Table of Contents

Related Documents

07-Tunnel policy commands

Title	Size	Download
07-Tunnel policy commands	220.14 KB

Tunnel policy commands

binding-destination

Use binding-destination to bind tunnels to a destination IP address in a tunnel policy, so the tunnels can be used only for a specific VPN service.

Use undo binding-destination to remove the tunnel bindings for a destination IP address.

Syntax

binding-destination dest-ip-address { sr-policy group sr-policy-group-id | te { tunnel number }&<1-n> } [ ignore-destination-check ] [ down-switch ]

binding-destination dest-ipv6-address sr-policy { name policy-name | end-point ipv6 ipv6-address color color-value } [ ignore-destination-check ] [ down-switch ]

binding-destination dest-ipv6-address { srv6-policy group srv6-policy-group-id | srv6-policy { name policy-name | end-point ipv6 ipv6-address color color-value } } [ ignore-destination-check ] [ down-switch ]

undo binding-destination { dest-ip-address | dest-ipv6-address [ { sr-policy | srv6-policy } { name policy-name | end-point ipv6 ipv6-address color color-value } | srv6-policy group ] }

Default

A tunnel policy does not bind tunnels to a destination IP address.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

dest-ipv4-address: Specifies a destination IPv4 address.

dest-ipv6-address: Specifies a destination IPv6 address.

sr-policy group sr-policy-group-id: Specifies the SR-MPLS TE policy group to be bound with the specified destination IP address. The sr-policy-group-id argument represents the ID of the SR-MPLS TE policy group, in the range of 1 to 4294967295.

te: Specifies TE tunnels for binding.

tunnel number: Specifies a tunnel to be bound with the specified destination IP address. The number argument represents an existing tunnel interface number on the device.

&<1-16>: Indicates that you can bind a maximum of 16 tunnels. If more than one tunnel is bound, traffic will be load shared among the bound tunnels.

sr-policy { name policy-name | end-point ipv6 ipv6-address color color-value }: Specifies the SR-MPLS TE policy to be bound with the specified destination IPv4 address.

· name policy-name: Specifies an SR-MPLS TE policy by its name, a case-sensitive string of 1 to 59 characters.

· end-point ipv6 ipv6-address color color-value: Specifies an SR-MPLS TE policy by the destination node address (end-point address) and color value. The ipv6-address argument specifies the IPv6 address of the destination node. The color-value argument represents the color value, in the range of 0 to 4294967295.

srv6-policy group srv6-policy-group-id: Specifies the SRv6 TE policy group to be bound with the specified destination IPv6 address. The srv6-policy-group-id argument represents the ID of the SRv6 TE policy group, in the range of 1 to 4294967295.

srv6-policy { name policy-name | end-point ipv6 ipv6-address color color-value }: Specifies the SRv6 TE policy to be bound with the specified destination IPv6 address.

· name policy-name: Specifies an SRv6 TE policy by its name, a case-sensitive string of 1 to 59 characters.

· end-point ipv6 ipv6-address color color-value: Specifies an SRv6 TE policy by the destination node address (end-point address) and color value. The ipv6-address argument specifies the IPv6 address of the destination node. The color-value argument represents the color value, in the range of 0 to 4294967295.

ignore-destination-check: Ignores destination check. After this keyword is specified, a bound tunnel can be selected even if the destination IP address of the bound tunnel is different from the destination IP address of the tunnel policy. If you do not specify this keyword, the destination address of a bound tunnel must be the same as the destination IP address of the tunnel policy.

down-switch: Enables automatic tunnel switchover within the tunnel policy when the bound TE tunnels are not available. After this keyword is specified, the tunnel policy selects a tunnel by using the following methods in descending order of priority: bound tunnel—preferred tunnel—load sharing. If you do not specify this keyword, the device selects tunnels only from the bound tunnels of the tunnel policy.

Usage guidelines

After a tunnel is bound to a destination IP address, traffic destined for the destination IP address will be forwarded only by the bound tunnel.

You can bind tunnels to multiple destination IP addresses in a tunnel policy.

In the same tunnel policy and for the same IPv4 destination address:

· If you execute this command multiple times to bind different types of tunnels, the most recent configuration takes effect.

· If you execute this command multiple times to bind the same type of tunnels, this command takes effect as follows:

¡ If you bind multiple MPLS TE tunnels, the MPLS TE tunnels will load share the traffic.

¡ If you bind SR-MPLS TE policy groups multiple times, the most recent configuration takes effect. That is, you can bind only one SR-MPLS TE policy group to a destination IPv4 address in a tunnel policy.

In the same tunnel policy and for the same IPv6 destination address:

· If you execute this command multiple times to bind different types of tunnels, the most recent configuration takes effect.

· If you execute this command multiple times to bind the same type of tunnels, this command takes effect as follows:

¡ If you bind multiple SRv6 TE policies, the SRv6 TE policy tunnels will load share the traffic.

¡ If you bind SRv6 TE policy groups multiple times, the most recent configuration takes effect. That is, you can bind only one SRv6 TE policy group to a destination IPv6 address in a tunnel policy.

If you execute the binding-destination, preferred-path, and select-seq load-balance-number commands simultaneously for a tunnel policy, the binding-destination command has the highest priority in tunnel selection. More specifically, the tunnel policy selects tunnels as follows:

· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE.

For an SR-MPLS TE policy group, the tunnel destination address is the destination node address of the SR-MPLS TE policy group. For an SR-MPLS TE policy, the tunnel destination address is the destination node address of the SR-MPLS TE policy. For an SRv6 TE policy group, the tunnel destination address is the destination node address of the SRv6 TE policy group. For an SRv6 TE policy, the tunnel destination address is the destination node address of the SRv6 TE policy.

· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Before binding MPLS TE tunnels to a destination IP address, first execute the mpls te reserved-for-binding command for the tunnels.

Example

# In tunnel policy policy1, bind destination address 100.1.1.9 to four TE tunnels. Ignore destination check, and allow tunnel selection using other tunnel selection methods within the tunnel policy when the bound TE tunnels are not available.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] binding-destination 100.1.1.9 te tunnel 1 tunnel 2 tunnel 3 tunnel 4 ignore-destination-check down-switch

Related commands

mpls te reserved-for-binding

preferred-path

display mpls tunnel

Use display mpls tunnel to display tunnel information.

Syntax

display mpls tunnel { all | statistics | [ vpn-instance vpn-instance-name ] destination { ipv4-address | ipv6-address } }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays all tunnels. MPLS TE tunnel information is displayed only when the network layer is up.

statistics: Displays tunnel statistics.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays tunnel information for the public network.

destination: Displays the tunnel destined for the specified address.

ipv4-address: Specifies the tunnel destination IPv4 address.

ipv6-address: Specifies the tunnel destination IPv6 address.

Examples

# Display information about all tunnels.

<Sysname> display mpls tunnel all

Destination Type Tunnel/NHLFE VPN Instance

2.2.2.2 LSP NHLFE1024 -

3.3.3.3 CRLSP Tunnel2 -

Table 1 Command output

Field	Description
Destination	Tunnel destination address.
Type	Tunnel type: · LSP. · CRLSP. · SRLSP. · SRPolicy (SR-MPLS TE policy). · SRPGroup (SR-MPLS TE policy group).
Tunnel/NHLFE	Tunnel, tunnel bundle, NHLFE entry, or SR-TR policy group ID. NHLFEnumber represents the ingress LSP or SR-MPLS TE policy group tunnel that matches the NHLFE entry with NID of number.
VPN Instance	VPN instance name. If the tunnel belongs to the public network, this field displays a hyphen (-).

# Display tunnel statistics.

<Sysname> display mpls tunnel statistics

LSP : 1

GRE : 0

CRLSP: 0

SRLSP : 0

SRPOLICY: 0

SRPGROUP: 0

Table 2 Command output

Field	Description
LSP	Number of LSP tunnels.
GRE	This field is not supported in the current software version. Number of GRE tunnels.
CRLSP	Number of CRLSP tunnels.
SRLSP	Number of SRLSP tunnels.
SRPOLICY	Number of SR-MPLS TE policy tunnels.
SRPGROUP	Number of SR-MPLS TE policy group tunnels.

display tunnel-info ipv6

Use display tunnel-info ipv6 to display information about IPv6 tunnels.

Syntax

display tunnel-info ipv6 { all | destination ipv6-address | statistics }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Display information about all IPv6 tunnels.

destination ipv6-address: Displays information about tunnels with the specified destination IPv6 address.

Statistics: Displays statistics about IPv6 tunnels.

Examples

# Display information about all IPv6 tunnels.

<Sysname> display tunnel-info ipv6 all

Destination : 222::2

Type : SRv6-TE Policy

Color : 10

Forwarding index: 2150629377

VPN instance : -

Policy name : P100

# Display statistics about IPv6 tunnels.

<Sysname> display tunnel-info ipv6 statistics

LSP : 0

GRE : 0

CRLSP : 0

SRLSP : 0

SRv6-TE Policy : 0

SRv6-TE Policy Group: 0

Table 3 Command output

Field	Description
Destination	Tunnel destination address.
Type	Tunnel type: · MPLS LDP—Tunnel established on an IPv6 LDP LSP. · SRv6-TE Policy—Tunnel established on the forwarding path selected by an SRv6 TE policy. · SRv6-TE Policy Group—Tunnel established on the forwarding path selected by an SRv6 TE policy group.
Color	Color value of the SRv6 TE policy or SRv6 TE policy group. This field is available only when the tunnel type is SRv6-TE Policy or SRv6-TE Policy Group. For an invalid color value, this field displays a hyphen (-).
Forwarding Index	Forwarding entry index.
VPN Instance	Name of the VPN instance. For the public network, this field displays a hyphen (-).
Policy Name	SRv6 TE policy name. This field is available only when the tunnel type is SRv6-TE Policy.
Group ID	SRv6 TE policy group ID.
LSP	Number of LSP tunnels.
GRE	This field is not supported in the current software version. Number of GRE tunnels
CRLSP	Number of CRLSP tunnels.
SRLSP	Number of SRLSP tunnels.
SRv6-TE Policy	Number of tunnels of the SRv6 TE Policy type.
SRv6-TE Policy Group	Number of tunnels of the SRv6 TE Policy Group type.

‌

display tunnel-policy

Use display tunnel-policy to display tunnel policy information.

Syntax

display tunnel-policy [ tunnel-policy-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel-policy-name: Specifies a tunnel policy by its name, a case-sensitive string of 1 to 19 characters. If you do not specify a tunnel policy, this command displays information about all tunnel policies.

Examples

# Display information about all tunnel policies.

<Sysname> display tunnel-policy

Tunnel policy name: abc

Select-Seq: LSP, CRLSP, SRLSP, SR-TE Policy, SRv6-TE Policy, SRv6-TE Policy Group

Load balance number : 1

Strict : No

color-match : No

Preferred paths:

Type : TE

Tunnel: Tunnel11

Type : SRv6-TE Policy(End-point/Color)

Tunnel: 4::4/20

Binding-destination:

Destination IP address: 2.2.2.2

Tunnel Type : TE

Tunnels : Tunnel12

Ignore destination : No

Down switch : No

Destination IP address: 4::4

Tunnel Type : SRv6-TE Policy(Name)

Tunnels : abc

Destination IP address: 4::4

Tunnel Type : SRv6-TE Policy(End-point/Color)

Tunnels : 1000::1/10

Ignore destination : No

Down switch : No

Table 4 Command output

Field	Description
Select-Seq	Tunnel selection order. The tunnel types are displayed in descending order of priority in tunnel selection.
Load balance number	Number of tunnels for load balancing.
Strict	Whether the strict method is used to select tunnels for load balancing: · No—The tunnel policy can use a hybrid of the specified types of tunnels for load balancing. · Yes—The tunnel policy uses only one type of tunnels for load balancing.
Preferred paths	Preferred tunnels information.
Type	Type of the preferred tunnel: · TE—MPLS TE tunnel. · Tunnel-bundle—MPLS TE tunnel bundle. · SR-TE Policy(Name)—SR-MPLS TE policy identified by its name. · SR-TE Policy(End-point/Color)—SR-MPLS TE policy identified by the endpoint address and color value. · SRv6-TE Policy(Name)—SRv6 TE policy identified by its name. · SRv6-TE Policy(End-point/Color)—SRv6 TE policy identified by the endpoint address and color value.
Tunnel	Name of the preferred tunnel: · For an MPLS TE tunnel, this field displays the MPLS TE tunnel interface name in the format of Tunnelnumber. · For an MPLS TE tunnel bundle, this field displays the MPLS TE tunnel bundle interface name in the format of Tunnel-bundlenumber. · For an SR-MPLS TE policy or SRv6 TE policy (endpoint/color), this field displays the endpoint address and color value of the SR-MPLS TE policy or SRv6 TE policy in the format of ip-address/color. · For an SR-MPLS TE policy or SRv6 TE policy (name), this field displays the name of the SR-MPLS TE policy or SRv6 TE policy.
Binding destination	Destination-tunnel binding information.
Destination IP address	Destination IP address for tunnel binding.
Tunnel type	Type of tunnels bound to the destination IP address: · TE—MPLS TE tunnel. · SR-TE Policy Group—SR-MPLS TE policy group tunnel. · SRv6-TE Policy Group—SRv6 TE policy group tunnel. · SRv6-TE Policy(Name)—SRv6 TE policy identified by its name. · SRv6-TE Policy(End-point/Color)—SRv6 TE policy identified by the endpoint address and color value.
Tunnels	Information of the bound tunnels: · Tunnelnumber—Tunnel interface name of an MPLS TE tunnel. · GroupID—Group ID of an SR-MPLS TE policy group or SRv6 TE policy group. · ipv6-address/color—End-point address and color value of an SRv6 TE policy or SR-MPLS TE policy. · name—Name of an SRv6 TE policy or SR-MPLS TE policy.
Ignore destination	Whether to ignore the destination check. · No—Performs destination check. The destination address of a bound tunnel must be the same as the destination IP address of the tunnel policy. · Yes—Ignores the destination check. A bound tunnel can be selected even if its destination IP address is different from the destination IP address of the tunnel policy.
Down switch	Whether to enable automatic tunnel switchover within the tunnel policy when the bound tunnels are not available. · No—Not enabled. · Yes—Enabled.

‌

mpls te reserved-for-binding

Use mpls te reserved-for-binding to reserve an MPLS TE tunnel for tunnel binding in a tunnel policy.

Use undo mpls te reserved-for-binding to restore the default.

Syntax

mpls te reserved-for-binding

undo mpls te reserved-for-binding

Default

An MPLS TE tunnel can be used by any tunnel policy implementation methods.

Views

Tunnel interface view

Predefined user roles

network-admin

Usage guidelines

You must execute this command for a TE tunnel before the tunnel can be specified as a bound tunnel of a tunnel policy.

After you execute this command for a TE tunnel, the tunnel can only be used as a bound tunnel of a tunnel policy. For more information about tunnel bindings, see the binding-destination command.

Examples

# Reserve an MPLS TE tunnel for tunnel binding in a tunnel policy.

<Sysname> system-view

[Sysname] interface tunnel 10 mode mpls-te

[Sysname-Tunnel10] mpls te reserved-for-binding

Related commands

binding-destination

preferred-path

Use preferred-path to configure a preferred tunnel.

Use undo preferred-path to delete a preferred tunnel.

Syntax

preferred-path { sr-policy { name sr-policy-name | end-point { ipv4 ipv4-address | ipv6 ipv6-address } color color-value } | srv6-policy { name srv6-policy-name | end-point ipv6 ipv6-address color color-value } | tunnel number | tunnel-bundle number }

undo preferred-path { sr-policy { name sr-policy-name | end-point { ipv4 ipv4-address | ipv6 ipv6-address } color color-value } | srv6-policy { name srv6-policy-name | end-point ipv6 ipv6-address color color-value } | tunnel number | tunnel-bundle number }

Default

No preferred tunnels are configured.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

sr-policy: Specifies an SR-MPLS TE policy as the preferred tunnel.

name sr-policy-name: Specifies an SR-MPLS TE policy by its name, a case-sensitive string of 1 to 59 characters.

end-point { ipv4 ipv4-address | ipv6 ipv6-address } color color-value: Specifies an SR-MPLS TE policy by the destination node address (end-point address) and color value. The ipv4-address argument specifies the IPv4 address of the destination node. The ipv6-address argument specifies the IPv6 address of the destination node. The color-value argument represents the color value, in the range of 0 to 4294967295.

srv6-policy: Specifies an SRv6 TE policy as the preferred tunnel.

name srv6-policy-name: Specifies an SRv6 TE policy by its name, a case-sensitive string of 1 to 59 characters.

end-point ipv6 ipv6-address color color-value: Specifies an SRv6 TE policy by the destination node address and color value. The ipv6-address argument specifies the IPv6 address of the destination node. The color-value argument represents the color value, in the range of 0 to 4294967295.

tunnel number: Specifies an MPLS TE tunnel by its tunnel interface number. The value range for the tunnel interface number is 0 to 65534.

tunnel-bundle number: Specifies a tunnel bundle by its tunnel bundle interface number. The value range for the tunnel bundle interface number is 0 to 1023.

Usage guidelines

You can configure an SR-MPLS TE policy, SRv6 TE policy, MPLS TE tunnel, a GRE tunnel, or a tunnel bundle as a preferred tunnel of a tunnel policy.

As a best practice for an MPLS VPN, configure a preferred tunnel and make sure the destination address of the preferred tunnel identifies the peer PE. In this method, the local PE forwards traffic destined for the peer PE over the preferred tunnel.

For a tunnel policy to solely use a tunnel, a tunnel bundle, an SR-MPLS TE policy tunnel, or an SRv6 TE policy tunnel, do not configure the tunnel as the preferred tunnel in other tunnel policies.

If you configure multiple preferred tunnels that have the same destination address in a tunnel policy, only the first configured tunnel takes effect. If the first tunnel is not available, the second tunnel is used, and so forth. No load balancing will be performed on these tunnels.

· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE.

· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel 1 and tunnel 2 as preferred tunnels for tunnel policy policy1.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 1

[Sysname-tunnel-policy-policy1] preferred-path tunnel 2

select-seq load-balance-number

Use select-seq load-balance-number to configure the tunnel selection order and set the number of tunnels for load balancing.

Use undo select-seq to restore the default.

Syntax

select-seq [ strict ] { cr-lsp | lsp | sr-lsp | sr-policy | srv6-policy | srv6-policy-group } * load-balance-number number [ color-match ]

undo select-seq

Default

The device selects only one tunnel in LSP, CRLSP, SRLSP, SR-MPLS TE policy, SRv6 TE policy, and SRv6 TE policy group order.

Views

Tunnel policy view

Predefined user roles

network-admin

Parameters

strict: Uses the same type of tunnels for load balancing.

cr-lsp: Uses CRLSP tunnels.

lsp: Uses LSP tunnels.

sr-lsp: Uses SRLSP tunnels.

sr-policy: Uses SR-MPLS TE policy tunnels.

srv6-policy: Uses SRv6 TE policy tunnels.

srv6-policy-group: Uses SRv6 TE policy group tunnels.

load-balance-number number: Specifies the number of tunnels for load balancing. The value range for the number argument is 1 to 256.

color-match: Uses only the tunnel that has the same color attribute as the BGP route. If the BGP route does not carry a color attribute, the device cannot select a tunnel for the BGP route. If you do not specify this keyword, the device can select tunnels for the BGP route when the route does not carry a color attribute. This keyword is supported only for SR-MPLS TE policy tunnels, SRv6 TE policy tunnels, and SRv6 TE policy group tunnels.

NOTE:

The color-match keyword is supported only in Release 5212P06 and later.

Usage guidelines

A tunnel type closer to the select-seq keyword has a higher priority. The strict keyword determines whether the tunnel policy can select a hybrid of the specified types of tunnels for load balancing.

For example, the select-seq lsp cr-lsp load-balance-number 3 command specifies three tunnels for load balancing and gives LSP tunnels higher priority over CRLSP tunnels.

· If you specify the strict keyword, the tunnel policy selects only one type of tunnels. The tunnel policy will not select CRLSP tunnels when the number of LSP tunnels is less than 3 unless no LSP tunnels are available.

· If you do not specify the strict keyword, the tunnel policy can select CRLSP tunnels to remedy the deficiency of LSP tunnels.

SR-MPLS TE policy tunnels cannot share load with other types of tunnels regardless of whether you have specified the strict keyword or not.

Load balancing is not supported among SRv6 TE policy group tunnels. Only one SRv6 TE policy group tunnel can be used to forward packets. The following rules apply when an SRv6 TE policy group tunnel is selected:

1. A dynamically created SRv6 TE policy group tunnel has a higher priority than a statically created one.

2. An SRv6 TE policy group with a smaller color value has a higher priority.

3. An SRv6 TE policy group with a smaller group ID has a higher priority.

Tunnels selected by this method are not fixed, making it hard to plan VPN traffic. As a best practice, do not use this method.

· If the destination address of a bound tunnel identifies a peer PE, the tunnel policy uses the bound tunnel to forward the traffic to the peer PE.

· If no bound tunnels are available for the peer PE, the tunnel policy selects a preferred tunnel whose destination address can identify the peer PE to forward traffic.

· If no preferred tunnel is available for the peer PE, the tunnel policy uses the load sharing method to forward the traffic to the peer PE.

Examples

# Configure tunnel policy policy1 to use only MPLS TE tunnels, and set the load balancing number to 2.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] select-seq cr-lsp load-balance-number 2

tunnel-policy (system view)

Use tunnel-policy to create a tunnel policy and enter its view, or enter the view of an existing tunnel policy.

Use undo tunnel-policy to delete a tunnel policy.

Syntax

tunnel-policy tunnel-policy-name [ default ]

undo tunnel-policy tunnel-policy-name

Default

No tunnel policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a name for the tunnel policy, a case-sensitive string of 1 to 19 characters.

default: Specifies the tunnel policy as the default tunnel policy. Only one default tunnel policy can be configured. If you do not specify this keyword, the tunnel policy is not the default tunnel policy.

Usage guidelines

By default, the device selects only one tunnel in LSP, CRLSP, SRLSP, SR-MPLS TE policy, SRv6 TE policy, and SRv6 TE policy group order.

If an MPLS VPN is not bound to a tunnel policy or the bound tunnel policy does not exist, the default . tunnel policy is used. If an MPLS VPN is bound to an empty tunnel policy, the tunnel selection order is used.

Examples

# Create tunnel policy policy1 and enter its view.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1]

tunnel-policy-default select-seq load-balance-number

Use tunnel-policy-default select-seq load-balance-number to configure the default load sharing policy for tunnel selection, including the default tunnel selection order and the number of tunnels selected for load balancing.

Use undo tunnel-policy-default select-seq to restore the default.

NOTE:

This command is supported only in Release 5212P06 and later.

Syntax

tunnel-policy-default select-seq [ strict ] { cr-lsp | lsp | sr-lsp | sr-policy | srv6-policy | srv6-policy-group } * load-balance-number number [ color-match ]

undo tunnel-policy-default select-seq

Default

The tunnel selection order is LSP, CRLSP, SRLSP, SR-MPLS TE policy, SRv6 TE policy, and SRv6 TE policy group. The number of tunnels selected for load sharing is 1.

Views

System view

Predefined user roles

network-admin

Parameters

strict: Uses the same type of tunnels for load balancing.

· If you specify this keyword, the device uses only one type of tunnels for load balancing. For example, if the select-seq strict lsp cr-lsp load-balance-number 3 command is used, the device uses only one type of tunnels. If LSP tunnels are available, the device uses only LSP tunnels. If no LSP tunnels are available, the device uses only CRLSP tunnels.

· If you do not specify this keyword, the device can use a hybrid of the specified types of tunnels for load balancing. For example, if you configure the select-seq lsp cr-lsp load-balance-number 3 command, the device preferentially uses LSP tunnels for load balancing. If the number of LSP tunnels is 0 or less than 3, the device uses CRLSP tunnels to remedy the deficiency of LSP tunnels. SR-MPLS TE policy tunnels, SRv6 TE policy tunnels, and SRv6 TE policy group tunnels cannot share load with other types of tunnels regardless of whether you have specified this keyword or not.

cr-lsp: Uses CRLSP tunnels.

lsp: Uses LSP tunnels.

sr-lsp: Uses SRLSP tunnels.

sr-policy: Uses SR-MPLS TE policy tunnels.

srv6-policy: Uses SRv6 TE policy tunnels.

srv6-policy-group: Uses SRv6 TE policy group tunnels.

load-balance-number number: Specifies the number of tunnels for load sharing. The value range for the number argument depends on the configuration set by the max-ecmp-num command. Assume the maximum number of ECMP routes set by the max-ecmp-num command is m. When m is 32 or less, the value range for the number argument is 1 to m. When m is greater than 32, the value range for the number argument is 1 to 32. For more information the max-ecmp-num command, see basic IP routing commands in Layer 3—IP Routing Command Reference.

Usage guidelines

Application scenarios

When a large number of VPNs need to use the same tunnel policy, you need to create a tunnel policy, execute the select-seq load-balance-number command in tunnel policy view, and then apply this policy to each VPN. The configuration is labor-intensive and error-prone.

To simply the configuration, use this command to configure a default tunnel selection policy, VPNs that do not reference a tunnel policy will automatically use the configured default tunnel selection policy.

Restrictions and guidelines

A tunnel type closer to the select-seq keyword has a higher priority during tunnel selection. Furthermore, only the tunnel types specified in this command can be selected.

If you specify the srv6-policy color-match parameter in this command, the device selects only one SRv6 TE policy that has the same color attribute as the BGP route. It cannot select multiple SRv6 TE policies for load sharing.

SRv6 TE policy groups do not support load sharing. Only one SRv6 TE policy group can be selected for forwarding packets, using the following rules:

1. A dynamically created SRv6 TE policy group has a higher priority than a statically configured SRv6 TE policy group.

2. An SRv6 TE policy group with a smaller color value has a higher priority.

3. An SRv6 TE policy group with a smaller group ID has a higher priority.

Examples

# Configure the default load sharing policy to use only LSP tunnels, and set the number of tunnels for load sharing to 5.

<Sysname> system-view

[Sysname] tunnel-policy-default select-seq lsp load-balance-number 5

Related commands

select-seq load-balance-number

tunnel-policy

Tunnel selector commands

apply tunnel-policy

Use apply tunnel-policy to specify a tunnel policy for a tunnel selector.

Use undo apply tunnel-policy to restore the default.

Syntax

apply tunnel-policy tunnel-policy-name

undo apply tunnel-policy

Default

No tunnel policy is specified for a tunnel selector.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a tunnel policy by its name, a case-sensitive string of 1 to 19 characters.

Usage guidelines

If you specify a nonexistent tunnel policy for a tunnel selector, use the tunnel-policy command to create the policy and then configure the policy.

Examples

# Specify tunnel policy policy1 for tunnel selector ts1.

<Sysname> system-view

[Sysname] tunnel-policy policy1

[Sysname-tunnel-policy-policy1] select-seq cr-lsp lsp load-balance-number 1

[Sysname-tunnel-policy-policy1] quit

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match rd-list 1

[Sysname-tunnel-selector-ts1-10] apply tunnel-policy policy1

Related commands

display tunnel-selector

tunnel-policy

tunnel-selector

apply tunnel-selector

Use apply tunnel-selector to apply a tunnel selector to BGP EVPN routes, BGP VPNv4 routes, BGP VPNv6 routes, or labeled BGP IPv4 or IPv6 unicast routes.

Use undo apply tunnel-selector to cancel the application.

Syntax

In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view/BGP EVPN address family view:

apply tunnel-selector tunnel-selector-name [ all ]

undo apply tunnel-selector

In BGP VPNv4 address family view/BGP VPNv6 address family view:

apply tunnel-selector tunnel-selector-name

undo apply tunnel-selector

Default

No tunnel selector is applied to BGP EVPN routes, BGP VPNv4 routes, BGP VPNv6 routes, or labeled BGP IPv4 or IPv6 unicast routes.

Views

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv6 address family view

BGP EVPN address family view

Predefined user roles

network-admin

Parameters

tunnel-selector-name: Specifies a tunnel selector by its name, a case-sensitive string of 1 to 40 characters.

all: Applies the tunnel selector to all BGP unicast routes, including labeled routes and subnet routes.

Usage guidelines

This command can perform route recursion for BGP EVPN, BGP VPNv4, BGP VPNv6, or labeled BGP IPv4 or IPv6 unicast routes to select expected types of tunnels.

This command is mainly applicable to the following BGP/MPLS L3VPN scenarios:

· In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.

· In an HoVPN, an SPE needs to apply a tunnel policy to the BGP VPNv4 or VPNv6 routes received from UPEs.

· In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.

In an inter-AS Option C network, to perform tunnel load balancing for BGP labeled routes, execute the apply tunnel-selector tunnel-selector-name all command on the ASBR.

Deleting the applied tunnel selector might cause VPN service interruption because the routes cannot recurse to tunnels.

Examples

# In BGP IPv4 unicast address family view, apply tunnel selector ts1 to BGP labeled routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family ipv4 unicast

[Sysname-bgp-default-ipv4] apply tunnel-selector ts1

Related commands

tunnel-selector

display ip rd-list

Use display ip rd-list to display RD list information.

Syntax

display ip rd-list [ rd-list-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

rd-list-number: Specifies an RD list by its number, in the range of 1 to 65535. If you do not specify an RD list, this command display information about all RD lists.

Examples

# Display information about all RD lists.

<Sysname> display ip rd-list

Route Distinguisher List Number 1

Index: 1 permit 1.1.1.1:1 2.2.2.2:* 100:1 200:*

Route Distinguisher List Number 2

Index: 2 deny 1:1 2:2

Table 5 Command output

Field	Description
Route Distinguisher List Number	RD list number.
Index	Index of an RD list item.
permit	Match mode of the RD list item: · Permit. · Deny.

Related commands

ip rd-list

display tunnel-selector

Use display tunnel-selector to display tunnel selector information.

Syntax

display tunnel-selector [ tunnel-selector-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel-selector-name: Specifies a tunnel selector by its name, a case-sensitive string of 1 to 40 characters. If you do not specify a tunnel selector, this command displays information about all tunnel selectors.

Examples

# Display information about all tunnel selectors.

<Sysname> display tunnel-selector

Tunnel-selector: ts1

Permit : 1

if-match ip next-hop prefix-list ipv4prefix1

apply tunnel-policy policy1

Tunnel-selector: ts2

Permit : 2

if-match ip address acl 2222

if-match ip rd-list 2

apply tunnel-policy policy2

Table 6 Command output

Field	Description
Tunnel-selector	Tunnel selector name.
Permit	Node match mode and node number of the tunnel selector. The node match mode can be Permit or Deny.
if-match	Match criterion configured by the if-match clause.
apply	The action to be applied to the matching routes.

Related commands

tunnel-selector

if-match community

Use if-match community to configure a community list match criterion for BGP routes

Use undo if-match community to delete a community list match criterion for BGP routes.

Syntax

if-match community { { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number }&<1-32>

undo if-match community [ { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number ]&<1-32>

Default

No BGP community list match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

basic-community-list-number: Specifies a basic community list by its number, in the range of 1 to 99.

adv-community-list-number: Specifies an advanced community list by its number, in the range of 100 to 199.

name comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters that cannot contain only numbers.

whole-match: Exactly matches the specified community list. All of the specified communities and only those communities must be present.

&<1-32>: Indicates that you can specify a maximum of 32 community lists.

Usage guidelines

If the specified community list number or name does not exist, use the ip community-list command to create it.

The whole-match keyword takes effect only on the community list specified in front of this keyword. If you specify multiple community lists and require exact match for each community list, add this keyword after each filter. This keyword takes effect only on basic community lists.

Examples

# Configure community list 1 to permit BGP routes with community number 100 or 200. Then configure node 10 in permit mode for tunnel selector ts1 to use community list 1 to match BGP routes.

<Sysname> system-view

[Sysname] ip community-list 1 permit 100 200

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match community 1

Related commands

ip community-list (Layer 3—IP Routing Command Reference)

if-match extcommunity

Use if-match extcommunity to configure an extended community list match criterion for BGP routes

Use undo if-match extcommunity to delete an extended community list match criterion for BGP routes.

Syntax

if-match extcommunity { ext-comm-list-number | ext-comm-list-name }&<1-32>

undo if-match extcommunity [ ext-comm-list-number | ext-comm-list-name ]&<1-32>

Default

No BGP extended community list match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

ext-comm-list-number: Specifies an extended community list by its number, in the range of 1 to 65535.

ext-comm-list-name: Specifies an extended community list by its name, a case-sensitive string of 1 to 63 characters that cannot contain only numbers.

&<1-32>: Indicates that you can specify a maximum of 32 extended community lists.

Usage guidelines

If the extended community list specified for a match criterion does not exist, the criterion matches all BGP routes.

Examples

# Configure extended community lists 100 and 150 to permit BGP routes with RT 100:100 and RT 150:150, respectively. Then configure node 10 in permit mode for tunnel selector ts1 to use community list 100 and 150 to match BGP routes.

<Sysname> system-view

[Sysname] ip extcommunity-list 100 permit rt 100:100

[Sysname] ip extcommunity-list 150 permit rt 150:150

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match extcommunity 100 150

Related commands

ip extcommunity-list (Layer 3—IP Routing Command Reference)

if-match ip

Use if-match ip to configure an IPv4 route match criterion.

Use undo if-match ip to delete the specified IPv4 route match criterion.

Syntax

if-match ip { address | next-hop } { acl ipv4-acl-number | prefix-list prefix-list-name }

undo if-match ip { address | next-hop } [ acl | prefix-list ]

Default

No IPv4 route match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

address: Matches the destination address of IPv4 routes.

next-hop: Matches the next hop of IPv4 routes.

acl ipv4-acl-number: Specifies an ACL by its number. The value range for the ipv4-acl-number argument is 2000 to 3999 for the address keyword, and 2000 to 2999 for the next-hop keyword.

prefix-list prefix-list-name: Specifies an IP prefix list by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If the specified ACL or IP prefix list does not exist, use the acl command or the ip prefix-list command to create it.

If the specified ACL does not exist or no rules exist in the ACL, the ACL does not take effect in IPv4 route matching.

If the specified ACL contains a rule with the vpn-instance keyword, the ACL rule does not take effect in IPv4 route matching.

Examples

# Create a tunnel selector named ts1, and configure node 10 for the tunnel selector to permit IPv4 routes whose next hop matches IP prefix list p1.

<Sysname> system-view

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match ip next-hop prefix-list p1

Related commands

acl (ACL and QoS Command Reference)

ip prefix-list (Layer 3—IP Routing Command Reference)

if-match ipv6

Use if-match ipv6 to configure an IPv6 route match criterion.

Use undo if-match ipv6 to delete the specified IPv6 route match criterion.

Syntax

if-match ipv6 { address | next-hop } { acl ipv6-acl-number | prefix-list prefix-list-name }

undo if-match ipv6 { address | next-hop } [ acl | prefix-list ]

Default

No IPv6 route match criterion is configured.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

address: Matches the destination address of IPv6 routes.

next-hop: Matches the next hop of IPv6 routes.

acl ipv6-acl-number: Specifies an IPv6 ACL by its number. The value range for the ipv6-acl-number argument is 2000 to 3999 for the address keyword, and 2000 to 2999 for the next-hop keyword.

prefix-list prefix-list-name: Specifies an IPv6 prefix list by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

If the specified IPv6 ACL or IPv6 prefix list does not exist, use the acl command or the ipv6 prefix-list command to create it.

If the specified IPv6 ACL does not exist or no rules exist in the IPv6 ACL, the IPv6 ACL does not take effect in IPv6 route matching.

If the specified IPv6 ACL contains a rule with the vpn-instance keyword, the IPv6 ACL rule does not take effect in IPv6 route matching.

Examples

# Create a tunnel selector named ts1, and configure node 10 for the tunnel selector to permit IPv6 routes whose next hop matches IPv6 prefix list p1.

<Sysname> system-view

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match ipv6 next-hop prefix-list p1

Related commands

acl (ACL and QoS Command Reference)

ipv6 prefix-list (Layer 3—IP Routing Command Reference)

if-match rd-list

Use if-match rd-list to configure an RD list match criterion for BGP routes.

Use undo if-match rd-list to delete the RD list match criterion.

Syntax

if-match rd-list rd-list-number

undo if-match rd-list

Default

No RD list match criterion is configured for BGP routes.

Views

Tunnel selector view

Predefined user roles

network-admin

Parameters

rd-list-number: Specifies an RD list by its number, in the range of 1 to 65535.

Usage guidelines

When you configure an RD list match criterion for BGP route filtering, the following applies:

· If the specified RD list is not configured (by using the ip rd-list command), routes are permitted by the RD list.

· If the RD list is well configured but a route does not match any RD specified in the list, the route is denied by the RD list.

· The relation between the RDs specified in an RD list are logical OR in route matching, because each route has only one RD.

Examples

# Configure RD list 1 to permit BGP routes with RD 1:1. Create tunnel selector ts1, and configure node 10 for the tunnel selector to permit BGP routes that match RD list 1.

<Sysname> system-view

[Sysname] ip rd-list 1 permit 1:1

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10] if-match rd-list 1

Related commands

ip rd-list

Use ip rd-list to configure an RD list.

Use undo ip rd-list to delete an RD list.

Syntax

ip rd-list rd-list-number [ index index-number ] { deny | permit } route-distinguisher&<1-10>

undo ip rd-list rd-list-number [ index index-number ] [ { deny | permit } route-distinguisher&<1-10> ]

Default

No RD lists exist.

Views

System view

Predefined user roles

network-admin

Parameters

rd-list-number: Specifies the RD list number, in the range of 1 to 65535.

index index-number: Specifies the index number for an RD list item. The value range for the index-number argument is 1 to 4294967295. An item with a smaller index number is matched first. If you do not specify this option, the system automatically assigns index numbers starting from 10 and in steps of 10. If the maximum value has been assigned, the system assigns index numbers from the available values, in ascending order.

deny: Sets the match mode of the RD list to deny.

permit: Sets the match mode of the RD list to permit.

route-distinguisher&<1-10>: Specifies up to 10 RDs. An RD is a string of 3 to 21 characters, and can be configured in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 16-bit AS number:wildcard. For example, 101:*.

· 32-bit IPv4 address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit IPv4 address:wildcard. For example, 192.168.122.15:*.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

· 32-bit AS number:wildcard, where the minimum value of the AS number is 65536. For example, 65536:*.

Usage guidelines

After you configure RD lists by using the ip rd-list command, you can implement BGP route filtering by using a tunnel selector as follows:

1. Use the if-match rd-list command to specify a created RD list to configure an RD list match criterion in tunnel selector view.

2. Applies the tunnel selector to BGP routes.

If an RD list is used for route filtering, the following applies:

· If the RD list is not configured, routes are permitted by the RD list.

· If the RD list is well configured but a route does not match any RD specified in the list, the route is denied by the RD list.

· The relation between the RDs specified in an RD list are logical OR in route matching, because each route has only one RD.

Examples

# Create RD list 1 to permit routes with RD 100:1.

<Sysname> system-view

[Sysname] ip rd-list 1 permit 100:1

Related commands

· display ip rd-list

· if-match rd-list

tunnel-selector

Use tunnel-selector to create a tunnel selector and enter its view, or enter the view of an existing tunnel selector.

Use undo tunnel-selector to delete a tunnel selector.

Syntax

tunnel-selector tunnel-selector-name { deny | permit } node node-number

undo tunnel-selector tunnel-selector-name { deny | permit } node node-number

Default

No tunnel selectors exist.

Views

System view

Predefined user roles

network-admin

Parameters

tunnel-selector-name: Specifies the tunnel selector name, a case-sensitive string of 1 to 40 characters.

deny: Sets the match mode of the tunnel selector to deny. If a route matches all the if-match clauses of a node, the route is denied and does not match the next node. If a route does not match an if-match clause of a node, the route continues to match the next node.

permit: Sets the match mode of the tunnel selector to permit. If a route matches all the if-match clauses of a node, the route matches the node. If a route does not match an if-match clause of a node, the route continues to match the next node.

node node-number: Specifies a node number for the tunnel selector. The value range for node-number argument is 0 to 65535. The node with a smaller node number is matched first.

Usage guidelines

A tunnel selector is needed in the following BGP/MPLS L3VPN scenarios:

· In an inter-AS Option B network, an ASBR is not configured with VPN instances but it needs to apply a tunnel policy to the BGP VPNv4 or BGP VPNv6 routes received from the PEs.

· In an inter-AS Option C network, the local PE needs to apply a tunnel policy to the BGP labeled routes advertised to the remote PEs.

Examples

# Create a tunnel selector and enter its view. Specify the tunnel selector name as ts1, node number as 10, and match mode as permit.

<Sysname> system-view

[Sysname] tunnel-selector ts1 permit node 10

[Sysname-tunnel-selector-ts1-10]

Related commands

display tunnel-selector

07-MPLS Command Reference

tunnel-policy-default select-seq load-balance-number

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us