Use address-family vpnv4 in BGP view to create the BGP VPNv4 address family and enter its view, or enter the view of the existing BGP VPNv4 address family.

Use address-family vpnv4 in BGP-VPN instance view to create the BGP-VPN VPNv4 address family and enter its view, or enter the view of the existing BGP-VPN VPNv4 address family.

Use undo address-family vpnv4 to remove the BGP VPNv4 address family or BGP-VPN VPNv4 address family, and all settings in address family view.

Syntax

address-family vpnv4

undo address-family vpnv4

Default

The BGP VPNv4 address family or BGP-VPN VPNv4 address family does not exist.

Views

BGP instance view

BGP-VPN instance view

Predefined user roles

network-admin

Usage guidelines

A VPNv4 address consists of an RD and an IPv4 prefix. VPNv4 routes are routes that carry VPNv4 addresses.

For a PE to exchange BGP VPNv4 routes with a BGP peer, enable that peer by executing the peer enable command in BGP VPNv4 or BGP-VPN VPNv4 address family view.

In BGP VPNv4 address family view, you can configure the following settings:

· BGP VPNv4 route attributes, such as the preferred value.

· Whether to allow the local AS number to appear in the AS_PATH attribute of received route updates.

The settings in BGP VPNv4 address family view control VPNv4 route exchange between PEs.

The settings in BGP-VPN VPNv4 address family view control VPNv4 route exchange between provider PE and provider CE in nested MPLS L3VPN.

Examples

# Create the BGP VPNv4 address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4]

advertise route-reoriginate

Use advertise route-reoriginate to reoriginate the optimal routes in a VPN instance and advertise the reoriginated routes to VPNv4 or VPNv6 peers.

Use undo advertise route-reoriginate to restore the default.

Syntax

advertise route-reoriginate [ route-policy route-policy-name ] [ replace-rt ]

undo advertise route-reoriginate

Default

The device does not reoriginate the optimal routes in a VPN instance. The original VPNv4 or VPNv6 routes are advertised to VPNv4 or VPNv6 peers.

Views

BGP-VPN IPv4 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Parameters

route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters. The device reoriginates only the BGP routes that are permitted by the specified routing policy. If you do not specify this option, the device does not filter the routes to be reoriginated.

replace-rt: Replaces the route targets of reoriginated routes with those of the local VPN instance. If you do not specify this keyword, the command does not replace the original route targets of reoriginated routes.

Usage guidelines

Application scenarios

This command is primarily used to fulfill the following requirements:

· Interworking in heterogeneous networks—In heterogeneous networks, BGP routes that can propagate in one type of network usually cannot propagate in another type. Therefore, it is necessary to reoriginate BGP routes at network border devices, modifying the information carried by the BGP routes. The route origination transforms routes that propagate within one network into routes that can propagate and be recognized in another network, achieving end-to-end transmission of routing information.

For example, BGP VPNv4 routes need to carry SRv6 SID information to properly recurse to SRv6 tunnels in an SRv6 network; In an MPLS network, BGP VPNv4 routes need to carry VPN label information to recurse to MPLS tunnels. To enable interworking between the SRv6 network and MPLS network, you can configure this command on the network border devices to reoriginate routes. Through the route reoriginating, BGP VPNv4 routes carrying SRv6 SIDs and those carrying MPLS labels can be converted into each other, ensuring end-to-end transmission of VPN routing information.

· Aggregating routing information—In the HoVPN scenario, UPEs communicate with each other through MPEs and the SPE. If the MPEs use the per-next-hop label allocation mode, when many UPEs exist, the SPEs will receive a large number of VPN labels through BGP routes, leading to SPE resource overload and traffic forwarding errors. In this case, you can execute this command on the MPEs. The MPEs then can redistribute the BGP routes received from UPEs into local VPN instances and reoriginate these routes. The MPEs can modify the information of the reoriginated routes. After setting the per-VPN instance label allocation mode, the MPEs only need to allocate the number of VPN labels equal to the number of local VPN instances, regardless of the number of UPEs. The SPE only needs to receive the VPN labels allocated by the MPEs, significantly reducing the resource load on the SPE.

Operating mechanism

BGP routes in local BGP-VPN instances or BGP routes received from remote BGP peers can be imported into a local BGP-VPN instance through RT matching. After the advertise route-reoriginate command is executed in BGP-VPN IPv4 unicast address family view of that BGP-VPN instance, these imported BGP routes can be reoriginated. The reoriginated BGP routes are considered as locally generated routes. Therefore, the reoriginated routes carry the RD of the local VPN instance, and the device can modify the information of the reoriginated routes, such as the carried RT and whether to allocate local VPN labels or SRv6 SIDs to the routes.

Restrictions and guidelines

This command can reoriginate the BGP routes that are imported into a local VPN instance and have a different RD from that of the local VPN instance. It cannot reoriginate the BGP routes that are received from remote peers and have the same RD as that of the local VPN instance.

Examples

# In BGP-VPN IPv4 unicast address family view, configure the device to reoriginate the optimal routes in VPN instance vpn1 and advertise the reoriginated routes to VPNv4 peers.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4

[Sysname-bgp-default-ipv4-vpn1] advertise route-reoriginate

apply-label

Use apply-label to specify a label allocation mode.

Use undo apply-label to restore the default.

Syntax

apply-label { per-instance [ static static-label-value ] | per-route }

undo apply-label

Default

BGP allocates labels on a per-next-hop basis.

Views

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

per-instance: Allocates a label to each VPN instance. All routes in the VPN instance use the same label.

static static-label-value: Specifies a static label value. The value range for the static-label-value argument is 16 to 1010152. If you do not specify this option, BGP randomly allocates a label value to the VPN instance.

per-route: Allocates a label to each route. Each route in the VPN instance uses an exclusive label.

Usage guidelines

CAUTION:

After you change the label allocation mode, BGP re-advertises all routes in the VPN instance, which will cause service interruption. Use this command with caution.

‌

BGP supports the following label allocation modes:

· Per-next-hop—Allocates a label to each next hop. Use this mode when the number of labels required by the per-route mode exceeds the maximum number of labels supported by the device.

· Per-route—Allocates a label to each route.

· Per-VPN-instance—Allocates a label to each VPN instance. Use this mode when a large number of VPN routes exist on the PE.

When you specify the per-route or per-next-hop label allocation mode, you can execute the vpn popgo command to specify the POPGO forwarding mode on an egress PE. The egress PE will pop the label for each packet and forward the packet out of the interface corresponding to the label.

When you specify the per-VPN-instance label allocation mode, do not execute the vpn popgo command. After the per-VPN-instance label allocation mode is specified for a VPN instance, the device can only forward packets by looking up the FIB according to labels. The vpn popgo command does not take effect in the VPN instance.

Examples

# In VPN instance IPv4 address family view, allocate static label 10000 to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4

[Sysname-vpn-ipv4-vpn1] apply-label per-instance static 10000

This configuration causes service interruption. Continue? [Y/N]:y

Related commands

vpn popgo

clear bgp vpn-prefix-orf

Use clear bgp vpn-prefix-orf to withdraw the advertised VPN Prefix ORF entries.

Syntax

clear bgp [ instance instance-name ] vpn-prefix-orf [ vpn-instance vpn-instance-name | route-distinguisher route-distinguisher source-address { ipv4-address | ipv6-address } ] [ evpn ]

Views

User view

Predefined user roles

network-admin

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command withdraws VPN Prefix ORF entries advertised in the default BGP instance.

vpn-instance vpn-instance-name: Specifies a BGP-VPN instance. The vpn-instance-name argument represents an MPLS L3VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command withdraws VPN Prefix ORF entries advertised in all BGP-VPN instances.

route-distinguisher route-distinguisher: Withdraws the VPN Prefix ORF entries matching the specified route distinguisher (RD), which is a string of 3 to 21 characters. An RD can be in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

· 32-bit AS number in dotted format:16-bit user-defined number. For example: 10.1:1.

source-address { ipv4-address | ipv6-address }: Withdraws the VPN Prefix ORF entries matching the specified source device address. The ipv4-address argument represents the IPv4 address of the source device. The ipv6-address argument represents the IPv6 address of the source device.

evpn: Withdraws the VPN Prefix ORF entries advertised in the BGP EVPN address family.

Usage guidelines

Application scenarios

In a network configured with VPN Prefix ORF functionality, if a device has already advertised VPN Prefix ORF entries and wants to resume receiving routes that match the tuple, the device must configure this command to withdraw the advertised VPN Prefix ORF entries in order for the peers to re-advertise routes that match the tuple.

Operating mechanism

With this command configured, the device sends a route-refresh message to its peer that advertised a VPN Prefix ORF entry to withdraw that VPN Prefix ORF entry. After receiving a route-refresh message withdrawing a VPN Prefix ORF entry, the peer device resumes sending the routes matching the VPN Prefix ORF entry to the local device.

Restrictions and guidelines

If the vpn-instance vpn-instance-name and route-distinguisher route-distinguisher source-address { ipv4-address | ipv6-address } parameters are not specified, this command withdraws all advertised VPN Prefix ORF entries of the device.

If the device has not advertised VPN Prefix ORF entries that match the route-distinguisher route-distinguisher and source-address parameters specified in this command, this command will not take effect.

Examples

# Withdraw all advertised VPN Prefix ORF entries.

<Sysname> clear bgp vpn-prefix-orf

dampening ibgp

Use dampening ibgp to configure BGP VPNv4 route dampening.

Use undo dampening ibgp to restore the default.

Syntax

dampening ibgp [ half-life-reachable half-life-unreachable reuse suppress ceiling | route-policy route-policy-name ] *

undo dampening ibgp

Default

BGP VPNv4 route dampening is not configured.

Views

BGP VPNv4 address family view

BGP VPNv6 address family view

BGP EVPN address family view

Predefined user roles

network-admin

Parameters

half-life-reachable: Specifies a half-life for active routes, in the range of 1 to 45 minutes. By default, the value is 15 minutes.

half-life-unreachable: Specifies a half-life for suppressed routes, in the range of 1 to 45 minutes. By default, the value is 15 minutes.

reuse: Specifies a reuse threshold value for suppressed routes, in the range of 1 to 20000. The default value is 750. A suppressed route whose penalty value decreases under the value is reused. The reuse threshold must be smaller than the suppression threshold.

suppress: Specifies a suppression threshold in the range of 1 to 20000. The default value is 2000. A route with a penalty value greater than this threshold is suppressed.

ceiling: Specifies a ceiling penalty value in the range of 1001 to 20000. The default value is 16000. The value must be greater than the suppression threshold.

route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

This command applies only to IBGP routes.

If an IBGP peer goes down after you configure this feature, VPNv4 routes coming from the peer are dampened but not deleted.

Examples

# In BGP VPNv4 address family view, configure BGP route dampening. Set the half-life for both active and suppressed routes to 10 minutes, the reuse threshold to 1000, the suppression threshold to 2000, and the ceiling penalty to 10000.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] dampening ibgp 10 10 1000 2000 10000

Related commands

display bgp dampening parameter (Layer 3—IP Routing Command Reference)

description (VPN instance view)

Use description to configure a description for a VPN instance.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured for a VPN instance.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 79 characters.

Examples

# Configure a description of This is vpn1 for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] description This is vpn1

display bgp route-target l3vpn

Use display bgp route-target l3vpn to display route targets sourcing from a VPN instance.

Syntax

display bgp [ instance instance-name ] route-target l3vpn [ ipv4 [ flowspec ] | ipv6 [ flowspec ] | evpn ] [ vpn-instance vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays information for the default BGP instance.

ipv4: Displays route targets of all VPN instance IPv4 address families or IPv4 flowspec address families.

ipv6: Displays route targets of all VPN instance IPv6 address families or IPv6 flowspec address families.

flowspec: Displays route targets of all VPN instance IPv4 flowspec or IPv6 flowspec address families. If you do not specify this keyword, the command displays route targets of all VPN instance IPv4 or IPv6 address families.

evpn: Displays route targets of all VPN instance EVPN address families.

vpn-instance vpn-instance-name: Displays route targets sourcing from the specified VPN instance. The vpn-instance-name argument specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays route targets sourcing from all VPN instances.

Examples

# Display route targets sourcing from all VPN instances.

<Sysname> display bgp route-target l3vpn

VPN instance name : vpn1

Total route target count : 70

IPv4 import route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv4 export route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv4 EVPN import route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv4 EVPN export route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv6 import route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv6 export route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv6 EVPN import route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv6 EVPN export route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv4 flowspec import route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv4 flowspec export route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv6 flowspec import route target count : 5

1:1 2:2 3:3 4:4 5:5

IPv6 flowspec export route target count : 5

1:1 2:2 3:3 4:4 5:5

EVPN import route target count : 5

1:1 2:2 3:3 4:4 5:5

EVPN export route target count : 5

1:1 2:2 3:3 4:4 5:5

VPN instance name : vpn2

Total route target count : 5

IPv4 import route target count : 5

1:1 2:2 3:3 4:4 5:5

Table 1 Command output

Field	Description
VPN instance name	VPN instance name.
Total route target count	Total number of route targets in all address families.
IPv4 import route target count	Total number of import targets in the current VPN instance IPv4 address family.
IPv4 export route target count	Total number of export targets in the current VPN instance IPv4 address family.
IPv4 EVPN import route target count	Total number of import targets that are configured for EVPN in the current VPN instance IPv4 address family.
IPv4 EVPN export route target count	Total number of export targets that are configured for EVPN in the current VPN instance IPv4 address family.
IPv6 import route target count	Total number of import targets in the current VPN instance IPv6 address family.
IPv6 export route target count	Total number of export targets in the current VPN instance IPv6 address family.
IPv6 EVPN import route target count	Total number of import targets that are configured for EVPN in the current VPN instance IPv6 address family.
IPv6 EVPN export route target count	Total number of export targets that are configured for EVPN in the current VPN instance IPv6 address family.
IPv4 flowspec import route target count	Total number of import targets in the current VPN instance IPv4 flowspec address family.
IPv4 flowspec export route target count	Total number of export targets in the current VPN instance IPv4 flowspec address family.
IPv6 flowspec import route target count	Total number of import targets in the current VPN instance IPv6 flowspec address family.
IPv6 flowspec export route target count	Total number of export targets in the current VPN instance IPv6 flowspec address family.
EVPN import route target count	Total number of import targets in the current VPN instance EVPN address family.
EVPN export route target count	Total number of export targets in the current VPN instance EVPN address family.

‌

display bgp routing-table ipv4 unicast inlabel

Use display bgp routing-table ipv4 unicast inlabel to display incoming labels for BGP IPv4 unicast routes.

Syntax

display bgp [ instance instance-name ] routing-table ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] inlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays incoming labels for BGP IPv4 unicast routes in the default BGP instance.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays incoming labels for BGP IPv4 unicast routes on the public network.

Usage guidelines

This command displays incoming labels for BGP IPv4 unicast routes regardless of whether the unicast keyword is specified or not.

Examples

# Display incoming labels for all BGP IPv4 unicast routes on the public network.

<Sysname> display bgp routing-table ipv4 inlabel

Total number of routes: 1

BGP local router ID is 3.3.3.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop OutLabel InLabel

* > 2.2.2.9/32 1.1.1.2 1151 1279

Table 2 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
OutLabel	Outgoing label.
InLabel	Incoming label.

‌

display bgp routing-table ipv4 unicast outlabel

Use display bgp routing-table ipv4 unicast outlabel to display outgoing labels for BGP IPv4 unicast routes.

Syntax

display bgp [ instance instance-name ] routing-table ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] outlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays outgoing labels for BGP IPv4 unicast routes in the default BGP instance.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays outgoing labels for BGP IPv4 unicast routes on the public network.

Usage guidelines

This command displays outgoing labels for BGP IPv4 unicast routes regardless of whether the unicast keyword is specified or not.

Examples

# Display outgoing labels for all public BGP IPv4 unicast routes in the default BGP instance.

<Sysname> display bgp routing-table ipv4 outlabel

Total number of routes: 1

BGP local router ID is 3.3.3.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Network NextHop OutLabel

* > 2.2.2.9/32 1.1.1.2 1151

Table 3 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
OutLabel	Outgoing label.

‌

display bgp routing-table vpnv4

Use display bgp routing-table vpnv4 to display BGP VPNv4 routing information.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 [ [ route-distinguisher route-distinguisher ] [ ipv4-address [ mask-length | mask ] [ longest-match ] | ipv4-address [ mask-length | mask ] advertise-info | as-path-acl as-path-acl-number | as-path-regular-expression regular-expression | [ statistics ] { community [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } ] | [ vpn-instance vpn-instance-name ] peer ipv4-address { advertised-routes | received-routes } [ ipv4-address [ mask-length | mask ] [ verbose ] | statistics ] | peer ipv6-address { advertised-routes | received-routes } [ ipv4-address [ mask-length | mask ] [ verbose ] | statistics ] | statistics ]

display bgp [ instance instance-name ] routing-table vpnv4 [ route-distinguisher route-distinguisher ] [ ipv4-address [ mask-length | mask ] ] [ statistics ] { large-community [ aa:bb:cc&<1-32> ] | large-community-list { basic-large-community-list-number | adv-large-community-list-number | large-comm-list-name } } [ whole-match ]

display bgp [ instance instance-name ] routing-table vpnv4 [ route-distinguisher route-distinguisher ] [ ipv4-address [ mask-length | mask ] ] statistics source { evpn-remote-import | local | local-import | remote-import }

display bgp [ instance instance-name ] routing-table vpnv4 { [ vpn-instance vpn-instance-name ] peer ipv4-address | peer ipv6-address } { accepted-routes | not-accepted-routes }

display bgp [ instance instance-name ] routing-table vpnv4 [ route-distinguisher route-distinguisher | vpn-instance vpn-instance-name peer ipv4-address ] time-range start-time end-time

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays BGP VPNv4 routes in the default BGP instance.

route-distinguisher route-distinguisher: Specifies an RD, a string of 3 to 21 characters in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

ipv4-address: Specifies the destination IPv4 address.

mask-length: Specifies the length of the network mask, in the range of 0 to 32.

mask: Specifies the network mask, in dotted decimal notation.

verbose: Displays detailed routing information. If you do not specify this keyword, the command displays brief routing information.

longest-match: Displays the longest matching BGP VPNv4 route. The system first ANDs the specified network address with the mask of each route, and then selects the longest matching BGP VPNv4 route as follows:

· If you specify a mask, a route is matched if the AND result is the same as the network address of the route and the mask of the route is shorter than or equal to the specified mask. In this case, the command displays brief information about the route with the longest mask among the matching routes.

· If you do not specify a mask, a route is matched if the AND result is the same as the network address of the route. In this case, the command displays detailed information about the route with the longest mask among the matching routes.

advertise-info: Displays advertisement information for BGP VPNv4 routes.

as-path-acl as-path-acl-number: Displays BGP VPNv4 routes that match the AS path list specified by its number in the range of 1 to 256.

as-path-regular-expression regular-expression: Displays BGP VPNv4 routes with an AS path attribute that matches the specified regular expression. The regular-expression argument represents the regular expression, a case-sensitive string of 1 to 256 characters.

community: Displays BGP VPNv4 routes that match the specified community attribute.

community-number&<1-32>: Specifies a community sequence number. The value range for the community-number argument is 1 to 4294967295. &<1-32> indicates that a maximum of 32 numbers can be specified.

aa:nn&<1-32>: Specifies a community number. Both aa and nn are in the range of 0 to 65535. &<1-32> indicates that a maximum of 32 numbers can be specified.

internet: Displays BGP VPNv4 routes that have the INTERNET community attribute. Routes with this attribute can be advertised to all BGP peers. By default, all routes have this attribute.

no-advertise: Displays BGP VPNv4 routes that have the NO_ADVERTISE community attribute. Routes with this attribute cannot be advertised to any peers.

no-export: Displays BGP VPNv4 routes that have the NO_EXPORT community attribute. Routes with this attribute cannot be advertised outside the local AS or confederation, but can be advertised to other sub-ASs in the confederation.

no-export-subconfed: Displays BGP VPNv4 routes that have the NO_EXPORT_SUBCONFED community attribute. Routes with this attribute cannot be advertised outside the local AS or to other sub-ASs in the confederation.

community-list: Displays BGP VPNv4 routes that match a BGP community list.

basic-community-list-number: Specifies a basic community list by its number in the range of 1 to 99.

comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters.

whole-match: Displays BGP VPNv4 routes exactly matching the specified community list, community attribute, large community list, or large community attribute. If you do not specify this keyword, the command displays BGP VPNv4 routes whose COMMUNITY attributes include the specified community list, community attribute, large community list, or large community attribute.

adv-community-list-number: Specifies an advanced community list by its number in the range of 100 to 199.

large-community: Displays BGP VPNv4 routes that match the specified large community attribute.

aa:bb:cc&<1-32>: Specifies a large community number. aa, bb, and cc are all in the range of 0 to 4294967295. &<1-32> indicates that a maximum of 32 numbers can be specified. If you do not specify this argument, this command displays information about all BGP VPNv4 routes that have a large community attribute.

large-community-list: Displays BGP VPNv4 routes that match the specified large community list.

basic-large-comm-list-number: Specifies a basic large community list by its number. The value range for this argument is 1 to 99.

adv-large-comm-list-number: Specifies an advanced large community list by its number. The value range for this argument is 100 to 199.

large-comm-list-name: Specifies a large community list by its name. A large community list name is a case-sensitive string of 1 to 63 characters and cannot contain only digits.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays BGP VPNv4 routes advertised to or received from the specified peer on the public network.

peer: Displays BGP VPNv4 routing information advertised to or received from a peer.

ipv4-address: Specifies the peer IPv4 address.

ipv6-address: Specifies the peer IPv6 address.

advertised-routes: Displays BGP VPNv4 routing information advertised to the specified peer.

received-routes: Displays BGP VPNv4 routing information received from the specified peer.

statistics: Displays BGP VPNv4 routing statistics.

source: Displays statistics information about BGP VPNv4 routes from the specified source.

evpn-remote-import: Displays VPNv4 routes that are generated from the EVPN IP prefix advertisement routes added to the routing table of the current VPN instance.

local: Displays local routes in the current VPN instance. Local routes include the following:

· Routes that are learned from BGP peers and have the same RD as the current VPN instance.

· Dynamic routes, static routes, and direct routes learned or configured in the current VPN instance.

· Routes that are redistributed or advertised by using the import-route, import-route-append, or network command in BGP IPv4 unicast address family of the current VPN instance.

local-import: Displays routes redistributed from other VPN instances to the current VPN instance.

remote-import: Displays routes learned from VPNv4 peers.

accepted-routes: Displays routes that are received from the specified peer and match the routing policy.

not-accepted-routes: Displays routes that are received from the specified peer but do not match the routing policy.

time-range min-time max-time: Specifies a time range. This command displays information for routes that have persisted for a duration within the specified range since the last update. The min-time argument represents the minimum duration, and the max-time argument represents the maximum duration. The min-time and max-time arguments are in the format of <0-10000>d<0-23>h<0-59>m<0-59>s, where d represents days, h represents hours, m represents minutes, and s represents seconds, and <0-10000>, <0-23>, <0-59>, and <0-59> represent the value ranges for days, hours, minutes, and seconds, respectively.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all BGP VPNv4 routes.

If you specify only ipv4-address mask or ipv4-address mask-length, this command displays detailed information about the BGP VPNv4 route that exactly matches the specified address and mask.

If you specify ipv4-address mask (or ipv4-address mask-length) and longest-match, the sysetm ANDs the specified network address with the mask of each route. A route is matched if the AND result is the same as the route's network address and the route's mask is shorter than or equal to the specified mask. In this case, the command displays brief information about the route with the longest mask among the matching routes.

If you specify only ipv4-address, the system ANDs the network address with the mask of a route. If the result matches the network address of the route, this command displays detailed information about the BGP VPNv4 route.

If you specify only ipv4-address and longest-match, the sysetm ANDs the specified network address with the mask of each route. A route is matched if the AND result is the same as the route's network address. In this case, the command displays detailed information about the route with the longest mask among the matching routes.

If you specify the adv-large-community-list-number argument together with the whole-match keyword, the whole-match keyword does not take effect.

Examples

# Display brief information about all BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 8

Total number of routes from all PEs: 8

Route distinguisher: 100:1(vpn1)

Total number of routes: 6

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 10.1.1.0/24 10.1.1.2 0 32768 ?

* e 10.1.1.1 0 0 65410?

* > 10.1.1.2/32 127.0.0.1 0 32768 ?

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >e 192.168.1.0 10.1.1.1 0 0 65410?

* i 3.3.3.9 0 100 0 65420?

Route distinguisher: 200:1

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >i 192.168.1.0 3.3.3.9 0 100 0 65420?

# Display brief information about BGP VPNv4 routes with RD 100:1 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 route-distinguisher 100:1

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 100:1(vpn1)

Total number of routes: 6

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 10.1.1.0/24 10.1.1.2 0 32768 ?

* e 10.1.1.1 0 0 65410?

* > 10.1.1.2/32 127.0.0.1 0 32768 ?

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >e 192.168.1.0 10.1.1.1 0 0 65410?

* i 3.3.3.9 0 100 0 65420?

# Display information about BGP VPNv4 routes matching AS_PATH list 1 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 as-path-acl 1

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 8

Total number of routes from all PEs: 8

Route distinguisher: 100:1(vpn1)

Total number of routes: 6

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 10.1.1.0/24 10.1.1.2 0 32768 ?

* e 10.1.1.1 0 0 65410?

* > 10.1.1.2/32 127.0.0.1 0 32768 ?

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >e 192.168.1.0 10.1.1.1 0 0 65410?

* i 3.3.3.9 0 100 0 65420?

Route distinguisher: 200:1

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >i 192.168.1.0 3.3.3.9 0 100 0 65420?

# Display information about BGP VPNv4 routes matching BGP community list 100 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 community-list 100

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 8

Total number of routes from all PEs: 8

Route distinguisher: 100:1(vpn1)

Total number of routes: 6

Network NextHop MED LocPrf PrefVal Path/Ogn

* > 10.1.1.0/24 10.1.1.2 0 32768 ?

* e 10.1.1.1 0 0 65410?

* > 10.1.1.2/32 127.0.0.1 0 32768 ?

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >e 192.168.1.0 10.1.1.1 0 0 65410?

* i 3.3.3.9 0 100 0 65420?

Route distinguisher: 200:1

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >i 192.168.1.0 3.3.3.9 0 100 0 65420?

# Display information about public BGP VPNv4 routes advertised to peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 advertised-routes

Total number of routes: 2

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 100:1

Total number of routes: 2

Network NextHop MED LocPrf Path/Ogn

* > 10.1.1.0/24 10.1.1.2 0 ?

* >e 192.168.1.0 10.1.1.1 0 65410?

# Display information about public BGP VPNv4 routes received from peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 received-routes

Total number of routes: 2

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 200:1

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i 10.3.1.0/24 3.3.3.9 0 100 0 ?

* >i 192.168.1.0 3.3.3.9 0 100 0 65420?

# Display information about all BGP VPNv4 routes whose duration since the last route update is within the specified time range in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 time-range 1d1h1m1s 7d3h1m1s

Total number of routes: 2

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 200:1

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Route age

* >i 10.3.1.0/24 3.3.3.9 0 100 0 06d01h12m44s

* >i 192.168.1.0 3.3.3.9 0 100 0 06d01h12m44s

Table 4 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
Total number of VPN routes	Total number of VPNv4 routes on the device.
Total number of routes from all PEs	Total number of VPNv4 routes received from all PEs and meeting the filtering criteria of the command.
Network	Network address.
NextHop	Next hop address.
MED	MULTI_EXIT_DISC attribute.
LocPrf	Local preference value.
PrefVal	Preferred value.
Path/Ogn	AS_PATH and Origin attributes.
Community	Community attribute.
Large-community	Large community attribute.
Route age	Time elapsed since the most recent route update, in <0-10000>d<0-23>h<0-59>m<0-59>s format, where d, h, m, and s represent days, hours, minutes, and seconds, respectively, and <0-10000>, <0-23>, <0-59>, and <0-59> represent the value ranges for d, h, m, and s, respectively.

‌

# Display detailed information about BGP VPNv4 routes to 10.3.1.0/24 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 10.3.1.0 24

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.3.1.0/24:

From : 3.3.3.9 (3.3.3.9)

Rely nexthop : 172.1.1.2

Original nexthop: 3.3.3.9

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h26m11s

OutLabel : 1279

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best, remoteredist

Source type : local

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

Route distinguisher: 200:1

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.3.1.0/24:

From : 3.3.3.9 (3.3.3.9)

Rely nexthop : 172.1.1.2

Original nexthop: 3.3.3.9

Out interface : Ten-GigabitEthernet3/0/2

Route age : 01h26m11s

OutLabel : 1279

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

Source type : local

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

# Display detailed information about the BGP VPNv4 route to 10.3.1.0/24 and with RD 100:1 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 route-distinguisher 100:1 10.3.1.0 24

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.3.1.0/24:

From : 3.3.3.9 (3.3.3.9)

Rely nexthop : 172.1.1.2

Original nexthop: 3.3.3.9

Out interface : Ten-GigabitEthernet3/0/3

Route age : 01h26m11s

OutLabel : 1279

Ext-Community : <RT: 111:1>

RxPathID : 0x0

TxPathID : 0x0

AS-path : (null)

Origin : incomplete

Attribute value : MED 0, localpref 100, pref-val 0

State : valid, internal, best

Source type : local-import

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Connector : Type 1, Value 100:1:11.1.1.1

Tunnel policy : NULL

Rely tunnel IDs : N/A

Table 5 Command output

Field	Description
Rely Nexthop	Recursive next hop. If no recursive next hop is found, this field displays not resolved.
Original nexthop	Original next hop. If the route is learned from a BGP update, it is the next hop in the update message.
Out interface	Next hop output interface information.
Route age	Time elapsed since the most recent route update.
Ext-Community	Extended community attribute: · RT Import—Route Import attribute used for multicast VPN, in format of 32-bit or 128-bit source address identifier:VPN instance index, for example, 192.168.122.15:1. · SrcAs—Multicast source AS attribute used for multicast VPN, in format of 32-bit AS number:0, for example, 100:0. · RT—Route Target attribute, in one of the following formats: ¡ 16-bit AS number:32-bit user-defined number, for example, 101:3. ¡ 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. ¡ 32-bit AS number:16-bit user-defined number, for example, 70000:3. ¡ 32-bit IP address/IPv4 mask:16-bit user-defined number, for example, 192.168.122.15/24:1. ¡ 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1. · Bandwidth—Link bandwidth attribute, in format of 16-bit AS number:32-bit bandwidth value. · CO-Flag—Color attribute, in format of Color-Only (CO) flag bit:color value. · SOO—Site of Origin attribute, in one of the following formats: ¡ 16-bit AS number:32-bit user-defined number, for example, 101:3. ¡ 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. ¡ 32-bit AS number:16-bit user-defined number, for example, 70000:3. ¡ 32-bit IP address/IPv4 mask:16-bit user-defined number, for example, 192.168.122.15/24:1. ¡ 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1. · User-group ID—User group ID attribute, which includes the type and value for the user group ID.
RxPathID	Received Add-Path ID of the route.
TxPathID	Advertised Add-Path ID of the route.
Origin	Route origin: · igp—Originated in the AS. The origin of routes advertised by the network command is IGP. · egp—Learned through EGP. · incomplete—Redistributed from IGP protocols.
Attribute value	BGP route attribute information: · MED—MED attribute. · localpref—Local preference. · pref-val—Preferred value. · pre—Protocol preference.
Inlabel	Incoming label.
Originator	Peer that generated the route.
Cluster list	CLUSTER_LIST attribute. This field is not displayed if no CLUSTER_LIST attribute exists.
State	Route status: · valid—Valid route. · internal—Internal route. · external—External route. · local—Locally generated route. · synchronize—Synchronized route. · best —Optimal route. · localredist—Route replicated from the public instance or other local VPN instances to the current VPN instance. · remoteredist—Route received from the remote end and then redistributed to the current VPN instance. · not preferred for reason—Reason why the route is not selected as the optimal route. For more information, see Table 6. · not ECMP for reason—Reason why the route does not form ECMP routes with other routes. For more information, see Table 7.
Source type	Route source: · local—Local routes in the current VPN instance. Local routes include the following: ¡ Routes that are learned from BGP peers and have the same RD as the current VPN instance. ¡ Dynamic routes, static routes, and direct routes learned or configured in the current VPN instance. ¡ Routes that are redistributed or advertised by using the import-route, import-route-append, or network command in BGP IPv4 unicast address family of the current VPN instance. · local-import—Routes redistributed from other VPN instances to the current VPN instance. · remote-import—Routes learned from VPNv4 peers. · evpn-remote-import—VPNv4 routes that are generated from the EVPN IP prefix advertisement routes added to the routing table of the current VPN instance.
IP precedence	IP priority of a route, in the range of 0 to 7. N/A indicates that the route does not support this field.
QoS local ID	QoS local ID attribute of a route, in the range of 1 to 4095. N/A indicates that the route does not support this field.
Traffic index	Index of the traffic, in the range of 1 to 64. N/A indicates that the route does not support this field.
Connector	Connector attribute in form of Type 1, Value RD:IPv4 address, where RD represents the router ID and IPv4 address represents the IPv4 address of the source PE. This attribute is used to transmit the source PE address in MDT-based MVPN inter-AS option B, helping the PE with the RPF check. If a route does not contain this attribute, this field is not displayed.
Tunnel policy	Tunnel policy that takes effect. NULL indicates that no tunnel policy takes effect.
Rely Tunnel IDs	NHLFE IDs for tunnels found through route recursion. This field displays multiple NHLFE IDs if ECMP tunnels exist and displays N/A if route recursion does not occur.

‌

Table 6 Reason why the route is not selected as the optimal route

Reason	Description
preferred-value	Routes with larger preferred values exist.
local-preference	Routes with larger local preference values exist.
local-origin-route	There are routes whose local-origin-route attribute has a higher priority. BGP selects the optimal route from local routes in this order: route generated by the network command, route redistributed by the import-route command, and summary route.
aigp	Routes carrying the AIGP attribute or routes with smaller AIGP attribute values exist.
as-path	Routes with smaller AS_PATH attribute values exist.
origin	There are routes whose origin has a higher priority. The route origins are IGP, EGP, and INCOMPLETE in descending order of priority.
med	Routes with smaller MED values exist.
remote-route	There are routes whose remote-route attribute has a higher priority. BGP selects the optimal route from remote routes in this order: · Route learned from an EBGP peer. · Route learned from a confederation EBGP peer. · Route learned from a confederation IBGP peer. · Route learned from an IBGP peer.
igp-cost	Routes with smaller IGP metrics exist.
relydepth	Routes with smaller recursion depth values exist.
rfc5004	A route received from an EBGP peer is the current optimal route. BGP does not change the optimal route when it receives routes from other EBGP peers.
router-id	Routes with smaller router IDs exist. If one of the routes is advertised by a route reflector, BGP compares the ORIGINATOR_ID of the route with the router IDs of other routes. Then, BGP selects the route with the smallest ID as the optimal route.
cluster-list	Routes with smaller CLUSTER_LIST attribute values exist.
peer-address	Routes advertised by peers with lower IP addresses exist.
redist-route	Routes of the current VPN instance exist.
rpki	Routes with higher RPKI validation state preferences exist.
received	Earlier learned routes exist.
evpn-macip-mobile	There are EVPN MAC/IP advertisement routes carrying the MAC mobility extended community attribute.
evpn-macip-mobile-static	There are EVPN MAC/IP advertisement routes whose static flag in the MAC mobility extended community attribute is set.
evpn-macip-mobile-seq	There are EVPN MAC/IP advertisement routes carrying a larger sequence number in the MAC mobility extended community attribute.
evpn-macip-mobile-routerid	There are EVPN MAC/IP advertisement routes carrying a smaller router ID in the MAC mobility extended community attribute.
encap-type	There are routes encapsulated by SRv6 or MPLS.
color-relay	There are routes that carry color attributes.
srv6-route	There are routes that carry non-local SIDs.

‌

Table 7 Reason why the route does not form ECMP routes with other routes

Reason	Description
preferred-value	The preferred value of the route is different than other routes.
local-preference	The local preference of the route is different than other routes.
local-origin-route	The way for generating the route is different than other routes.
aigp	The AIGP attribute state (whether or not the attribute is carried) or the AIGP attribute value of the route is different than other routes.
as-path	The AS_PATH attribute of the route is different than other routes.
origin	The ORIGIN attribute of the route is different than other routes.
med	The MED attribute of the route is different than other routes.
remote-route	The route comes from a different EBGP, confederation EBGP, confederation IBGP, or IBGP peer than other routes.
igp-cost	The IGP metric of the route is different than other routes.
local-redist-route	The route is redistributed from another VPN instance.
label-route	The labelling state of the route is different than other routes.
samenexthop	The route has the same next hop with another route.
evpn-macip-label	The L3VNI state (whether or not L3VNI is carried) of the route is different than other routes.
evpn-other-type	The route is the only EVPN MAC/IP advertisement route or the route is not an EVPN MAC/IP advertisement route.
color-relay	The color attribute state (whether or not the attribute is carried) of the route is different than other routes.
srv6-route	The non-local SID state (whether or not the non-local SID is carried) of the route is different than other routes.

‌

# Display advertisement information for BGP VPNv4 routes to 10.1.1.0/24 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 10.1.1.0 24 advertise-info

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 100:1

Total number of routes: 1

Paths: 1 best

BGP routing table information of 10.1.1.0/24(TxPathID:0):

Advertised to VPN peers (1 in total):

3.3.3.9

Inlabel : 1279

Table 8 Command output

Field	Description
Paths	Number of routes to the specified destination network.
BGP routing table information of 10.1.1.0/24(TxPathID:0)	Advertisement information for the BGP route to 10.1.1.0/24.
Advertised to VPN peers (1 in total)	VPNv4 peers to which the route is advertised, and the number of peers.
Inlabel	Incoming label of the route.

‌

# Display statistics about public BGP VPNv4 routes advertised to peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 advertised-routes statistics

Advertised routes total: 2

# Display statistics about public BGP VPNv4 routes received from peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 peer 3.3.3.9 received-routes statistics

Received routes total: 2

Table 9 Command output

Field	Description
Advertised routes total	Total number of routes advertised to the specified peer.
Received routes total	Total number of routes received from the specified peer.

‌

# Display statistics about public BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 statistics

Total number of VPN routes: 8

Total number of routes from all PEs: 8

Route distinguisher: 100:1(vpn1)

Total number of routes: 6

Route distinguisher: 200:1

Total number of routes: 2

Table 10 Command output

Field	Description
Total number of VPN routes	Total number of VPNv4 routes on the device.
Total number of routes from all PEs	Total number of VPNv4 routes received from all PEs and meeting the filtering criteria of the command.
Total number of routes	Total number of VPNv4 routes with the specified RD.

‌

# Display BGP VPNv4 routes that have a large community attribute for network 10.3.1.0/24.

<Sysname> display bgp routing-table vpnv4 10.3.1.0 24 large-community

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 10.3.1.0/24:

Large-community: <1:1:2>, <1:1:3>

Table 11 Command output

Field

Description

Paths

Number of routes:

· available—Available routes.

· best—Optimal routes.

Large-community

Large community attribute.

‌

Related commands

ip as-path (Layer 3—IP Routing Command Reference)

display bgp routing-table vpnv4 inlabel

Use display bgp routing-table vpnv4 inlabel to display incoming labels for BGP VPNv4 routes.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 inlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display incoming labels for all BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 inlabel

Total number of routes: 2

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 100:1

Total number of routes: 2

Network NextHop OutLabel InLabel

* > 10.1.1.0/24 10.1.1.2 NULL 1279

* >e 192.168.1.0 10.1.1.1 NULL 1278

Table 12 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
OutLabel	Outgoing label. If the peer PE assigns a null label, this field displays NULL.
InLabel	Incoming label.

‌

display bgp routing-table vpnv4 outlabel

Use display bgp routing-table vpnv4 outlabel to display outgoing labels for BGP VPNv4 routes.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 outlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display outgoing labels for all BGP VPNv4 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv4 outlabel

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 4

Total number of routes from all PEs: 4

Route distinguisher: 100:1(vpn1)

Total number of routes: 2

Network NextHop OutLabel

* >i 10.3.1.0/24 3.3.3.9 1279

* i 192.168.1.0 3.3.3.9 1278

Route distinguisher: 200:1

Total number of routes: 2

Network NextHop OutLabel

* >i 10.3.1.0/24 3.3.3.9 1279

* >i 192.168.1.0 3.3.3.9 1278

Table 13 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
Total number of routes from all PEs	Total number of routes received from all PEs and meeting the filtering criteria of the command.
OutLabel	Outgoing label. If the peer PE assigns a null label, this field displays NULL.

‌

display bgp routing-table vpnv4 source-type

Use display bgp routing-table vpnv4 source-type to display BGP VPNv4 route source information.

Syntax

display bgp [ instance instance-name ] routing-table vpnv4 source-type

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display source information about all BGP VPNv4 routes.

<Sysname> display bgp routing-table vpnv4 source-type

Total number of routes: 4

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 100:1

Total number of routes: 4

Network NextHop Source type

* i> 55.5.5.1/32 11.2.2.1 remote-import

* i> 55.5.5.2/32 11.2.2.1 evpn-remote-import

* > 55.5.5.3/32 13.2.2.1 local-import

* > 55.5.5.4/32 127.0.0.1 local

Table 14 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a – additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
Route distinguisher	Route distinguisher.
Total number of routes	Total number of routes with the specified route distinguisher.
Network	Destination network address.
NextHop	Next hop IP address.
Source type	Route source: · local—Local routes in the current VPN instance. Local routes include the following: ¡ Routes that are learned from BGP peers and have the same RD as the current VPN instance. ¡ Dynamic routes, static routes, and direct routes learned or configured in the current VPN instance. ¡ Routes that are redistributed or advertised by using the import-route, import-route-append, or network command in BGP IPv4 unicast address family of the current VPN instance. · local-import—Routes redistributed from other VPN instances to the current VPN instance. · remote-import—Routes learned from VPNv4 peers. · evpn-remote-import—VPNv4 routes that are generated from the EVPN IP prefix advertisement routes added to the routing table of the current VPN instance.

‌

display bgp vpn-prefix-orf

Use display bgp vpn-prefix-orf to display received and advertised VPN Prefix ORF entries.

Syntax

display bgp [ instance instance-name ] vpn-prefix-orf [ route-distinguisher route-distinguisher source-address { ipv4-address | ipv6-address } ] [ evpn ]

display bgp [ instance instance-name ] vpn-prefix-orf peer { vpnv4 | vpnv6 | l2vpn evpn } { ipv4-address | ipv6-address } received

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance. The instance-name argument represents a BGP instance name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays VPN Prefix ORF entries of the default instance.

route-distinguisher route-distinguisher: Displays the VPN Prefix ORF entries containing the specified route distinguisher (RD), which is a string of 3 to 21 characters. An RD can be in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

· 32-bit AS number in dotted format:16-bit user-defined number. For example: 10.1:1.

source-address { ipv4-address | ipv6-address }: Displays the VPN Prefix ORF entries containing the specified source device address. The ipv4-address argument represents the IPv4 address of the source device. The ipv6-address argument represents the IPv6 address of the source device.

evpn: Displays the VPN Prefix ORF entries in the BGP EVPN address family. If you do not specify this keyword, the command displays VPN Prefix ORF entries in BGP VPNv4 and BGP VPNv6 address families.

peer: Displays VPN Prefix ORF entries received from the specified peer.

vpnv4: Displays VPN Prefix ORF entries received from the specified peer in the BGP VPNv4 address family.

vpnv6: Displays VPN Prefix ORF entries received from the specified peer in the BGP VPNv6 address family.

l2vpn evpn: Displays VPN Prefix ORF entries received from the specified peer in the BGP EVPN address family.

ipv4-address: Specifies a peer by its IPv4 address.

ipv6-address: Specifies a peer by its IPv6 address.

received: Displays VPN Prefix ORF entries received from the specified peer.

Usage guidelines

If no parameters are specified when executing this command, all advertised VPN Prefix ORF entries will be displayed.

If the route-distinguisher route-distinguisher source-address { ipv4-address | ipv6-address } parameters are specified, this command displays only the VPN Prefix ORF entries matching the specified tuple. If the peer parameter is specified, this command displays only the VPN Prefix ORF entries received from the specified peer.

Examples

# Display all advertised VPN Prefix ORF entries.

<Sysname> display bgp vpn-prefix-orf

Total number of VPN prefix ORF entries: 1

VPN Prefix ORF entry index : 1

AFI : IPv4

SAFI : Unicast

EVPN : Disabled

Route distinguisher : 1:1

Source address : 2.2.2.2

Route limit : 100000

# Display VPN Prefix ORF entries received from peer 1.1.1.1 in BGP VPNv4 address family.

<Sysname> display bgp vpn-prefix-orf peer vpnv4 1.1.1.1 received

Total number of VPN prefix ORF entries: 1

Received VPN prefix ORF entry index: 1

Sequence number : 3

Route distinguisher : 1:1

Source address : 2.2.2.2

Route limit : 1

Table 15 Command output

Field	Description
VPN Prefix ORF entry index	Index of the advertised VPN Prefix ORF entry.
AFI	The address family to which the <RD, source address> tuple of the VPN prefix ORF entry belongs. Values include: · IPv4—IPv4 address family · IPv6—IPv6 address family
SAFI	Sub-address family to which the <RD, source address> tuple of the VPN Prefix ORF entry belongs.
EVPN	Whether the <RD, source device address> tuple is applicable only for redistributed BGP EVPN routes. Values include: · Enabled—Only for redistributed BGP EVPN routes. · Disabled—Only for BGP-VPN IPv4/IPv6 routes.
Route distinguisher	RD carried in the VPN Prefix ORF entry.
Source address	Address of the source device carried in the VPN Prefix ORF entry.
Route limit	Supported maximum number of routes carried in the VPN Prefix ORF entry.
Received VPN Prefix ORF entry	Index of the VPN Prefix ORF entry received from the peer.
Sequence number	Sequence number of the VPN Prefix ORF entry.

display ip vpn-instance

Use display ip vpn-instance to display information about VPN instances.

Syntax

display ip vpn-instance [ instance-name vpn-instance-name | count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-name vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays brief information about all VPN instances.

count: Displays VPN instance statistics.

Usage guidelines

If you do not specify the instance-name or count argument, this command displays brief information about all VPN instances.

Examples

# Display brief information about all VPN instances.

<Sysname> display ip vpn-instance

Total VPN-Instances configured : 1

Total IPv4 VPN-Instances configured : 1

Total IPv6 VPN-Instances configured : 1

Total IPv4 VPN-Instances EVPN configured : 0

Total IPv6 VPN-Instances EVPN configured : 0

VPN-Instance Name RD Address family Create time

aaa 2:1 IPv4/IPv6 2019/12/02 10:59:57

# Display VPN instance statistics.

<Sysname> display ip vpn-instance count

Total VPN instances configured : 1

Total IPv4 VPN instances configured : 1

Total IPv6 VPN instances configured : 0

Total IPv4 EVPN instances configured : 0

Total IPv6 EVPN instances configured : 0

Table 16 Command output

Field	Description
VPN-Instance Name	Name of the VPN instance.
RD	RD of the VPN instance.
Address family	Name of the IPv4, IPv6, or EVPN address family. If no IPv4 VPN instances, IPv6 VPN instances, or EVPN instances exist, this field displays N/A. The display ip vpn-instance command does not display brief information about IPv4 Flowspec VPN instances. For information about IPv4 Flowspec VPN instances, see Flowspec configuration in ACL and QoS Configuration Guide.
Create Time	Time when the VPN instance was created.

‌

# Display detailed information about VPN instance vpn1.

<Sysname> display ip vpn-instance instance-name vpn1

VPN-Instance Name and Index : vpn1, 2

Route Distinguisher : 100:1

VPN ID : 1:1

Description : vpn1

Interfaces : Ten-GigabitEthernet3/0/2

TTL-mode: pipe

Address-family IPv4:

Export VPN Targets :

2:2

Import VPN Targets :

3:3

Export Route Policy : outpolicy

Import Route Policy : inpolicy

Tunnel Policy : tunnel1

Maximum Routes Limit : 500

Threshold Value(%): 50

Apply Label Type : Per-instance

VPN Instance Status : Up

Diffserv-mode information: ingress pipe af4, egress short-pipe

Default Color : 100

Default EVPN Color : 200

Address-family IPv6:

Export VPN Targets :

2:2

Import VPN Targets :

3:3

Export Route Policy : outpolicy

Import Route Policy : inpolicy

Tunnel Policy : tunnel1

Maximum Routes Limit :500

Threshold Value(%): 50

Apply Label Type : Per-instance

VPN Instance Status : Up

Default Color : 100

Default EVPN Color : 200

display ospf sham-link

Use display ospf sham-link to display OSPF sham link information.

Syntax

display ospf [ process-id ] sham-link [ area area-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

process-id: Specifies an OSPF process by its ID. The process ID is in the range of 1 to 65535. If you do not specify a process, this command displays sham link information for all OSPF processes.

area area-id: Specifies an OSPF area by its ID, which is an IP address, or an integer. The integer is in the range of 0 to 4294967295. If you do not specify an area, this command displays sham link information for all OSPF areas.

Usage guidelines

If you do not specify any processes or areas, this command displays information about all OSPF sham links.

Examples

# Display information about all OSPF sham links.

<Sysname> display ospf sham-link

OSPF Process 1 with Router ID 125.1.1.1

Sham link

Area Neighbor ID Source IP Destination IP State Cost

0.0.0.0 95.1.1.1 125.2.1.1 95.2.1.1 P-2-P 1

# Display OSPF sham link information for OSPF area 1.

<Sysname> display ospf sham-link area 1

OSPF Process 100 with Router ID 100.1.1.2

Sham link: 3.3.3.3 --> 5.5.5.5

Neighbor ID: 120.1.1.2 State: Full

Area: 0.0.0.1

Cost: 1 State: P-2-P Type: Sham

Timers: Hello 10, Dead 40, Retransmit 5, Transmit Delay 1

Request list: 0 Retransmit list: 0

GTSM: Enabled, maximum number of hops: 2

Cryptographic authentication: Enabled, inherited

The last key is 3.

The rollover is in progress, 1 neighbor(s) left.

Table 17 Command output

Field	Description
State	Neighbor state for the sham link: Down, Init, 2-way, ExStart, Exchange, Loading, or Full.
Cost	Cost of the sham link.
State	Sham link state: Down or P-2-P.
Timers	Timers for the sham link, in seconds. The timers include Hello timer, Dead timer, Retransmit timer, and Transmit Delay timer.
GTSM: Enabled, maximum number of hops: 2	OSPF GTSM is enabled, and the maximum number of hops is 2. If OSPF GTSM is disabled, this field displays GTSM: Disabled.
Simple authentication: Enabled, inherited	The sham link uses the simple authentication mode. The inherited attribute indicates that the authentication mode is inherited from the area to which the sham link belongs.
Cryptographic authentication: Enabled, inherited	The sham link uses the cryptographic authentication mode (MD5, HMAC-MD5, or HMAC-SHA-256). The inherited attribute indicates that the authentication mode is inherited from the area to which the sham link belongs.
The last key	Most recent MD5, HMAC-MD5, or HMAC-SHA-256 authentication key ID.
The rollover is in progress, 1 neighbor(s) left	Key rollover for MD5, HMAC-MD5, or HMAC-SHA-256 authentication is in progress, and one neighbor has not completed the key rollover.
keychain authentication: Enabled (xxx), inherited	The sham link uses the keychain authentication mode. The keychain name is xxx. The inherited attribute indicates that the authentication mode is inherited from the area to which the sham link belongs.

‌

display traffic-statistics vpn-instance

Use display traffic-statistics vpn-instance to display traffic statistics for VPN instances.

Syntax

display traffic-statistics vpn-instance [ instance-name vpn-instance-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance-name vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays traffic statistics for all VPN instances.

Examples

# Display traffic statistics for all VPN instances.

<Sysname> display traffic-statistics vpn-instance

VPN-Instance Name: vpn1

VPN-Instance Index: 1

Total:

Input: 7687980 bytes, 3984 packets

Output: 0 bytes, 0 packets

Input:

Unicast: 3984 packets, Multicast: 0 packets, Broadcast: 0 packets

Output:

Unicast: 0 packets, Multicast: 0 packets, Broadcast: 0 packets

Table 18 Command output

Field	Description
VPN instance name	Name of a VPN instance.
VPN instance index	Index of the VPN instance.
Total	Total inbound and outbound hardware- and software-forwarded traffic statistics for the VPN instance, including the byte count (bytes) and packet count (packets).
Input	Hardware-received traffic statistics for the VPN instance, including the number of unicast, multicast, and broadcast packets (Unicast/Multicast/Broadcast).
Output	Hardware-sent traffic statistics for the VPN instance, including the number of unicast, multicast, and broadcast packets (Unicast/Multicast/Broadcast).

Related commands

reset traffic-statistics vpn-instance

traffic-statistics enable

dn-bit-check

Use dn-bit-check to enable checking the DN bit in OSPF LSAs.

Use undo dn-bit-check to ignore DN bit in OSPF LSAs.

Syntax

dn-bit-check { ase | nssa | summary }

undo dn-bit-check { ase | nssa | summary }

Default

OSPF on a PE checks the DN bit of Network Summary LSA (Type-3 LSA).

Views

OSPF view

Predefined user roles

network-admin

Parameters

ase: Checks the DN bit in AS External LSA.

nssa: Checks the DN bit in NSSA External LSA.

summary: Checks the DN bit in Network Summary LSA.

Usage guidelines

When a PE redistributes BGP routes into OSPF and creates OSPF LSAs, it sets the DN bit for the LSAs. When receiving the LSAs whose DN bit is set, the other PEs ignore the LSAs in route calculation to avoid routing loops.

If all LSAs from other PEs, including the LSAs whose DN bit is set, are required for route calculation on the local PE, use the undo dn-bit-check command on the local PE to ignore the DN bit.

When you use this command, following these restrictions and guidelines:

· If you execute the dn-bit-check command multiple times with different LSA types, OSPF checks the DN bit in all the specified types of LSAs.

· If you execute the dn-bit-check command multiple times with the same LSA type, OSPF checks the DN bit in the specified type of LSA.

· Before using the undo dn-bit-check command, make sure it does not cause any routing loops.

· This command takes effect only for a VPN OSPF process that is not configured with the vpn-instance-capability simple command.

Examples

# Configure OSPF to check the DN bit in AS External LSA.

<Sysname> system-view

[system] ospf 1 vpn-instance vpn1

[system-ospf-1] dn-bit-check ase

Related commands

dn-bit-set

vpn-instance-capability simple

dn-bit-set

Use dn-bit-set to set the DN bit in OSPF LSAs.

Use undo dn-bit-set to disable setting the DN bit in OSPF LSAs.

Syntax

dn-bit-set { ase | nssa | summary }

undo dn-bit-set { ase | nssa | summary }

Default

When a PE redistributes BGP routes into OSPF and creates OSPF LSAs, it sets the DN bit for the Network Summary LSA (Type-3 LSA).

Views

OSPF view

Predefined user roles

network-admin

Parameters

ase: Sets the DN bit in AS External LSA.

nssa: Sets the DN bit in NSSA External LSA.

summary: Sets the DN bit in Network Summary LSA.

Usage guidelines

If other PEs require all LSAs from the local PE for route calculation, use the undo dn-bit-set command on the local PE to disable setting the DN bit in the LSAs.

When you use this command, following these restrictions and guidelines:

· If you execute the dn-bit-set command multiple times with different LSA types, OSPF sets the DN bit in all the specified types of LSAs.

· If you execute the dn-bit-check command multiple times with the same LSA type, OSPF sets the DN bit in the specified type of LSA.

· Before using the undo dn-bit-set command, make sure it does not cause any routing loops.

· This command takes effect only for a VPN OSPF process that is not configured with the vpn-instance-capability simple command.

Examples

# Set the DN bit in AS External LSA.

<Sysname> system-view

[system] ospf 1 vpn-instance vpn1

[system-ospf-1] dn-bit-set ase

Related commands

dn-bit-check

vpn-instance-capability simple

domain-id (OSPF view)

Use domain-id to set an OSPF domain ID.

Use undo domain-id to delete an OSPF domain ID.

Syntax

domain-id { domain-id [ secondary ] | null }

undo domain-id [ domain-id | null ]

Default

The OSPF domain ID is 0.

Views

OSPF view

Predefined user roles

network-admin

Parameters

domain-id: Specifies an OSPF domain ID, in one of the following formats:

· Integer, in the range of 0 to 4294967295. For example, 1.

· Dotted decimal notation. For example, 0.0.0.1.

· A string of 9 to 21 characters in the dotted decimal notation:16-bit user-defined number format. The value range for the 16-bit user-defined number is 0 to 65535. For example, 0.0.0.1:512.

secondary: Specifies a secondary domain ID. If you do not specify this keyword, the command specifies a primary domain ID.

null: Carries no domain ID in the community attribute.

Usage guidelines

When you redistribute OSPF routes into BGP, BGP adds the primary domain ID to the redistributed BGP VPNv4 routes as a BGP extended community attribute. Then, BGP advertises the routes to the peer PE.

When the peer PE receives the routes, it compares the OSPF domain ID in the routes with the locally configured primary and secondary domain IDs. OSPF advertises these routes in Network Summary LSAs (Type 3) if both the following conditions exist:

· The primary or secondary domain ID is the same as the received domain ID.

· The received routes are intra-area or inter-area routes.

Otherwise, OSPF advertises these routes in AS External LSAs (Type 5) or NSSA External LSAs (Type 7).

A null domain ID and a domain ID of 0 are considered the same in domain ID comparison.

If you do not specify any parameters, the undo domain-id command restores the default.

Examples

# Set the OSPF domain ID to 234.

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] domain-id 234

export route-policy

Use export route-policy to apply an export routing policy to the public instance or a VPN instance.

Use undo export route-policy to restore the default.

Syntax

export route-policy route-policy

undo export route-policy

Default

No export routing policy is applied to the public instance or a VPN instance.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Public instance view

Public instance IPv4 address family view

Public instance IPv6 address family view

Predefined user roles

network-admin

Parameters

route-policy: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can specify an export routing policy to filter advertised routes or modify their route attributes for the public instance or the VPN instance.

If you execute this command multiple times, the most recent configuration takes effect.

An export routing policy specified in VPN instance view or public instance view applies to all address families in the VPN instance or public instance. An export routing policy specified in an address family view applies only to the address family.

An address family prefers the export routing policy specified in the address family view over the one specified in VPN instance view or public instance view.

Examples

# Apply export routing policy poly-1 to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] export route-policy poly-1

Related commands

import route-policy

route-policy (Layer 3—IP Routing Command Reference)

ext-community-type (OSPF view)

Use ext-community-type to configure the type code of an OSPF extended community attribute.

Use undo ext-community-type to restore the default.

Syntax

ext-community-type { domain-id type-code1 | router-id type-code2 | route-type type-code3 }

undo ext-community-type [ domain-id | router-id | route-type ]

Default

The type codes for domain ID, router ID, and route type are hex numbers 0005, 0107, and 0306, respectively.

Views

OSPF view

Predefined user roles

network-admin

Parameters

domain-id type-code1: Specifies the type code for domain ID. Valid values are hex numbers 0005, 0105, 0205, and 8005.

router-id type-code2: Specifies the type code for router ID. Valid values are hex numbers 0107 and 8001.

route-type type-code3: Specifies the type code for route type. Valid values are hex numbers 0306 and 8000.

Examples

# Configure the type codes of domain ID, router ID, and route type as hex numbers 8005, 8001, and 8000, respectively, for OSPF process 100.

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] ext-community-type domain-id 8005

[Sysname-ospf-100] ext-community-type router-id 8001

[Sysname-ospf-100] ext-community-type route-type 8000

import route-policy

Use import route-policy to apply an import routing policy to the public instance or a VPN instance.

Use undo import route-policy to restore the default.

Syntax

import route-policy route-policy

undo import route-policy

Default

All routes matching the import target attribute are accepted.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Public instance view

Public instance IPv4 address family view

Public instance IPv6 address family view

Predefined user roles

network-admin

Parameters

route-policy: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can specify an import routing policy to filter received routes or modify their route attributes for the public instance or a VPN instance.

If you execute this command multiple times, the most recent configuration takes effect.

An import routing policy specified in VPN instance view or public instance view applies to all address families in the VPN instance or public instance. An import routing policy specified in an address family view applies only to the address family.

An address family prefers the import routing policy specified in the address family view over the one specified in VPN instance view or public instance view.

Examples

# Apply import routing policy poly-1 to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] import route-policy poly-1

Related commands

export route-policy

route-policy (Layer 3—IP Routing Command Reference)

ip binding vpn-instance

Use ip binding vpn-instance to associate an interface with a VPN instance.

Use undo ip binding vpn-instance to restore the default.

Syntax

ip binding vpn-instance vpn-instance-name

undo ip binding vpn-instance

Default

An interface is associated with no VPN instance and belongs to the public network.

Views

Interface view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

CAUTION:

This command or its undo form clears the IP address and routing protocol configuration on the interface.

‌

Use this command to associate the VPN instance with the interface connected to the CE.

The specified VPN instance must have been created by using the ip vpn-instance command in system view.

To associate a new VPN instance with an interface, first execute the undo ip binding vpn-instance command to remove the existing association.

Examples

# Associate Ten-GigabitEthernet 3/0/1 with VPN instance vpn1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ip binding vpn-instance vpn1

Related commands

ip vpn-instance (system view)

ip public-instance

Use ip public-instance to create the public instance and enter its view. If the public instance already exists, this command directly enters the public instance view.

Use undo ip public-instance to delete the public instance.

Syntax

ip public-instance

undo ip public-instance

Default

The public instance does not exist.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The public instance is an instance created for the public network to communicate with private networks.

In an MPLS L3VPN or IPv6 MPLS L3VPN network, for the public network and the VPN network to communicate with each other through route target matching, perform the following tasks:

· Configure matching route targets for the public instance and VPN instance.

· Use the route-replicate enable command in BGP instance view to enable mutual BGP route replication between the public and VPN instances.

Examples

# Create the public instance and enter its view.

<Sysname> system-view

[Sysname] ip public-instance

[Sysname-public-instance]

ip vpn-instance (system view)

Use ip vpn-instance to create a VPN instance and enter its view, or enter the view of an existing VPN instance.

Use undo ip vpn-instance to delete a VPN instance.

Syntax

ip vpn-instance vpn-instance-name

undo ip vpn-instance vpn-instance-name

Default

No VPN instances exist.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies a VPN instance name, a case-sensitive string of 1 to 31 characters.

Examples

# Create a VPN instance named vpn1 and enter its view.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1]

Related commands

route-distinguisher

mpls l3vpn fragment enable

Use mpls l3vpn fragment enable to enable MPLS IP packet fragmentation.

Use undo mpls l3vpn fragment enable to disable MPLS IP packet fragmentation.

Syntax

mpls l3vpn fragment enable

undo mpls l3vpn fragment enable

Default

MPLS IP packet fragmentation is disabled.

Views

System view

Predefined use roles

network-admin

Usage guidelines

To avoid data loss caused by oversized packets from a CE to a PE, enable MPLS IP packet fragmentation and set an MPLS MTU on the PE. To set an MPLS MTU, use the mpls mtu command.

You must execute this command for a device if the device receives MPLS-labeled packets and is configured with label switching on the egress interface.

Examples

# Enable MPLS IP packet fragmentation.

<Sysname> system-view

[Sysname] mpls l3vpn fragment enable

Related commands

mpls mtu

mpls per-vrf-label range

Use mpls per-vrf-label range to specify a label range for all VPN instances.

Use undo mpls per-vrf-label range to restore the default.

Syntax

mpls per-vrf-label range minimum maximum

undo mpls per-vrf-label range

Default

No label range is configured for VPN instances.

Views

System view

Predefined user roles

network-admin

Parameters

minimum: Specifies the minimum label value. The value range for this argument is 1024 to 1010151.

maximum: Specifies the maximum label value. The value range for this argument is 1025 to 1010152.

Usage guidelines

Configure this command to specify the range of labels that a PE can allocate to VPN instances.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the label range for all VPN instances to 100000 to 104095.

<Sysname> system-view

[Sysname] mpls per-vrf-label range 100000 104095

Related commands

apply-label

nesting-vpn

Use nesting-vpn to enable the nested VPN feature.

Use undo nesting-vpn to disable the nested VPN feature.

Syntax

nesting-vpn

undo nesting-vpn

Default

The nested VPN feature is disabled.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Usage guidelines

To exchange VPNv4 routes with a peer in nested VPN, enable nested VPN, and then execute the peer enable command to enable that peer in BGP-VPN VPNv4 address family view.

Examples

# Enable nested VPN.

<Sysname> system-view

[Sysname] bgp 10

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] nesting-vpn

peer capability-advertise orf vpn-prefix

Use peer capability-advertise orf vpn-prefix to enable negotiating VPN Prefix ORF capabilities with a BGP peers or peer group.

Use undo peer capability-advertise orf vpn-prefix to disable the VPN Prefix ORF capability negotiation with a BGP peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] |ipv6-address [ prefix-length ] } capability-advertise orf vpn-prefix { both | send | receive }

undo peer { group-name | ipv4-address [ mask-length ] |ipv6-address [ prefix-length ] } capability-advertise orf vpn-prefix { both | send | receive }

Default

The VPN Prefix ORF capability negotiation with a BGP peer or peer groups is disabled.

Views

BGP VPNv4 address family view

BGP VPNv6 address family view

BGP EVPN address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command applies to all dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command applies to all dynamic peers in the subnet.

both: Supports sending and receiving route-refresh messages carrying VPN Prefix ORF entries.

receive: Only supports receiving route-refresh messages carrying VPN Prefix ORF entries.

send: Only supports sending route-refresh messages carrying VPN Prefix ORF entries.

Usage guidelines

Application scenarios

By default, in large-scale networks with route reflectors, the BGP VPNv4/VPNv6/EVPN routes reflected by the RR usually include the VPN routes from all BGP-VPN instances on the route originating device. The current route limit measures can take effect only on address families. When the number of routes for RR reflection reaches the limit, unwanted BGP-VPN instance routes might occupy most of the receiving end's received routes, resulting in the receiving end not being able to receive the necessary BGP-VPN instance routes.

To resolve this issue, it is required to allow the RR to filter routes based on the BGP-VPN instances of the routes on the originating devices, implementing router filtering at the granularity of BGP-VPN instances in the BGP VPNv4/VPNv6/EVPN address families. The VPN Prefix ORF feature can meet this requirement.

Operating mechanism

After configuring this command, the BGP session between the local device and the specified peer/peer group will be disconnected and reestablished to negotiate VPN Prefix ORF capability through Open messages. BGP negotiation can be successful only when both ends of the BGP session have configured this command. After successful negotiation, the device will be able to parse the route-refresh messages carrying VPN Prefix ORF entries sent by the remote end. A VPN Prefix ORF entry contains a <RD value, source device address> tuple.

NOTE:

If the devices in the BGP session do not support the exchange of route-refresh messages, the VPN Prefix ORF entries will not be successfully sent. Configure the peer capability-advertise route-refresh command on both ends of the BGP session to enable the capability of exchanging route-refresh messages.

The peer capability-advertise orf vpn-prefix command should be used with the route-limit command and the vpn-prefix-quota command. After these commands are configured, the device triggers the VPN Prefix ORF mechanism when the following conditions are met: The number of routes in a BGP-VPN instance exceeds the maximum supported. The number of routes in the BGP-VPN instance that match the tuple exceeds the alarm threshold (configured by the vpn-prefix-quota command). The VPN Prefix ORF mechanism generates route-refresh messages carrying VPN Prefix ORF entries as follows:

· If there are other BGP-VPN instances on the device that have the same tuple specified, and among these BGP-VPN instances, some of them have not reached the route limit or the number of routes that match this tuple in some BGP-VPN instances has not reached the alarm threshold, then all BGP-VPN instances can continue to receive routes. If the device advertises VPN Prefix ORF information once one of the BGP-VPN instance exceeds the route limit, all BGP-VPN instances on the device will not receive routes that match the tuple. Therefore, the device will wait until all BGP-VPN instances exceed the route limit and the tuple-matching routes in each BGP-VPN instance exceed the alarm threshold before it advertises route-refresh messages carrying VPN Prefix ORF entries to the peer/peer group specified in this command. Before sending route-refresh message carrying VPN Prefix ORF entries, all BGP-VPN instances can continue to receive new routes.

TIP:

Among the BGP-VPN instances configured with the same tuple, if the number of routes matching the tuple in some BGP-VPN instances has exceeded the alarm threshold, while some BGP-VPN instances have not received any routes matching the tuple, it indicates that these instances cannot receive routes matching the tuple. The device will not consider these BGP-VPN instances when determining whether to trigger sending VPN Prefix ORF entries.

A VPN Prefix ORF entry contains a <RD value, source device address> tuple. The values of RD and source device address are those specified by using the vpn-prefix-quota command.

After receiving a route-refresh message carrying a VPN Prefix ORF entry, the specified peer/peer group operates as follows:
Withdraws all BGP VPNv4/VPNv6 or BGP EVPN routes that match both the RD and source device address in the VPN Prefix ORF entry. (The route information matching the source device address in the VPN Prefix ORF entry is the next hop attribute of the route.)
No longer sends BGP VPNv4/VPNv6 or BGP EVPN routes that match the VPN Prefix ORF entries to the local-end device.

· If there are no other BGP-VPN instances with the same tuple configured on the device, the device will immediately send a route-refresh message carrying the VPN Prefix ORF entries to the peer/peer group specified in this command. A VPN Prefix ORF entry contains a <RD value, source device address> tuple. The values of RD and source device address are those specified by using the vpn-prefix-quota command.

After receiving a route-refresh message carrying a VPN Prefix ORF entry, the specified peer/peer group operates as follows:
Withdraws all BGP VPNv4/VPNv6 or BGP EVPN routes that match both the RD and source device address in the VPN Prefix ORF entries. (The route information matching the source device address in the VPN Prefix ORF entries is the next hop attribute of the route.)
No longer sends BGP VPNv4/VPNv6 or BGP EVPN routes that match the VPN Prefix ORF entries to the device that sends the VPN Prefix ORF entries.

Restrictions and guidelines

In the current software version, only VPN Prefix ORF within the same AS is supported. VPN Prefix ORF across ASs is not supported.

The correspondence between the address families for the peer capability-advertise orf vpn-prefix command and those for the vpn-prefix-quota command is as follows:

· If the vpn-prefix-quota command without the evpn parameter is configured in BGP-VPN IPv4 address family view, the peer capability-advertise orf vpn-prefix command must be configured in BGP VPNv4 address family view. The triggered VPN Prefix ORF entries are advertised in the BGP VPNv4 address family.

· If the vpn-prefix-quota command without the evpn parameter is configured in BGP-VPN IPv6 address family view, the peer capability-advertise orf vpn-prefix command must be configured in BGP VPNv6 address family view. The triggered VPN Prefix ORF entries are advertised in the BGP VPNv6 address family.

· If the vpn-prefix-quota command with the evpn parameter is executed, this peer capability-advertise orf vpn-prefix command must be configured in the BGP EVPN address family view. The triggered VPN Prefix ORF entries are advertised in the BGP EVPN address family. Note that whether it is an IPv4 or IPv6 private network route that triggers a VPN Prefix ORF entry, the receiving end of the VPN Prefix ORF entries will not differentiate between IPv4 and IPv6 routes when withdrawing BGP EVPN routes. All BGP EVPN routes matching VPN Prefix ORF entries will be withdrawn.

Examples

# Enable negotiating VPN Prefix ORF send and receive capabilities with peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 capability-advertise orf vpn-prefix both

Related commands

route-limit

vpn prefix quota

peer default-route-advertise (BGP VPNv4 address family view)

Use peer default-route-advertise to advertise a default route to a peer or peer group.

Use undo peer default-route-advertise to disable default route advertisement to a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] } default-route-advertise vpn-instance vpn-instance-name

undo peer { group-name | ipv4-address [ mask-length ] } default-route-advertise vpn-instance vpn-instance-name

Default

No default route is advertised to a peer or peer group.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

This command enables the device to send a default route with the next hop being itself to the peer or peer group regardless of whether the default route exists in the routing table.

Examples

# In BGP VPNv4 address family view, advertise the default route of VPN instance vpn1 to peer group test.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer test default-route-advertise vpn-instance vpn1

peer next-hop-invariable (BGP VPNv4 address family view)

Use peer next-hop-invariable to configure the device to not change the next hop of routes advertised to peers.

Use undo peer next-hop-invariable to configure the device to use its address as the next hop of routes advertised to peers.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } next-hop-invariable

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } next-hop-invariable

Default

The device uses its address as the next hop of routes advertised to peers.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The specified peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The specified peer must have been created.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, the device does not change the next hop of routes advertised to the dynamic peers in the subnet.

ipv6-address: Specifies a peer by its IPv6 address. The specified peer must have been created.

prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet in this command, the device does not change the next hop of routes advertised to the dynamic peers in the subnet.

Usage guidelines

On an RR in an inter-AS option C scenario, you must configure this command to not change the next hop of VPNv4 routes advertised to BGP peers and RR clients.

This command is exclusive with the peer next-hop-local command.

Examples

# Configure the device to not change the next hop of routes advertised to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-af-vpnv4] peer 1.1.1.1 next-hop-invariable

Related commands

peer next-hop-local (Layer 3—IP Routing Command Reference)

peer next-hop-vpn

Use peer next-hop-vpn to change the next hop of a BGP VPNv4 route received from a peer or peer group to an IP address in the VPN instance.

Use undo peer next-hop-vpn to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn

undo peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn

Default

The device does not change the next hop of a received BGP VPNv4 route, and the next hop belongs to the public network.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies a peer by its IPv4 address.

Usage guidelines

By default, the device does not change the next hop attribute of a received BGP VPNv4 route. The next hop address of a BGP VPNv4 route is a public address. This command changes the next hop address of a BGP VPNv4 route received from a peer or peer group to a VPN instance address. The outgoing label of the VPNv4 route is also changed to an invalid value. For example, the device received a VPNv4 route and its next hop address is 10.1.1.1, which is a public address by default. After this command is executed, the next hop address changes to private address 10.1.1.1.

After this command is executed, the following applies:

· The device re-establishes the BGP sessions to the specified peer or to all peers in the specified peer group.

· The device receives a BGP VPNv4 route only when its RD is the same as a local RD.

· When advertising a BGP VPNv4 route received from the specified peer or peer group, the device does not change the route target attribute of the route.

· If you delete a VPN instance or its RD, BGP VPNv4 routes received from the specified peer or peer group and in the VPN instance will be deleted.

Examples

# In BGP VPNv4 address family view, change the next hop of BGP VPNv4 routes received from peer 1.1.1.1 to a VPN instance address.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 next-hop-vpn

peer upe (BGP VPNv4 address family view)

Use peer upe to configure BGP peers as HoVPN UPEs.

Use undo peer upe to delete HoVPN UPEs.

Syntax

peer { group-name | ipv4-address [ mask-length ] } upe

undo peer { group-name | ipv4-address [ mask-length ] } upe

Default

No BGP peer is configured as a UPE.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The specified peer group must exist.

ipv4-address: Specifies a peer by its IP address. The specified peer must exist.

Usage guidelines

A UPE is a special VPNv4 peer. It can accept one default route for each related VPN instance and routes permitted by the routing policy on the SPE. An SPE is a common VPN peer.

Examples

# Configure peer 1.1.1.1 as a UPE.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 upe

peer upe route-policy (BGP VPNv4 address family view)

Use peer upe route-policy to advertise routes permitted by a routing policy to UPEs.

Use undo peer upe route-policy to remove the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] } upe route-policy route-policy-name export

undo peer { group-name | ipv4-address [ mask-length ] } upe route-policy route-policy-name export

Default

No routes are advertised to any peers.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.

ipv4-address: Specifies a peer by its IP address. The peer must exist.

route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

export: Applies the filtering policy to routes to be advertised.

Usage guidelines

This command must be used with the peer upe command.

Examples

# Configure peer 1.1.1.1 as a UPE, and advertise routes permitted by routing policy hope to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 200

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 enable

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 upe

[Sysname-bgp-default-vpnv4] peer 1.1.1.1 upe route-policy hope export

Related commands

peer upe (BGP VPNv4 address family view)

route-policy (Layer 3—IP Routing Command Reference)

policy vpn-target

Use policy vpn-target to enable route target filtering of received VPNv4 routes. Only VPNv4 routes whose export route target attribute matches local import route target attribute are added to the routing table.

Use undo policy vpn-target to disable route target filtering, permitting all incoming VPNv4 routes.

Syntax

policy vpn-target

undo policy vpn-target

Default

The route target filtering feature is enabled for received VPNv4 routes.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Usage guidelines

In an inter-AS option B scenario, an ASBR must save all incoming VPNv4 routes and advertise those routes to the peer ASBR. For this purpose, you must execute the undo policy vpn-target command on the ASBR to disable route target filtering.

Examples

# Disable route target filtering of received VPNv4 routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] undo policy vpn-target

reset traffic-statistics vpn-instance

Use reset traffic-statistics vpn-instance to clear traffic statistics for VPN instances.

Syntax

reset traffic-statistics vpn-instance [ instance-name vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears traffic statistics for all VPN instances.

Examples

# Clear traffic statistics for VPN instance vpn1.

<Sysname> reset traffic-statistics vpn-instance instance-name vpn1

Related commands

display traffic-statistics vpn-instance

traffic-statistics enable

route-distinguisher

Use route-distinguisher to configure a route distinguisher (RD).

Use undo route-distinguisher to restore the default.

Syntax

route-distinguisher route-distinguisher

undo route-distinguisher

Default

No RD is configured.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Public instance view

Predefined user roles

network-admin

Parameters

route-distinguisher: Specifies an RD for the VPN instance, a string of 3 to 21 characters in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

· 32-bit AS number in dotted format:16-bit user-defined number. For example, 10.1:1.

Usage guidelines

RDs enable VPNs to use the same address space. An RD and an IPv4 prefix form a unique VPN-IPv4 prefix.

You can configure an RD in VPN instance view and each address family view of the VPN instance. The RD configured in address family view takes precedence over the RD configured in VPN instance view. An address family uses the RD configured in VPN instance view only when no RD is configured in the address family view.

To guarantee global uniqueness for a VPN-IPv4 address, do not set the AS number or IP address in an RD to any private AS number or private IP address.

To modify an RD, execute the undo route-distinguisher command to remove the RD and then execute the route-distinguisher command.

Editing an RD will delete some configuration related to the VPN instance from the BGP process. Please be cautious.

Follow these restrictions and guidelines when deleting RDs:

· When you delete the RD configured in VPN instance view, settings configured in an address family view of the BGP-VPN instance will be deleted if no RD is configured in the address family view. For example, when you delete the RD of VPN instance vpna, settings configured in BGP-VPN IPv4 unicast address family view of VPN instance vpna will be deleted if no RD is configured in VPN instance IPv4 address family view.

· When you delete an RD configured in an address family view of the VPN instance, settings configured in the address family view of the BGP-VPN instance will be deleted if the RD configured in the address family view is different from the RD configured in VPN instance view.

· If you configure an RD for an address family that inherits the RD of the VPN instance and the two RDs are different, settings configured in the address family view of the BGP-VPN instance will be deleted.

Examples

# Configure RD 22:1 for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] route-distinguisher 22:1

# Configure RD 11:1 for VPN instance vpn1, and then configure RD 22:1 for the IPv4 address family in VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] route-distinguisher 11:1

[Sysname-vpn-instance-vpn1] address-family ipv4

[Sysname-vpn-ipv4-vpn1] route-distinguisher 22:1

Some configurations for this VPN instance in the BGP process will be deleted.

# Delete the RD configuration of VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] undo route-distinguisher

Some configurations for this VPN instance in the BGP process will be deleted.

route-limit

Use route-limit to set the maximum number of routes supported by the BGP-VPN instance.

Use undo route-limit to restore the default.

Syntax

route-limit limit

undo route-limit

Default

No limit is set to the number of routes supported by a BGP-VPN instance.

Views

BGP-VPN IPv4 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Parameters

limit: Maximum number of routes supported by the BGP-VPN instance, in the range of 1 to 4294967295.

Usage guidelines

Application scenarios

This command is used in conjunction with VPN Prefix ORF to limit the number of IPv4 or IPv6 unicast routes in a BGP-VPN instance.

The local device enabled with VPN Prefix ORF can send route-refresh messages carrying VPN Prefix ORF entries to the peer. When the peer needs to send BGP routes to the local device, it filters the routes by using not only the routing policies on the peer but also the VPN Prefix ORF entries received from the local device. The peer device will not send routes that match the VPN Prefix ORF entries to the local device, and will withdraw all advertised routes that match the VPN Prefix ORF entries. The VPN Prefix ORF feature limits the number of routes at the source of route sending in order to reduce route exchanges between BGP peers and save network resources.

The maximum number of routes configured by this command is a condition for triggering the VPN Prefix ORF mechanism.

Operating mechanism

When the route-limit, vpn-prefix-quota, and peer capability-advertise orf vpn-prefix commands are configured, if the number of IPv4/IPv6 unicast routes in the BGP-VPN instance exceeds the route-limit value, and the percentage of routes that match the tuple (specified by the vpn-prefix-quota command) to the maximum routes supported by the BGP-VPN instance (the route-limit value) exceeds the alarm threshold (specified by the vpn-prefix-quota command), the device will take the following actions:

1. Check if any other BGP-VPN instances have set up the same tuple.

¡ If yes, go to step 2.

¡ If not, go to step 3.

2. Check if the number of routes in these BGP-VPN instances has exceeded the route limit and if the number of routes matching the tuple has exceeded the alarm threshold.

¡ If yes, go to step 3.

¡ If not, the BGP-VPN instance that contains routes exceeding the route limit will continue to receive routes and repeat step 2.

3. The local device sends a route-refresh message with a VPN Prefix ORF entry to the peer or peer group specified by the peer capability-advertise orf vpn-prefix command, notifying the peer/peer group to withdraw routes that match the VPN Prefix ORF entries and no longer send routes that match the VPN Prefix ORF entries, reducing the number of IPv4/IPv6 unicast routes in the local BGP-VPN instance.

Restrictions and guidelines

If you execute this command multiple times, the most recent configuration takes effect. If you change the route limit to a larger value, the route-refresh messages carrying VPN Prefix ORF entries that have already been sent will not be withdrawn. To receive routes withdrawn by these route-refresh messages, execute the clear bgp vpn-prefix-orf command.

If you execute the route-limit command alone without executing the vpn-prefix-quota command and the peer capability-advertise orf vpn-prefix command, the route-limit command will not take effect.

Examples

# In BGP-VPN IPv4 unicast address family view, set the maximum number of IPv4 routes supported by BGP-VPN instance vpn1 to 1000.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4 unicast

[Sysname-bgp-default-ipv4-vpn1] route-limit 1000

Related commands

clear bgp vpn-prefix-orf

peer capability-advertise orf vpn-prefix

vpn prefix quota

route-replicate (public instance IPv4 address family view)

Use route-replicate to replicate routes from a VPN instance to the public network.

Use undo route-replicate to cancel the configuration.

Syntax

route-replicate from vpn-instance vpn-instance-name protocol { bgp as-number | direct | static | unr | vlink-direct | { isis | ospf | rip } process-id } [ advertise ] [ route-policy route-policy-name ]

undo route-replicate from vpn-instance vpn-instance-name protocol { bgp as-number | direct | static | unr | vlink-direct | { isis | ospf | rip } process-id }

Default

The public network cannot replicate routes from VPN instances.

Views

Public instance IPv4 address family view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

protocol: Replicates routes of the specified routing protocol.

bgp: Replicates BGP routes.

as-number: Specifies an AS number in the range of 1 to 4294967295.

direct: Replicates direct routes.

static: Replicates static routes.

unr: Replicates user network routes.

vlink-direct: Replicates VLINK direct routes, which are generated based on ARP entries learned by interfaces.

isis: Replicates IS-IS routes.

ospf: Replicates OSPF routes.

rip: Replicates RIP routes.

process-id: Specifies a process by its ID, in the range of 1 to 65535.

advertise: Allows the public instance to advertise replicated routes. If you do not specify this keyword, the public instance cannot advertise replicated routes.

route-policy route-policy-name: Applies a routing policy to replicated routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

Configure this command to enable the public network to communicate with a VPN instance by replicating routes from the VPN instance.

The route-replicate from vpn-instance protocol direct command replicates VLINK direct routes, , but the VLINK direct routes cannot be added to the FIB, causing traffic forwarding failures. To address this issue, you can specify the vlink-direct keyword to replicate VLINK direct routes and add the routes to the FIB.

Examples

# Replicate OSPF routes from VPN instance vpn1 to the public network.

<Sysname> system-view

[Sysname] ip public-instance

[Sysname-public-instance] address-family ipv4

[Sysname-public-instance-ipv4] route-replicate from vpn-instance vpn1 protocol ospf 1

route-replicate (VPN instance IPv4 address family view)

Use route-replicate to enable a VPN instance to replicate routes from the public network or other VPN instances.

Use undo route-replicate to cancel the configuration.

Syntax

route-replicate from { public | vpn-instance vpn-instance-name } protocol eigrp eigrp-as [ advertise ] [ route-policy route-policy-name ]

route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp as-number | direct | static | unr | vlink-direct | { isis | ospf | rip } process-id } [ advertise ] [ route-policy route-policy-name ]

undo route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp as-number | direct | eigrp eigrp-as | static | unr | vlink-direct | { isis | ospf | rip } process-id }

Default

A VPN instance cannot replicate routes of the public network or other VPN instances.

Views

VPN instance IPv4 address family view

Predefined user roles

network-admin

Parameters

public: Replicates routes from the public network.

vpn-instance vpn-instance-name: Replicates routes from a VPN instance. The vpn-instance-name argument specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

protocol: Replicates routes of the specified routing protocol.

bgp: Replicates BGP routes.

as-number: Specifies an AS number in the range of 1 to 4294967295.

direct: Replicates direct routes.

eigrp: Replicates EIGRP routes.

static: Replicates static routes.

unr: Replicates user network routes.

vlink-direct: Replicates VLINK direct routes, which are generated based on ARP entries learned by interfaces.

isis: Replicates IS-IS routes.

ospf: Replicates OSPF routes.

rip: Replicates RIP routes.

eigrp-as: Specifies an EIGRP process by its ID, in the range of 1 to 65535.

process-id: Specifies a process by its ID, in the range of 1 to 65535.

advertise: Allows the VPN instance to advertise replicated routes. If you do not specify this keyword, the VPN instance cannot advertise replicated routes.

route-policy route-policy-name: Applies a routing policy to replicated routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

In a BGP/MPLS L3VPN network, only VPN instances that have matching route targets can communicate with each other.

This command allows a VPN instance to communicate with the public network or other VPN instances by replicating routing information of the public network or other VPN instances.

In an intelligent traffic control network, traffic of different tenants is assigned to different VPNs. To enable the tenants to communicate with the public network, configure this command to replicate routes from the public network to the VPN instances.

The route-replicate from vpn-instance protocol direct or route-replicate from public protocol direct command replicates VLINK direct routes, but the VLINK direct routes cannot be added to the FIB, causing traffic forwarding failures. To address this issue, you can specify the vlink-direct keyword to replicate VLINK direct routes and add the routes to the FIB.

Examples

# Replicate OSPF routes from the public network to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv4

[Sysname-vpn-ipv4-vpn1] route-replicate from public protocol ospf 1

route-replicate enable

Use route-replicate enable to enable BGP route replication between public and VPN instances.

Use undo route-replicate enable to disable BGP route replication between public and VPN instances.

Syntax

route-replicate enable

undo route-replicate enable

Default

BGP route replication between public and VPN instances is disabled.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

In traffic cleaning scenarios, traffic between the public and private networks are filtered by firewalls and traffic of different tenants is assigned to different VPNs. To enable the tenants to communicate with the public network under the protection of firewalls, you can configure BGP route replication between public and VPN instances.

Operating mechanism

By default, only VPN instances that have matching route targets can redistribute BGP routes from each other, while the public instance and VPN instances cannot. After you configure this feature, the public instance and VPN instances that have matching route targets can replicate BGP routes from each other, enabling communication between the public network and VPN users.

This feature also replicates the BGP route attributes, so that the device can select proper forwarding paths according to the route attributes.

Restrictions and guidelines

After this feature is enabled, the public network and VPNs cannot be isolated. Configure this feature only in specific scenarios, for example, the traffic cleaning scenario.

To use this feature to implement IPv4 or IPv6 route replication between the public instance and a VPN instance, make sure the VPN instance and the BGP IPv4 or IPv6 unicast address family have been created.

Do not configure both the import-rib command and the route-replicate enable command, as this might cause anomalies in the redistributed route information.

Examples

# In BGP instance view, enable mutual route replication between public and VPN instances.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] route-replicate enable

Related commands

import-rib (Layer 3—IP Routing Command Reference)

route-tag (OSPF view)

Use route-tag to configure an external route tag for redistributed VPN routes.

Use undo route-tag to restore the default.

Syntax

route-tag tag-value

undo route-tag

Default

If BGP runs within an MPLS backbone, and the BGP AS number is not greater than 65535, the first two octets of the external route tag are 0xD000, and the last two octets are the local BGP AS number. For example, if the local BGP AS number is 100, the external route tag value is 3489661028 (100 + the decimal value of 0xD0000000). If the AS number is greater than 65535, the external route tag is 0.

Views

OSPF view

Predefined user roles

network-admin

Parameters

tag-value: Specifies the external route tag for redistributed VPN routes, in the range of 0 to 4294967295.

Usage guidelines

Application scenarios

In a dual-homed scenario where OSPF runs between the CE and the connected PEs (PE-A and PE-B, for example), you can use external route tags to avoid routing loops.

Operating mechanism

PE-A redistributes BGP routes from the peer PE into OSPF, and advertises these routes in the Type 5 or 7 LSAs to the CE. In these LSAs, PE-A adds the local external route tag.

When PE-B receives the Type 5 or 7 LSAs advertised by the CE, it compares the external route tag in the LSAs with the local external route tag. If the two tags have the same value (including the value of 0), PE-B ignores the LSA in route calculation to avoid routing loops.

The commands used to configure the external route tag (in the descending order of tag priority) are as follows:

· import-route

· route-tag (for PEs) and default tag (for CEs and MCEs)

Recommended configuration

As a best practice, configure the same external route tag for PEs in the same area.

You can configure the same external route tag for different OSPF processes.

Restrictions and guidelines

This command takes effect only in an OSPF process for a VPN instance.

An external route tag is not transferred in any BGP extended community attribute. It takes effect only on the PEs that receive BGP routes and generate OSPF Type 5 or 7 LSAs.

Examples

# In OSPF process 100 for VPN instance vpn1, set the external route tag to 100 for redistributed VPN routes.

<Sysname> system-view

[Sysname] ospf 100

[Sysname-ospf-100] route-tag 100

Related commands

default (Layer 3—IP Routing Command Reference)

import-route (Layer 3—IP Routing Command Reference)

route-tag-check enable

Use route-tag-check enable to enable external route check for OSPF LSAs.

Use undo route-tag-check enable to disable external route check for OSPF LSAs.

Syntax

route-tag-check enable

undo route-tag-check enable

Default

The external route check feature is enabled for OSPF LSAs.

Views

OSPF view

Predefined user roles

network-admin

Usage guidelines

In a dual-homed scenario where OSPF runs between the CE and the connected PEs (PE-A and PE-B, for example), you can use external route tags to avoid routing loops.

PE-A redistributes BGP VPNv4 routes from the peer PE into OSPF, and advertises these routes in the Type 5 or 7 LSAs to the CE. In these LSAs, PE-A adds the locally configured external route tag.

If external route check for OSPF LSAs is enabled on PE-B, it compares the external route tag in the receiving Type 5 or 7 LSAs with the locally configured tag. If they are the same, PE-B ignores the LSA in route calculation to avoid routing loops.

Use the external route tag check feature only when the device does not support the DN bit. Otherwise, use the DN bit to avoid routing loops.

This command takes effect only for a VPN OSPF process that is not configured with the vpn-instance-capability simple command.

Examples

# Enable external route check in OSPF LSAs for VPN OSPF process 1.

<Sysname> system-view

[System] ospf 1 vpn-instance vpn1

[System-ospf-1] undo route-tag-check enable

Related commands

display ospf (Layer 3—IP Routing Command Reference)

route-tag

vpn-instance-capability simple

routing-table limit

Use routing-table limit to set the maximum number of active routes in a VPN instance or the public instance.

Use undo routing-table limit to restore the default.

Syntax

routing-table limit number { warn-threshold | simply-alert }

undo routing-table limit

Default

The number of active routes in a VPN instance or the public instance is not limited.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Public instance view

Public instance IPv4 address family view

Public instance IPv6 address family view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of active routes supported by a VPN instance. The value range for this argument is 1 to 2048000 in public instance view, VPN instance view, VPN instance IPv4 address family view, and VPN instance IPv6 address family view and 1 to 4145152 in public instance IPv4 address family view and VPN instance IPv4 address family view.

warn-threshold: Specifies a warning threshold in the range of 1 to 100 in percentage. When the percentage of the existing active routes to the maximum active routes exceeds the threshold, the system gives a log message but still allows new active routes. If active routes in the VPN instance reach the maximum, no more active routes are added.

simply-alert: Specifies that when active routes exceed the maximum number, the system still accepts active routes but generates a log message.

Usage guidelines

Setting the maximum number of active routes can prevent a PE from learning too many routes.

A limit configured in VPN instance view applies to both the IPv4 VPN and the IPv6 VPN. A limit configured in VPN instance IPv4 address family view applies only to the IPv4 VPN. A limit configured in VPN instance IPv6 address family view applies only to the IPv6 VPN.

An IPv4 VPN prefers the limit configured in VPN instance IPv4 address family view over the limit configured in VPN instance view.

An IPv6 VPN prefers the limit configured in VPN instance IPv6 address family view over the limit configured in VPN instance view.

Configuration in the public instance view applies to both IPv4 and IPv6 public instances. Configuration in public instance IPv4 address family view applies to only the IPv4 public instance. Configuration in public instance IPv6 address family view applies to only the IPv6 public instance.

An IPv4 public network prefers the configuration in public instance IPv4 address family view over the configuration in public instance view.

An IPv6 public network prefers the configuration in public instance IPv6 address family view over the configuration in public instance view.

Examples

# Specify that VPN instance vpn1 supports a maximum of 1000 active routes. When active routes exceed this limit, the device can receive new active routes but generates a log message.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] route-distinguisher 100:1

[Sysname-vpn-instance-vpn1] routing-table limit 1000 simply-alert

rr-filter (BGP VPNv4 address family view)

Use rr-filter to create a route reflector (RR) reflection policy.

Use undo rr-filter to restore the default.

Syntax

rr-filter { ext-comm-list-number | ext-comm-list-name }

undo rr-filter

Default

An RR does not filter reflected routes.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

ext-comm-list-number: Specifies an extended community list number in the range of 1 to 65535.

ext-comm-list-name: Specifies an extended community list name, a case-sensitive string of 1 to 63 characters. The name cannot contain only digits.

Usage guidelines

After this command is executed, only the VPNv4 routes that are permitted by the specified extended community list are reflected.

By configuring different RR reflection policies on RRs in a cluster, you can implement load balancing among the RRs.

For more information about extended community lists, see Layer 3—IP Routing Configuration Guide.

Examples

# Configure the RR to reflect only VPNv4 routes that are permitted by extended community list 10.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] rr-filter 10

Related commands

ip extcommunity-list (Layer 3—IP Routing Command Reference)

sham-link (OSPF area view)

Use sham-link to create an OSPF sham link.

Use undo sham-link to remove an OSPF sham link or restore the defaults of specified parameters for an OSPF sham link.

Syntax

sham-link source-ip-address destination-ip-address [ cost cost-value | dead dead-interval | hello hello-interval | { { hmac-md5 | hmac-sha-256 | md5 } key-id { cipher | plain } string | keychain keychain-name | simple { cipher | plain } string } | retransmit retrans-interval | trans-delay delay | ttl-security hops hop-count ] *

undo sham-link source-ip-address destination-ip-address [ cost | dead | hello | { { hmac-md5 | hmac-sha-256 | md5 } key-id | keychain | simple } | retransmit | trans-delay | ttl-security ] *

Default

No OSPF sham links exist.

Views

OSPF area view

Predefined user roles

network-admin

Parameters

source-ip-address: Specifies the source IP address of the sham link.

destination-ip-address: Specifies the destination IP address of the sham link.

cost cost-value: Specifies the cost of the sham link, in the range of 1 to 65535. The default cost is 1.

dead dead-interval: Specifies the dead interval in the range of 1 to 32768 seconds. The default is 40 seconds. The dead interval configured on the two ends of the sham link must be identical, and it must be at least four times the hello interval.

hello hello-interval: Specifies the interval for sending hello packets, in the range of 1 to 8192 seconds. The default is 10 seconds. The hello interval configured on the two ends of the sham link must be identical.

hmac-md5: Enables HMAC-MD5 authentication.

hmac-sha-256: Enables HMAC-SHA-256 authentication.

md5: Enables MD5 authentication.

simple: Enables simple authentication.

key-id: Specifies a MD5, HMAC-MD5, or HMAC-SHA-256 key ID in the range of 1 to 255.

cipher: Specifies a key in encrypted form.

plain: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. This argument is case sensitive.

· In simple authentication mode, the plaintext form of the key is a string of 1 to 8 characters. The encrypted form of the key is a string of 33 to 41 characters.

· In MD5/HMAC-MD5 authentication mode, the plaintext form of the key is a string of 1 to 16 characters. The encrypted form of the key is a string of 33 to 53 characters.

· In HMAC-SHA-256 authentication mode, the plaintext form of the key is a string of 1 to 255 characters. The encrypted form of the key is a string of 33 to 373 characters.

keychain: Enables keychain authentication.

keychain-name: Specifies a keychain by its name. A keychain name is a case-sensitive string of 1 to 63 characters.

retransmit retrans-interval: Specifies the interval for retransmitting LSAs, in the range of 1 to 3600 seconds. The default is 5 seconds.

trans-delay delay: Specifies the delay interval before the interface sends an LSA, in the range of 1 to 3600 seconds. The default is 1 second.

ttl-security hops hop-count: Enables OSPF GTSM and specifies the maximum number of hops to the sham link neighbor. The value range for the hop-count argument is 1 to 254. By default, OSPF GTSM is disabled.

Usage guidelines

When a backdoor link exists between the two sites of a VPN, traffic is forwarded through the backdoor link. To forward VPN traffic over the backbone, you can create a sham link between PEs. A sham link is considered an OSPF intra-area route.

For a sham link, you can configure only one authentication mode: MD5/HMAC-MD5/HMAC-SHA-256 authentication, keychain authentication, or simple authentication. For MD5/HMAC-MD5/HMAC-SHA-256 authentication, you can configure multiple keys by executing this command multiple times.

To modify the MD5/HMAC-MD5/HMAC-SHA-256 authentication key of a sham link, perform the following tasks:

1. Configure a new key for the sham link on the local device. If the neighbor on the sham link has not been configured with the new key, this configuration triggers a key rollover process, during which, OSPF advertises both the new and old keys so the neighbor can pass authentication and the neighbor relationship is maintained.

2. Configure the same key for the sham link on the neighbor. After the local device receives a packet carrying the new key from the neighbor, it quits the key rollover process.

3. Execute the undo sham-link command on the local device and the neighbor to remove the old key. This operation can avoid attacks to the sham link that uses the old key and reduce bandwidth consumption by key rollover.

When keychain authentication is configured for an OSPF sham link, OSPF performs the following operations before sending a packet:

1. Obtains a valid send key from the keychain.

OSPF does not send the packet if it fails to obtain a valid send key.

2. Uses the key ID, authentication algorithm, and key string of the send key to authenticate the packet.

If the key ID is greater than 255, OSPF does not send the packet.

When keychain authentication is configured for an OSPF sham link, OSPF performs the following operations before accepting a received a packet:

1. Uses the key ID carried in the packet to obtain a valid accept key from the keychain.

OSPF discards the packet if it fails to obtain a valid accept key.

2. Uses the authentication algorithm and key string of the accept key to authenticate the packet.

If the authentication fails, OSPF discards the packet.

OSPF supports the MD5, HMAC-MD5, HMAC-SM3, and HMAC-SHA-256 authentication algorithms. The ID of keys used for authentication can only be in the range of 0 to 255.

OSPF GTSM protects the device from being attacked by CPU-utilization attacks. When OSPF GTSM is enabled for a sham link, the device compares the TTL value of an OSPF packet received from the sham link against the valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded. The valid TTL range is from "255 – the configured hop count + 1" to 255. For packets sent to the sham link, the device sets the packet TTL value to 255.

You cannot configure a sham link with the same source and destination IP address for multiple OSPF processes in a VPN instance.

For an OSPF neighbor relationship to be successfully established, the sham links configured on the local and remote PEs must be in the same OSPF area.

To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values on the devices.

Examples

# Create a sham link with the source address 1.1.1.1 and destination address 2.2.2.2.

<Sysname> system-view

[Sysname] ospf

[Sysname-ospf-1] area 0

[Sysname-ospf-1-area-0.0.0.0] sham-link 1.1.1.1 2.2.2.2

Related commands

display ospf sham-link

snmp context-name

Use snmp context-name to configure an SNMP context for a VPN instance.

Use undo snmp context-name to restore the default.

Syntax

snmp context-name context-name

undo snmp context-name

Default

No SNMP context is configured for a VPN instance.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

VPN-aware features such as AAA and NAT do not know the VPN instance to which a managed MIB node belongs. To resolve this issue, configure different SNMP contexts for different VPN instances.

The device selects a MIB for an SNMP packet according to the context (for SNMPv3) or community name (for SNMPv1/v2c) in the following ways:

· For an SNMPv3 packet:

¡ The device selects the public MIB if the packet does not carry a context.

¡ The device selects the MIB of a VPN instance if the packet meets the following conditions:

- Carries a context that was configured with the snmp-agent context command in system view.

- Matches the context of the VPN instance.

¡ The device does not process any MIBs in other situations.

· For an SNMPv1/v2c packet:

¡ The device selects the public MIB if no SNMP community to SNMP context mapping was configured with the snmp-agent community-map command in system view.

¡ The device selects the MIB of a VPN instance if the SNMP community is mapped to an SNMP context and the context matches the context of the VPN instance.

¡ The device does not process any MIBs in other situations.

For more information about SNMP context and community name, see Network Management and Monitoring Configuration Guide.

Do not configure the same SNMP context for different VPN instances.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure SNMP context vpna for VPN instance vpna.

<Sysname> system-view

[Sysname] snmp-agent context vpna

[Sysname] ip vpn-instance vpna

[Sysname-vpn-instance-vpna] route-distinguisher 22:33

[Sysname-vpn-instance-vpna] snmp context-name vpna

Related commands

snmp-agent community-map (Network Management and Monitoring Command Reference)

snmp-agent context (Network Management and Monitoring Command Reference)

snmp-agent trap enable l3vpn

Use snmp-agent trap enable l3vpn to enable SNMP notifications for MPLS L3VPN.

Use undo snmp-agent trap enable l3vpn to disable SNMP notifications for MPLS L3VPN.

Syntax

snmp-agent trap enable l3vpn [ vrf-down | vrf-ipv6-down | vrf-ipv6-up | vrf-up ] *

undo snmp-agent trap enable l3vpn [ vrf-down | vrf-ipv6-down | vrf-ipv6-up | vrf-up ] *

Default

SNMP notifications for MPLS L3VPN are enabled.

Views

System view

Predefined user roles

network-admin

Parameters

vrf-down: VPN instance interface down notification. This notification is generated for a VPN instance in the following conditions:

· The physical state of all the interfaces bound to the VPN instance is down.

· All physically up interfaces bound to the VPN instance are unbound from the VPN instance.

vrf-ipv6-down: VPN instance interface IPv6 down notification. This notification is generated for a VPN instance in the following conditions:

· The IPv6 protocol state of all the interfaces bound to the VPN instance is down.

· All IPv6 up interfaces bound to the VPN instance are unbound from the VPN instance.

vrf-ipv6-up: VPN instance interface IPv6 up notification. This notification is generated for a VPN instance in the following conditions:

· The IPv6 protocol state of the first interface bound to the VPN instance comes up.

· When the IPv6 protocol state of all interfaces bound to the VPN instance is Down, one or multiple of the interfaces' IPv6 protocol state changes from Down to Up.

vrf-up: VPN instance interface up notification. This notification is generated in the following conditions:

· The physical state of the first interface bound to the VPN instance comes up.

· When the physical state of all interfaces bound to the VPN instance is Down, one or multiple of the interfaces' physical state changes from Down to Up.

Usage guidelines

To report critical MPLS L3VPN events to an NMS, enable SNMP notifications for MPLS L3VPN. For MPLS L3VPN event notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

If you do not specify any parameters in this command, this command enables all types of MPLS L3VPN notifications.

Examples

# Enable all SNMP notifications for MPLS L3VPN.

<Sysname> system-view

[Sysname] snmp-agent trap enable l3vpn

tnl-policy

Use tnl-policy to associate a VPN instance with a tunnel policy.

Use undo tnl-policy to restore the default.

Syntax

tnl-policy tunnel-policy-name

undo tnl-policy

Default

No tunnel policy is associated with a VPN instance.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

tunnel-policy-name: Specifies a tunnel policy by its name, a case-sensitive string of 1 to 126 characters.

Usage guidelines

The VPN instance uses the specified tunnel policy to select tunnels for traffic.

If a VPN instance is not associated with any tunnel policies or the associated tunnel policy is not configured, the VPN instance selects tunnels according to the default tunnel policy. The default tunnel policy selects only one tunnel in this order: LSP tunnel, GRE tunnel, CRLSP tunnel, SRLSP tunnel.

A tunnel policy specified in VPN instance view applies to both the IPv4 VPN and the IPv6 VPN. A tunnel policy specified in VPN instance IPv4 address family view applies only to the IPv4 VPN. A tunnel policy specified in VPN instance IPv6 address family view applies only to the IPv6 VPN.

IPv4 VPN prefers the tunnel policy specified in VPN instance IPv4 address family view over the tunnel policy specified in VPN instance view.

IPv6 VPN prefers the tunnel policy specified in VPN instance IPv6 address family view over the tunnel policy specified in VPN instance view.

Examples

# Associate VPN instance vpn1 with tunnel policy po1.

<Sysname> system-view

[Sysname] tunnel-policy po1

[Sysname-tunnel-policy-po1] select-seq lsp load-balance-number 1

[Sysname-tunnel-policy-po1] quit

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] route-distinguisher 22:33

[Sysname-vpn-instance-vpn1] tnl-policy po1

[Sysname-vpn-instance-vpn1] quit

Related commands

tunnel-policy

traffic-statistics enable

Use traffic-statistics enable to enable traffic statistics for a VPN instance.

Use undo traffic-statistics enable to disable traffic statistics for a VPN instance.

Syntax

traffic-statistics enable

undo traffic-statistics enable

Default

Traffic statistics is disabled for a VPN instance.

Views

VPN instance view

Predefined user roles

network-admin

Usage guidelines

After traffic statistics is enabled for a VPN instance, the device counts the traffic data entering and exiting the VPN instance (including MPLS and SRv6 forwarded traffic) to support monitoring or accounting.

To view the traffic statistics for the VPN instance, use the display traffic-statistics vpn-instance command. To clear existing traffic statistics for the VPN instance and start statistics again, use the reset traffic-statistics vpn-instance command.

Examples

# Enable traffic statistics for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] traffic-statistics enable

Related commands

display traffic-statistics vpn-instance

reset traffic-statistics vpn-instance

traffic-statistics vpn-instance interval

Use traffic-statistics vpn-instance interval to set the time interval for collecting VPN instance traffic statistics.

Use undo traffic-statistics vpn-instance interval to restore the default.

Syntax

traffic-statistics vpn-instance interval interval

undo traffic-statistics vpn-instance interval

Default

The VPN instance traffic statistics interval is 15 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Time interval for collecting VPN instance traffic statistics. The value range is 1 to 65535, in seconds.

Usage guidelines

If time interval set by this command is too large, the data update will be slow, and the data cannot reflect the current traffic situation in real time. If the time interval is too small, traffic statistics will consume a lot of system resources, causing the system to become busy. Set a proper interval for collecting VPN instance traffic statistics based on actual conditions.

Examples

# Set the interval for collecting VPN instance traffic statistics to 30 seconds.

<Sysname> system-view

[Sysname] traffic-statistics vpn-instance interval 30

ttl-mode

Use ttl-mode to configure the TTL processing mode for the tunnel associated with a VPN instance.

Use undo ttl-mode to restore the default.

Syntax

ttl-mode { pipe | uniform }

undo ttl-mode { pipe | uniform }

Default

The TTL processing mode for the tunnel associated with a VPN instance is pipe.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

pipe: Specifies the pipe TTL processing mode.

uniform: Specifies the uniform TTL processing mode.

Usage guidelines

In the current software version, you can configure a TTL processing mode for only SRv6 tunnels associated with VPN instances.

The tunnel associated with a VPN instance supports the following TTL processing modes:

· Pipe—When an IP or IPv6 packet enters the tunnel of the VPN instance, the ingress node adds a new header to the packet. The ingress node sets the TTL value or hop limit in the new header to 255 or the value specified by the encapsulation source-address ip-ttl command in SRv6 view. When the packet leaves the tunnel of the VPN instance, the egress node does not change the TTL value or the hop limit according to the remaining TTL value in the new header. Therefore, the public network nodes are invisible to user networks, and the tracert facility cannot show the real path in the public network.

· Uniform—When an IP or IPv6 packet enters the tunnel of the VPN instance, the ingress node adds a new header to the packet. The ingress node copies the TTL value or the hop limit of the original packet to the TTL or hop limit field of the new header. When the packet leaves the tunnel of the VPN instance, the egress node copies the remaining TTL value or hop limit back to the original packet. The TTL value or hop limit can reflect how many hops the packet has traversed in the public network. The tracert facility can show the real path along which the packet has traveled.

Examples

# Configure the TTL processing mode for the tunnel associated with VPN instance vpn1 to uniform.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] ttl-mode uniform

update-first route-policy (BGP VPNv4 address family view)

Use update-first route-policy to configure BGP to send withdrawal messages of routes matching the specified routing policy prior to other routes.

Use undo update-first route-policy to restore the default.

Syntax

update-first route-policy route-policy-name

undo update-first route-policy

Default

BGP does not send withdrawal messages of any routes prior to other routes.

Views

BGP VPNv4 address family view

Predefined user roles

network-admin

Parameters

route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

This command enables BGP to send the withdrawal messages of specific routes prior to other routes. This can achieve fast route switchover and reduce the traffic interruption time.

Examples

# In BGP VPNv4 address family view, configure BGP to send withdrawal messages of routes matching routing policy test-policy prior to other routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv4

[Sysname-bgp-default-vpnv4] update-first route-policy test-policy

Related commands

default-route update-first (Layer 3—IP Routing Command Reference)

route-policy (Layer 3—IP Routing Command Reference)

vpn popgo

Use vpn popgo to specify the VPN label processing mode as POPGO forwarding on an egress PE. In POPGO forwarding mode, the egress PE pops the label for each packet and forwards the packet out of the interface corresponding to the label.

Use undo vpn popgo to restore the default.

Syntax

vpn popgo

undo vpn popgo

Default

The VPN label processing mode is POP forwarding on an egress PE, which will pop the label for each packet and forward the packet through the FIB table.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

After you execute the vpn popgo command, the egress PE disconnects and re-establishes BGP sessions to re-learn VPN routes, and it does not support load sharing among VPN BGP peers.

The vpn popgo and label-allocation-mode per-vrf commands are mutually exclusive. Do not configure both modes in a BGP instance.

The vpn popgo command cannot be used together with the apply-label per-instance command. After the apply-label per-instance command is executed for a VPN instance, the device can only forward packets by looking up the FIB according to labels. The vpn popgo command does not take effect in the VPN instance.

Examples

# Specify the VPN label processing mode on the egress PE as POPGO forwarding.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] vpn popgo

Related commands

apply-label

label-allocation-mode (Layer 3—IP Routing Command Reference)

vpn-id

Use vpn-id to configure a VPN ID for a VPN instance.

Use undo vpn-id to restore the default.

Syntax

vpn-id vpn-id

undo vpn-id

Default

No VPN ID is configured for a VPN instance.

Views

VPN instance view

Predefined user roles

network-admin

Parameters

vpn-id: Specifies a VPN ID for the VPN instance, a string of 3 to 15 characters in the form of OUI:Index. The OUI is a hexadecimal number in the range of 0 to FFFFFF, and the index is a hexadecimal number in the range of 0 to FFFFFFFF.

Usage guidelines

A VPN ID uniquely identifies a VPN instance. Different VPN instances must have different VPN IDs.

A VPN ID cannot be 0:0.

Examples

# Configure VPN ID 20:1 for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] vpn-id 20:1

Related commands

display ip vpn-instance

vpn prefix quota

Use vpn-prefix-quota to set the alarm threshold for routes that match the specified tuple.

Use undo vpn-prefix-quota to restore the default.

Syntax

vpn-prefix-quota route-distinguisher route-distinguisher source-address { ipv4-address | ipv6-address } quota threshold [ evpn ]

undo vpn-prefix-quota route-distinguisher route-distinguisher source-address { ipv4-address | ipv6-address } [ evpn ]

Default

No tuple or alarm threshold is set, and no alarm information will be triggered for tuple-matching routes.

Views

BGP-VPN IPv4 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Parameters

route-distinguisher route-distinguisher: Specifies the RD value in the tuple, which is a string of 3 to 21 characters. An RD can be in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

· 32-bit AS number in dotted format:16-bit user-defined number. For example: 10.1:1.

source-address { ipv4-address | ipv6-address }: Specifies the source device address in the tuple, which is the address of the device that advertises the VPN routes. The ipv4-address argument represents the IPv4 address of the source device. The ipv6-address argument represents the IPv6 address of the source device.

threshold: Alarm threshold for the number of routes matching the tuple. When the percentage of the routes matching the tuple specified by this command in the BGP-VPN instance to the maximum routes supported in the BGP-VPN instance (configured by the route-limit command) exceeds the threshold, the device generates a log message. The value range for the threshold argument is 1 to 100, in percentage.

evpn: Sets the alarm threshold only for redistributed BGP EVPN routes that match the specified tuple. If this keyword is not specified, the command sets the alarm threshold only for BGP-VPN IPv4 unicast routes or BGP-VPN IPv6 unicast routes that match the specified tuple.

Usage guidelines

Application scenarios

This command must be used with the route-limit command and the peer capability-advertise orf vpn-prefix command to notify network administrators via log messages when too many VPN routes that meet the specified conditions are received. The configuration of this command will also be carried in the VPN Prefix ORF entries sent by the device. Peers receiving the VPN Prefix ORF entries will not send VPN routes that meet the specified conditions to the local device.

Through the VPN Prefix ORF feature, devices can limit the number of routes at the source of routing sending in order to reduce route exchanges between BGP peers and save network resources.

Operating mechanism

After configuring this command, the device matches VPN routes in the BGP-VPN instance using the <RD, source device address> tuple. The source device address in the tuple is the address of the VPN route originator. Because currently only intra-domain scenarios are supported, the address of the VPN route originator is the next hop address of the BGP-VPN IPv4 unicast route or the BGP-VPN IPv6 unicast route.

This command can achieve the following functions:

· In the BGP-VPN instance, if the number of VPN routes matching the specified tuple exceeds the alarm threshold and the number of routes within the BGP-VPN instance does not exceed the supported maximum, the device will generate log messages to notify the network administrator to control the number of routes.

· In the BGP-VPN instance, if the number of IPv4 or IPv6 unicast routes exceeds the maximum limit when the device receives VPN routes, and the number of VPN routes matching the specified tuple also exceeds the alarm threshold, this command functions as follows in the VPN Prefix ORF mechanism:

¡ If there is no other BGP-VPN instance that has the same tuple specified, the device will send a route-refresh message carrying a VPN Prefix ORF entry to the peer or peer group specified by the peer capability-advertise orf vpn-prefix command, notifying the peer or peer group to filter the advertised routes based on the VPN prefix ORF entries.

In the above process, the information carried by in the advertised VPN prefix ORF entries is <RD, source device address>. After receiving the VPN Prefix ORF entries, the peer or peer group will withdraw all BGP VPNv4/VPNv6 or BGP EVPN routes matching the RD value and source device address in the VPN Prefix ORF entries and will no longer advertise BGP VPNv4/VPNv6 or BGP EVPN routes matching the RD value and source device address to the local end.

¡ If there are other BGP-VPN instances on the device that have the same tuple specified, and among these BGP-VPN instances, some of them have not reached the route limit or the number of routes that match this tuple in some BGP-VPN instances has not reached the alarm threshold, then all BGP-VPN instances can continue to receive routes.

If the device advertises VPN Prefix ORF information once one of the BGP-VPN instance exceeds the route limit, all BGP-VPN instances on the device will not receive routes that match the tuple. Therefore, the device will send route-refresh messages carrying VPN Prefix ORF entries to the peer/peer group specified by the peer capability-advertise orf vpn-prefix command only when all BGP-VPN instances with the same tuple specified have exceeded the route limit and the number of VPN routes matching the tuple has exceeded the alarm threshold in each of the BGP-VPN instance.

TIP:

Restrictions and guidelines

You can execute this command multiple times to specify multiple <RD, source device address> tuples for route matching in the same BGP-VPN instance. Each tuple separately triggers printing of logs and sending of VPN Prefix ORF entries.

If you execute this command multiple times with the same tuple specified, you modify the alarm threshold for the routes that match this tuple.

Restrictions and guidelines

You can execute this command multiple times to specify multiple set of tuples for route matching in the same BGP-VPN instance. Each tuple separately triggers printing of logs and sending of VPN Prefix ORF entries.

If you execute this command multiple times with the same tuple specified, you modify the alarm threshold for the routes that match this tuple.

Examples

# In BGP-VPN IPv4 unicast address family view of BGP-VPN instance vpn1, set the alarm threshold to 70% for the BGP-VPN IPv4 unicast routes that match the <1:1,1.1.1.1> tuple.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4 unicast

[Sysname-bgp-default-ipv4-vpn1] vpn-prefix-quota route-distinguisher 1:1 source-address 1.1.1.1 quota 70

Related commands

peer capability-advertise orf vpn-prefix

route-limit

vpn-route cross multipath

Use vpn-route cross multipath to enable ECMP VPN route redistribution.

Use undo vpn-route cross multipath to disable ECMP VPN route redistribution.

Syntax

vpn-route cross multipath

undo vpn-route cross multipath

Default

ECMP VPN route redistribution is disabled. If multiple routes have the same prefix and RD, a VPN redistributes only the optimal route to its routing table.

Views

BGP instance view

BGP IPv4 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP VPNv4 address family view

Predefined user roles

network-admin

Usage guidelines

This feature enables a VPN instance to redistribute multiple routes that have the same prefix and RD into its routing table. Then, you can configure load sharing among the ECMP routes or MPLS L3VPN FRR.

Follow these restrictions and guidelines when you execute this command:

· The configuration in BGP instance view takes effect on all address families.

· The configuration in BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view takes effect only on the address family.

· The configuration in BGP IPv4 unicast address family view or BGP-VPN IPv4 unicast address family view takes precedence over that in BGP instance view.

Examples

# In BGP-VPN IPv4 unicast address family view, enable ECMP route redistribution.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4

[Sysname-bgp-default-ipv4-vpn1] vpn-route cross multipath

vpn-target

Use vpn-target to configure route targets for a VPN instance.

Use undo vpn-target to remove the specified or all route targets of a VPN instance.

Syntax

In VPN instance view/public instance view/public instance IPv4 address family view/public instance IPv6 address family view:

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

undo vpn-target { all | vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] }

In VPN instance IPv4 address family view/VPN instance IPv6 address family view:

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] [ evpn ]

undo vpn-target { all | vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] [ evpn ] }

Default

No route targets are configured for a VPN instance.

Views

VPN instance view

VPN instance IPv4 address family view

VPN instance IPv6 address family view

Public instance view

Public instance IPv4 address family view

Public instance IPv6 address family view

Predefined user roles

network-admin

Parameters

vpn-target&<1-8>: Specifies a space-separated list of up to eight route targets.

A route target is a string of 3 to 21 characters in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the AS number must not be less than 65536. For example, 65536:1.

· 32-bit AS number in dotted format:16-bit user-defined number. For example, 10.1:1.

both: Uses the specified route targets as both import targets and export targets. The both keyword is also used when you do not specify any of the following keywords: both, export-extcommunity, and import-extcommunity.

export-extcommunity: Uses the specified route targets as export targets.

import-extcommunity: Uses the specified route targets as import targets.

all: Removes all route targets.

evpn: Applies the route target to only EVPN. If you do not specify this keyword, the route target applies to the IPv4/IPv6 address family of the VPN instance. For more information about EVPN, see EVPN Configuration Guide.

Usage guidelines

MPLS L3VPN uses route targets to control the advertisement of VPN routing information. A PE adds the configured export targets into the route target attribute of routes advertised to a peer. The peer uses the local import targets to match the route targets of received routes. If a match is found, the peer adds the routes to the routing table of the VPN instance.

You can repeat the vpn-target command to configure multiple route targets.

Route targets configured in VPN instance view or public instance view take effect on all address families. Route targets configured in an address family view are applicable only to the address family. For an address family, the configuration in the address family view takes precedence over the configuration in VPN instance view or public instance view.

Examples

# Configure route targets for VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[Sysname-vpn-instance-vpn1] vpn-target 4:4 import-extcommunity

[Sysname-vpn-instance-vpn1] vpn-target 5:5 both

IPv6 MPLS L3VPN commands

This chapter describes only IPv6 MPLS L3VPN-specific commands. For information about the commands available for both IPv4 MPLS L3VPN and IPv6 MPLS L3VPN, see "MPLS L3VPN commands."

address-family ipv6 (VPN instance view)

Use address-family ipv6 to enter VPN instance IPv6 address family view.

Use undo address-family ipv6 to remove all configurations from VPN instance IPv6 address family view.

Syntax

address-family ipv6

undo address-family ipv6

Views

VPN instance view

Predefined user roles

network-admin

Usage guidelines

In VPN instance IPv6 address family view, you can configure IPv6 VPN parameters such as inbound and outbound routing policies.

Examples

# Enter VPN instance IPv6 address family view.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv6

[Sysname-vpn-ipv6-vpn1]

Related commands

address-family ipv4 (VPN instance view)

address-family vpnv6

Use address-family vpnv6 to create the BGP VPNv6 address family and enter its view, or enter the view of the existing BGP VPNv6 address family.

Use undo address-family vpnv6 to remove the BGP VPNv6 address family and all configurations in address family view.

Syntax

address-family vpnv6

undo address-family vpnv6

Default

The BGP VPNv6 address family is not created.

Views

BGP instance view

Predefined user roles

network-admin

Usage guidelines

A VPNv6 address consists of an RD and an IPv6 prefix. In IPv6 MPLS L3VPNs, PEs exchange BGP VPNv6 routes.

For a PE to exchange BGP VPNv6 routes with a BGP peer, you must enable that peer by executing the peer enable command in BGP VPNv6 address family view.

In BGP VPNv6 address family view, you can configure the following settings:

· BGP VPNv6 route attributes, such as the preferred value.

· Whether to allow the local AS number to appear in the AS_PATH attribute of received route updates.

Examples

# Create the BGP VPNv6 address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6]

disable-dn-bit-check

Use disable-dn-bit-check to ignore the DN bit in OSPFv3 LSAs.

Use undo disable-dn-bit-check to restore the default.

Syntax

disable-dn-bit-check

undo disable-dn-bit-check

Default

A PE checks the DN bit in OSPFv3 LSAs.

Views

OSPFv3 view

Predefined user roles

network-admin

Usage guidelines

When a PE redistributes BGP routes into OSPFv3 and creates OSPFv3 LSAs, it sets the DN bit for the LSAs. When receiving the LSAs whose DN bit is set, the other PEs ignore the LSAs in route calculation to avoid routing loops.

If all LSAs from other PEs, including the LSAs whose DN bit is set, are required for route calculation, use the disable-dn-bit-check command to ignore the DN bit.

Before using this command, make sure it does not cause any routing loops.

This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.

Examples

# Ignore the DN bit in LSAs for VPN OSPFv3 process 100.

<Sysname> system-view

[Sysname] ospfv3 100 vpn-instance vpn1

[Sysname-ospfv3-100] disable-dn-bit-check

Related commands

disable-dn-bit-set

display ospfv3 (Layer 3—IP Routing Command Reference)

disable-dn-bit-set

Use disable-dn-bit-set to disable setting the DN bit in OSPFv3 LSAs.

Use undo disable-dn-bit-set to restore the default.

Syntax

disable-dn-bit-set

undo disable-dn-bit-set

Default

When a PE redistributes BGP routes into OSPFv3 and creates OSPFv3 LSAs, it sets the DN bit for the LSAs.

Views

OSPFv3 view

Predefined user roles

network-admin

Usage guidelines

If other PEs require all LSAs from a local PE for route calculation, use the disable-dn-bit-set command to disable setting the DN bit in the LSAs.

Before using this command, make sure it does not cause any routing loops.

This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.

Examples

# Disable setting the DN bit in LSAs for VPN OSPFv3 process 100.

<Sysname> system-view

[Sysname] ospfv3 100 vpn-instance vpn1

[Sysname-ospfv3-100] disable-dn-bit-set

Related commands

disable-dn-bit-check

display ospfv3 (Layer 3—IP Routing Command Reference)

display bgp routing-table vpnv6

Use display bgp routing-table vpnv6 to display BGP VPNv6 routing information.

Syntax

display bgp [ instance instance-name ] routing-table vpnv6 [ [ route-distinguisher route-distinguisher ] [ ipv6-address prefix-length [ advertise-info ] | as-path-acl as-path-acl-number | as-path-regular-expression regular-expression | [ statistics ] { community [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] [ whole-match ] | community-list { { basic-community-list-number | comm-list-name } [ whole-match ] | adv-community-list-number } ] | peer { ipv4-address | ipv6-address } { advertised-routes | received-routes } [ ipv6-address prefix-length [ verbose ] | statistics ] | statistics ]

display bgp [ instance instance-name ] routing-table vpnv6 [ route-distinguisher route-distinguisher ] [ ipv6-address prefix-length ] [ statistics ] { large-community [ aa:bb:cc&<1-32> ] | large-community-list { basic-large-comm-list-number | adv-large-comm-list-number | large-comm-list-name } } [ whole-match ]

display bgp [ instance instance-name ] routing-table vpnv6 [ route-distinguisher route-distinguisher ] [ ipv6-address prefix-length ] statistics source { evpn-remote-import | local | local-import | remote-import }

display bgp [ instance instance-name ] routing-table vpnv6 peer { ipv4-address | ipv6-address } { accepted-routes | not-accepted-routes }

display bgp [ instance instance-name ] routing-table vpnv6 [ route-distinguisher route-distinguisher ] time-range min-time max-time

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a BGP instance, this command displays BGP VPNv6 routes in the default BGP instance.

route-distinguisher route-distinguisher: Specifies an RD, a string of 3 to 21 characters in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.

ipv6-address prefix-length: Displays detailed information about the BGP VPNv6 route that exactly matches the specified network address and prefix length. The prefix length is in the range of 0 to 128. If you do not specify this argument, the command displays brief information about all BGP VPNv6 routes.

verbose: Displays detailed route information. If you do not specify this keyword, the command displays brief route information.

advertise-info: Displays BGP VPNv6 route advertisement information.

as-path-acl as-path-acl-number: Displays BGP VPNv6 routes that match the AS path list specified by its number in the range of 1 to 256.

as-path-regular-expression regular-expression: Displays BGP VPNv6 routes with an AS path attribute that matches the specified regular expression. The regular-expression argument represents the regular expression, a case-sensitive string of 1 to 256 characters.

community: Displays BGP VPNv6 routes that match the specified community attribute.

community-number&<1-32>: Specifies a community sequence number. The value range for the community-number argument is 1 to 4294967295. &<1-32> indicates that a maximum of 32 numbers can be specified.

aa:nn&<1-32>: Specifies a community number. Both aa and nn are in the range of 0 to 65535. &<1-32> indicates that a maximum of 32 numbers can be specified.

internet: Displays BGP VPNv6 routes that have the INTERNET community attribute. Routes with this attribute can be advertised to all BGP peers. By default, all routes have this attribute.

no-advertise: Displays BGP VPNv6 routes that have the NO_ADVERTISE community attribute. Routes with this attribute cannot be advertised to any peers.

no-export: Displays BGP VPNv6 routes that have the NO_EXPORT community attribute. Routes with this attribute cannot be advertised outside the local AS or confederation, but can be advertised to other sub-ASs in the confederation.

no-export-subconfed: Displays BGP VPNv6 routes that have the NO_EXPORT_SUBCONFED community attribute. Routes with this attribute cannot be advertised outside the local AS or to other sub-ASs in the confederation.

community-list: Displays BGP VPNv6 routes that match a BGP community list.

basic-community-list-number: Specifies a basic community list by its number in the range of 1 to 99.

comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters.

whole-match: Displays BGP VPNv6 routes exactly matching the specified community list community attribute, large community list, or large community attribute. If you do not specify this keyword, the command displays BGP VPNv6 routes whose COMMUNITY attributes include the specified community list, community attribute, large community list, or large community attribute.

adv-community-list-number: Specifies an advanced community list by its number in the range of 100 to 199.

large-community: Displays BGP VPNv6 routes that match the specified large community attribute.

large-community-list: Displays BGP VPNv6 routes that match the specified large community list.

basic-large-comm-list-number: Specifies a basic large community list by its number. The value range for this argument is 1 to 99.

adv-large-comm-list-number: Specifies an advanced large community list by its number. The value range for this argument is 100 to 199.

large-comm-list-name: Specifies a large community list by its name. A large community list name is a case-sensitive string of 1 to 63 characters and cannot contain only digits.

peer: Displays BGP VPNv6 routing information advertised to or received from a peer.

ipv4-address: Specifies the peer IP address.

ipv6-address: Specifies the peer IPv6 address.

advertised-routes: Displays BGP VPNv6 routing information advertised to the specified peer.

received-routes: Displays BGP VPNv6 routing information received from the specified peer.

statistics: Displays BGP VPNv6 routing statistics.

source: Displays statistics information about BGP VPNv6 routes from the specified source.

evpn-remote-import: Displays VPNv6 routes that are generated from the EVPN IP prefix advertisement routes added to the routing table of the current VPN instance.

local: Displays local routes in the current VPN instance. Local routes include the following:

· Routes that are learned from BGP peers and have the same RD as the current VPN instance.

· Dynamic routes, static routes, and direct routes learned or configured in the current VPN instance.

· Routes that are redistributed or advertised by using the import-route, import-route-append, or network command in BGP IPv6 unicast address family of the current VPN instance.

local-import: Displays routes redistributed from other VPN instances to the current VPN instance.

remote-import: Displays routes learned from VPNv6 peers.

accepted-routes: Displays routes that are received from the specified peer and match the routing policy.

not-accepted-routes: Displays routes that are received from the specified peer but do not match the routing policy.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all BGP VPNv6 routes.

If you specify the adv-large-community-list-number argument together with the whole-match keyword, the whole-match keyword does not take effect.

Examples

# Display brief information about all BGP VPNv6 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv6

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 5

Total number of routes from all PEs: 1

Route distinguisher: 100:1(vpn1)

Total number of routes: 4

* > Network : 2001:1:: PrefixLen : 96

NextHop : :: LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* e Network : 2001:1:: PrefixLen : 96

NextHop : 2001:1::1 LocPrf :

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: 65410?

* > Network : 2001:1::2 PrefixLen : 128

NextHop : ::1 LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

Route distinguisher: 200:1

Total number of routes: 1

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

# Display information about BGP VPNv6 routes matching AS_PATH list 1 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 as-path-acl 1

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 5

Total number of routes from all PEs: 1

Route distinguisher: 100:1(vpn1)

Total number of routes: 4

* > Network : 2001:1:: PrefixLen : 96

NextHop : :: LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* e Network : 2001:1:: PrefixLen : 96

NextHop : 2001:1::1 LocPrf :

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: 65410?

* > Network : 2001:1::2 PrefixLen : 128

NextHop : ::1 LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

Route distinguisher: 200:1

Total number of routes: 1

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

# Display information about BGP VPNv6 routes matching BGP community list 100 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 community-list 100

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 5

Total number of routes from all PEs: 1

Route distinguisher: 100:1(vpn1)

Total number of routes: 4

* > Network : 2001:1:: PrefixLen : 96

NextHop : :: LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* e Network : 2001:1:: PrefixLen : 96

NextHop : 2001:1::1 LocPrf :

PrefVal : 0 OutLabel : NULL

MED : 0

Path/Ogn: 65410?

* > Network : 2001:1::2 PrefixLen : 128

NextHop : ::1 LocPrf :

PrefVal : 32768 OutLabel : NULL

MED : 0

Path/Ogn: ?

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

Route distinguisher: 200:1

Total number of routes: 1

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

# Display information about public BGP VPNv6 routes advertised to 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 advertised-routes

Total number of routes: 1

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 100:1

Total number of routes: 1

* > Network : 2001:1:: PrefixLen : 96

NextHop : :: LocPrf :

MED : 0 OutLabel : NULL

Path/Ogn: ?

# Display information about public BGP VPNv6 routes received from 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 received-routes

Total number of routes: 1

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 200:1

Total number of routes: 1

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0

Path/Ogn: ?

# Display information about all BGP VPNv6 routes whose duration since the last route update is within the specified time range in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 time-range 1d1h1m1s 7d3h1m1s

Total number of routes: 1

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 200:1

Total number of routes: 1

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 LocPrf : 100

PrefVal : 0 OutLabel : 1279

MED : 0 Route age : 06d01h12m44s

Table 19 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
Total number of VPN routes	Total number of VPNv6 routes on the device.
Total number of routes from all PEs	Total number of VPNv6 routes received from all PEs and meeting the filtering criteria of the command.
Network	Network address.
PrefixLen	Prefix length.
NextHop	Address of the next hop.
LocPrf	Local preference value.
PrefVal	Preferred value.
MED	MULTI_EXIT_DISC attribute.
Path/Ogn	AS_PATH and Origin attributes.
Community	Community attribute.
Large-community	Large community attribute.
Route age	Time elapsed since the most recent route update, in <0-10000>d<0-23>h<0-59>m<0-59>s format, where d, h, m, and s represent days, hours, minutes, and seconds, respectively, and <0-10000>, <0-23>, <0-59>, and <0-59> represent the value ranges for d, h, m, and s, respectively.

‌

# Display detailed information about BGP VPNv6 routes to 2::/64 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 2:: 64

BGP local router ID: 192.168.1.135

Local AS number: 200

Paths: 2 available, 1 best

BGP routing table information of 2::/64:

From : 10.1.1.1 (192.168.1.136)

Rely nexthop : ::FFFF:10.1.1.1

Original nexthop: ::FFFF:10.1.1.1

Out interface : Ten-GigabitEthernet3/0/1

Route age : 01h26m11s

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0x0

AS-path : 100

Origin : igp

Attribute value : MED 0, pref-val 0

State : valid, external, best, remoteredis

Source type : local

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

Backup route.

From : 1::1 (192.168.1.136)

Rely nexthop : 1::1

Original nexthop: 1::1

Out interface : Ten-GigabitEthernet3/0/2

Route age : 01h26m11s

OutLabel : NULL

RxPathID : 0x0

TxPathID : 0x0

AS-path : 100

Origin : igp

Attribute value : MED 0, pref-val 0

State : valid, external

Source type : remote-import

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

Tunnel policy : NULL

Rely tunnel IDs : N/A

Table 20 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Paths	Number of routes: · available—Available routes. · best—Optimal routes.
BGP routing table information of 2::/64	Routing information for the BGP routes to 2::/64.
From	IP address of the BGP peer that advertises the route.
Rely Nexthop	Recursive next hop. If no recursive next hop is found, this field displays not resolved.
Original nexthop	Original next hop. If the route is learned from a BGP update, it is the next hop in the update message.
Out interface	Next hop output interface information.
Route age	Time elapsed since the most recent route update.
Ext-Community	Extended community attribute: · RT Import—Route Import attribute used for multicast VPN, in format of 32-bit or 128-bit source address identifier:VPN instance index, for example, 192.168.122.15:1. · SrcAs—Multicast source AS attribute used for multicast VPN, in format of 32-bit AS number:0, for example, 100:0. · RT—Route Target attribute, in one of the following formats: ¡ 16-bit AS number:32-bit user-defined number, for example, 101:3. ¡ 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. ¡ 32-bit AS number:16-bit user-defined number, for example, 70000:3. ¡ 32-bit IP address/IPv4 mask:16-bit user-defined number, for example, 192.168.122.15/24:1. ¡ 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1. · Bandwidth—Link bandwidth attribute, in format of 16-bit AS number:32-bit bandwidth value. · CO-Flag—Color attribute, in format of Color-Only (CO) flag bit:color value. · SOO—Site of Origin attribute, in one of the following formats: ¡ 16-bit AS number:32-bit user-defined number, for example, 101:3. ¡ 32-bit IP address:16-bit user-defined number, for example, 192.168.122.15:1. ¡ 32-bit AS number:16-bit user-defined number, for example, 70000:3. ¡ 32-bit IP address/IPv4 mask:16-bit user-defined number, for example, 192.168.122.15/24:1. ¡ 32-bit AS number in dotted notation:16-bit user-defined number, for example, 65535.65535:1. · User-group ID—User group ID attribute, which includes the type and value for the user group ID.
RxPathID	Received Add-Path ID of the route.
TxPathID	Advertised Add-Path ID of the route.
Origin	Route origin: · igp—Originated in the AS. The origin of routes advertised by the network command is IGP. · egp—Learned through EGP. · incomplete—Redistributed from IGP protocols.
Attribute value	BGP route attribute information: · MED—MED attribute. · localpref—Local preference. · pref-val—Preferred value. · pre—Protocol preference.
Inlabel	Incoming label of the route.
Originator	Peer that generated the route.
Cluster list	CLUSTER_LIST attribute of the route. This field is not displayed if no CLUSTER_LIST attribute exists.
State	Route status: · valid—Valid route. · internal—Internal route. · external—External route. · local—Locally generated route. · best—Optimal route. · localredist—Route replicated from the public instance or another local VPN instance to the current VPN instance. · remoteredist—Route received from the remote end and then redistributed to the current VPN instance.
Source type	Route source: · local—Local routes in the current VPN instance. Local routes include the following: ¡ Routes that are learned from BGP peers and have the same RD as the current VPN instance. ¡ Dynamic routes, static routes, and direct routes learned or configured in the current VPN instance. ¡ Routes that are redistributed or advertised by using the import-route, import-route-append, or network command in BGP IPv6 unicast address family of the current VPN instance. · local-import—Routes redistributed from other VPN instances to the current VPN instance. · remote-import—Routes learned from VPNv6 peers. · evpn-remote-import—VPNv6 routes that are generated from the EVPN IP prefix advertisement routes added to the routing table of the current VPN instance.
IP precedence	IP priority of a route, in the range of 0 to 7. N/A indicates that the route does not support this field.
QoS local ID	QoS local ID attribute of a route, in the range of 1 to 4095. N/A indicates that the route does not support this field.
Traffic index	Index of the traffic, in the range of 1 to 64. N/A indicates that the route does not support this field.
Tunnel policy	Tunnel policy that takes effect. NULL indicates that no tunnel policy takes effect.
Rely Tunnel IDs	NHLFE IDs for tunnels found through route recursion. This field displays multiple NHLFE IDs if ECMP tunnels exist and displays N/A if route recursion does not occur.

‌

# Display advertisement information for BGP VPNv6 routes to 2001:1::/96 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 2001:1:: 96 advertise-info

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 100:1

Total number of routes: 1

Paths: 1 best

BGP routing table information of 2001:1::/96(TxPathID:0):

Advertised to VPN peers (1 in total):

3.3.3.9

Inlabel : 1279

Table 21 Command output

Field	Description
Paths	Number of routes to the specified destination network.
BGP routing table information of 2001:1::/96(TxPathID:0)	Advertisement information for the BGP route to 2001:1::/96.
Advertised to VPN peers (1 in total)	VPNv6 peers to which the route is advertised, and the number of peers.
Inlabel	Incoming label of the route.

‌

# Display statistics about public BGP VPNv6 routes advertised to peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 advertised-routes statistics

Advertised routes total: 2

# Display statistics about public BGP VPNv6 routes received from peer 3.3.3.9 in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 peer 3.3.3.9 received-routes statistic

Received routes total: 2

Table 22 Command output

Field	Description
Advertised routes total	Total number of routes advertised to the specified peer.
Received routes total	Total number of routes received from the specified peer.

‌

# Display statistics about public BGP VPNv6 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 statistics

Total number of VPN routes: 5

Total number of routes from all PEs: 1

Route distinguisher: 100:1(vpn1)

Total number of routes: 4

Route distinguisher: 200:1

Total number of routes: 1

Table 23 Command output

Field	Description
Total number of VPN routes	Total number of VPNv6 routes on the device.
Total number of routes from all PEs	Total number of VPNv6 routes received from all PEs and meeting the filtering criteria of the command.
Total number of routes	Total number of VPNv6 routes with the specified RD.

‌

# Display BGP VPNv6 routes that have a large community attribute for network 2::/64.

<Sysname> display bgp routing-table vpnv6 2:: 64 large-community

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of 2::/64:

Large-community: <1:1:2>, <1:1:3>

Table 24 Command output

Field

Description

Paths

Number of routes:

· available—Available routes.

· best—Optimal routes.

Large-community

Large community attribute.

‌

Related commands

ip as-path (Layer 3—IP Routing Command Reference)

display bgp routing-table vpnv6 inlabel

Use display bgp routing-table vpnv6 inlabel to display incoming labels for all BGP VPNv6 routes.

Syntax

display bgp [ instance instance-name ] routing-table vpnv6 inlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display incoming labels for all BGP VPNv6 routes.

<Sysname> display bgp routing-table vpnv6 inlabel

Total number of routes: 1

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 100:1

Total number of routes: 1

* > Network : 2001:1:: PrefixLen : 96

NextHop : :: OutLabel : NULL

InLabel : 1279

Table 25 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
OutLabel	Outgoing label. If the peer PE assigns a null label, this field displays NULL.
InLabel	Incoming label.

‌

display bgp routing-table vpnv6 outlabel

Use display bgp routing-table vpnv6 outlabel to display outgoing labels for BGP VPNv6 routes.

Syntax

display bgp [ instance instance-name ] routing-table vpnv6 outlabel

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display outgoing labels for all BGP VPNv6 routes in the default BGP instance.

<Sysname> display bgp routing-table vpnv6 outlabel

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of VPN routes: 2

Total number of routes from all PEs: 1

Route distinguisher: 100:1(vpn1)

Total number of routes: 1

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 OutLabel : 1279

Route distinguisher: 200:1

Total number of routes: 1

* >i Network : 2001:3:: PrefixLen : 96

NextHop : ::FFFF:3.3.3.9 OutLabel : 1279

Table 26 Command output

Field	Description
BGP local router ID	Router ID of the local BGP router.
Status	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
Total number of routes from all PEs	Total number of routes received from all PEs and meeting the filtering criteria of the command.
OutLabel	Outgoing label. If the peer PE assigns a null label, this field displays NULL.

‌

display bgp routing-table vpnv6 source-type

Use display bgp routing-table vpnv6 source-type to display BGP VPNv6 route source information.

Syntax

display bgp [ instance instance-name ] routing-table vpnv6 source-type

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display source information for all BGP VPNv6 routes.

<Sysname> display bgp routing-table vpnv6 source-type

Total number of routes: 4

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Route distinguisher: 100:1

Total number of routes: 4

* > Network : 2001:1:: PrefixLen : 96

NextHop : ::

Source type : local-import

* > Network : 2001:2:: PrefixLen : 96

NextHop : ::

Source type : local

* i> Network : 2001:3:: PrefixLen : 96

NextHop : ::

Source type : remote-import

* i> Network : 2001:4:: PrefixLen : 96

NextHop : ::

Source type : evpn-remote-import

Table 27 Command output

Field	Description
Total number of routes	Total number of BGP routes.
BGP local router ID	BGP local router ID.
Status codes	Route status codes: · * - valid—Valid route. · > - best—Common optimal route. · d – damped—Route damped for route flap. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - Stale—Stale route. · a – additional-path—Add-Path optimal route.
Origin	Route origin: · i - IGP—Originated in the AS. The origin of routes advertised by the network command is IGP. · e - EGP—Learned through EGP. · ? - incomplete—Redistributed from IGP protocols.
Route distinguisher	Route distinguisher.
Total number of routes	Total number of routes with the specified route distinguisher.
Network	Destination network address.
PrefixLen	Prefix length of the destination network address.
NextHop	Next hop IP address.
Source type	Route source: · local—Local routes in the current VPN instance. Local routes include the following: ¡ Routes that are learned from BGP peers and have the same RD as the current VPN instance. ¡ Dynamic routes, static routes, and direct routes learned or configured in the current VPN instance. ¡ Routes that are redistributed or advertised by using the import-route, import-route-append, or network command in BGP IPv6 unicast address family of the current VPN instance. · local-import—Routes redistributed from other VPN instances to the current VPN instance. · remote-import—Routes learned from VPNv6 peers. · evpn-remote-import—VPNv6 routes that are generated from the EVPN IP prefix advertisement routes added to the routing table of the current VPN instance.

‌

display ospfv3 sham-link

Use display ospfv3 sham-link to display OSPFv3 sham link information.

Syntax

display ospfv3 [ process-id ] [ area area-id ] sham-link [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

process-id: Specifies an OSPFv3 process by its ID. The process ID is in the range of 1 to 65535. If you do not specify a process, this command displays sham link information for all OSPFv3 processes.

area area-id: Specifies an OSPFv3 area by its ID, which is an IP address, or an integer. The integer is in the range of 0 to 4294967295. If you do not specify an area, this command displays sham link information for all OSPFv3 areas.

verbose: Displays detailed sham link information. If you do not specify this keyword, the command displays brief sham link information.

Examples

# Display brief information about all OSPFv3 sham links.

<Sysname> display ospfv3 sham-link

OSPFv3 Process 1 with Router ID 125.0.0.1

Sham-link (Area: 0.0.0.1)

Neighbor ID State Instance ID Destination address

0.0.0.0 Down 1 1:1::58

95.0.0.1 P-2-P 1 1:1::95

# Display detailed information about all OSPFv3 sham links.

<Sysname> display ospfv3 sham-link verbose

OSPFv3 Process 1 with Router ID 125.0.0.1

Sham-link (Area: 0.0.0.1)

Source : 1:1::125

Destination : 1:1::58

Interface ID: 2147483649

Neighbor ID : 0.0.0.0, Neighbor state: Down

Cost: 1 State: Down Type: Sham Instance ID: 1

Timers: Hello 10, Dead 40, Retransmit 5, Transmit delay 1

Request list: 0 Retransmit list: 0

Keychain authentication: Enabled (test), inherited

Source : 1:1::125

Destination : 1:1::95

Interface ID: 2147483650

Neighbor ID : 95.0.0.1, Neighbor state: Full

Cost: 1 State: P-2-P Type: Sham Instance ID: 1

Timers: Hello 10, Dead 40, Retransmit 5, Transmit delay 1

Request list: 0 Retransmit list: 0

IPsec profile name: profile001

Keychain authentication: Enabled (test)

Table 28 Command output

Field	Description
Neighbor state	Neighbor state for the sham link: Down, Init, 2-Way, ExStart, Exchange, Loading, or Full.
Request list	Number of LSAs in the request list.
Retransmit list	Number of LSAs in the retransmit list.
IPsec profile name	Name of the IPsec profile used by the sham link.
Cryptographic authentication: HMAC-SHA-256, key ID: xx, inherited	The OSPFv3 sham link uses the HMAC-SHA-256 authentication mode, and the key ID is xx. inherited indicates that the OSPFv3 sham link uses the authentication mode of its area.
Cryptographic authentication: HMAC-SM3, key ID: xx, inherited	The OSPFv3 sham link uses the HMAC-SM3 authentication mode, and the key ID is xx. inherited indicates that the OSPFv3 sham link uses the authentication mode of its area.
Keychain authentication: Enabled (test), inherited	Keychain authentication is enabled for the sham link, and the keychain test is used. The inherited attribute indicates that the sham link uses the authentication mode specified for the area where the sham link resides.

‌

domain-id (OSPFv3 view)

Use domain-id to set an OSPFv3 domain ID.

Use undo domain-id to delete an OSPFv3 domain ID.

Syntax

domain-id { domain-id [ secondary ] | null }

undo domain-id [ domain-id | null ]

Default

The OSPFv3 domain ID is 0.

Views

OSPFv3 view

Predefined user roles

network-admin

Parameters

domain-id: Specifies an OSPFv3 domain ID, in one of the following formats:

· Integer, in the range of 0 to 4294967295. For example, 1.

· Dotted decimal notation. For example, 0.0.0.1.

· A string of 9 to 21 characters in the dotted decimal notation:16-bit user-defined number format. The value range for the 16-bit user-defined number is 0 to 65535. For example, 0.0.0.1:512.

secondary: Specifies a secondary domain ID. If you do not specify this keyword, the command specifies a primary domain ID.

null: Carries no domain ID in the community attribute.

Usage guidelines

When you redistribute OSPFv3 routes into BGP, BGP adds the primary domain ID to the redistributed BGP VPNv6 routes as a BGP extended community attribute. Then, BGP advertises the routes to the peer PE.

When the peer PE receives the routes, it compares the OSPFv3 domain ID in the routes with the locally configured primary and secondary domain IDs. OSPFv3 advertises these routes in Inter-Area-Prefix LSAs (Type 3 LSAs) if both the following conditions exist:

· The primary or secondary domain ID is the same as the received domain ID.

· The received routes are intra-area or inter-area routes.

Otherwise, OSPFv3 advertises these routes in AS External LSAs (Type 5 LSAs) or NSSA External LSAs (Type 7 LSAs).

A null domain ID and a domain ID of 0 are considered the same in domain ID comparison.

You cannot configure a secondary domain ID when the primary domain ID is configured as 0.

If you do not specify any parameters, the undo domain-id command restores the default.

This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.

Examples

# Set the primary domain ID for VPN OSPFv3 process 100 to 1.1.1.1.

<Sysname> system-view

[Sysname] ospfv3 100 vpn-instance vpn1

[Sysname-ospfv3-100] domain-id 1.1.1.1

Related commands

display ospfv3 (Layer 3—IP Routing Command Reference)

ext-community-type (OSPFv3 view)

Use ext-community-type to configure the type code of an OSPFv3 extended community attribute.

Use undo ext-community-type to restore the default.

Syntax

ext-community-type { domain-id type-code1 | route-type type-code2 | router-id type-code3 }

undo ext-community-type [ domain-id | route-type | router-id ]

Default

The type codes for domain ID, route type, and router ID are hex numbers 0005, 0306, and 0107, respectively.

Views

OSPFv3 view

Predefined user roles

network-admin

Parameters

domain-id type-code1: Specifies the type code for domain ID. Valid values are hex numbers 0005, 0105, 0205, and 8005.

route-type type-code2: Specifies the type code for route type. Valid values are hex numbers 0306 and 8000.

router-id type-code3: Specifies the type code for router ID. Valid values are hex numbers 0107 and 8001.

Examples

# Configure the type codes of domain ID, route type, and router ID as hex numbers 8005, 8000, and 8001, respectively, for VPN OSPFv3 process 100.

<Sysname> system-view

[Sysname] ospfv3 100 vpn-instance vpn1

[Sysname-ospfv3-100] ext-community-type domain-id 8005

[Sysname-ospfv3-100] ext-community-type route-type 8000

[Sysname-ospfv3-100] ext-community-type router-id 8001

Related commands

display ospfv3 (Layer 3—IP Routing Command Reference)

peer default-route-advertise (BGP VPNv6 address family view)

Use peer default-route-advertise to advertise a default route to a peer or peer group.

Use undo peer default-route-advertise to disable default route advertisement to a peer or peer group.

Syntax

peer { group-name | ipv4-address [ mask-length ] } default-route-advertise vpn-instance vpn-instance-name

undo peer { group-name | ipv4-address [ mask-length ] } default-route-advertise vpn-instance vpn-instance-name

Default

No default route is advertised to a peer or peer group.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.

ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

This command enables the device to send a default route with the next hop being itself to the peer or peer group regardless of whether the default route exists in the routing table.

Examples

# In BGP VPNv6 address family view, advertise the default route of VPN instance vpn1 to peer group test.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] peer test default-route-advertise vpn-instance vpn1

peer next-hop-invariable (BGP VPNv6 address family view)

Use peer next-hop-invariable to configure the device to not change the next hop of routes advertised to peers.

Use undo peer next-hop-invariable to configure the device to use its address as the next hop of routes advertised to peers.

Syntax

peer { group-name | ipv4-address [ mask-length ] } next-hop-invariable

undo peer { group-name | ipv4-address [ mask-length ] } next-hop-invariable

Default

The device uses its address as the next hop of routes advertised to peers.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters.

ipv4-address: Specifies a peer by its IP address.

mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a network. If you specify a network in this command, the device does not change the next hop of routes advertised to the dynamic peers in the network.

Usage guidelines

On an RR in an inter-AS option C scenario, you must configure this command to not change the next hop of VPNv6 routes advertised to BGP peers and RR clients.

Examples

# Configure the device to not change the next hop of routes advertised to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] peer 1.1.1.1 next-hop-invariable

peer next-hop-vpn

Use peer next-hop-vpn to change the next hop of a BGP VPNv6 route received from a peer or peer group to a VPN instance address.

Use undo peer next-hop-vpn to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn

undo peer { group-name | ipv4-address [ mask-length ] } next-hop-vpn

Default

The device does not change the next hop attribute of a received BGP VPNv6 route, and the next hop belongs to the public network.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The specified group must have been created.

ipv4-address: Specifies a peer by its IP address. The specified peer must have been created.

Usage guidelines

By default, the device does not change the next hop attribute of a received BGP VPNv6 route. The next hop address of a BGP VPNv6 route is a public address. This command changes the next hop address of a BGP VPNv6 route received from a peer or peer group to a VPN instance address. The outgoing label of the VPNv6 route is also changed to an invalid value. For example, the device received a VPNv6 route and its next hop address is 10.1.1.1, which is a public address by default. After this command is executed, the next hop address changes to private address 10.1.1.1.

After this command is executed, the following applies:

· The device re-establishes the BGP sessions to the specified peer or to all peers in the specified peer group.

· The device receives a BGP VPNv6 route only when its RD is the same as a local RD.

· When advertising a BGP VPNv6 route received from the specified peer or peer group, the device does not change the route target attribute of the route.

· If you delete a VPN instance or its RD, BGP VPNv6 routes received from the specified peer or peer group and in the VPN instance will be deleted.

Examples

# In BGP VPNv6 address family view, change the next hop of BGP VPNv6 routes received from peer 1.1.1.1 to a VPN instance address.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] peer 1.1.1.1 next-hop-vpn

peer upe (BGP VPNv6 address family view)

Use peer upe to configure BGP peers as HoVPN UPEs.

Use undo peer upe to delete HoVPN UPEs.

Syntax

peer { group-name | ipv4-address [ mask-length ] } upe

undo peer { group-name | ipv4-address [ mask-length ] } upe

Default

No BGP peer is configured as a UPE.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The specified peer group must exist.

ipv4-address: Specifies a peer by its IPv4 address. The specified peer must exist.

Usage guidelines

A UPE is a special VPNv6 peer. It can accept one default route for each related VPN instance and routes permitted by the routing policy on the SPE. An SPE is a common VPN peer.

Examples

# In BGP VPNv6 address family view, configure peer 1.1.1.1 as a UPE.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] peer 1.1.1.1 upe

peer upe route-policy (BGP VPNv6 address family view)

Use peer upe route-policy to advertise routes permitted by a routing policy to UPEs.

Use undo peer upe route-policy to remove the configuration.

Syntax

peer { group-name | ipv4-address [ mask-length ] } upe route-policy route-policy-name export

undo peer { group-name | ipv4-address [ mask-length ] } upe route-policy route-policy-name export

Default

No routes are advertised to any peers.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.

ipv4-address: Specifies a peer by its IPv4 address. The peer must exist.

route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

export: Applies the routing policy to filter routes to be advertised.

Usage guidelines

This command must be used with the peer upe command.

Examples

# In BGP VPNv6 address family view, configure peer 1.1.1.1 as a UPE, and advertise routes permitted by routing policy hope to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] peer 1.1.1.1 as-number 200

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] peer 1.1.1.1 enable

[Sysname-bgp-default-vpnv6] peer 1.1.1.1 upe

[Sysname-bgp-default-vpnv6] peer 1.1.1.1 upe route-policy hope export

Related commands

peer upe (BGP VPNv6 address family view)

route-policy (Layer 3—IP Routing Command Reference)

policy vpn-target

Use policy vpn-target to enable route target filtering of received VPNv6 routes. Only VPNv6 routes whose export route target attribute matches local import route target attribute are added to the routing table.

Use undo policy vpn-target to disable route target filtering, permitting all incoming VPNv6 routes.

Syntax

policy vpn-target

undo policy vpn-target

Default

The route target filtering feature is enabled for received VPNv6 routes.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Usage guidelines

Examples

# Disable route target filtering of received VPNv6 routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] undo policy vpn-target

route-replicate (public instance IPv6 address family view)

Use route-replicate to replicate routes from a VPN instance to the public network.

Use undo route-replicate to cancel the configuration.

Syntax

route-replicate from vpn-instance vpn-instance-name protocol { bgp4+ as-number | direct | static | unr | vlink-direct | { isisv6 | ospfv3 | ripng } process-id } [ advertise ] [ route-policy route-policy-name ]

undo route-replicate from vpn-instance vpn-instance-name protocol { bgp4+ as-number | direct | static | unr | vlink-direct | { isisv6 | ospfv3 | ripng } process-id }

Default

The public network cannot replicate routes from VPN instances.

Views

Public instance IPv6 address family view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Replicates routes from a VPN instance. The vpn-instance-name argument specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

protocol: Replicates routes of the specified routing protocol.

bgp4+: Replicates IPv6 BGP routes.

as-number: Specifies an AS number in the range of 1 to 4294967295.

direct: Replicates IPv6 direct routes.

static: Replicates IPv6 static routes.

unr: Replicates user network routes.

vlink-direct: Replicates IPv6 VLINK direct routes, which are generated based on ND entries learned by interfaces.

isisv6: Replicates IPv6 IS-IS routes.

ospfv3: Replicates OSPFv3 routes.

ripng: Replicates RIPng routes.

process-id: Specifies a process by its ID, in the range of 1 to 65535.

advertise: Allows the public instance to advertise replicated routes. If you do not specify this keyword, the public instance cannot advertise replicated routes.

route-policy route-policy-name: Applies a routing policy to replicated routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

Configure this command to enable the public network to communicate with a VPN instance by replicating routes from the VPN instance.

The route-replicate from vpn-instance protocol direct command replicates IPv6 VLINK direct routes, but the VLINK direct routes cannot be added to the IPv6 FIB, causing traffic forwarding failures. To address this issue, you can specify the vlink-direct keyword to replicate IPv6 VLINK direct routes and add the routes to the IPv6 FIB.

Examples

# Replicates OSPFv3 routes from VPN instance vpn1 to the public network.

<Sysname> system-view

[Sysname] ip public-instance

[Sysname-public-instance] address-family ipv6

[Sysname-public-instance-ipv6] route-replicate from vpn-instance vpn1 protocol ospfv3 1

route-replicate (VPN instance IPv6 address family view)

Use route-replicate to enable a VPN instance to replicate routes from the public network or other VPN instances.

Use undo route-replicate to cancel the configuration.

Syntax

route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp4+ as-number | direct | static | unr | vlink-direct | { isisv6 | ospfv3 | ripng } process-id } [ advertise ] [ route-policy route-policy-name ]

undo route-replicate from { public | vpn-instance vpn-instance-name } protocol { bgp4+ as-number | direct | static | unr | vlink-direct | { isisv6 | ospfv3 | ripng } process-id }

Default

A VPN instance cannot replicate routes of the public network or other VPN instances.

Views

VPN instance IPv6 address family view

Predefined user roles

network-admin

Parameters

public: Replicates routes from the public network.

vpn-instance vpn-instance-name: Replicates routes from a VPN instance. The vpn-instance-name argument specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

protocol: Replicates routes of the specified routing protocol.

bgp4+: Replicates IPv6 BGP routes.

as-number: Specifies an AS number in the range of 1 to 4294967295.

direct: Replicates IPv6 direct routes.

static: Replicates IPv6 static routes.

unr: Replicates user network routes.

vlink-direct: Replicates IPv6 VLINK direct routes, which are generated based on ND entries learned by interfaces.

isisv6: Replicates IPv6 IS-IS routes.

ospfv3: Replicates OSPFv3 routes.

ripng: Replicates RIPng routes.

process-id: Specifies a process by its ID, in the range of 1 to 65535.

advertise: Allows the VPN instance to advertise replicated routes. If you do not specify this keyword, the VPN instance cannot advertise replicated routes.

route-policy route-policy-name: Applies a routing policy to replicated routes. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

In an IPv6 BGP/IPv6 MPLS L3VPN network, only VPN instances that have matching route targets can communicate with each other.

This command allows a VPN instance to communicate with the public network or other VPN instances by replicating routing information of the public network or other VPN instances.

The route-replicate from vpn-instance protocol direct or route-replicate from public protocol direct command replicates IPv6 VLINK direct routes, but the VLINK direct routes cannot be added to the IPv6 FIB, causing traffic forwarding failures. To address this issue, you can specify the vlink-direct keyword to replicate IPv6 VLINK direct routes and add the routes to the IPv6 FIB.

Examples

# Replicates OSPFv3 routes from the public network to VPN instance vpn1.

<Sysname> system-view

[Sysname] ip vpn-instance vpn1

[Sysname-vpn-instance-vpn1] address-family ipv6

[Sysname-vpn-ipv6-vpn1] route-replicate from public protocol ospfv3 1

route-tag (OSPFv3 view)

Use route-tag to configure an external route tag for redistributed VPN routes.

Use undo route-tag to restore the default.

Syntax

route-tag tag-value

undo route-tag

Default

Views

OSPFv3 view

Predefined user roles

network-admin

Parameters

tag-value: Specifies the external route tag for redistributed VPN routes, in the range of 0 to 4294967295.

Usage guidelines

In a dual-homed scenario where OSPFv3 runs between the CE and the connected PEs (PE-A and PE-B, for example), you can use external route tags to avoid routing loops.

PE-A redistributes BGP VPNv6 routes from the peer PE into OSPFv3, and advertises these routes in the Type 5 or 7 LSAs to the CE. In these LSAs, PE-A adds the locally configured external route tag.

If the route-tag-check enable command is configured on the PE-B, it compares the external route tag in the receiving Type 5 or 7 LSAs with the locally configured tag. If they are the same, PE-B ignores the LSA in route calculation to avoid routing loops.

The commands used to configure the external route tag (in the descending order of tag priority) are as follows:

· import-route

· route-tag (for PEs) and default tag (for CEs and MCEs)

As a best practice, configure the same external route tag for PEs in the same area.

An external route tag is not transferred in any BGP extended community attribute. It takes effect only on PEs that receive BGP routes and generate OSPF Type 5 or 7 LSAs.

You can configure the same external route tag for different OSPF processes.

This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.

Examples

# Set the external route tag for redistributed VPN routes to 100 for VPN OSPFv3 process 100.

<Sysname> system-view

[Sysname] ospfv3 100 vpn-instance vpn1

[Sysname-ospfv3-100] route-tag 100

Related commands

default tag (Layer 3—IP Routing Command Reference)

display ospfv3 (Layer 3—IP Routing Command Reference)

import-route (Layer 3—IP Routing Command Reference)

route-tag-check enable

Use route-tag-check enable to enable external route check for OSPFv3 LSAs.

Use undo route-tag-check enable to disable external route check for OSPFv3 LSAs.

Syntax

route-tag-check enable

undo route-tag-check enable

Default

The external route check feature is disabled for OSPFv3 LSAs.

Views

OSPFv3 view

Predefined user roles

network-admin

Usage guidelines

In a dual-homed scenario where OSPFv3 runs between the CE and the connected PEs (PE-A and PE-B, for example), you can use external route tags to avoid routing loops.

PE-A redistributes BGP VPNv6 routes from the peer PE into OSPFv3, and advertises these routes in the Type 5 or 7 LSAs to the CE. In these LSAs, PE-A adds the locally configured external route tag.

If external route check for OSPFv3 LSAs is enabled on PE-B, it compares the external route tag in the receiving Type 5 or 7 LSAs with the locally configured tag. If they are the same, PE-B ignores the LSA in route calculation to avoid routing loops.

Use the external route tag check feature only when the device does not support the DN bit. Otherwise, use the DN bit to avoid routing loops.

This command takes effect only for a VPN OSPFv3 process that is not configured with the vpn-instance-capability simple command.

Examples

# Enable external route check in OSPFv3 LSAs for VPN OSPFv3 process 100.

<Sysname> system-view

[Sysname] ospfv3 100 vpn-instance vpn1

[Sysname-ospfv3-100] route-tag-check enable

Related commands

display ospfv3 (Layer 3—IP Routing Command Reference)

route-tag

rr-filter (BGP VPNv6 address family view)

Use rr-filter to create an RR reflection policy.

Use undo rr-filter to restore the default.

Syntax

rr-filter { ext-comm-list-number | ext-comm-list-name }

undo rr-filter

Default

An RR does not filter reflected routes.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

ext-comm-list-number: Specifies an extended community list number in the range of 1 to 65535.

ext-comm-list-name: Specifies an extended community list name, a case-sensitive string of 1 to 63 characters. The name cannot contain only digits.

Usage guidelines

After this command is executed, only the VPNv6 routes that are permitted by the specified extended community list are reflected.

By configuring different RR reflection policies on RRs in a cluster, you can implement load balancing among the RRs.

For more information about extended community lists, see Layer 3—IP Routing Configuration Guide.

Examples

# Configure the RR to reflect only VPNv6 routes that are permitted by extended community list 10.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] rr-filter 10

Related commands

ip extcommunity-list (Layer 3—IP Routing Command Reference)

sham-link (OSPFv3 area view)

Use sham-link to create an OSPFv3 sham link.

Use undo sham-link to remove an OSPFv3 sham link or restore the defaults of specified parameters for an OSPFv3 sham link.

Syntax

sham-link source-ipv6-address destination-ipv6-address [ cost cost-value | dead dead-interval | hello hello-interval | instance instance-id | ipsec-profile profile-name | { hmac-sha-256 | hmac-sm3 } key-id { cipher | plain } string | keychain keychain-name | retransmit retrans-interval | trans-delay delay ] *

undo sham-link source-ipv6-address destination-ipv6-address [ cost | dead | hello | ipsec-profile | { hmac-sha-256 | hmac-sm3 | keychain } | retransmit | trans-delay ] *

Default

No OSPFv3 sham links exist.

Views

OSPFv3 area view

Predefined user roles

network-admin

Parameters

source-ipv6-address: Specifies the source IPv6 address of the sham link.

destination-ipv6-address: Specifies the destination IPv6 address of the sham link.

cost cost-value: Specifies the cost of the sham link, in the range of 1 to 65535. The default cost is 1.

dead dead-interval: Specifies the dead interval in the range of 1 to 32768 seconds. The default is 40 seconds. The dead interval configured on each end of the sham link must be identical, and it must be at least four times the hello interval.

hello hello-interval: Specifies the interval for sending hello packets, in the range of 1 to 8192 seconds. The default is 10 seconds. The hello interval configured on each end of the sham link must be identical.

instance instance-id: Specifies the instance ID of the sham link, in the range of 0 to 255. The default value is 0.

ipsec-profile profile-name: Specifies the IPsec profile for the sham link. The profile-name argument specifies the profile by its name, a case-insensitive string of 1 to 63 characters.

hmac-sha-256: Specifies the HMAC-SHA-256 authentication mode.

hmac-sm3: Specifies the HMAC-SM3 authentication mode.

key-id: Specifies a key ID in the range of 0 to 65535.

cipher: Specifies a key in encrypted form.

plain: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. The plaintext form of the key is a case-sensitive string of 1 to 255 characters. The encrypted form of the key is a case-sensitive string of 33 to 373 characters.

keychain: Specifies keychain authentication for the sham link.

keychain-name: Specifies a keychain by its name, a case-sensitive string of 1 to 63 characters.

retransmit retrans-interval: Specifies the interval for retransmitting LSAs, in the range of 1 to 3600 seconds. The default is 5 seconds.

trans-delay delay: Specifies the delay interval before the interface sends an LSA, in the range of 1 to 3600 seconds. The default is 1 second.

Usage guidelines

The authentication mode specified for an OSPFv3 sham link has a higher priority than the authentication mode specified for the area where the sham link resides. If no authentication mode is specified for the sham link, the authentication mode specified for the area applies. A sham link can use only one of the HMAC-SHA-256, keychain, and HMAC-SM3 authentication modes.

When keychain authentication is configured for an OSPFv3 sham link, OSPFv3 performs the following operations before sending a packet:

1. Obtains a valid send key from the keychain.

OSPFv3 does not send the packet if it fails to obtain a valid send key or the key ID is larger than 65535.

2. Uses the key ID, authentication algorithm, and key string to authenticate the packet.

If the authentication fails, OSPFv3 does not send the packet.

When keychain authentication is configured for an OSPFv3 sham link, OSPFv3 performs the following operations after receiving a packet:

1. Uses the key ID carried in the packet to obtain a valid accept key from the keychain.

OSPFv3 discards the packet if it fails to obtain a valid accept key.

2. Uses the authentication algorithm and key string for the valid accept key to authenticate the packet.

If the authentication fails, OSPFv3 discards the packet.

OSPFv3 supports only the HMAC-SM3 and HMAC-SHA-256 authentication algorithms.

The ID of keys used for authentication can only be in the range of 0 to 65535.

Examples

# Create a sham link with the source address 1::1 and destination address 2::2.

<Sysname> system-view

[Sysname] ospfv3 100 vpn-instance vpn1

[Sysname-ospfv3-100] area 0

[Sysname-ospfv3-100-area-0.0.0.0] sham-link 1::1 2::2

Related commands

display ospfv3 sham-link

update-first route-policy (BGP VPNv6 address family view)

Use update-first route-policy to configure BGP to send withdrawal messages of routes matching the specified routing policy prior to other routes.

Use undo update-first route-policy to restore the default.

Syntax

update-first route-policy route-policy-name

undo update-first route-policy

Default

BGP does not send withdrawal messages of any routes prior to other routes.

Views

BGP VPNv6 address family view

Predefined user roles

network-admin

Parameters

route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

This command enables BGP to send the withdrawal messages of specific routes prior to other routes. This can achieve fast route switchover and reduce the traffic interruption time.

Examples

# In BGP VPNv6 address family view, configure BGP to send withdrawal messages of routes matching routing policy test-policy prior to other routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family vpnv6

[Sysname-bgp-default-vpnv6] update-first route-policy test-policy

Related commands

default-route update-first

route-policy (Layer 3—IP Routing Command Reference)

vpn-route cross multipath

Use vpn-route cross multipath to enable ECMP VPN route redistribution.

Use undo vpn-route cross multipath to disable ECMP VPN route redistribution.

Syntax

vpn-route cross multipath

undo vpn-route cross multipath

Default

ECMP VPN route redistribution is disabled. If multiple routes have the same prefix and RD, a VPN redistributes only the optimal route to its routing table.

Views

BGP instance view

BGP IPv6 unicast address family view

BGP-VPN IPv6 unicast address family view

BGP VPNv4 address family view

Predefined user roles

network-admin

Usage guidelines

Follow these restrictions and guidelines when you execute this command:

· The configuration in BGP instance view takes effect on all address families.

· The configuration in BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view takes effect only on the address family.

· The configuration in BGP IPv6 unicast address family view or BGP-VPN IPv6 unicast address family view takes precedence over that in BGP instance view.

Examples

# In BGP-VPN IPv6 unicast address family view, enable ECMP route redistribution.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv6

[Sysname-bgp-default-ipv6-vpn1] vpn-route cross multipath

09-MPLS Command Reference

Application scenarios

Operating mechanism

Restrictions and guidelines

Application scenarios

Operating mechanism

Restrictions and guidelines

description (VPN instance view)

display bgp routing-table vpnv4 outlabel

display bgp vpn-prefix-orf

domain-id (OSPF view)

ext-community-type (OSPF view)

import route-policy

ip vpn-instance (system view)

Application scenarios

Operating mechanism

Restrictions and guidelines

peer default-route-advertise (BGP VPNv4 address family view)

peer next-hop-invariable (BGP VPNv4 address family view)

peer upe (BGP VPNv4 address family view)

peer upe route-policy (BGP VPNv4 address family view)

reset traffic-statistics vpn-instance

Application scenarios

Operating mechanism

Restrictions and guidelines

route-replicate (VPN instance IPv4 address family view)

Application scenarios

Operating mechanism

Restrictions and guidelines

route-tag (OSPF view)

Application scenarios

Operating mechanism

Recommended configuration

Restrictions and guidelines

sham-link (OSPF area view)

snmp-agent trap enable l3vpn

vpn popgo

Application scenarios

Operating mechanism

Restrictions and guidelines

Restrictions and guidelines

domain-id (OSPFv3 view)

ext-community-type (OSPFv3 view)

peer next-hop-invariable (BGP VPNv6 address family view)

route-tag (OSPFv3 view)

sham-link (OSPFv3 area view)

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us