Ipv6 : 66:11::/43

Traffic filtering actions: (bgp.bgp3)

DSCP marking : 10

Redirecting to VPN instance : vpn3

Statistics:

Matched : 0 packets, 0 bytes

Transmitted : 0 packets, 0 Bytes

Dropped : 0 packets, 0 bytes

Flow route (ID 0x1)

Traffic filtering rules:

Destination Ipv6 : 88:11:11::/123

Traffic filtering actions: (bgp.bgp3)

Deny

Statistics:

Matched : 0 packets, 0 bytes

Transmitted : 0 packets, 0 Bytes

Dropped : 0 packets, 0 bytes

Flow route (ID 0x2)

Traffic filtering rules:

Destination Ipv6 : 88:11:11::/123

Traffic filtering actions: (bgp.bgp3)

Redirecting to SRv6 TE policy

Forwarding ID: 16824365

SID : 5e::35

Statistics:

Matched : 0 packets, 0 bytes

Transmitted : 0 packets, 0 Bytes

Dropped : 0 packets, 0 bytes

Table 19 Command output

Field	Description
Flow route (ID 0x0)	Flowspec rule ID. The (Failed) attribute indicates that the Flowspec rule failed to be applied.
Traffic filtering actions: (bgp.bgp3)	bgp.bgp3 indicates that the actions are from the BGP instance named bgp3.
VPN instance	VPN instance where the Flowspec rule takes effect. If this field does not appear, the Flowspec rule takes effect in the public network.
Redirecting to VPN instance	Redirects packets to a VPN instance. If the route target for redirection cannot be mapped to a VPN instance, the redirection action does not take effect (indicated by Inactive enclosed in parenthesis). In addition, this field is displayed as Redirecting to VPN target.
Redirecting to next-hop	Redirects packets to a next hop. If the next hop is unreachable or invalid, the redirection action does not take effect (indicated by Inactive enclosed in parenthesis).
Forwarding ID	Forwarding entry index of the SRv6 TE policy.
SID	SID value (IPv6 address) of the egress node.
NID	Next Hop Label Forwarding Entry (NHLFE) index.

For information about other fields, see Table 3, Table 4, and Table 5.

flow-route ipv6

Use flow-route ipv6 to create an IPv6 Flowspec rule, or enter the view of an existing IPv6 Flowspec rule.

Use undo flow-route ipv6 to delete an IPv6 Flowspec rule.

Syntax

flow-route flowroute-name ipv6

undo flow-route flowroute-name ipv6

Default

Non IPv6 Flowspec rules exist.

Views

System view

Predefined user roles

network-admin

Parameters

flowroute-name: Specifies an IPv6 Flowspec rule name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

To delete an IPv6 Flowspec rule applied to a Flowspec IPv6 address family, perform the following tasks:

1. Execute the undo flow-route ipv6 command in Flowspec IPv6 address family view.

2. Execute the undo flow-route ipv6 command in system view.

Examples

# Create an IPv6 Flowspec rule named route1.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route1]

flow-route (system view)

Use flow-route to create an IPv4 Flowspec rule, or enter the view of an existing IPv4 Flowspec rule.

Use undo flow-route to delete an IPv4 Flowspec rule.

Syntax

flow-route flowroute-name

undo flow-route flowroute-name

Default

No IPv4 Flowspec rules exist.

Views

System view

Predefined user roles

network-admin

Parameters

flowroute-name: Specifies an IPv4 Flowspec rule name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

To delete an IPv4 Flowspec rule applied to a Flowspec IPv4 address family, perform the following tasks:

1. Execute the undo flow-route command in Flowspec IPv4 address family view.

2. Execute the undo flow-route command in system view.

Examples

# Create an IPv4 Flowspec rule named route1.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1]

flow-route (Flowspec IPv4 address family view, Flowspec IPv6 address family view)

Use flow-route to apply a Flowspec rule to a Flowspec IPv4 or IPv6 address family.

Use undo apply to remove a Flowspec rule from a Flowspec IPv4 or IPv6 address family.

Syntax

flow-route flowroute-name

undo flow-route flowroute-name

Default

No Flowspec rule is applied to a Flowspec IPv4 or IPv6 address family.

Views

Flowspec IPv4 address family view

Flowspec IPv6 address family view

Predefined user roles

network-admin

Parameters

flowroute-name: Specifies an existing Flowspec rule by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

If multiple Flowspec rules are applied to a Flowspec IPv4 or IPv6 address family, you can use the display flow-route command on a Flowspec edge router to display the match order of match criteria that are committed. If match criteria in multiple Flowspec rules can match a packet, the packet is matched by the match criterion that appears at the top.

Examples

# Apply Flowspec rule route1 to the Flowspec IPv4 address family in the public network.

<Sysname> system-view

[Sysname] flowspec

[Sysname-flowspec] address-family ipv4

[Sysname-flowspec-ipv4] flow-route route1

# Apply Flowspec rule route1 to the Flowspec IPv6 address family in the public network.

<Sysname> system-view

[Sysname] flowspec

[Sysname-flowspec] address-family ipv6

[Sysname-flowspec-ipv6] flow-route route1

flow-route flow-interface-group

Use flow-route flow-interface-group to associate a Flowspec rule with a Flowspec interface group.

Use undo flow-route flow-interface-group to restore the default.

Syntax

flow-route flowroute-name flow-interface-group group-id

undo flow-route flowroute-name flow-interface-group group-id

Default

A Flowspec rule is not associated with any Flowspec interface groups.

Views

Flowspec IPv4 address family view

Flowspec IPv6 address family view

Flowspec IPv4 VPN instance address family view

Flowspec IPv6 VPN instance address family view

Predefined user roles

network-admin

Parameters

flowroute-name: Specifies an existing Flowspec rule by its name, a case-sensitive string of 1 to 31 characters.

group-id: Specifies a Flowspec interface group by its ID in the range of 0 to 16383.

Usage guidelines

With this feature configured, the device can act as a Flowspec controller. When BGP advertises Flowspec routes, the BGP update messages carry the Flowspec rule associated with the specified interface group ID to advertise the Flowspec rule to the Flowspec clients.

· If the Flowspec interface group exists on a Flowspec client, the match criteria and actions in the Flowspec rule will be applied to interfaces in the Flowspec interface group.

· If the Flowspec interface group does not exist on the Flowspec client, the match criteria and actions in the Flowspec rule will be applied to all interfaces of the device.

A Flowspec rule can be associated with more than one Flowspec interface group, and vice versa.

To associate a Flowspec rule already applied in Flowspec IPv4/IPv6 address family view or Flowspec IPv4/IPv6 VPN instance family view with a Flowspec interface group, first execute the undo flow-route command to remove the Flowspec rule from the specified address family.

Examples

# Associate Flowspec rule route1 with Flowspec interface group 1.

<Sysname> system-view

[Sysname] flowspec

[Sysname-flowspec] address-family ipv4

[Sysname-flowspec-ipv4] flow-route route1 flow-interface-group 1

Related commands

flowspec flow-interface-group

flowspec

Use flowspec to enter Flowspec view.

Syntax

flowspec

Views

System view

Predefined user roles

network-admin

Examples

# Enter Flowspec view.

<Sysname> system-view

[Sysname] flowspec

[Sysname-flowspec]

if-match

Use if-match to configure a match criterion in a Flowspec rule.

Use undo if-match to delete a match criterion from a Flowspec rule.

Syntax

if-match match-criteria

undo if-match match-criteria

Default

No match criterion is configured in a Flowspec rule.

Views

IPv4 Flowspec rule view

IPv6 Flowspec rule view

Predefined user roles

network-admin

Parameters

match-criteria: Specifies a match criterion. Table 20 shows the available match criteria.

Table 20 Available match criteria

Match criterion type ID	Option	Description
1	destination-ip ipv4-address { mask-length \| mask }	Matches the destination IPv4 address of packets. The ipv4-address argument specifies an IPv4 address in dotted decimal notation. The mask-length argument specifies the mask length in the range of 0 to 32. The mask argument specifies the mask in dotted decimal notation.
1	destination-ipv6 { ipv6-address prefix-length \| ipv6-address/prefix-length }	Matches the destination IPv6 address of packets. The ipv6-address argument specifies an IPv6 address in sets of 16-bit hexadecimal values separated by colons (:). The prefix-length argument specifies the prefix length in the range of 0 to 128. The prefix-length argument cannot be 0.
2	source-ip ipv4-address { mask-length \| mask }	Matches the source IPv4 address of packets. The ipv4-address argument specifies an IPv4 address in dotted decimal notation. The mask-length argument specifies the mask length in the range of 0 to 32. The mask argument specifies the mask in dotted decimal notation.
2	source-ipv6 { ipv6-address prefix-length \| ipv6-address/prefix-length }	Matches the source IPv6 address of packets. The ipv6-address argument specifies an IPv6 address in sets of 16-bit hexadecimal values separated by colons (:). The prefix-length argument specifies the prefix length in the range of 0 to 128. The prefix-length argument cannot be 0.
3	protocol { proto-list \| proto-name&<1-8> }	Matches a protocol. The proto-list argument specifies a space-separated list of up to eight protocol items. Each item specifies a protocol or a range of protocols by numerical values in the form of proto-start to proto-end. The value for proto-end must be greater than or equal to the value for proto-start. The value range for the proto argument is 0 to 255. The proto-name argument specifies up to eight protocols by keyword. The available keywords are: icmp (1), igmp (2), ipinip (4), tcp (6), egp (8), udp (17), ipv6 (41), rsvp (46), gre (47), esp (50), ospf (89), and pim (103).
3	next-header { next-header-list \| next-header-name&<1-8> }	Matches the protocol in an IPv6 next header. The next-header-list argument specifies a space-separated list of up to eight protocol items. Each item specifies a protocol or a range of protocols by numerical values in the form of next-header-start to next-header-end. The value for next-header-end must be greater than or equal to the value for next-header-start. The value range for the next-header argument is 0 to 255. The next-header-name argument specifies up to eight protocols by keyword. The available keywords are: icmp (1), igmp (2), ipinip (4), tcp (6), egp (8), udp (17), ipv6 (41), rsvp (46), gre (47), esp (50), icmpv6 (58), ospf (89), and pim (103).
4	port port-list	Matches the source and destination port numbers of packets. The port-list argument specifies a space-separated list of up to eight port number items. Each item specifies a port number or a range of port numbers in the form of port-start to port-end. The value for port-end must be greater than or equal to the value for port-start. The value range for the port argument is 0 to 65535.
5	destination-port port-list	Matches the destination port number of packets. The port-list argument specifies a space-separated list of up to eight port number items. Each item specifies a port number or a range of port numbers in the form of port-start to port-end. The value for port-end must be greater than or equal to the value for port-start. The value range for the port argument is 0 to 65535.
6	source-port port-list	Matches the source port number of packets. The port-list argument specifies a space-separated list of up to eight port number items. Each item specifies a port number or a range of port numbers in the form of port-start to port-end. The value for port-end must be greater than or equal to the value for port-start. The value range for the port argument is 0 to 65535.
7	icmp-type type-list	Matches the ICMP type of packets. The type-list argument specifies a space-separated list of up to eight type items. Each item specifies a type or a range of types in the form of type-start to type-end. The value for type-end must be greater than or equal to the value for type-start. The value range for the type argument is 0 to 255.
8	icmp-code code-list	Matches the ICMP code of packets. The code-list argument specifies a space-separated list of up to eight code items. Each item specifies a code or a range of codes in the form of code-start to code-end. The value for code-end must be greater than or equal to the value for code-start. The value range for the code argument is 0 to 255.
9	tcp-flags { match \| not } tcp-flags [ any ]	Matches the TCP flag of packets. The match keyword indicates that the specified TCP flags are successful match criteria. The not keyword indicates that all TCP flags except the specified TCP flags are successful match criteria. The tcp-flags argument specifies a TCP flag value in the range of 0 to 63 (000000 to 111111). This field in the packet is a 6-bit binary value. If the binary value contains multiple 1s, the following rules apply to the not keyword: · On devices that forward packets in software, the not keyword indicates that all TCP flags except the specified TCP flags will be matched. For example, to match all packets except packets with TCP flag 000101, execute the if-match tcp-flags match not 5 command. The decimal TCP flag value 5 corresponds to the binary value 000101. · On devices that forward packets in hardware, the relationships between 1s is AND. For example, to match all packets with the second, fourth, fifth, and sixth bits as 1 in the TCP flag values, execute the if-match tcp-flags match not 5 command. The decimal TCP flag value 5 corresponds to the binary value 000101, and the inverse of 000101 is 111010. The implementation varies by device model. The any keyword matches all packets with the specified bit as 1 in the binary TCP flag values. · The if-match tcp-flags match tcp-flags any command matches all packets with the specified bit as 1 in the binary TCP flag values. For example, to match all packets with the first or third bit as 1 in the TCP flag values, execute the if-match tcp-flags match 5 any command. The decimal TCP flag value 5 corresponds to the binary value 000101. · For the if-match tcp-flags not tcp-flags any command: ¡ On devices that forward packets in software, the 1s in the inverse of the binary TCP flag are important. If the binary value contains multiple 1s, the relationships between 1s is OR. For example, to match all packets with the second, fourth, fifth, or sixth bit as 1 in the TCP flag values, execute the if-match tcp-flags match not 5 any command. The decimal TCP flag value 5 corresponds to the binary value 000101, and the inverse of 000101 is 111010. ¡ On devices that forward packets in hardware, the 0s in the inverse of the binary TCP flag are important. If the binary value contains multiple 0s, the relationships between 0s is AND. For example, to match all packets with the first and third bits as 0 in the TCP flag values, execute the if-match tcp-flags match not 5 any command. The decimal TCP flag value 5 corresponds to the binary value 000101, and the inverse of 000101 is 111010. The implementation varies by device model.
10	packet-length length-list	Matches the Layer 3 packet length (including Layer 3 header) of packets. The length-list argument specifies a space-separated list of up to 10 length items. Each item specifies a length value or a range of length values in the form of length-start to length-end. The value for length-end must be greater than or equal to the value for length-start. The value range for the length argument is 0 to 65535.
11	dscp { dscp-name&<1-8> \| dscp-list }	Matches the DSCP value of packets. The dscp-name argument specifies up to eight DSCP values by keyword. Table 2 shows the available keywords. The dscp-list argument specifies a space-separated list of up to eight DSCP values. Each item specifies a DSCP value or a range of DSCP values in the form of dscp-start to dscp-end. The value for dscp-end must be greater than or equal to the value for dscp-start. The value range for the dscp argument is 0 to 63.
12	fragment-type { match \| not } { fragment \| non-fragment \| fragment-spe-first }	Matches the fragment type. The match keyword indicates that the specified fragment type is a successful match criterion. The not keyword indicates that all fragment types except the specified fragment type are successful match criteria. The fragment keyword matches fragmented packets. The non-fragment keyword matches non-fragmented packets. The fragment-spe-first keyword matches the first fragment of fragmented packets.
13	flow-label flow-label-list	Matches the IPv6 flow label. The flow-label-list argument specifies a space-separated list of up to eight flow label items. Each item specifies a protocol or a range of protocols by numerical values in the form of flow-label-start to flow-label-end. The value for flow-label-end must be greater than or equal to the value for flow-label-start. The value range for the flow-label argument is 0 to 1048575.

Usage guidelines

In a single Flowspec rule, the following rules apply:

· The port port-list option is mutually exclusive with the source-port port-list or destination-port port-list option.

· The relationship among match criteria of different types is logic AND.

· The relationship among match criteria of the same type is logic OR.

If multiple Flowspec rules exist, the device matches the Flowspec rules in ascending order of match criterion type IDs. If a match is found, the matching process stops and the action in the matching Flowspec rule is applied. For the match order of the same-type match criteria, see section 5.1 in RFC 5575.

Examples

# Configure Flowspec rule route1 to match packets with destination IPv4 address 192.168.100.1/24.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match destination-ip 192.168.100.1 24

# Configure Flowspec rule route1 to match packets with destination port number 80.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match destination-port 80

# Configure Flowspec rule route1 to match packets with DSCP value af11.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match dscp af11

# Configure Flowspec rule route1 to match all fragmented packets.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match fragment-type match fragment

# Configure Flowspec rule route1 to match packets with ICMP code 0.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match icmp-code 0

# Configure Flowspec rule route1 to match packets with ICMP type 1.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match icmp-type 1

# Configure Flowspec rule route1 to match packets with the packet length in the range of 1200 to 1500 bytes.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match packet-length 1200 to 1500

# Configure Flowspec rule route1 to match packets with both the source and destination port numbers as 80.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match port 80

# Configure Flowspec rule route1 to match ICMP packets.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match protocol icmp

# Configure Flowspec rule route1 to match packets with source IPv4 address 192.168.100.1/24.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match destination-ip 192.168.100.1 24

# Configure Flowspec rule route1 to match packets with source port number 23.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match source-port 23

# Configure Flowspec rule route1 to match packets with TCP flag 6.

<Sysname> system-view

[Sysname] flow-route route1

[Sysname-flow-route-route1] if-match tcp-flags match 6

# Configure Flowspec rule route1 to match the IPv6 packets with destination IPv6 address 55:44:77::/24.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route1] if-match destination-ipv6 55:44:77:: 24

# Configure Flowspec rule route1 to match the IPv6 packets with flow label value 6.

<Sysname> system-view

[Sysname] flow-route route1 ipv6

[Sysname-flow-route-ipv6-route1] if-match flow-label 6

peer redirect ip rfc-compatible

Use peer redirect ip rfc-compatible to configure the attribute ID for the redirection next hop in Flowspec rules as the RFC-specified value.

Use undo peer redirect ip rfc-compatible to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect ip rfc-compatible

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect ip rfc-compatible

Default

The attribute ID for the redirection next hop in Flowspec rules is 0x0800.

Views

BGP IPv4 Flowspec address family view

BGP-VPN IPv4 Flowspec address family view

BGP-VPNv4 Flowspec address family view

BGP IPv6 Flowspec address family view

BGP-VPN IPv6 Flowspec address family view

BGP-VPNv6 Flowspec address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies a peer by its IPv4 address.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a mask length, all dynamic peers in the subnet are specified.

ipv6-address: Specifies a peer by its IPv6 address.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a prefix length in this command, all dynamic peers in the subnet are specified.

Usage guidelines

Both RFC 8956 and an IETF draft defined attribute IDs for the redirection next hop:

· In RFC 8956, the attribute ID for the redirection next hop is 0x010C in an IPv4 Flowspec route or 0x000C in an IPv6 Flowspec route.

· In the IETF draft, the attribute ID for the redirection next hop is 0x0800 in both IPv4 and IPv6 Flowspec routes.

To interoperate with a third-party device that does not support IETF-specified 0x0800, you can execute this command to configure the RFC-specified value.

Examples

# Configure the attribute ID for the redirection next hop in IPv4 Flowspec rules as the RFC-specified 0x010C.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 flowspec

[Sysname-bgp-default-flowspec-ipv4] peer 1.1.1.1 redirect ip rfc-compatible

peer redirect rt rfc-compatible

Use peer redirect rt rfc-compatible to configure the attribute ID for the redirection VPN target in Flowspec rules as the RFC-specified value.

Use undo peer redirect rt rfc-compatible to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect rt rfc-compatible

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect rt rfc-compatible

Default

The attribute ID for the redirection VPN target in Flowspec rules is 0x080B.

Views

BGP IPv4 Flowspec address family view

BGP-VPN IPv4 Flowspec address family view

BGP-VPNv4 Flowspec address family view

BGP IPv6 Flowspec address family view

BGP-VPN IPv6 Flowspec address family view

BGP-VPNv6 Flowspec address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies a peer by its IPv4 address.

ipv6-address: Specifies a peer by its IPv6 address.

Usage guidelines

Both RFC 8956 and an IETF draft defined attribute IDs for the redirection VPN target:

· In RFC 8956, the attribute ID for the redirection next hop is 0x000D.

· In the IETF draft, the attribute ID for the redirection next hop is 0x800B.

To interoperate with a third-party device that does not support IETF-specified 0x800B, you can execute this command to configure the RFC-specified value.

Examples

# Configure the attribute ID for the redirection VPN target in IPv6 Flowspec rules as the RFC-specified 0x000D.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv6 flowspec

[Sysname-bgp-default-flowspec-ipv6] peer 10::1 redirect rt rfc-compatible

peer redirect-color

Use peer redirect-color to apply the action of redirecting traffic matching the match criteria to the SR-MPLS TE policy or SRv6 TE policy matching a Flowspec route with the color attribute received from a peer or peer group.

Use undo peer redirect-color to disable the action of redirecting traffic matching the match criteria to the SR-MPLS TE policy or SRv6 TE policy matching a Flowspec route with the color attribute received from a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect-color [ sr-policy ]

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect-color

Default

If a received Flowspec route carries the color attribute and has an IPv4 address next hop, the device matches the Flowspec route with the SR-MPLS TE policy. If the match succeeds, the traffic matching the match criteria is redirected to the SR-MPLS TE policy.

If a received Flowspec route carries the color attribute and has an IPv6 address next hop, the device matches the Flowspec route with the SRv6 TE policy. If the match succeeds, the traffic matching the match criteria is redirected to the SRv6 TE policy.

Views

BGP IPv4 Flowspec address family view

BGP-VPN IPv4 Flowspec address family view

BGP-VPN IPv6 Flowspec address family view

BGP IPv6 Flowspec address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The specified peer group must already exist.

ipv4-address: Specifies a peer by its IPv4 address. The specified peer must already exist.

ipv6-address: Specifies a peer by its IPv6 address. The specified peer must already exist.

sr-policy: Redirects traffic matching the match criteria to the SR-MPLS TE policy.

Usage guidelines

After the device receives a Flowspec route with the color attribute, it matches the next-hop address and the color attribute with the end point and color values in the SR-MPLS TE policy or SRv6 TE policy. If the match succeeds, the device redirects the traffic matching the match criteria to the SR-MPLS TE policy or SRv6 TE policy.

The end point in an SR-MPLS TE policy can be an IPv4 or IPv6 address:

· If you do not specify the sr-policy keyword, the next-hop address of the Flowspec route is an IPv4 address, and the device matches the Flowspec route with the SR-MPLS TE policy. If the match succeeds, the device redirects the traffic matching the match criteria to the SR-MPLS TE policy. If the next-hop address of the Flowspec route is an IPv6 address, the device matches the Flowspec route with the SRv6 TE policy. If the match succeeds, the device redirects the traffic matching the match criteria to the SRv6 TE policy.

· If you do not specify the sr-policy keyword, the next-hop address of the Flowspec route is an IPv4 address and an IPv6 address, and the device matches the Flowspec route with the SR-MPLS TE policy. The device redirects the traffic matching the match criteria to only the SR-MPLS TE policy.

After the undo peer redirect-color command is executed, Flowspec routes with the color attribute are not redirected to the SR-MPLS TE policy or SRv6 TE policy based on the color attribute.

Examples

# In BGP IPv4 Flowspec address family view, apply the action of redirecting traffic matching a Flowspec rule to the SR-MPLS TE policy matching the Flowspec route with the color attribute received from a peer or peer group..

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 flowspec

[Sysname-bgp-default-flowspec-ipv4] peer test redirect-color sr-policy

peer redirect-nexthop

Use peer redirect-nexthop to apply the action of redirecting to a next hop in Flowspec rules.

Use undo peer redirect-nexthop to disable the action of redirecting to a next hop in Flowspec rules.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect-nexthop

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } redirect-nexthop

Default

The action of redirecting to a next hop in Flowspec rules is applied.

Views

BGP IPv4 Flowspec address family view

BGP-VPN IPv4 Flowspec address family view

BGP-VPN IPv6 Flowspec address family view

BGP IPv6 Flowspec address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies a peer by its IPv4 address.

ipv6-address: Specifies a peer by its IPv6 address.

Examples

# In BGP IPv4 Flowspec address family view, disable the action redirecting to a next hop in Flowspec rules received from peer group test.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 flowspec

[Sysname-bgp-default-flowspec-ipv4] undo peer test redirect-nexthop

peer validation-disable

Use peer validation-disable to disable validation of Flowspec rules from BGP Flowspec peers.

Use undo peer validation-disable to enable this function.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } validation-disable

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } validation-disable

Default

Flowspec rules from BGP Flowspec peers are validated.

Views

BGP IPv4 Flowspec address family view

BGP-VPN IPv4 Flowspec address family view

BGP IPv6 Flowspec address family view

BGP-VPN IPv6 Flowspec address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies an existing peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies an existing peer by its IPv4 address.

mask-length: Specifies a mask length in the range of 0 to 32. If you specify a mask length, all dynamic peers in the subnet are specified.

ipv6-address: Specifies an existing peer by its IPv6 address.

prefix-length: Specifies a prefix length in the range of 0 to 128. If you specify a prefix length, all dynamic peers in the subnet are specified.

Usage guidelines

When the device receives a Flowspec rule with a destination IP address match criterion, it looks up the destination IP address in the routing table for the best unicast route. The validation succeeds if the following conditions exist:

· The unicast route is a BGP route.

· The sender of the BGP route is the same as the sender of the Flowspec rule.

If you want to use a destination IP address that cannot pass the validation as a match criterion, disable this function.

Examples

# In BGP IPv4 Flowspec address family view of the default BGP instance, disable validation of Flowspec rules from BGP Flowspec peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 flowspec

[Sysname-bgp-default-ipv4-flowspec] peer 1.1.1.1 validation-disable

# In BGP IPv6 Flowspec address family view of the default BGP instance, disable validation of Flowspec rules from BGP Flowspec peer 1:1::1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv6 flowspec

[Sysname-bgp-default-ipv6-flowspec] peer 1:1::1 validation disable

peer validation-redirect-disable

Use peer validation-redirect-disable to disable validation of the redirection next hops in Flowspec rules from BGP Flowspec peers.

Use undo peer validation-redirect-disable to enable this function.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } validation-redirect-disable

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } validation-redirect-disable

Default

The redirection next hops in Flowspec rules from BGP Flowspec peers are validated.

Views

BGP IPv4 Flowspec address family view

BGP-VPN IPv4 Flowspec address family view

BGP IPv6 Flowspec address family view

BGP-VPN IPv6 Flowspec address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies an existing peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies an existing peer by its IPv4 address.

mask-length: Specifies a mask length in the range of 0 to 32. If you specify a mask length, all dynamic peers in the subnet are specified.

ipv6-address: Specifies an existing peer by its IPv6 address.

prefix-length: Specifies a prefix length in the range of 0 to 128. If you specify a prefix length, all dynamic peers in the subnet are specified.

Usage guidelines

When the device receives a Flowspec rule with a redirect-to-nexthop action, it looks up the next hop IP address in the routing table for the best unicast route. The validation succeeds if the following conditions exist:

· The unicast route is a BGP route.

· The first AS number of the route is the same as the AS number of the BGP peer that sends the Flowspec rule.

To redirect packets to a next hop that cannot pass the validation, disable this function.

Only EBGP peers support this command.

Examples

# In BGP IPv4 Flowspec address family view, disable validation of the redirection next hops in Flowspec rules from BGP Flowspec peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 flowspec

[Sysname-bgp-default-ipv4-flowspec] peer 1.1.1.1 validation-redirect-disable

# In BGP IPv6 Flowspec address family view, disable validation of the redirection next hops in Flowspec rules from BGP Flowspec peer 1:1::1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv6 flowspec

[Sysname-bgp-default-ipv6-flowspec] peer 1:1::1 validation-redirect-disable

policy vpn-target

Use policy vpn-target to enable route target filtering of received VPN routes. The VPN routes whose export route target attribute matches the local import route target attribute are added to the routing table.

Use undo policy vpn-target to disable route target filtering, permitting all incoming VPN routes.

Syntax

policy vpn-target

undo policy vpn-target

Default

The route target filtering feature is enabled for received VPN routes.

Views

BGP VPNv4 Flowspec address family view

BGP VPNv6 Flowspec address family view

Predefined user roles

network-admin

Usage guidelines

To reflect all received VPN routes to clients without adding them to the routing table, execute the undo policy vpn-target command.

Examples

# Disable route target filtering of received VPNv4 routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] undo policy vpn-target

redirect ip recursive-lookup tunnel

Use redirect ip recursive-lookup tunnel to enable recursion to tunnels for Flowspec rules with an action of redirecting to a next hop.

Use undo redirect ip recursive-lookup tunnel to restore the default.

Syntax

redirect ip recursive-lookup tunnel [ tunnel-selector tunnel-selector-name ]

undo redirect ip recursive-lookup tunnel

Default

Recursion to tunnels is disabled for Flowspec rules with an action of redirecting to a next hop.

Views

BGP IPv4 Flowspec address family view

BGP IPv6 Flowspec address family view

Predefined user roles

network-admin

Parameters

tunnel-selector tunnel-selector-name: Specifies a tunnel selector by its name, a case-sensitive string of 1 to 40 characters. If you do not specify a tunnel selector, the device uses the default tunnel selection order to select tunnels. For information about route recursion, see basic BGP configuration in Layer 3—IP Routing Configuration Guide. For information about tunnel selectors, see tunnel policy configuration in MPLS Configuration Guide.

Examples

# Enable recursion to tunnels for IPv4 Flowspec rules with an action of redirecting to a next hop.

<Sysname> system-view

[Sysname] bgp 200

[Sysname-bgp-default] address-family ipv4 flowspec

[Sysname-bgp-default-flowspec-ipv4] redirect ip recursive-lookup tunnel tunnel-selector bgp

reset flow-route statistics

Use reset flow-route statistics to clear Flowspec rule statistics.

Syntax

reset flow-route statistics { all | { ipv4 | ipv6 } [ all | vpn-instance vpn-instance-name ]| flow-route-id }

Views

User view

Predefined user roles

network-admin

Parameters

all: Specifies all Flowspec rules.

ipv4: Specifies IPv4 Flowspec rules.

ipv6: Specifies IPv6 Flowspec rules.

flow-route-id: Specifies a Flowspec rule by its ID in the range of 0 to fffffffffffffffe (hexadecimal).

Examples

# Clear statistics for all IPv4 Flowspec rules in the public network.

<Sysname> reset flow-route statistics ipv4

# Clear statistics for all IPv6 Flowspec rules in the public network.

<Sysname> reset flow-route statistics ipv6

Related commands

display flow-route

route-distinguisher

Use route-distinguisher to configure a route distinguisher (RD).

Use undo route-distinguisher to restore the default.

Syntax

route-distinguisher route-distinguisher

undo route-distinguisher

Default

No RD is configured.

Views

VPN instance view

VPN instance IPv4 Flowspec family address view

Predefined user roles

network-admin

Parameters

route-distinguisher: Specifies an RD, a string of 3 to 21 characters in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

Usage guidelines

RDs enable VPNs to use the same address space. An RD and an IPv4 prefix form a unique VPN-IPv4 prefix.

If you configure an RD for a VPN instance, all address families in the VPN instance must use the same RD as the VPN instance.

If you do not configure an RD for a VPN instance, address families in the VPN instance can use different RDs.

To configure an RD for a VPN instance, make sure either of the following conditions exists:

· No RDs have been configured for address families in the VPN instance.

In this case, the RD of the VPN instance will be synchronized to all address families in the VPN instance.

· All address families in the VPN instance use the same RD.

In this case, you must configure the same RD as the address families for the VPN instance.

When you remove the RD from an address family, the RD will also be removed from the VPN instance of the address family.

To guarantee global uniqueness for a VPN-IPv4 address, do not set the AS number or IP address in an RD to any private AS number or private IP address.

To modify an RD, execute the undo route-distinguisher command to remove the RD and then execute the route-distinguisher command.

Examples

# Configure RD 22:1 for the IPv4 Flowspec family address of VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4 flowspec

[Sysname-vpn-flowspec-ipv4-vpn1] route-distinguisher 22:1

vpn-target

Use vpn-target to configure route targets for a VPN instance.

Use undo vpn-target to remove the specified or all route targets of a VPN instance.

Syntax

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

undo vpn-target { all | vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] }

Default

No route targets are configured for a VPN instance.

Views

VPN instance view

VPN instance IPv4 Flowspec family address view

Predefined user roles

network-admin

Parameters

vpn-target&<1-8>: Specifies a space-separated list of up to eight route targets.

A route target is a string of 3 to 21 characters in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the AS number must not be less than 65536. For example, 65536:1.

both: Uses the specified route targets as both import targets and export targets. The both keyword is also used when you do not specify any of the following keywords: both, export-extcommunity, and import-extcommunity.

export-extcommunity: Uses the specified route targets as export targets.

import-extcommunity: Uses the specified route targets as import targets.

all: Removes all route targets.

Usage guidelines

MPLS L3VPN uses route targets to control the advertisement of VPN routing information. A PE adds the configured export targets into the route target attribute of routes advertised to a peer. The peer uses the local import targets to match the route targets of received routes. If a match is found, the peer adds the routes to the routing table of the VPN instance.

You can repeat the vpn-target command to configure multiple route targets.

Route targets configured in VPN instance view applies to the IPv4 Flowspec family address and the IPv6 Flowspec family address of the VPN instance. Route targets configured in VPN instance IPv4 Flowspec family address view apply only to the IPv4 Flowspec family address of the VPN instance.

Route targets configured in VPN instance IPv4 Flowspec family address view have higher priority than route targets configured in VPN instance view.

Examples

# Configure route targets for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[Sysname-vpn-instance-vpn1] vpn-target 4:4 import-extcommunity

[Sysname-vpn-instance-vpn1] vpn-target 5:5 both

13-ACL and QoS Command Reference

address-family ipv4

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

Company Information

News & Events

Contact Us