MSDP commands


Use cache-sa-enable to enable the SA message cache mechanism to cache the (S, G) entries contained in SA messages.

Use undo cache-sa-enable to disable the SA message cache mechanism.



undo cache-sa-enable


The SA message cache mechanism is enabled, and the device caches the (S, G) entries contained in received SA messages.


MSDP view

Predefined user roles



# Enable the SA message cache mechanism on the public network, so that the device caches the (S, G) entries contained in the received SA messages.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] cache-sa-enable

Related commands

display msdp sa-cache

display msdp sa-count

display msdp brief

Use display msdp brief to display brief information about MSDP peers.


display msdp [ vpn-instance vpn-instance-name ] brief [ state { connect | disabled | established | listen | shutdown } ]


Any view

Predefined user roles




vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays brief information about MSDP peers on the public network.

state: Specifies a state. If you do not specify this keyword, the command displays brief information about MSDP peers in all states.

connect: Specifies the connecting state.

disabled: Specifies the connection failure state.

established: Specifies the session state.

listen: Specifies the listening state.

shutdown: Specifies the shutdown state.


# Display brief information about MSDP peers in all states on the public network.

<Sysname> display msdp brief

Configured   Established  Listen       Connect      Shutdown     Disabled

1            1            0            0            0            0


Peer address    State       Up/Down time    AS         SA count   Reset count     Established 00:00:13        100        0          0

Table 1 Command output




Number of MSDP peers that have been configured.


Number of MSDP peers in established state.


Number of MSDP peers in listening state.


Number of MSDP peers in connecting state.


Number of MSDP peers in shutdown state.


Number of MSDP peers in connection failure state.

Peer address

MSDP peer address.


MSDP peer status:

·     Established—A session has been established and the MSDP peer is in session.

·     Listen—A session has been established and the local device acts as the server in listening state.

·     Connect—A session is not established and the local device acts as a client in connecting state.

·     Shutdown—The session has been torn down.

·     Down—The connection failed.

Up/Down time

Length of time since the MSDP peering connection was established or torn down.


Number of the AS where the MSDP peer is located.

This field is displayed only for an MSDP peer configured by using the peer enable command in BGP IPv4 multicast address view.

If the system could not obtain the AS number, this field displays a question mark (?).

SA count

Number of (S, G) entries in the SA cache.

Reset count

MSDP peering connection reset times.


display msdp non-stop-routing status

Use display msdp non-stop-routing status to display MSDP NSR status information.


display msdp non-stop-routing status


Any view

Predefined user roles




# Display MSDP NSR status information.

<Sysname> display msdp non-stop-routing status

 MSDP NSR status: Not ready

 Location of preferred standby process: -

 TCP NSR status: Not ready

Table 2 Command output



MSDP NSR status

MSDP NSR status:

·     Ready—MSDP NSR has backed up MSDP peer and remote source information from the active process to standby processes. In this state, MSDP NSR can ensure continuous routing when an active/standby process switchover occurs.

·     Not ready—MSDP NSR is backing up MSDP peer and remote multicast source information from the active process to the standby process. If an active/standby process switchover occurs in this state, traffic is interrupted.

·     Not configured—MSDP NSR is disabled.

Location of preferred standby process

Number of the slot where the preferred standby process resides.

TCP NSR status

TCP NSR status:

·     Ready—TCP NSR has backed up TCP connection information from the active process to standby processes.

·     Not ready—TCP NSR is backing up TCP connection information from the active process to standby processes.


display msdp peer-status

Use display msdp peer-status to display detailed status information for MSDP peers.


display msdp [ vpn-instance vpn-instance-name ] peer-status [ peer-address ]


Any view

Predefined user roles




vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays detailed status information for MSDP peers on the public network.

peer-address: Specifies an MSDP peer by its address. If you do not specify an MSDP peer, this command displays detailed status information for all MSDP peers.


# Display detailed status information for MSDP peer on the public network.

<Sysname> display msdp peer-status

MSDP peer; AS 100


 Information about connection status:

   State: Disabled

   Up/down time: 14:41:08

   Resets: 0

   Connection interface: LoopBack0 (

   Received/sent messages: 867/867

   Discarded input messages: 0

   Discarded output messages: 0

   Elapsed time since last connection or counters clear: 14:42:40

   Mesh group peer joined: momo

   Last disconnect reason: Hold timer expired with truncated message

   Truncated packet: 5 bytes in buffer, type: 1, length: 20, without packet time: 75s

 Information about (Source, Group)-based SA filtering policy:

   Import policy: None

   Export policy: None

   Import-source policy: None

 Information about SA-Requests:

   Policy to accept SA-Requests: None

   Sending SA-Requests status: Disable

 Minimum TTL to forward SA with encapsulated data: 0

 SAs learned from this peer: 0, SA cache maximum for the peer: 4294967295

 Input queue size: 0, Output queue size: 0

 Counters for MSDP messages:

   RPF check failure: 0

   Incoming/outgoing SA: 0/0

   Incoming/outgoing SA-Request: 0/0

   Incoming/outgoing SA-Response: 0/0

   Incoming/outgoing Keepalive: 867/867

   Incoming/outgoing Notification: 0/0

   Incoming/outgoing Traceroutes in progress: 0/0

   Incoming/outgoing Traceroute reply: 0/0

   Incoming/outgoing Unknown: 0/0

   Incoming/outgoing data packet: 0/0

Table 3 Command output



MSDP peer

MSDP peer address.


Number of the AS where the MSDP peer is located. If the system could not obtain the AS number, this field displays a question mark (?).


MSDP peer status:

·     Established—A session has been established and the MSDP peer is in session.

·     Listen—A session has been established and the local device acts as the server in listening state.

·     Connect—A session is not established and the local device acts as a client in connecting state.

·     Shutdown—The session has been torn down.

·     Disabled—The connection failed.

Up/Down time

Length of time since the MSDP peering connection was established or torn down.


MSDP peering connection reset times.

Connection interface

Interface and IP address used for setting up a TCP connection with the remote MSDP peer.

Received/sent messages

Number of SA messages sent and received through this connection.

Discarded input messages

Number of discarded incoming messages.

Discarded output messages

Number of discarded outgoing messages.

Elapsed time since last connection or counters clear

Elapsed time since the MSDP peer information was last cleared.

Mesh group peer joined

Mesh group that the MSDP peer has joined. This field is not displayed if the MSDP peer does not join a mesh group.

Last disconnect reason

Reason why last MSDP peering connection was torn down. If the connection is not terminated, this field does not display a value.

·     Hold timer expired without message—Hold timer expires and the receiving cache has no messages.

·     Hold timer expired with truncated message—Hold timer expires and messages in the receiving buffer are not intact.

¡     bytes in buffer—Size of data in the receiving buffer when the connection was terminated.

¡     type—Type of packets in the receiving buffer when the connection was terminated.

¡     length—Length of packets in the receiving buffer when the connection was terminated. If the packet is too small in size, this field cannot be resolved and is not displayed.

¡     without packet time—Length of time since packets were last processed.

·     Remote peer has been closed—The MSDP peering connection has been torn down.

·     TCP ERROR/HUP event received—Error/hup event received by the TCP socket when the MSDP peer sent messages.

·     Illegal message received—The MSDP peer received illegal messages.

·     Notification received—The MSDP peer received notification messages.

·     Reset command executed—The user executed the reset msdp peer command.

·     Shutdown command executed—The user executed the shutdown command.

·     Interface downed—The MSDP peer received the interface down event when connecting to the remote MSDP peer.

Information about (Source, Group)-based SA filtering policy

SA message filtering list information:

·     Import policy—Filter list for receiving SA messages from the specified MSDP peer.

·     Export policy—Filter list for forwarding SA messages to the specified MSDP peer.

·     Import-source policy—Filter list for creating SA messages for the specified MSDP peer.

Information about SA-Requests

SA request information:

·     Policy to accept SA request messages—Filtering rule for receiving or forwarding SA request messages from the specified MSDP peer. If SA request messages are not filtered, this field displays None.

·     Sending SA requests status—Whether the MSDP peer is enabled to send an SA request message to the designated MSDP peer after receiving a new join message.

Minimum TTL to forward SA with encapsulated data

Lower TTL threshold for the multicast packets encapsulated in SA messages.

SAs learned from this peer

Number of cached (S, G) entries learned from the specified MSDP peer.

SA-cache maximum for the peer

Maximum number of (S, G) entries learned from the specified MSDP peer that the device can cache.

Input queue size

Data size cached in the input queue.

Output queue size

Data size cached in the output queue.

Counters for MSDP message

MSDP peer statistics:

·     RPF check failure—Number of SA messages discarded because of RPF check failure.

·     Incoming/outgoing SA—Number of received and sent SA messages.

·     Incoming/outgoing SA-Request—Number of received and sent SA requests.

·     Incoming/outgoing SA-Response—Number of received and sent SA responses.

·     Incoming/outgoing Keepalive—Number of received and sent keepalive messages.

·     Incoming/outgoing Notification—Number of received and sent notification messages.

·     Incoming/outgoing Traceroutes in progress—Number of received and sent traceroute-in-progress messages.

·     Incoming/outgoing Traceroute reply—Number of received and sent traceroute replies.

·     Incoming/outgoing Unknown—Number of received and sent unknown messages.

·     Incoming/outgoing data packet—Number of received and sent SA messages encapsulated with multicast data.


display msdp sa-cache

Use display msdp sa-cache to display (S, G) entries in the SA cache.


display msdp [ vpn-instance vpn-instance-name ] sa-cache [ group-address | source-address | as-number ] *


Any view

Predefined user roles




vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays (S, G) entries in the SA cache on the public network.

group-address: Specifies a multicast group by its IP address in the range of to If you do not specify a multicast group, this command displays (S, G) entries in the SA cache for all multicast groups.

source-address: Specifies a multicast source by its IP address. If you do not specify a multicast source, this command displays (S, G) entries in the SA cache for all sources.

as-number: Specifies an AS number in the range of 1 to 4294967295. If you do not specify an AS number, this command displays (S, G) entries in the SA cache for all ASs.

Usage guidelines

For this command to display output, you must first execute the cache-sa-enable command before you execute this command.


# Display (S, G) entries in the SA cache on the public network.

<Sysname> display msdp sa-cache

Total Source-Active Cache - 5 entries

Matched 5 entries


Source          Group           Origin RP       Pro  AS         Uptime   Expires     BGP  100        00:00:11 00:05:49     BGP  100        00:00:11 00:05:49     BGP  100        00:00:11 00:05:49     BGP  100        00:00:11 00:05:49     BGP  100        00:00:11 00:05:49

Table 4 Command output



Total Source-Active Cache

Total number of multicast sources in the SA cache.


Total number of (S, G) entries that match a multicast sources.


Multicast source address.


Multicast group address.

Origin RP

Address of the RP that generated the (S, G) entry.


Type of protocol from which the AS number of the origin RP originates. If the system could not obtain the AS number, this field displays a question mark (?).


AS number of the origin RP. If the system could not obtain the AS number, this field displays a question mark (?).


Length of time for which the cached (S, G) entry has existed.


Length of time in which the cached (S, G) entry will expire.


Related commands


display msdp sa-count

Use display msdp sa-count to display the number of (S, G) entries in the SA cache.


display msdp [ vpn-instance vpn-instance-name ] sa-count [ as-number ]


Any view

Predefined user roles




vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays the number of (S, G) entries in the SA cache on the public network.

as-number: Specifies an AS number in the range of 1 to 4294967295. If you do not specify an AS number, this command displays the number of (S, G) entries in the SA cache for all ASs.

Usage guidelines

For this command to display output, you must first execute the cache-sa-enable command before you execute this command.


# Display the number of (S, G) entries in the SA cache on the public network.

<Sysname> display msdp sa-count

(S, G) entries statistics, counted by peer

  Peer address       SA count        5


(S, G) entries statistics, counted by AS

  AS         Source count        Group count

  ?          3                   3


5 (S, G) entries in total

Table 5 Command output



(S, G) entries statistics, counted by peer

Number of (S, G) entries on an MSDP peer basis.

Peer address

Address of the MSDP peer that sent SA messages.

SA count

Number of (S, G) entries from the MSDP peer.

(S, G) entries statistics, counted by AS

Number of cached (S, G) entries on an AS basis.


AS number. If the system could not obtain the AS number, this field displays a question mark (?).

Source count

Number of multicast sources in the AS.

Group count

Number of multicast groups in the AS.

(S, G) entries in total

Total number of (S, G) entries.


Related commands



Use encap-data-enable to enable multicast data encapsulation in SA messages.

Use undo encap-data-enable to restore the default.



undo encap-data-enable


An SA message contains only (S, G) entries. Multicast data is not encapsulated in an SA message.


MSDP view

Predefined user roles



# Enable multicast data encapsulation in SA messages on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] encap-data-enable


Use import-source to configure a global SA message creation policy.

Use undo import-source to restore the default.


import-source [ acl { ipv4-acl-number | name ipv4-acl-name } ]

undo import-source


No global SA message creation policy is configured. When an SA message is created, all the (S, G) entries within the domain are advertised in the SA message.


MSDP view

Predefined user roles



ipv4-acl-number: Specifies an IPv4 basic or advanced ACL number in the range of 2000 to 3999. If you specify an ACL, this command advertises only the (S, G) entries that the ACL permits. This command does not advertise (S, G) entries when one of the following conditions exists:

·     You do not specify an ACL.

·     The specified ACL does not exist.

·     The specified ACL does not have valid rules.

name ipv4-acl-name: Specifies an IPv4 basic or advanced ACL name, a case-insensitive of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. If you specify an ACL, this command advertises only the (S, G) entries that the ACL permits. This command does not advertise (S, G) entries when one of the following conditions exists:

·     You do not specify an ACL.

·     The specified ACL does not exist.

·     The specified ACL does not have valid rules.

Usage guidelines

This command controls the creation of SA messages. To control creation, forwarding, or acceptance of SA messages, use the peer sa-policy command.

The global SA message creation policy configured in this command takes effect on all MSDP peers. The SA message creation policy configured in the peer sa-policy import-source command takes effect only on the specified MSDP peer. For an MSDP peer, the peer-specific SA message creation policy has higher priority than the global SA message creation policy.

When you configure a rule in the IPv4 ACL, follow these restrictions and guidelines:

·     An ACL rule containing the vpn-instance vpn-instance option does not take effect.

·     In a basic ACL, the source source-address source-wildcard option specifies a multicast group address.

·     In an advanced ACL, the source source-address source-wildcard option specifies a multicast source address. The destination dest-address dest-wildcard option specifies a multicast group address.

·     Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.

If you configure this command multiple times, the most recent configuration takes effect.


# Configure a global SA creation policy to advertise only (, entries in SA messages on the public network.

<Sysname> system-view

[Sysname] acl advanced 3101

[Sysname-acl-ipv4-adv-3101] rule permit ip source destination

[Sysname-acl-ipv4-adv-3101] quit

[Sysname] msdp

[Sysname-msdp] import-source acl 3101

Related commands

peer sa-policy


Use msdp to enable MSDP and enter MSDP view.

Use undo msdp to disable MSDP and delete the configurations in MSDP view.


msdp [ vpn-instance vpn-instance-name ]

undo msdp [ vpn-instance vpn-instance-name ]


MSDP is disabled.


System view

Predefined user roles



vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command applies to the public network.

Usage guidelines

This command takes effect only when IP multicast routing is enabled on the public network or for the VPN instance to which the device belongs.


# Enable IP multicast routing on the public network. Then, enable MSDP on the public network and enter MSDP view.

<Sysname> system-view

[Sysname] multicast routing

[Sysname-mrib] quit

[Sysname] msdp


Related commands

multicast routing


Use originating-rp to configure the originating RP of SA messages.

Use undo originating-rp to restore the default.


originating-rp interface-type interface-number

undo originating-rp


SA messages are originated by real RPs.


MSDP view

Predefined user roles



interface-type interface-number: Specifies an interface by its type and number.


# Configure Ten-GigabitEthernet 3/0/1 as the originating RP of SA messages on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] originating-rp ten-gigabitethernet 3/0/1


Use peer to specify an MSDP peer.

Use undo peer to remove an MSDP peer.


peer peer-address connect-interface interface-type interface-number

undo peer peer-address


No MSDP peers exist.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

connect-interface interface-type interface-number: Specifies an interface by its type and number. The local device uses the primary IP address of the specified interface to establish a TCP connection with the remote MSDP peer.

Usage guidelines

You must execute this command before you use any other peer commands.


# Specify the router with IP address as an MSDP peer and Ten-GigabitEthernet 3/0/1 as the local connection port on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] peer connect-interface ten-gigabitethernet 3/0/1

peer description

Use peer description to configure a description for an MSDP peer.

Use undo peer description to delete the description for an MSDP peer.


peer peer-address description text

undo peer peer-address description


No description exists.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

text: Specifies a description, a case-sensitive string of 1 to 80 characters.


# Configure the description CustomerA for the MSDP peer with the IP address on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] peer description CustomerA

peer mesh-group

Use peer mesh-group to assign an MSDP peer to a mesh group.

Use undo peer mesh-group to remove an MSDP peer from a mesh group.


peer peer-address mesh-group name

undo peer peer-address mesh-group


An MSDP peer does not belong to a mesh group.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

name: Specifies a mesh group, a case-sensitive string of 1 to 32 characters. A mesh group name must not contain spaces.


# Assign the MSDP peer with IP address to mesh group Group1 on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] peer mesh-group Group1

peer minimum-ttl

Use peer minimum-ttl to set the lower TTL threshold for multicast data packets to be encapsulated in SA messages.

Use undo peer minimum-ttl to restore the default.


peer peer-address minimum-ttl ttl-value

undo peer peer-address minimum-ttl


The lower TTL threshold is 0 for multicast data packets to be encapsulated in SA messages.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

ttl-value: Specifies the lower TTL threshold in the range of 0 to 255.


# Set the lower TTL threshold to 10 for multicast data packets to be encapsulated in SA messages and forwarded to MSDP peer on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] peer minimum-ttl 10

peer password

Use peer password to configure the device to perform MD5 authentication when establishing a TCP connection with an MSDP peer.

Use undo peer password to configure the device not to perform MD5 authentication when establishing a TCP connection with an MSDP peer.


peer peer-address password { cipher | simple } string

undo peer peer-address password


The device does not perform MD5 authentication when establishing a TCP connection with an MSDP peer.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. Its plaintext form is a case-sensitive string of 33 to 137 characters. Its encrypted form is a case-sensitive string of 1 to 80 characters.

Usage guidelines

For the TCP connection to be successfully established, you must configure the same key for MD5 authentication on both MSDP peers.


# Configure the router to perform MD5 authentication when establishing a TCP connection with MSDP peer and set the key to aabbcc in plaintext on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] peer password simple aabbcc

peer request-sa-enable

Use peer request-sa-enable to enable the device to send an SA request message to an MSDP peer after receiving a new join message.

Use undo peer request-sa-enable to disable the device from sending an SA request message to an MSDP peer.


peer peer-address request-sa-enable

undo peer peer-address request-sa-enable


After receiving a new join message, the device does not send an SA request message to MSDP peers. Instead, it waits for an SA message.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

Usage guidelines

For the device to send out SA request messages, you must disable the SA message cache mechanism before you execute this command.


# Disable the SA message cache mechanism on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] undo cache-sa-enable

# Enable the device to send an SA request message to MSDP peer after it receives a new join message.

[Sysname-msdp] peer request-sa-enable

Related commands


display msdp peer-status

peer sa-cache-maximum

Use peer sa-cache-maximum to set the maximum number of (S, G) entries in the SA cache learned from an MSDP peer.

Use undo peer sa-cache-maximum to restore the default.


peer peer-address sa-cache-maximum sa-limit

undo peer peer-address sa-cache-maximum


The device can cache a maximum of 4294967295 (S, G) entries learned from an MSDP peer.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

sa-limit: Specifies the maximum number of (S, G) entries in the SA cache, in the range of 1 to 4294967295.


# Set the maximum number to 100 for (S, G) entries in the SA cache learned from MSDP peer on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] peer sa-cache-maximum 100

Related commands

display msdp brief

display msdp peer-status

display msdp sa-count

peer sa-policy

Use peer sa-policy to configure an SA message policy for an MSDP peer.

Use undo peer sa-policy to delete the SA message policy for an MSDP peer.


peer peer-address sa-policy { export | import | import-source } [ acl { ipv4-acl-number | name ipv4-acl-name } ]

undo peer peer-address sa-policy { export | import | import-source }


No MSDP peer-specific SA message policy is configured. All SA messages from an MSDP peer are accepted or forwarded. The device creates SA messages based on the global SA message creation policy.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

export: Specifies the SA message filtering policy in the outgoing direction.

import: Specifies the SA message filtering policy in the incoming direction.

import-source: Specifies the SA message creation policy.

ipv4-acl-number: Specifies an IPv4 advanced ACL number in the range of 3000 to 3999. If you specify an ACL, the device accepts and forwards only SA messages that the ACL permits. The device discards all SA messages when one of the following conditions exists:

·     You do not specify an ACL.

·     The specified ACL does not exist.

·     The specified ACL does not have valid rules.

name ipv4-acl-name: Specifies an IPv4 basic or advanced ACL name, a case-insensitive of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all. If you specify an ACL, the device accepts and forwards only SA messages that the ACL permits. The device discards all SA messages when one of the following conditions exists:

·     You do not specify an ACL.

·     The specified ACL does not exist.

·     The specified ACL does not have valid rules.

Usage guidelines

You can use this command to control the creation, acceptance, or forwarding of SA messages and to configure an SA message creation policy on a per MDSP peer basis. You can also use the import-source command to control the creation of SA messages.

The SA message creation policy configured in this command takes effect only on the specified MSDP peer. The global SA message creation policy configured in the import-source command takes effect on all MSDP peers. For an MSDP peer, the peer-specific SA message creation policy has higher priority than the global SA message creation policy.

When you configure a rule in the IPv4 advanced ACL, follow these restrictions and guidelines:

·     An ACL rule containing the vpn-instance vpn-instance option does not take effect.

·     The source source-address source-wildcard option specifies a multicast source address.

·     The destination dest-address dest-wildcard option specifies a multicast group address.

·     Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.

A new SA message policy does not take effect on existing multicast forwarding entries. The device still can forward multicast data based on these existing multicast forwarding entries.

As a best practice to correct filter SA messages sent to an MSDP peer, configure both the peer sa-policy export command and the peer sa-policy import-source command.

If you configure this command multiple times, the most recent configuration takes effect.


# Configure an SA outgoing policy to forward only SA messages that ACL 3100 permits to MSDP peer on the public network.

<Sysname> system-view

[Sysname] acl advanced 3100

[Sysname-acl-ipv4-adv-3100] rule permit ip source destination

[Sysname-acl-ipv4-adv-3100] quit

[Sysname] msdp

[Sysname-msdp] peer connect-interface ten-gigabitethernet 3/0/1

[Sysname-msdp] peer sa-policy export acl 3100

Related commands

display msdp peer-status


peer sa-request-policy

Use peer sa-request-policy to configure an SA request policy for an MSDP peer.

Use undo peer sa-request-policy to delete the SA request policy for an MSDP peer.


peer peer-address sa-request-policy [ acl { ipv4-acl-number  | name ipv4-acl-name } ]

undo peer peer-address sa-request-policy


No SA request policy exists, and all SA request messages from an MSDP peer are accepted.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

ipv4-acl-number: Specifies an IPv4 basic ACL number in the range of 2000 to 2999. If you specify an ACL, the device accepts only SA requests that the ACL permits. The device discards all SA requests when one of the following conditions exists:

·     You do not specify an ACL.

·     The specified ACL does not exist.

·     The specified ACL does not have valid rules.

name ipv4-acl-name: Specifies an IPv4 basic or advanced ACL name, a case-insensitive of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.  If you specify an ACL, the device accepts only SA requests that the ACL permits. The device discards all SA requests when one of the following conditions exists:

·     You do not specify an ACL.

·     The specified ACL does not exist.

·     The specified ACL does not have valid rules.

Usage guidelines

When you configure a rule in the IPv4 basic ACL, follow these restrictions and guidelines:

·     An ACL rule containing the vpn-instance vpn-instance option does not take effect.

·     The source source-address source-wildcard option specifies a multicast group address.

·     Among the other optional parameters, only the fragment keyword and the time-range time-range-name option take effect.

If you configure this command multiple times, the most recent configuration takes effect.


# Configure an SA request policy on the public network. Then, the device accepts only SA requests that are from MSDP peer and for multicast groups in the range

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] msdp

[Sysname-msdp] peer sa-request-policy acl 2001

reset msdp peer

Use reset msdp peer to reset the TCP connection with an MSDP peer and clear statistics for the MSDP peer.


reset msdp [ vpn-instance vpn-instance-name ] peer [ peer-address ]


User view

Predefined user roles



vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command resets the TCP connection with the specified MSDP peer and clears statistics for the MSDP peer on the public network.

peer-address: Specifies an MSDP peer by its IP address. If you do not specify an MSDP peer, this command resets the TCP connections with all MSDP peers and clears statistics for all MSDP peers.


# Reset the TCP connection with MSDP peer and clear all statistics for the MSDP peer on the public network.

<Sysname> reset msdp peer

reset msdp sa-cache

Use reset msdp sa-cache to clear (S, G) entries in the SA cache.


reset msdp [ vpn-instance vpn-instance-name ] sa-cache [ group-address ]


User view

Predefined user roles



vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears (S, G) entries in the SA cache on the public network.

group-address: Specifies a multicast group by its IP address in the range of to If you do not specify a multicast group, this command clears (S, G) entries for all multicast groups in the SA cache.


# Clear (S, G) entries for multicast group in the SA cache on the public network.

<Sysname> reset msdp sa-cache

Related commands


display msdp sa-cache

reset msdp statistics

Use reset msdp statistics to clear statistics for an MSDP peer without resetting the TCP connection with the MSDP peer.


reset msdp [ vpn-instance vpn-instance-name ] statistics [ peer-address ]


User view

Predefined user roles



vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears statistics for the specified MSDP peer without resetting the TCP connection with the MSDP peer on the public network.

peer-address: Specifies an MSDP peer by its IP address. If you do not specify an MSDP peer, this command clears statistics for all MSDP peers without resetting the TCP connection with all MSDP peers.


# Clear statistics for MSDP peer without resetting the TCP connection with the peer on the public network.

<Sysname> reset msdp statistics

shutdown (MSDP view)

Use shutdown to tear down the connection with an MSDP peer.

Use undo shutdown to re-establish the connection with an MSDP peer.


shutdown peer-address

undo shutdown peer-address


The connection with an MSDP peer is active.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.


# Tear down the connection with the MSDP peer on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] shutdown

Related commands

display msdp brief

display msdp peer-status

snmp-agent trap enable msdp

Use snmp-agent trap enable msdp to enable SNMP notifications for MSDP.

Use undo snmp-agent trap enable msdp to disable SNMP notifications for MSDP.


snmp-agent trap enable msdp [ backward-transition | established ] *

undo snmp-agent trap enable msdp [ backward-transition | established ] *


SNMP notifications for MSDP are enabled.


System view

Predefined user roles



backward-transition: Specifies notifications when an MSDP peering relationship is lost.

established: Specifies notifications when an MSDP peering relationship is established.

Usage guidelines

If you do not specify an optional keyword, this command enables or disables MSDP to generate all SNMP notifications.

To report critical MSDP events to an NMS, enable SNMP notifications for MSDP. For MSDP event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.


# Disable all SNMP notifications for MSDP.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable msdp


Use static-rpf-peer to configure a static RPF peer.

Use undo static-rpf-peer to remove a static RPF peer.


static-rpf-peer peer-address [ rp-policy ip-prefix-name ]

undo static-rpf-peer peer-address


No static RPF peers exist.


MSDP view

Predefined user roles



peer-address: Specifies an MSDP peer by its IP address.

rp-policy ip-prefix-name: Specifies a filtering policy based on RP addresses in SA messages by its name, a case-sensitive string of 1 to 63 characters. If you specify a filtering policy, the device does not perform RPF checks on SA messages permitted by the policy. If you do not specify a filtering policy, the device performs RPF checks on all SA messages.

Usage guidelines

After you configure a static RPF peer, the static RPF peer does not perform RPF check on received SA messages.


# Specify as the static RPF peer to exempt SA messages originated by RPs on subnet from RPF checks on the public network.

<Sysname> system-view

[Sysname] ip prefix-list list1 permit 16 greater-equal 16 less-equal 32

[Sysname] msdp

[Sysname-msdp] peer connect-interface ten-gigabitethernet 3/0/1

[Sysname-msdp] static-rpf-peer rp-policy list1

Related commands

display msdp peer-status

ip prefix-list

timer keepalive

Use timer keepalive to set the keepalive timer and the peer hold timer for MSDP sessions.

Use undo timer keepalive to restore the default.


timer keepalive keepalive holdtime

undo timer keepalive


The keepalive timer is 60 seconds, and the peer hold timer is 75 seconds.


MSDP view

Predefined user roles



keepalive: Specifies a keepalive timer in the range of 1 to 21845 seconds.

holdtime: Specifies a peer hold timer in the range of 1 to 65535 seconds.

Usage guidelines

MSDP peers periodically send keepalive messages to each other to keep a session alive. When a session is established, an MSDP peer sends a keepalive message to its peer and starts a keepalive timer and a peer hold timer. When the keepalive timer expires, the MSDP peer sends a new keepalive message. If the MSDP peer receives an MSDP message from its peer before the peer hold timer expires, it resets the peer hold timer. If the MSDP peer does not receive an MSDP message when the hold timer expires, the MSDP peer closes the session.

When you configure this command, follow these guidelines:

No mechanism is available for MSDP peers to negotiate the two values. You must set the same keepalive timer and the peer hold timer for the MSDP peers of a session.

The keepalive timer must be less than the peer hold timer.

This command takes effect on the established MSDP session.


# Set the keepalive timer to 60 seconds and the peer hold timer to 180 seconds for MSDP sessions on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] timer keepalive 60 180

timer retry

Use timer retry to set the MSDP connection retry interval.

Use undo timer retry to restore the default.


timer retry interval

undo timer retry


The MSDP connection retry interval is 30 seconds.


MSDP view

Predefined user roles



interval: Specifies an MSDP connection retry interval in the range of 1 to 60 seconds.


# Set the MSDP connection retry interval to 60 seconds on the public network.

<Sysname> system-view

[Sysname] msdp

[Sysname-msdp] timer retry 60

