Contents

Basic IP forwarding commands· 1

display fib· 1

display fib ecmp-group· 3

display fib usage· 3

forwarding split-horizon· 4

forwarding vxlan-packet inner-protocol 5

ip forwarding· 6

ip forwarding-table save· 6

packet-drop statistics enable· 7

snmp-agent trap enable fib· 8

snmp-agent trap enable ip-forwarding· 9

Load sharing commands· 11

bandwidth-based-sharing· 11

display ip load-sharing mode· 11

display ip load-sharing path· 12

ip load-sharing acl 14

ip load-sharing local-first enable· 15

ip load-sharing mode· 16

ip load-sharing mode per-packet 18

ip load-sharing symmetric enable· 19

 

Basic IP forwarding commands

display fib

Use display fib to display FIB entries.

Syntax

display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display the FIB entries for the public network, do not specify any VPN instance.

ip-address: Displays the FIB entry that matches the specified destination IP address.

mask: Specifies the mask for the IP address.

mask-length: Specifies the mask length for the IP address. The value range is 0 to 32.

Usage guidelines

If you specify an IP address without a mask or mask length, this command displays the longest matching FIB entry.

If you specify an IP address and a mask or mask length, this command displays the exactly matching FIB entry.

Examples

# Display all FIB entries of the public network.

<Sysname> display fib

 

Destination count: 5 FIB entry count: 5

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

1.1.1.0/24         192.168.126.1   USGF     M-GE0/0/0                Null

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

127.0.0.0/32       127.0.0.1       UH       InLoop0                  Null

127.0.0.1/32       127.0.0.1       UH       InLoop0                  Null

# Display the FIB entries for VPN vpn1.

<Sysname> display fib vpn-instance vpn1

Destination count: 6 FIB entry count: 6

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token      Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

20.20.20.0/24      20.20.20.25     U        M-GE0/0/0                Null

20.20.20.0/32      20.20.20.25     UBH      M-GE0/0/0                Null

20.20.20.25/32     127.0.0.1       UH       InLoop0                  Null

20.20.20.25/32     20.20.20.25     H        M-GE0/0/0                Null

20.20.20.255/32    20.20.20.25     UBH      M-GE0/0/0                Null

# Display the FIB entries matching the destination IP address 10.2.1.1.

<Sysname> display fib 10.2.1.1

 

Destination count: 1 FIB entry count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

10.2.1.1/32        127.0.0.1       UH       InLoop0                  Null

Table 1 Command output

Field	Description
Destination count	Total number of destination addresses.
FIB entry count	Total number of FIB entries.
Destination/Mask	Destination address and the mask length.
Nexthop	Next hop address.
Flag	Flags of routes: ·     U—Usable route. ·     G—Gateway route. ·     H—Host route. ·     B—Blackhole route. ·     D—Dynamic route. ·     S—Static route. ·     R—Relay route. ·     F—Fast reroute.
OutInterface/Token	Output interface/LSP index number.
Label	Inner label.

 

display fib ecmp-group

Use display fib ecmp-group to display information about the ECMP groups stored in FIB.

Syntax

display fib ecmp-group [ group-id ] slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies an ECMP group by its ID. The value range for this argument is 1 to 128. If you do not specify an ECMP group, this command displays all ECMP group information stored in FIB.

slot slot-number: Specifies an IRF member device by its member ID.

Examples

# Display all ECMP group information stored in FIB.

<Sysname> display ipv4 fib ecmp-group

FIB ECMP-group count: 2

GroupID     PathID  DSCP   Mask   Status

1           1       3      24     learned

            2       4      24     learned

2           1       3      24     learned

            2       5      24     learned

Table 2 Command output

Field	Description
GroupID	ECMP group ID.
PathID	ECMP path ID.
DSCP	DSCP value.
Mask	Mask length.
Status	State of the entry: ·     learned—The entry was issued to the drive in the past. ·     unlearned—The entry has not been issued to the drive.

‌

display fib usage

Use display fib usage to display FIB table usage information.

Syntax

display fib usage

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

You can view FIB table usage information collected during the most recent hour.

When the device calculates the FIB table usage, it excludes the FIB entries deployed by ARP host routes from calculation.

The device counts multiple FIB entries as one FIB entry if they are deployed by equal-cost routes that have the same destination IP address and different next hops.

Examples

# Display FIB table usage information.

<Sysname> display fib usage

FIB table upper limit: 65000

  Time          FIB count   Usage

  Current       52000       80%

  1 min ago     51351       79%

  2 min ago     50711       78%

  3 min ago     47748       77%

  …

  59 min ago    13656       21%

  60 min ago    13007       20%

Table 3 Command output

Field	Description
FIB table upper limit	Maximum number of entries supported by the FIB table.
Time	Time when the FIB table usage was recorded.
FIB count	Number of real-time FIB entries.
Usage	FIB table usage, which is the ratio of the real-time FIB entry count to the FIB entry count limit.

 

forwarding split-horizon

Use forwarding split-horizon to enable split horizon forwarding.

Use undo forwarding split-horizon to disable split horizon forwarding.

Syntax

forwarding split-horizon

undo forwarding split-horizon

Default

Split horizon forwarding is disabled.

Views

System view

Layer 2 interface view

Layer 3 interface view

Predefined user roles

network-admin

Usage guidelines

This feature prevents IPv4, IPv6, and MPLS packets from being forwarded out of the physical interface on which they were received, avoiding network loops.

You can enable this feature globally in system view or enable this feature for a specific interface in interface view. This feature takes effect on an interface if it is enabled for the interface or enabled globally.

To disable this feature, you must disable it in both system view and interface view.

Examples

# Enable split horizon forwarding globally.

<Sysname> system-view

[Sysname] forwarding split-horizon

forwarding vxlan-packet inner-protocol

Use forwarding vxlan-packet inner-protocol to enable hardware forwarding for specific packets received from VXLAN tunnels.

Use undo forwarding vxlan-packet inner-protocol to restore the default.

Syntax

forwarding vxlan-packet inner-protocol { ipv4 | ipv6 } *

undo forwarding vxlan-packet inner-protocol [ ipv4 | ipv6 ]

Default

Packets received from VXLAN tunnels are delivered to the CPU for processing.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4: Specifies IPv4 packets.

ipv6: Specifies IPv6 packets.

Usage guidelines

By default, the device forwards packets received from VXLAN tunnels to the CPU for processing when acting as a VTEP in a distributed EVPN gateway network. If a large number of packets are received, packet loss might occur because of software rate limit, which might cause service exceptions on downlink devices.

To resolve this issue, you can enable the device to forward specific packets received from VXLAN tunnels in hardware without delivering them to the CPU.

Examples

# Enable hardware forwarding for IPv4 packets received from VXLAN tunnels.

<Sysname> system-view

[Sysname] forwarding vxlan-packet inner-protocol ipv4

ip forwarding

Use ip forwarding to enable IPv4 packet forwarding on an interface that has no IPv4 address configured.

Use undo ip forwarding to disable IPv4 packet forwarding on an interface that has no IPv4 address configured.

Syntax

ip forwarding

undo ip forwarding

Default

If an interface has no IPv4 address configured, the IPv4 packet forwarding is disabled on the interface.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

On a device that supports both IPv4 and IPv6, the next hop of an IPv4 packet might be an IPv4 address or an IPv6 address. If the output interface has no IPv4 address configured, the interface cannot forward the IPv4 packet. To solve this problem, execute this command on the interface. This feature allows the interface to forward IPv4 packets even though the interface has no IPv4 address configured.

Examples

# Enable IPv4 packet forwarding on VLAN-interface 1 that has no IPv4 address configured.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ip forwarding

ip forwarding-table save

Use ip forwarding-table save to save the IP forwarding entries to a file.

Syntax

ip forwarding-table save filename filename

Views

Any view

Predefined user roles

network-admin

Parameters

filename filename: Specifies the name of a file, a string of 1 to 255 characters. For information about the filename argument, see file system management in Fundamentals Configuration Guide.

Usage guidelines

The command automatically creates the file if you specify a nonexistent file. If the file already exists, this command overwrites the file content.

To automatically save the IP forwarding entries periodically, configure a schedule for the device to automatically run the ip forwarding-table save command. For information about scheduling a task, see Fundamentals Configuration Guide.

Examples

# Save the IP forwarding entries to the fib.txt file.

<Sysname> ip forwarding-table save filename fib.txt

packet-drop statistics enable

Use packet-drop statistics enable to enable packet-drop statistics collection on interfaces.

Use undo packet-drop statistics enable to disable packet-drop statistics collection on interfaces.

Syntax

packet-drop statistics enable [ in-acl | out-acl | in-checksum | out-checksum | in-illegal-interface | in-l2-mtu | out-l2-mtu | in-l3-header | in-l3-header-ipv6 | in-l3-mtu | in-l3-nexthop | in-l3-rib | in-l3-rib-ipv6 | in-l3-ttl | in-stp-block | out-stp-block | in-same-interface | in-storm-suppression | in-vlan-mismatch | out-vlan-mismatch ] *

undo packet-drop statistics enable [ in-acl | out-acl | in-checksum | out-checksum | in-illegal-interface | in-l2-mtu | out-l2-mtu | in-l3-header | in-l3-header-ipv6 | in-l3-mtu | in-l3-nexthop | in-l3-rib | in-l3-rib-ipv6 | in-l3-ttl | in-stp-block | out-stp-block | in-same-interface | in-storm-suppression | in-vlan-mismatch | out-vlan-mismatch ] *

Default

The device does not count packet drops on interfaces.

Views

System view

Predefined user roles

network-admin

Parameters

in-acl: Specifies incoming packets dropped by ACL.

out-acl: Specifies outgoing packets dropped by ACL.

in-checksum: Specifies incoming packets dropped because of parity check failures.

out-checksum: Specifies outgoing packets dropped because of parity check failures.

in-illegal-interface: Specifies incoming packets dropped because no egress interface was found or the egress interface was illegal.

in-l2-mtu: Specifies incoming packets dropped because of Layer 2 MTU exceeding.

out-l2-mtu: Specifies outgoing packets dropped because of Layer 2 MTU exceeding.

in-l3-header: Specifies incoming IPv4 packets dropped because of invalid Layer 3 headers, for example, invalid checksum.

in-l3-header-ipv6: Specifies incoming IPv6 packets dropped because of invalid Layer 3 headers, for example, invalid checksum.

in-l3-mtu: Specifies incoming packets dropped because of Layer 3 MTU exceeding.

in-l3-nexthop: Specifies incoming packets dropped because the next-hop action is Drop.

in-l3-ttl: Specifies incoming packets dropped because their TTLs are less than 1.

in-l3-rib: Specifies incoming IPv4 packets dropped because no route was found or the action in the routing table is drop.

in-l3-rib-ipv6: Specifies incoming IPv6 packets dropped because no route was found or the action in the routing table is drop.

in-same-interface: Specifies incoming packets dropped because the ingress interface is the same as the egress one.

in-stp-block: Specifies incoming packets dropped because of spanning tree port blocking.

out-stp-block: Specifies outgoing packets dropped because of spanning tree port blocking.

in-storm-suppression: Specifies incoming packets dropped because of broadcast, multicast, or unknown unicast suppression.

in-vlan-mismatch: Specifies incoming packets dropped because of VLAN mismatch.

out-vlan-mismatch: Specifies outgoing packets dropped because of VLAN mismatch.

Usage guidelines

This feature takes effect on only physical interfaces.

After you enable this feature, the device collects statistics on specific packet drops on interfaces and reports the statistics to the collector through gRPC.

Examples

# Enable the device to collect statistics on incoming packets dropped because of Layer 2 MTU exceeding.

<Sysname> system-view

[Sysname] packet-drop statistics enable in-l2-mtu

snmp-agent trap enable fib

Use snmp-agent trap enable fib to enable SNMP notifications for FIB events.

Use undo snmp-agent trap enable fib to disable SNMP notifications for FIB events.

Syntax

snmp-agent trap enable fib [ deliver-failed | ecmp-limit | entry-consistency | entry-limit ] *

undo snmp-agent trap enable fib [ deliver-failed | ecmp-limit | entry-consistency | entry-limit ] *

Default

SNMP notifications for FIB events are enabled.

Views

System view

Predefined user roles

network-admin

Parameters

deliver-failed: Specifies notifications to be sent when FIB entry deployment to the hardware fails.

ecmp-limit: Specifies notifications to be sent when the number of ECMP routes exceeds the upper limit.

entry-consistency: Specifies notifications to be sent when the FIB software and hardware entries are inconsistent.

entry-limit: Specifies notifications to be sent when the number of FIB entries exceeds the upper limit.

Usage guidelines

This feature enables the FIB module to generate SNMP notifications for critical FIB events. The SNMP notifications are sent to the SNMP module.

You can enable specific SNMP notifications for FIB events as needed. If you do not specify any SNMP notification types, the command enables all types of SNMP notifications.

·     With ecmp-limit specified, when the number of ECMP routes learned by a module exceeds the upper limit, the device sends an SNMP notification that carries the module number to the SNMP module.

·     With entry-consistency specified, if the FIB software and hardware entries on a module are inconsistent, the device sends an SNMP notification that carries the module number to the SNMP module.

·     With entry-limit specified, when the number of FIB entries exceeds the upper limit, the device sends an SNMP notification that carries the FIB entry module name to the SNMP module.

·     With deliver-failed specified, when FIB entry deployment to the hardware fails, the device sends an SNMP notification that carries the entry VRF, IP address type, IP address, mask, and failure reason to the SNMP module.

For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Disable SNMP notifications for FIB events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable fib

snmp-agent trap enable ip-forwarding

Use snmp-agent trap enable ip-forwarding to enable SNMP notifications for IP forwarding events.

Use undo snmp-agent trap enable ip-forwarding to disable SNMP notifications for IP forwarding events.

Syntax

snmp-agent trap enable ip-forwarding

undo snmp-agent trap enable ip-forwarding

Default

SNMP notifications for IP forwarding events are enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the IP forwarding module to generate SNMP notifications for critical IP forwarding events. The SNMP notifications are sent to the SNMP module. For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Disable SNMP notifications for IP forwarding events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable ip-forwarding

Load sharing commands

bandwidth-based-sharing

Use bandwidth-based-sharing to enable IPv4 load sharing based on bandwidth.

Use undo bandwidth-based-sharing to disable IPv4 load sharing based on bandwidth.

Syntax

bandwidth-based-sharing

undo bandwidth-based-sharing

Default

The IPv4 load sharing based on bandwidth is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature load shares flow traffic among multiple output interfaces based on their load percentages. The device calculates the load percentage for each output interface in terms of their expected bandwidths.

Devices that run load sharing protocols, such as Locator/ID Separation Protocol (LISP), implement load sharing based on the ratios defined by these protocols.

This feature is mutually exclusive with the enhanced ECMP mode configured by the ecmp mode enhanced command.

After you enable this feature, the expected bandwidth set by using the bandwidth command on an interface cannot exceed the actual physical bandwidth of the interface.

After you enable this feature, you must set the expected bandwidth for VLAN interfaces to ensure correct bandwidth allocation.

Examples

# Enable IPv4 load sharing based on bandwidth.

<Sysname> system-view

[Sysname] bandwidth-based-sharing

display ip load-sharing mode

Use display ip load-sharing mode to display the load sharing mode in use.

Syntax

display ip load-sharing mode slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the load sharing mode for all member devices.

Examples

# Display the load sharing mode in use.

<Sysname> display ip load-sharing mode slot 1

Load-sharing mode: per-flow

Load-sharing options: dest-ip | src-ip | ip-pro | dest-port | src-port | ingress-port

Load-sharing algorithm: 1

IP tunnel load-sharing mode: outer

Table 4 Command output

Field	Description
Load-sharing mode	The load sharing mode in use: per-flow—Per-flow load sharing.
Load-sharing options	Options configured for load sharing: ·     dest-ip—Identifies flows by packet's destination IP address. ·     src-ip—Identifies flows by packet's source IP address. ·     ip-pro—Identifies flows by packet's IP protocol. ·     dest-port—Identifies flows by packet's destination port number. ·     src-port—Identifies flows by packet's source port number. ·     ingress-port—Identifies flows by packet's ingress port. ·     flow-label—Identifies flows by IPv6 packet's flow label.
Load-sharing algorithm	Algorithm used by load sharing.
IP tunnel load-sharing mode	Load sharing for IP tunnel packets: ·     inner—Identifies flows by inner IP header information. ·     outer—Identifies flows by outer IP header information.

 

Related commands

ip load-sharing mode

display ip load-sharing path

Use display ip load-sharing path to display the load sharing path selected for a flow.

Syntax

display ip load-sharing path ingress-port interface-type interface-number packet-format { ipv4oe dest-ip ip-address [ src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address | flow-label flow-label ] } [ dest-port port-id | ip-pro protocol-id | src-port port-id ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ingress-port interface-type interface-number: Specifies an ingress port by its type and number.

packet-format { ipv4oe dest-ip ip-address [src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address ] }: Specifies the packet encapsulation format.

ipv4oe: Specifies the format of IPv4 over Ethernet.

dest-ip ip-address: Specifies the destination IPv4 address in dotted decimal notation. If you do not specify this argument, the calculation uses 0.0.0.0 for path selection.

src-ip ip-address: Specifies the source IPv4 address in dotted decimal notation. If you do not specify this argument, the calculation uses 0.0.0.0 for path selection.

ipv6oe: Specifies the format of IPv6 over Ethernet.

dest-ipv6 ipv6-address: Specifies the destination IPv6 address. If you do not specify this option, the calculation uses 0:0:0:0:0:0:0:0 for path selection.

src-ipv6 ipv6-address: Specifies the source IPv6 address. If you do not specify this option, the calculation uses 0:0:0:0:0:0:0:0 for path selection.

flow-label flow-label: Specifies the IPv6 flow label in the range of 0 to 1048575. If you do not specify an IPv6 flow label, the device uses 0 for ECMP route selection.

dest-port port-id: Specifies a destination port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

ip-pro protocol-id: Specifies an IP protocol by its number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

source-port port-id: Specifies a source port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

Usage guidelines

The option settings in this command must match both the options displayed in the display ip load-sharing mode command and the field values in load shared packets. If the option settings do not meet the requirement, the path displayed by this command might be different from the real path for load sharing.

Examples

# Display the load sharing path selected for the flow with the following attributes: ingress port Twenty-FiveGigE 1/0/3, destination IP address 10.110.0.2, source IP address 10.100.0.2, IP protocol number 153, destination port number 2000, source port number 2000.

<Sysname> display ip load-sharing path ingress-port twenty-fivegige 1/0/3 packet-format ipv4oe dest-ip 10.110.0.2 src-ip 10.100.0.2 ip-pro 153 dest-port 2000 src-port 2000

 

Load-sharing algorithm: 0

Load-sharing options: dest-ip | src-ip | ip-pro | dest-port | src-port | ingress-port

Load-sharing parameters:

  Missing configured are set to 0.

  ingress-port: Twenty-FiveGigE1/0/3

  packet-format: IPv4oE

  dest-ip: 10.110.0.2

  src-ip: 10.100.0.2

  ip-pro: 153

  dest-port: 2000

  src-port: 2000

Path selected: 20.0.0.2(interface Twenty-FiveGigE1/0/3)

Table 5 Command output

Field	Description
Load-sharing algorithm	Load sharing algorithm ID.
Load-sharing options	Load sharing options specified by the ip load-sharing mode command.
Load-sharing parameters	Load sharing parameters that you specify for the display ip load-sharing path command.
Missing configured are set to 0.	Values of the unconfigured parameters are set to 0.
ingress-port	Ingress port of the packet.
packet-format	Packet encapsulation format.
dest-ip	Destination IP address of the packet.
src-ip	Source IP address of the packet.
ip-pro	IP protocol number.
dest-port	Destination port number.
src-port:	Source port number.
flow-label	Flow label.
Path selected	Selected path information, including the IPv4 or IPv6 address of the next hop and the egress port.

 

Related commands

ip load-sharing mode

ip load-sharing acl

Use ip load-sharing acl to specify the ACL rules for load sharing.

Use undo ip load-sharing acl to delete the ACL rules specified for load sharing.

Syntax

ip load-sharing acl [ { ipv4 { ipv4-acl-number | name ipv4-acl-name } | ipv6 { ipv6-acl-number | name ipv6-acl-name } }* | user-defined { user-define-acl-number | name user-define-acl-name } ]

undo ip load-sharing acl [ { ipv4 { ipv4-acl-number | name ipv4-acl-name } | ipv6 { ipv6-acl-number | name ipv6-acl-name } }* | user-defined { user-define-acl-number | name user-define-acl-name } ]

Default

No ACL rules is specified.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4 ipv4-acl-number: Specifies the number of an IPv4 ACL rule, in the range of 3000 to 3999.

name ipv4-acl-name: Specifies the name of an IPv4 ACL rule, a string of 1 to 63 characters.

ipv6 ipv6-acl-number: Specifies the number of an IPv6 ACL rule, in the range of 3000 to 3999.

name ipv6-acl-name: Specifies the name of an IPv6 ACL rule, a string of 1 to 63 characters.

user-defined user-define-acl-number: Specifies the number of a user-defined ACL rule, in the range of 5000 to 5999.

name user-define-acl-name: Specifies the name of a user-defined ACL rule, a string of 1 to 63 characters.

Usage guidelines

If you execute this command without specifying any parameters, the ACL rules defined by the driver hardware are used.

In a RoCE network, using ACL rules defined by the driver hardware can automatically identify protocol packets and data packets. This allows protocol packets to be load-shared on a per-flow basis to maintain the packet sequence, and data packets to be load-shared on a per-packet basis to achieve a more even load-sharing effect.

·     You can configure IPv4 and IPv6 ACL rules in one execution or through multiple executions.

·     If the ACL rules to be issued from the CLI are not configured, the system does not issue ACL rules to the driver hardware. After the user-defined ACL rules are created, the system issues the ACL rules to the driver hardware. After the ACL rules are deleted, the system notifies the driver hardware to delete the ACL rules.

·     If you do not specify any ACL rules when executing the undo ip load-sharing acl command, the command deletes all ACL rule reference relations.

·     After an ACL rule is issued to the driver hardware, packets that do not match the configured ACL rule is load-shared in dynamic loadshare balance (DLB) mode. For packets matching the ACL rule, the non-DLB mode is used. For more information about DLB, see the ecmp mode command.

Examples

# Specify IPv4 ACL 3000 for load sharing.

<Sysname> system

[Sysname] ip load-sharing acl ipv4 3000

Related commands

acl advanced (ACL and QoS Command Reference)

acl ipv6 advanced (ACL and QoS Command Reference)

acl user-defined advanced (ACL and QoS Command Reference)

ecmp mode (Layer 3 — IP Routing Command Reference)

ip load-sharing local-first enable

Use ip load-sharing local-first enable to enable local-first load sharing.

Use undo ip load-sharing local-first enable to disable local-first load sharing.

Syntax

ip load-sharing local-first enable

undo ip load-sharing local-first enable

Default

Local-first load sharing is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Local-first load sharing takes effect only on an IRF fabric.

Examples

# Enable local-first load sharing.

<Sysname> system-view

[Sysname] ip load-sharing local-first enable

ip load-sharing mode

Use ip load-sharing mode to configure the load sharing mode.

Use undo ip load-sharing mode to restore the default.

Syntax

ip load-sharing mode { per-flow [ algorithm algorithm-number [ seed seed-number ] [ shift shift-number ] | [ dest-ip | dest-port | flow-label | ingress-port | ip-pro | src-ip | src-port ] * | tunnel { all | inner | outer } ] | per-packet } { global | slot slot-number }

undo ip load-sharing mode [ per-flow { algorithm | tunnel } ] { global | slot slot-number }

Default

The device performs per-flow load sharing based on the following criteria: source IP address, destination IP address, source port number, destination port number, IP protocol number, and ingress port.

Views

System view

Predefined user roles

network-admin

Parameters

algorithm algorithm-number: Specifies an algorithm for per-flow load sharing. The value range for the algorithm-number argument is 0 to 13. If you do not specify an algorithm, the default algorithm value is 8.

seed seed-number: Specifies the seed value for the algorithm. The value range is 0 to ffffffff, and the default value is 0.

shift shift-number: Specifies the shift value for the hash algorithm result. The value range is 0 to 15, and the default value is 0.

per-flow: Implements per-flow load sharing. If you specify none of the dest-ip, dest-port, ingress-port, ip-pro, src-ip, and src-port keywords, the device performs per-flow load sharing based on the destination IP addresses and source IP addresses of packets.

dest-ip: Identifies flows by destination IP address.

dest-port: Identifies flows by destination port.

flow-label: Identifies flows by flow label. This keyword takes effect only on IPv6 packets.

ingress-port: Identifies flows by ingress port.

ip-pro: Identifies flows by protocol number.

src-ip: Identifies flows by source IP address.

src-port: Identifies flows by source port.

tunnel { inner | outer }: Performs load sharing for IP tunnel packets. The inner keyword identifies flows by inner IP header information. The outer keyword identifies flows by outer IP header information. If you do not specify this option, the device performs load sharing based on inner IP header information.

global: Configures the load sharing mode globally.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command configures the load sharing mode for all member devices.

Usage guidelines

If traffic is not shared equally, you can use the seed seed-number option and the shift shift-number option to adjust the algorithm result.

The priority of slot-specific load balancing is higher than the global load balancing method. The global configuration takes effect only on slots that are not specified with a load balancing method.

When load-sharing (ip load-sharing mode) and Rail-Group are configured at the same time, Rail-Group will take precedence. In other words, under this circumstance, the traffic on interfaces in the Rail-Group will be load-shared according to the Rail-Group configuration, and the traffic on other interfaces will be load-shared according to the IP load-sharing configuration. For more information about Rail-Group, see Ethernet interface configuration in Interface Configuration Guide.

Examples

# Configure per-flow load sharing for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow slot 1

# Configure per-flow load sharing based on the destination IP addresses and source IP addresses of packets for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow dest-ip src-ip slot 1

# Configure per-flow load sharing based on the inner IP header information of IP tunnel packets for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow tunnel inner slot 1

# Configure per-flow load sharing based on algorithm 1 for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow algorithm 1 slot 1

Related commands

display ip load-sharing mode

ip load-sharing mode per-packet

Use ip load-sharing mode per-packet to enable per-packet load sharing on an interface and set the load sharing algorithm.

Use undo ip load-sharing mode per-packet to restore the default.

Syntax

ip load-sharing mode per-packet [ robin | spray ]

undo ip load-sharing mode per-packet

Default

No load sharing mode is specified on an interface. The interface uses the load sharing settings configured by using the ip load-sharing mode command in system view.

Views

Layer 3 interface view

Predefined user roles

network-admin

Parameters

robin: Specifies the robin algorithm, an algorithm that considers only the packet quantity.

spray: Specifies the spray algorithm, an algorithm that considers the packet size and distributes the load among a group of ECMP interfaces based on bytes.

Usage guidelines

In scenarios where service traffic and packets are forwarded through fixed interfaces, per-packet load sharing has higher performance than per-flow load sharing. When per-flow load sharing applies globally, you can use this command to enable per-packet load sharing on specific interfaces and set the load sharing algorithm for device performance test purposes. In per-packet load sharing, the robin algorithm does not consider the packet size, but the spray algorithm considers the size of different packets to achieve a more balanced load. If you do not specify an algorithm, the spray algorithm is used by default.

With this command configured, the interfaces do not inherit the load sharing settings of the ip load-sharing mode command in system view.

This feature takes effect only when all Layer 3 interfaces on an equal-cost route are enabled this feature.

Per-packet load sharing is supported only when the ECMP mode is normal (undo ecmp mode). For more information about ECMP, see basic IP routing commands in Layer 3 — IP Routing Command Reference.

When you configure per-packet load sharing, make sure equal-cost route's outbound interface is a Layer 3 Ethernet interface, Layer 3 Ethernet subinterface, or VLAN interface. If the multiple outbound interfaces configured with this feature contain an aggregate interface, this feature does not take effect.

In an IRF fabric, if the traffic requires forwarding across member devices, the specified spray algorithm does not take effect.

The spray algorithm supports a maximum of 64 equal-cost routes, and the robin algorithm supports a maximum of 128 equal-cost routes.

Examples

# On GigabitEthernet 1/0/1, enable per-packet load sharing.

<Sysname> system-view

[Sysname] interface gigabitethnet 1/0/1

[Sysname-GigabitEthnet1/0/1] ip load-sharing mode per-packet

ip load-sharing symmetric enable

Use ip load-sharing symmetric enable to enable symmetric load sharing.

Use undo ip load-sharing symmetric enable to disable symmetric load sharing.

Syntax

ip load-sharing symmetric enable

undo ip load-sharing symmetric enable

Default

Symmetric load sharing is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Symmetric load sharing ensures that bidirectional traffic specific to a particular source and destination address pair flow along the same path.

Symmetric load sharing can take effect only after you use the ip load-sharing mode command to configure the device to perform 5-Tuple-based load sharing. The 5-Tuple includes source IP address, destination IP address, source port number, destination port number, and IP protocol number. If you do not use the ip load-sharing mode command, the device uses the default load sharing mode. In this mode, the packet ingress port is included in load sharing calculation and symmetric load sharing does not take effect.

After you execute this command, symmetric load sharing also takes effect for aggregate interfaces.

Examples

# Enable symmetric load sharing.

<Sysname> system-view

[Sysname] ip load-sharing symmetric enable