Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-MCE commands | 115.78 KB |
Contents
address-family ipv4 (VPN instance view)
description (VPN instance view)
route-distinguisher (VPN instance view)
vpn-instance-capability simple (OSPF view)
address-family ipv6 (VPN instance view)
vpn-instance-capability simple (OSPFv3 view)
MCE commands
address-family ipv4 (VPN instance view)
Use address-family ipv4 to enter VPN instance IPv4 address family view.
Use undo address-family ipv4 to remove all configurations from VPN instance IPv4 address family view.
Syntax
address-family ipv4
undo address-family ipv4
Views
VPN instance view
Predefined user roles
network-admin
Usage guidelines
In VPN instance IPv4 address family view, you can configure IPv4 VPN parameters such as inbound and outbound routing policies.
Examples
# Enter VPN instance IPv4 address family view.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] address-family ipv4
[Sysname-vpn-ipv4-vpn1]
Related commands
address-family ipv6 (VPN instance view)
description (VPN instance view)
Use description to configure a description for a VPN instance.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is configured for a VPN instance.
Views
VPN instance view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 79 characters.
Examples
# Configure a description of This is vpn1 for VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] description This is vpn1
display ip vpn-instance
Use display ip vpn-instance to display information about VPN instances.
Syntax
display ip vpn-instance [ instance-name vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance-name vpn-instance-name: Displays information about the specified VPN instance. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays brief information about all VPN instances.
Examples
# Display brief information about all VPN instances.
<Sysname> display ip vpn-instance
Total VPN-Instances configured : 1
VPN-Instance Name RD Create time
abc 1:1 2019/12/18 10:48:17
Table 1 Command output
|
Field |
Description |
|
VPN-Instance Name |
Name of the VPN instance. |
|
RD |
RD of the VPN instance. |
|
Create Time |
Time when the VPN instance was created. |
# Display detailed information about VPN instance vpn1.
<Sysname> display ip vpn-instance instance-name vpn1
VPN-Instance Name and Index : vpn1, 2
Route Distinguisher : 100:1
VPN ID : 1:1
Description : vpn1
Interfaces : Vlan-interface2
Address-family IPv4:
Export VPN Targets :
2:2
Import VPN Targets :
3:3
Export Route Policy : outpolicy
Import Route Policy : inpolicy
Maximum Routes Limit : 500
Threshold Value(%): 50
Address-family IPv6:
Export VPN Targets :
2:2
Import VPN Targets :
3:3
Export Route Policy : outpolicy
Import Route Policy : inpolicy
Tunnel Policy : tunnel1
Maximum Routes Limit :500
Threshold Value(%): 50
Table 2 Command output
|
Field |
Description |
|
Route Distinguisher |
Route distinguisher of the VPN instance. |
|
Interfaces |
Interfaces that are associated with the VPN instance. |
|
Address-family IPv4 |
IPv4 VPN information. |
|
Address-family IPv6 |
IPv6 VPN information. |
|
Export VPN Targets |
Export route targets. |
|
Import VPN Targets |
Import route targets. |
|
Export Route Policy |
Routing policy in the outbound direction. |
|
Import Route Policy |
Routing policy in the inbound direction. |
|
Maximum Routes Limit |
Maximum number of routes. |
|
Threshold Value(%) |
Alarm threshold for number of active routes. |
export route-policy
Use export route-policy to apply an export routing policy to a VPN instance.
Use undo export route-policy to restore the default.
Syntax
export route-policy route-policy
undo export route-policy
Default
No export routing policy is applied to a VPN instance.
Views
VPN instance view
VPN instance IPv4 address family view
VPN instance IPv6 address family view
Predefined user roles
network-admin
Parameters
route-policy: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
You can specify an export routing policy to filter advertised routes or modify their route attributes for the VPN instance.
If you execute this command multiple times, the most recent configuration takes effect.
An export routing policy specified in VPN instance view applies to both IPv4 VPN and IPv6 VPN. An export routing policy specified in VPN instance IPv4 address family view applies only to IPv4 VPN. An export routing policy specified in VPN instance IPv6 address family view applies only to IPv6 VPN.
If you have specified export routing policies in both VPN instance IPv4 address family view and VPN instance view, IPv4 VPN uses the export routing policy specified in VPN instance IPv4 address family view.
If you have specified export routing policies in both VPN instance IPv6 address family view and VPN instance view, IPv6 VPN uses the export routing policy specified in VPN instance IPv6 address family view.
Examples
# Apply export routing policy poly-1 to VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] export route-policy poly-1
Related commands
import route-policy
route-policy (Layer 3—IP Routing Command Reference)
import route-policy
Use import route-policy to apply an import routing policy to a VPN instance.
Use undo import route-policy to restore the default.
Syntax
import route-policy route-policy
undo import route-policy
Default
All routes matching the import target attribute are accepted.
Views
VPN instance view
VPN instance IPv4 address family view
VPN instance IPv6 address family view
Predefined user roles
network-admin
Parameters
route-policy: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
You can specify an import routing policy to filter received routes or modify their route attributes for the VPN instance.
If you execute this command multiple times, the most recent configuration takes effect.
An import routing policy specified in VPN instance view applies to both IPv4 VPN and IPv6 VPN. An import routing policy specified in VPN instance IPv4 address family view applies only to IPv4 VPN. An import routing policy specified in VPN instance IPv6 address family view applies only to IPv6 VPN.
If you have specified import routing policies in both VPN instance IPv4 address family view and VPN instance view, IPv4 VPN uses the import routing policy specified in VPN instance IPv4 address family view.
If you have specified import routing policies in both VPN instance IPv6 address family view and VPN instance view, IPv6 VPN uses the import routing policy specified in VPN instance IPv6 address family view.
Examples
# Apply import routing policy poly-1 to VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] import route-policy poly-1
Related commands
export route-policy
route-policy (Layer 3—IP Routing Command Reference)
ip binding vpn-instance
Use ip binding vpn-instance to associate an interface with a VPN instance.
Use undo ip binding vpn-instance to restore the default.
Syntax
ip binding vpn-instance vpn-instance-name
undo ip binding vpn-instance
Default
An interface is associated with no VPN instance and belongs to the public network.
Views
Interface view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
|
|
CAUTION: This command or its undo form clears the IP address and routing protocol configuration on the interface. |
Use this command to associate the VPN instance with the interface connected to the CE.
The specified VPN instance must have been created by using the ip vpn-instance command in system view.
To associate a new VPN instance with an interface, first execute the undo ip binding vpn-instance command to remove the existing association.
Examples
# Associate VLAN-interface 1 with VPN instance vpn1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ip binding vpn-instance vpn1
Related commands
ip vpn-instance (system view)
ip vpn-instance (system view)
Use ip vpn-instance to create a VPN instance and enter its view, or enter the view of an existing VPN instance.
Use undo ip vpn-instance to delete a VPN instance.
Syntax
ip vpn-instance vpn-instance-name
undo ip vpn-instance vpn-instance-name
Default
No VPN instances exist.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies a VPN instance name, a case-sensitive string of 1 to 31 characters.
Examples
# Create a VPN instance named vpn1 and enter its view.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1]
Related commands
route-distinguisher
route-distinguisher (VPN instance view)
Use route-distinguisher to configure an RD for a VPN instance.
Use undo route-distinguisher to restore the default.
Syntax
route-distinguisher route-distinguisher
undo route-distinguisher
Default
No RD is specified for a VPN instance.
Views
VPN instance view
Predefined user roles
network-admin
Parameters
route-distinguisher: Specifies an RD for the VPN instance, a string of 3 to 21 characters in one of the following formats:
· 16-bit AS number:32-bit user-defined number. For example, 101:3.
· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.
· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.
Usage guidelines
RDs enable VPNs to use the same address space. An RD and an IPv4 prefix form a unique VPN-IPv4 prefix.
To guarantee global uniqueness for a VPN-IPv4 address, do not set the AS number or IP address in an RD to any private AS number or private IP address.
To modify an RD, execute the undo route-distinguisher command to remove the RD and then execute the route-distinguisher command.
Examples
# Configure RD 22:1 for VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] route-distinguisher 22:1
routing-table limit
Use routing-table limit to set the maximum number of active routes in a VPN instance.
Use undo routing-table limit to restore the default.
Syntax
routing-table limit number { warn-threshold | simply-alert }
undo routing-table limit
Default
The number of active routes in a VPN instance is not limited.
Views
VPN instance view
VPN instance IPv4 address family view
VPN instance IPv6 address family view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of active routes. The value range for this argument is 1 to 32768 in VPN instance view, 1 to 65536 in VPN instance IPv4 address family view, and 1 to 32768 in VPN instance IPv6 address family view.
warn-threshold: Specifies a warning threshold in the range of 1 to 100 in percentage. When the percentage of the existing active routes to the maximum active routes exceeds the threshold, the system gives a log message but still allows new active routes. If active routes in the VPN instance reach the maximum, no more active routes are added.
simply-alert: Specifies that when active routes exceed the maximum number, the system still accepts active routes but generates a log message.
Usage guidelines
Setting the maximum number of active routes for a VPN instance can prevent a PE from learning too many routes.
A limit configured in VPN instance view applies to both the IPv4 VPN and the IPv6 VPN. A limit configured in VPN instance IPv4 address family view applies only to the IPv4 VPN. A limit configured in VPN instance IPv6 address family view applies only to the IPv6 VPN.
If you have specified the limit in both VPN instance IPv4 address family view and VPN instance view, IPv4 VPN uses the limit specified in VPN instance IPv4 address family view.
If you have specified the limit in both VPN instance IPv6 address family view and VPN instance view, IPv6 VPN uses the limit specified in VPN instance IPv6 address family view.
Examples
# Specify that VPN instance vpn1 supports a maximum of 1000 active routes. When active routes exceed this limit, the device can receive new active routes but generates a log message.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] route-distinguisher 100:1
[Sysname-vpn-instance-vpn1] routing-table limit 1000 simply-alert
vpn-id
Use vpn-id to configure a VPN ID for a VPN instance.
Use undo vpn-id to restore the default.
Syntax
vpn-id vpn-id
undo vpn-id
Default
No VPN ID is configured for a VPN instance.
Views
VPN instance view
Predefined user roles
network-admin
Parameters
vpn-id: Specifies a VPN ID for the VPN instance, in the form of OUI:Index. The OUI is a hexadecimal number in the range of 0 to FFFFFF, and the index is a hexadecimal number in the range of 0 to FFFFFFFF.
Usage guidelines
A VPN ID uniquely identifies a VPN instance. Different VPN instances must have different VPN IDs.
A VPN ID cannot be 0:0.
Examples
# Configure VPN ID 20:1 for VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] vpn-id 20:1
Related commands
display ip vpn-instance
vpn-instance-capability simple (OSPF view)
Use vpn-instance-capability simple to disable routing loop detection for a VPN OSPF process.
Use undo vpn-instance-capability to enable routing loop detection for a VPN OSPF process.
Syntax
vpn-instance-capability simple
undo vpn-instance-capability
Default
Routing loop detection is enabled for a VPN OSPF process.
Views
OSPF view
Predefined user roles
network-admin
Usage guidelines
For the MCE to receive OSPF routes from the PE, you must disable routing loop detection for a VPN OSPF process on the MCE.
This command is applicable only to VPN OSPF processes.
Examples
# Disable routing loop detection for VPN OSPF process 100.
<Sysname> system-view
[Sysname] ospf 100 vpn-instance vpna
[Sysname-ospf-100] vpn-instance-capability simple
vpn-target
Use vpn-target to configure route targets for a VPN instance.
Use undo vpn-target to remove the specified or all route targets of a VPN instance.
Syntax
vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]
undo vpn-target { all | vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] }
Default
No route targets are configured for a VPN instance.
Views
VPN instance view
VPN instance IPv4 address family view
VPN instance IPv6 address family view
Predefined user roles
network-admin
Parameters
vpn-target&<1-8>: Specifies a space-separated list of up to eight route targets.
A route target is a string of 3 to 21 characters in one of the following formats:
· 16-bit AS number:32-bit user-defined number. For example, 101:3.
· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.
· 32-bit AS number:16-bit user-defined number, where the AS number must not be less than 65536. For example, 65536:1.
both: Uses the specified route targets as both import targets and export targets. The both keyword is also used when you do not specify any of the following keywords: both, export-extcommunity, and import-extcommunity.
export-extcommunity: Uses the specified route targets as export targets.
import-extcommunity: Uses the specified route targets as import targets.
all: Removes all route targets.
Usage guidelines
MPLS L3VPN uses route targets to control the advertisement of VPN routing information. A PE adds the configured export targets into the route target attribute of routes advertised to a peer. The peer uses the local import targets to match the route targets of received routes. If a match is found, the peer adds the routes to the routing table of the VPN instance.
If you repeat this command, all the configured route targets take effect.
Route targets configured in VPN instance view apply to both the IPv4 VPN and the IPv6 VPN. Route targets configured in VPN instance IPv4 address family view apply only to the IPv4 VPN. Route targets configured in VPN instance IPv6 address family view apply only to the IPv6 VPN.
IPv4 VPN prefers the route targets configured in VPN instance IPv4 address family view over those configured in VPN instance view.
IPv6 VPN prefers the route targets configured in VPN instance IPv6 address family view over those configured in VPN instance view.
Examples
# Configure route targets for VPN instance vpn1.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity
[Sysname-vpn-instance-vpn1] vpn-target 4:4 import-extcommunity
[Sysname-vpn-instance-vpn1] vpn-target 5:5 both
IPv6 MCE commands
This chapter describes only IPv6 MCE-specific commands. For information about the commands available for both IPv4 MCE and IPv6 MCE, see "MCE commands."
address-family ipv6 (VPN instance view)
Use address-family ipv6 to enter VPN instance IPv6 address family view.
Use undo address-family ipv6 to remove all configurations from VPN instance IPv6 address family view.
Syntax
address-family ipv6
undo address-family ipv6
Views
VPN instance view
Predefined user roles
network-admin
Usage guidelines
In VPN instance IPv6 address family view, you can configure IPv6 VPN parameters such as inbound and outbound routing policies.
Examples
# Enter VPN instance IPv6 address family view.
<Sysname> system-view
[Sysname] ip vpn-instance vpn1
[Sysname-vpn-instance-vpn1] address-family ipv6
[Sysname-vpn-ipv6-vpn1]
Related commands
address-family ipv4 (VPN instance view)
vpn-instance-capability simple (OSPFv3 view)
Use vpn-instance-capability simple to disable routing loop detection for a VPN OSPFv3 process.
Use undo vpn-instance-capability to enable routing loop detection for a VPN OSPFv3 process.
Syntax
vpn-instance-capability simple
undo vpn-instance-capability
Default
Routing loop detection is enabled for a VPN OSPFv3 process.
Views
OSPFv3 view
Predefined user roles
network-admin
Usage guidelines
For the MCE to receive OSPFv3 routes from the PE, you must disable routing loop detection for a VPN OSPFv3 process on the MCE.
This command is applicable only to VPN OSPFv3 processes.
Examples
# Disable routing loop detection for VPN OSPFv3 process 100.
<Sysname> system-view
[Sysname] ospfv3 100 vpn-instance vpn1
[Sysname-ospfv3-100] vpn-instance-capability simple
