Contents

Basic IP forwarding commands· 1

display fib· 1

fib consistency-check enable· 3

forwarding vxlan-packet inner-protocol 3

ip forwarding-table save· 4

snmp-agent trap enable fib· 5

Load sharing commands· 7

display ip load-sharing mode· 7

display ip load-sharing path· 8

ip load-sharing local-first enable· 10

ip load-sharing mode· 10

ip load-sharing symmetric enable· 12

 

Basic IP forwarding commands

display fib

Use display fib to display FIB entries.

Syntax

display fib [ vpn-instance vpn-instance-name ]  [ ip-address [ mask | mask-length ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display the FIB entries for the public network, do not specify any VPN instance.

ip-address: Displays the FIB entry that matches the specified destination IP address.

mask: Specifies the mask for the IP address.

mask-length: Specifies the mask length for the IP address. The value range is 0 to 32.

Usage guidelines

If you specify an IP address without a mask or mask length, this command displays the longest matching FIB entry.

If you specify an IP address and a mask or mask length, this command displays the exactly matching FIB entry.

Examples

# Display all FIB entries of the public network.

<Sysname> display fib

 

Destination count: 5 FIB entry count: 5

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

1.1.1.0/24         192.168.126.1   USGF     M-GE0/0/0                Null

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

127.0.0.0/32       127.0.0.1       UH       InLoop0                  Null

127.0.0.1/32       127.0.0.1       UH       InLoop0                  Null

# Display the FIB entries for VPN vpn1.

<Sysname> display fib vpn-instance vpn1

Destination count: 6 FIB entry count: 6

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token      Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

20.20.20.0/24      20.20.20.25     U        M-GE0/0/0                Null

20.20.20.0/32      20.20.20.25     UBH      M-GE0/0/0                Null

20.20.20.25/32     127.0.0.1       UH       InLoop0                  Null

20.20.20.25/32     20.20.20.25     H        M-GE0/0/0                Null

20.20.20.255/32    20.20.20.25     UBH      M-GE0/0/0                Null

# Display the FIB entries matching the destination IP address 10.2.1.1.

<Sysname> display fib 10.2.1.1

 

Destination count: 1 FIB entry count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

10.2.1.1/32        127.0.0.1       UH       InLoop0                  Null

Table 1 Command output

Field	Description
Destination count	Total number of destination addresses.
FIB entry count	Total number of FIB entries.
Destination/Mask	Destination address and the mask length.
Nexthop	Next hop address.
Flag	Flags of routes: ·     U—Usable route. ·     G—Gateway route. ·     H—Host route. ·     B—Blackhole route. ·     D—Dynamic route. ·     S—Static route. ·     R—Relay route. ·     F—Fast reroute.
OutInterface/Token	Output interface/LSP index number.
Label	Inner label.

 

fib consistency-check enable

Use fib consistency-check enable to enable IPv4 FIB entry consistency check.

Use undo fib consistency-check enable to disable IPv4 FIB entry consistency check.

Syntax

fib consistency-check enable

undo fib consistency-check enable

Default

IPv4 FIB entry consistency check is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Packet drops or incorrect forwarding might occur when the IPv4 FIB entries in hardware are inconsistent with FIB entries configured in software. To prevent these issues, enable IPv4 FIB entry consistency check.

This feature compares all IPv4 FIB entries in software with the IPv4 FIB entries in hardware regularly. If the device detects an inconsistency, the device performs the following tasks:

·     Generates a log.

·     Updates the IPv4 FIB entry in hardware with the IPv4 FIB entry in software.

Examples

# Enable IPv4 FIB entry consistency check.

<Sysname> system-view

[Sysname] fib consistency-check enable

forwarding vxlan-packet inner-protocol

Use forwarding vxlan-packet inner-protocol to enable hardware forwarding for specific packets received from VXLAN tunnels.

Use undo forwarding vxlan-packet inner-protocol to restore the default.

Syntax

forwarding vxlan-packet inner-protocol { ipv4 | ipv6 } *

undo forwarding vxlan-packet inner-protocol [ ipv4 | ipv6 ]

Default

Packets received from VXLAN tunnels are delivered to the CPU for processing.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv4: Specifies IPv4 packets.Only ARP packets are supported.

ipv6: Specifies IPv6 packets.Only NS packets are supported.

Usage guidelines

Before configuring this feature, set the VXLAN hardware resource mode to Layer 3 gateway on the device. For more information about VXLAN hardware resource configuration, see VXLAN configuration in VXLAN Configuration Guide.

SH interface modules support this feature only when the operating mode and the proxy mode of the service module are LegacyL3.

By default, the device forwards ARP and NS packets received from VXLAN tunnels to the CPU for processing when acting as a VTEP in a distributed EVPN gateway network. If a large number of such packets are received, packet loss might occur because of software rate limit, which might cause service exceptions on downlink devices.

To resolve this issue, you can enable the device to forward ARP and NS packets received from VXLAN tunnels in hardware without delivering them to the CPU.

Examples

# Enable hardware forwarding for IPv4 packets received from VXLAN tunnels.

<Sysname> system-view

[Sysname] forwarding vxlan-packet inner-protocol ipv4

ip forwarding-table save

Use ip forwarding-table save to save the IP forwarding entries to a file.

Syntax

ip forwarding-table save filename filename

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

filename filename: Specifies the name of a file, a string of 1 to 255 characters. For information about the filename argument, see file system management in Fundamentals Configuration Guide.

Usage guidelines

The command automatically creates the file if you specify a nonexistent file. If the file already exists, this command overwrites the file content.

To automatically save the IP forwarding entries periodically, configure a schedule for the device to automatically run the ip forwarding-table save command. For information about scheduling a task, see Fundamentals Configuration Guide.

Examples

# Save the IP forwarding entries to the fib.txt file.

<Sysname> ip forwarding-table save filename fib.txt

snmp-agent trap enable fib

Use snmp-agent trap enable fib to enable SNMP notifications for FIB events.

Use undo snmp-agent trap enable fib to disable SNMP notifications for FIB events.

Syntax

snmp-agent trap enable fib [ deliver-failed | ecmp-limit | entry-consistency | entry-limit ] *

undo snmp-agent trap enable fib [ deliver-failed | ecmp-limit | entry-consistency | entry-limit ] *

Default

SNMP notifications for FIB events are enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

deliver-failed: Specifies notifications to be sent when FIB entry deployment to the hardware fails.

ecmp-limit: Specifies notifications to be sent when the number of ECMP routes exceeds the upper limit.

entry-consistency: Specifies notifications to be sent when the FIB software and hardware entries are inconsistent.

entry-limit: Specifies notifications to be sent when the number of FIB entries exceeds the upper limit.

Usage guidelines

This feature enables the FIB module to generate SNMP notifications for critical FIB events. The SNMP notifications are sent to the SNMP module.

You can enable specific SNMP notifications for FIB events as needed. If you do not specify any SNMP notification types, the command enables all types of SNMP notifications.

·     With ecmp-limit specified, when the number of ECMP routes learned by a module exceeds the upper limit, the device sends an SNMP notification that carries the module number to the SNMP module.

·     With entry-consistency specified, if the FIB software and hardware entries on a module are inconsistent, the device sends an SNMP notification that carries the module number to the SNMP module.

·     With entry-limit specified, when the number of FIB entries exceeds the upper limit, the device sends an SNMP notification that carries the FIB entry module name to the SNMP module.

·     With deliver-failed specified, when FIB entry deployment to the hardware fails, the device sends an SNMP notification that carries the entry VRF, IP address type, IP address, mask, and failure reason to the SNMP module.

For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Disable SNMP notifications for FIB events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable fib

 

Load sharing commands

display ip load-sharing mode

Use display ip load-sharing mode to display the load sharing mode in use.

Syntax

In standalone mode:

display ip load-sharing mode slot slot-number

In IRF mode:

display ip load-sharing mode chassis chassis-number slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the load sharing mode for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays the load sharing mode for all cards. (In IRF mode.)

Examples

# Display the load sharing mode in use.

<Sysname> display ip load-sharing mode slot 1

Load-sharing mode: per-flow

Load-sharing options: dest-ip | src-ip | ip-pro | dest-port | src-port | ingress-port

Table 2 Command output

Field	Description
Load-sharing mode: per-flow	The load sharing mode in use: ·     per-packet—Per-packet load sharing. ·     per-flow—Per-flow load sharing.
Load-sharing options	Options configured for load sharing: ·     dest-ip—Identifies flows by packet's destination IP address. ·     src-ip—Identifies flows by packet's source IP address. ·     ip-pro—Identifies flows by packet's IP protocol. ·     dest-port—Identifies flows by packet's destination port number. ·     src-port—Identifies flows by packet's source port number. ·     ingress-port—Identifies flows by packet's ingress port. ·     flow-label—Identifies flows by IPv6 packet's flow label.

 

Related commands

ip load-sharing mode

display ip load-sharing path

Use display ip load-sharing path to display the load sharing path selected for a flow.

Syntax

display ip load-sharing path ingress-port interface-type interface-number packet-format { ipv4oe dest-ip ip-address [ src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address | flow-label flow-label ] } [ dest-port port-id | ip-pro protocol-id | src-port port-id | vpn-instance vpn-instance-name ] *

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

ingress-port interface-type interface-number: Specifies an ingress port by its type and number.

packet-format { ipv4oe dest-ip ip-address [src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address ] }: Specifies the packet encapsulation format.

ipv4oe: Specifies the format of IPv4 over Ethernet.

dest-ip ip-address: Specifies the destination IPv4 address in dotted decimal notation. If you do not specify this argument, the calculation uses 0.0.0.0 for path selection.

src-ip ip-address: Specifies the source IPv4 address in dotted decimal notation. If you do not specify this argument, the calculation uses 0.0.0.0 for path selection.

ipv6oe: Specifies the format of IPv6 over Ethernet.

dest-ipv6 ipv6-address: Specifies the destination IPv6 address. If you do not specify this option, the calculation uses 0:0:0:0:0:0:0:0 for path selection.

src-ipv6 ipv6-address: Specifies the source IPv6 address. If you do not specify this option, the calculation uses 0:0:0:0:0:0:0:0 for path selection.

flow-label flow-label: Specifies the IPv6 flow label in the range of 0 to 1048575. If you do not specify an IPv6 flow label, the device uses 0 for ECMP route selection.

dest-port port-id: Specifies a destination port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

ip-pro protocol-id: Specifies an IP protocol by its number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

source-port port-id: Specifies a source port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display the path on the public network, do not specify this option.

Usage guidelines

The options in this command must match both the options displayed in the display ip load-sharing mode command and the field values in load shared packets. You do not need to specify options if they do not exist in the packets, such as destination port and source port for ICMP packets. If the option settings do not meet the requirement, the path displayed by this command might be different from the real path for load sharing.

To ensure correct command output, make sure the destination address is reachable for packets after they travel along the load sharing path.

This command does not support displaying the load sharing path for tunneled packets, for example, GRE tunneled packets and VXLAN tunneled packets.

Examples

# Display the load sharing path selected for the flow with the following attributes: ingress port HundredGigE 3/0/3, destination IP address 10.110.0.2, source IP address 10.100.0.2, IP protocol number 153, destination port number 2000, source port number 2000.

<Sysname> display ip load-sharing path ingress-port hundredgige 3/0/3 packet-format ipv4oe dest-ip 10.110.0.2 src-ip 10.100.0.2 ip-pro 153 dest-port 2000 src-port 2000

 

Load-sharing algorithm: 0

Load-sharing options: dest-ip | src-ip | ip-pro | dest-port | src-port | ingress-port

Load-sharing parameters:

  Missing configured are set to 0.

  ingress-port: HundredGigE3/0/3

  packet-format: IPv4oE

  dest-ip: 10.110.0.2

  src-ip: 10.100.0.2

  ip-pro: 153

  dest-port: 2000

  src-port: 2000

Path selected: 20.0.0.2(interface HundredGigE3/0/3)

Table 3 Command output

Field	Description
Load-sharing algorithm	Load sharing algorithm ID.
Load-sharing options	Load sharing options specified by the ip load-sharing mode command.
Load-sharing parameters	Load sharing parameters that you specify for the display ip load-sharing path command.
Missing configured are set to 0.	Values of the unconfigured parameters are set to 0.
ingress-port	Ingress port of the packet.
packet-format	Packet encapsulation format.
dest-ip	Destination IP address of the packet.
src-ip	Source IP address of the packet.
ip-pro	IP protocol number.
dest-port	Destination port number.
src-port:	Source port number.
flow-label	Flow label.
Path selected	Selected path information, including the IPv4 or IPv6 address of the next hop and the egress port.

 

Related commands

ip load-sharing mode

ip load-sharing local-first enable

Use ip load-sharing local-first enable to enable local-first load sharing.

Use undo ip load-sharing local-first enable to disable local-first load sharing.

Syntax

ip load-sharing local-first enable

undo ip load-sharing local-first enable

Default

Local-first load sharing is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Local-first load sharing takes effect only on an IRF fabric.

Examples

# Enable local-first load sharing.

<Sysname> system-view

[Sysname] ip load-sharing local-first enable

ip load-sharing mode

Use ip load-sharing mode to configure the load sharing mode.

Use undo ip load-sharing mode to restore the default.

Syntax

In standalone mode:

ip load-sharing mode { per-flow [ algorithm algorithm-number [ seed seed-number ] [ shift shift-number ] | [ dest-ip | dest-port | ip-pro | src-ip | src-port ] * | tunnel { inner | outer } ] } { global | slot slot-number }

undo ip load-sharing mode [ per-flow tunnel ] { global | slot slot-number }

In IRF mode:

ip load-sharing mode { per-flow [ algorithm algorithm-number [ seed seed-number ] [ shift shift-number ] | [ dest-ip | dest-port | ip-pro | src-ip | src-port ] * | tunnel { inner | outer } ] } { chassis chassis-number slot slot-number | global }

undo ip load-sharing mode [ per-flow tunnel ] { chassis chassis-number slot slot-number | global }

Default

The device performs per-flow load sharing based on the following criteria: source IP address, destination IP address, source port number, destination port number, and IP protocol number.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

algorithm algorithm-number: Specifies an algorithm for per-flow load sharing. The value range for the algorithm-number argument is 0 to 13.If you do not specify an algorithm, the algorithm value is set to 0.

seed seed-number: Specifies the seed value for the algorithm. The value range is 0 to ffffffff, and the default value is 0.

shift shift-number: Specifies the shift value for the hash algorithm result. The value range is 0 to 15, and the default value is 0.

per-flow: Implements per-flow load sharing.If you specify none of the dest-ip, dest-port, ip-pro, src-ip, and src-port keywords, the device performs per-flow load sharing based on the destination IP addresses and source IP addresses of packets.

dest-ip: Identifies flows by destination IP address.

dest-port: Identifies flows by destination port.

src-ip: Identifies flows by source IP address.

src-port: Identifies flows by source port.

tunnel { inner | outer }: Performs per-flow load sharing for IP tunnel packets. The inner keyword identifies flows by inner IP header information. The outer keyword identifies flows by outer IP header information. If you do not specify this option, the device identifies IP tunnel packet flows by inner IP header information to implement load sharing.

global: Configures the load sharing mode globally.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command configures the load sharing mode for all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command configures the load sharing mode for all cards. (In IRF mode.)

Usage guidelines

If traffic is not shared equally, you can use the seed seed-number option and the shift shift-number option to adjust the algorithm result.

If you configure the algorithm algorithm-number option together with the dest-ip, dest-port, ip-pro, src-ip, or src-port keyword, the configuration of the algorithm algorithm-number option does not take effect.

The priority of slot-specific load balancing is higher than the global load balancing method. The global configuration takes effect only on slots that are not specified with a load balancing method.

Examples

# (In standalone mode.) # Configure per-flow load sharing based on source IP address for the slot..

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow src-ip slot 1

# (In standalone mode.) Configure per-flow load sharing based on the destination IP addresses and source IP addresses of packets for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow dest-ip src-ip slot 1

# (In standalone mode.) Configure per-flow load sharing based on the inner IP header information of IP tunnel packets for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow tunnel inner slot 1

# (In standalone mode.) Configure per-flow load sharing based on algorithm 1 for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow algorithm 1 slot 1

Related commands

display ip load-sharing mode

ip load-sharing symmetric enable

Use ip load-sharing symmetric enable to enable symmetric load sharing.

Use undo ip load-sharing symmetric enable to disable symmetric load sharing.

Syntax

ip load-sharing symmetric enable

undo ip load-sharing symmetric enable

Default

Symmetric load sharing is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Symmetric load sharing ensures that bidirectional traffic specific to a particular source and destination address pair flow along the same path.

This command takes effect only when the default load sharing mode is used. You can use the ip load-sharing mode command to configure the load balancing mode.

Examples

# Enable symmetric load sharing.

<Sysname> system-view

[Sysname] ip load-sharing symmetric enable