vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays IPv6 FIB entries on the public network.

ipv6-address: Displays IPv6 FIB entries for a destination IPv6 address. If you do not specify an IPv6 address, this command displays all IPv6 FIB entries.

prefix-length: Specifies a prefix length for the IPv6 address, in the range of 0 to 128. If you do not specify the prefix length, this command displays the IPv6 FIB entry longest matching the IPv6 address.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv6 FIB entries on all cards.

Usage guidelines

If you do not specify any parameters, this command displays all IPv6 FIB entries.

Examples

# Display all IPv6 FIB entries for the public network.

<Sysname> display ipv6 fib

Route destination count: 1

Directly-connected host count: 0

Flag:

U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static

R:Relay F:FRR

Destination: ::1 Prefix length: 128

Nexthop : ::1 Flags: UH

Timestamp : 0x1 Label: Null

Interface : InLoop0 Token: Invalid

Destination: ::2 Prefix length: 128

Nexthop : 192.168.126.1 Flags: USGF

Timestamp : 0x1 Label: Null

Interface : InLoop1 Token: Invalid

Table 1 Command output

Field	Description
Route destination count	Total number of route destination addresses.
Directly-connected host count	Number of directly-connected hosts that are learned through features such as ND.
FIB entry count	Total number of IPv6 FIB entries.
Destination	Destination address.
Prefix length	Prefix length of the destination address.
Nexthop	Next hop address.
Flags	Route flag: · U—Usable route. · G—Gateway route. · H—Host route. · B—Black hole route. · D—Dynamic route. · S—Static route. · R—Recursive route. · F—Fast re-route.
Time stamp	Time when the IPv6 FIB entry was generated.
Label	Inner MPLS label.
Interface	Outgoing interface.
Token	Label switched path index number.

‌

display ipv6 fib count

Use display ipv6 fib count to display IPv6 FIB entry statistics.

Syntax

display ipv6 fib count [ all | vpn-instance vpn-instance-name ] slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays IPv6 FIB entry statistics for the public network and all VPN instances.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

slot slot-number: Specifies a card by its slot number.

Usage guidelines

If you do not specify the all or vpn-instance keyword, this command displays IPv6 FIB entry statistics for the public network.

Examples

# Display IPv6 FIB entry statistics for the public network and all VPN instances on a slot.

<Sysname> system-view

[Sysname] display ipv6 fib count all slot 10

Total count: 3121

Route destination count: 6

Directly-connected host count: 0

VPN-Instance Name Route destination count Directly-connected host count

1 100 3

vpn1 1000 10

vpn2 2000 2

# Display IPv6 FIB entry statistics for the public network on a slot.

<Sysname> system-view

[Sysname] display ipv6 fib count slot 10

Route destination count: 6

Directly-connected host count: 0

Table 2 Command output

Field	Description
Route destination count	Number of route destination addresses.
Directly-connected host count	Number of directly-connected hosts that are learned through features such as ND.
Total count	Number of IPv6 FIB entries.
VPN-Instance Name	VPN instance name.

‌

display ipv6 icmp statistics

Use display ipv6 icmp statistics to display ICMPv6 packet statistics.

Syntax

display ipv6 icmp statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ICMPv6 packet statistics on all cards.

Examples

# Display ICMPv6 packet statistics.

<Sysname> display ipv6 icmp statistics

Input: bad code 0 too short 0

checksum error 0 bad length 0

path MTU changed 0 destination unreachable 0

too big 0 parameter problem 0

echo request 0 echo reply 0

neighbor solicit 0 neighbor advertisement 0

router solicit 0 router advertisement 0

redirect 0 router renumbering 0

output: parameter problem 0 echo request 0

echo reply 0 unreachable no route 0

unreachable admin 0 unreachable beyond scope 0

unreachable address 0 unreachable no port 0

too big 0 time exceed transit 0

time exceed reassembly 0 redirect 0

ratelimited 0 other errors 0

Table 3 Command output

Field	Description
bad code	Number of received packets with error codes.
too short	Number of received packets with the length too short.
checksum error	Number of received packets with checksum errors.
bad length	Number of received packets with incorrect packet size.
path MTU changed	Number of received packets with path MTU changed.
destination unreachable	Number of destination unreachable packets that have been received.
too big	Number of received or sent oversized packets.
parameter problem	Number of received or sent packets with incorrect parameters.
echo request	Number of received or sent echo request packets.
echo reply	Number of received or sent echo reply packets.
neighbor solicit	Number of received NS packets.
neighbor advertisement	Number of received NA packets.
router solicit	Number of received RS packets.
router advertisement	Number of received RA packets.
redirect	Number of received or sent redirect packets.
router renumbering	Number of received packets with router renumbering.
unreachable no route	Number of sent packets to report the error that no route is available to the destination.
unreachable admin	Number of sent packets to report the error that the communication with the destination is administratively prohibited.
unreachable beyond scope	Number of sent packets to report the error that the source addresses is beyond the scope.
unreachable address	Number of address unreachable packets that have been sent.
unreachable no port	Number of port unreachable packets that have been sent.
time exceed transit	Number of sent packets to report the time exceeded in transmit error.
time exceed reassembly	Number of sent packets to report the fragment reassembly time exceeded error.
ratelimited	Number of packets that were not sent out because of the rate limit.
other errors	Number of sent packets with other errors.

‌

display ipv6 interface

Use display ipv6 interface to display IPv6 interface information.

Syntax

display ipv6 interface [ interface-type [ interface-number ] ] [ brief ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type: Specifies an interface by its type.

interface-number: Specifies an interface by its number.

brief: Displays brief IPv6 interface information, including physical status, link-layer protocols, and IPv6 address. If you do not specify the keyword, this command displays detailed IPv6 interface information, including IPv6 configuration and operating information, and IPv6 packet statistics.

Usage guidelines

If you do not specify an interface, this command displays IPv6 information about all interfaces except VA interfaces.

If you specify only the interface-type argument, this command displays IPv6 information about the interfaces of the specified type.

If you specify both the interface-type and the interface-number arguments, this command displays IPv6 information about the specified interface.

Examples

# Display IPv6 information about Ten-GigabitEthernet 3/0/1.

<Sysname> display ipv6 interface ten-gigabitethernet 3/0/1

Ten-GigabitEthernet3/0/1 current state: UP

Line protocol current state: UP

IPv6 is enabled, link-local address is FE80::200:1FF:FE04:5D00 [TENTATIVE]

Global unicast address(es):

10::1234:56FF:FE65:4322, subnet is 10::/64 [TENTATIVE] [AUTOCFG]

[valid lifetime 4641s/preferred lifetime 4637s]

20::1234:56ff:fe65:4322, subnet is 20::/64 [TENTATIVE] [EUI-64]

30::1, subnet is 30::/64 [TENTATIVE] [ANYCAST]

40::2, subnet is 40::/64 [TENTATIVE] [DHCP]

50::3, subnet is 50::/64 [TENTATIVE]

Joined group address(es):

FF02::1

FF02::2

FF02::1:FF00:1

FF02::1:FF04:5D00

MTU is 1500 bytes

ND DAD is enabled, number of DAD attempts: 1

ND reachable time is 1200000 milliseconds

ND retransmit interval is 1000 milliseconds

Hosts use stateless autoconfig for addresses

IPv6 Packet statistics:

InReceives: 0

InTooShorts: 0

InTruncatedPkts: 0

InHopLimitExceeds: 0

InBadHeaders: 0

InBadOptions: 0

ReasmReqds: 0

ReasmOKs: 0

InFragDrops: 0

InFragTimeouts: 0

OutFragFails: 0

InUnknownProtos: 0

InDelivers: 0

OutRequests: 0

OutForwDatagrams: 0

InNoRoutes: 0

InTooBigErrors: 0

OutFragOKs: 0

OutFragCreates: 0

InMcastPkts: 0

InMcastNotMembers: 0

OutMcastPkts: 0

InAddrErrors: 0

InDiscards: 0

OutDiscards: 0

Table 4 Command output

Field	Description
Ten-GigabitEthernet3/0/1 current state	Physical state of the interface: · Administratively DOWN—The interface has been administratively shut down by using the shutdown command. · DOWN—The interface is administratively up but its physical state is down, possibly because of a connection or link failure. · UP—The administrative and physical states of the interface are both up.
Line protocol current state	Link layer state of the interface: · DOWN—The link layer protocol state of the interface is down. · UP—The link layer protocol state of the interface is up.
IPv6 is enabled	IPv6 is enabled on the interface. This feature is automatically enabled after an IPv6 address is configured for an interface.
link-local address	Link-local address of the interface.
Global unicast address(es)	Global unicast addresses of the interface. IPv6 address states: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. · DUPLICATE—The address is not unique on the link. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but in the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined for the address are processed correctly. If a global unicast address is not manually configured, the following notations indicate how the address is obtained: · AUTOCFG—Stateless autoconfigured. · DHCP—Assigned by a DHCPv6 server. · EUI-64—Manually configured EUI-64 IPv6 address. · RANDOM—Random address automatically generated. If the address is a manually configured anycast address, it is noted with ANYCAST.
valid lifetime	Specifies how long autoconfigured global unicast addresses using a prefix are valid.
preferred lifetime	Specifies how long autoconfigured global unicast addresses using a prefix are preferred.
Joined group address(es)	Addresses of the multicast groups that the interface has joined.
MTU	MTU of the interface.
ND DAD is enabled, number of DAD attempts	DAD is enabled. · If DAD is enabled, this field displays the number of attempts to send an NS message for DAD (set by using the ipv6 nd dad attempts command). · If DAD is disabled, this field displays ND DAD is disabled. To disable DAD, set the number of attempts to 0.
ND reachable time	Time during which a neighboring device is reachable.
ND retransmit interval	Interval for retransmitting an NS message.
Hosts use stateless autoconfig for addresses	Hosts obtained IPv6 addresses through stateless autoconfiguration.
InReceives	Received IPv6 packets, including error messages.
InTooShorts	Received IPv6 packets that are too short. For example, the received IPv6 packet is less than 40 bytes.
InTruncatedPkts	Received IPv6 packets with a length less than the payload length field specified in the packet header.
InHopLimitExceeds	Received IPv6 packets with a hop count exceeding the hop limit field specified in the packet header.
InBadHeaders	Received IPv6 packets with incorrect basic headers.
InBadOptions	Received IPv6 packets with incorrect extension headers.
ReasmReqds	Received IPv6 fragments.
ReasmOKs	Number of reassembled IPv6 packets.
InFragDrops	Received IPv6 fragments that are discarded because of certain errors.
InFragTimeouts	Received IPv6 fragments that are discarded because the amount of time they stay in the system buffer exceeds the specified interval.
OutFragFails	IPv6 packets that fail to be fragmented on the output interface.
InUnknownProtos	Received IPv6 packets with unknown or unsupported protocol type.
InDelivers	Received IPv6 packets that are delivered to user protocols (such as ICMPv6, TCP, and UDP).
OutRequests	Local IPv6 packets sent by IPv6 user protocols.
OutForwDatagrams	IPv6 packets forwarded by the interface.
InNoRoutes	Received IPv6 packets that are discarded because no matching route can be found.
InTooBigErrors	Received IPv6 packets that fail to be forwarded because they exceeded the path MTU.
OutFragOKs	Fragmented IPv6 packets on the output interface.
OutFragCreates	Number of IPv6 fragments on the output interface.
InMcastPkts	Received IPv6 multicast packets.
InMcastNotMembers	Received IPv6 multicast packets that are discarded because the interface is not in the multicast group.
OutMcastPkts	IPv6 multicast packets sent by the interface.
InAddrErrors	Received IPv6 packets that are discarded due to invalid destination addresses.
InDiscards	Received IPv6 packets that are discarded due to resource problems rather than packet errors.
OutDiscards	IPv6 packets that fail to be sent due to resource problems rather than packet errors.

‌

# Display brief IPv6 information about all interfaces.

<Sysname> display ipv6 interface brief

*down: administratively down

(s): spoofing

Interface Physical Protocol IPv6 Address

GigabitEthernet3/0/1 up up 2001::1

Table 5 Command output

Field	Description
*down: administratively down	The interface has been administratively shut down by using the shutdown command.
(s): spoofing	Spoofing attribute of the interface. The link protocol state of the interface is up, but the link is temporarily established on demand or does not exist.
Interface	Name of the interface.
Physical	Physical state of the interface: · *down—The interface has been administratively shut down by using the shutdown command. · down—The interface is administratively up but its physical state is down, possibly because of a connection or link failure. · up—The administrative and physical states of the interface are both up.
Protocol	Link layer protocol state of the interface: · down—The network layer protocol state of the interface is down. · up—The network layer protocol state of the interface is up.
IPv6 Address	IPv6 address of the interface. · If multiple global unicast addresses are configured, this field displays the lowest address. · If no global unicast address is configured, this field displays the link-local address. · If no address is configured, this field displays Unassigned.

‌

Related commands

statistics l3-packet enable

display ipv6 interface prefix

Use display ipv6 interface prefix to display IPv6 prefix information for an interface.

Syntax

display ipv6 interface interface-type interface-number prefix

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Examples

# Display IPv6 prefix information for Ten-GigabitEthernet 3/0/1.

<Sysname> display ipv6 interface ten-gigabitethernet 3/0/1 prefix

Prefix: 1001::/65 Origin: ADDRESS

Age: - Flag: AL

Lifetime(Valid/Preferred): 2592000/604800

Prefix: 2001::/64 Origin: STATIC

Age: - Flag: L

Lifetime(Valid/Preferred): 3000/2000

Prefix: 3001::/64 Origin: RA

Age: 600 Flag: A

Lifetime(Valid/Preferred): -

Table 6 Command output

Filed	Description
Prefix	IPv6 address prefix.
Origin	How the prefix is generated: · STATIC—Manually configured by using the ipv6 nd ra prefix command. · RA—Advertised in RA messages after stateless autoconfiguration is enabled. · ADDRESS—Generated by a manually configured address.
Age	Aging time in seconds. If the prefix does not age out, this field displays a hyphen (-).
Flag	Flags carried in RA messages. If no flags are available, this field displays a hyphen (-). · L—The address with the prefix is directly reachable on the link. · A—The prefix is used for stateless autoconfiguration. · N—The prefix is not advertised in RA messages.
Lifetime	Lifetime in seconds advertised in RA messages. If the prefix does not need to be advertised, this field displays a hyphen (-). · Valid—Valid lifetime of the prefix. · Preferred—Preferred lifetime of the prefix.

‌

Related commands

ipv6 nd ra prefix

display ipv6 nd log

Use display ipv6 nd log to display brief ND log information.

Syntax

display ipv6 nd log [ interface interface-type interface-number | ipv6 ipv6-address ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface: Displays brief information about ND log messages generated on the specified interface.

ipv6: Displays brief information about ND log messages generated for the specified IPv6 address.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays ND log information on the active MPU.

Examples

# Display brief information about all ND log messages.

<Sysname> display ipv6 nd log

Operate : ADD Reason : ADDBYMSG

Mac : 0000-0000-0000 Interface: GE2/0/1

SVLAN : 65535 IP : 1::2

CVLAN : 65535 Time : Oct 28 22:22:02 2022

Operate : ADD Reason : ADDBYMSG

Mac : 0000-0000-0000 Interface: GE2/0/1

SVLAN : 65535 IP : 1::1

CVLAN : 65535 Time : Oct 28 22:22:02 2022

Table 7 Command output

Field	Description
Operate	Type of the ND entry operation: · ADD—Add the ND entry. · MOD—Modify the ND entry. · DEL—Delete the ND entry.
Reason	Source of the ND log message: · M-LAGMSG—Added in response to an ND entry update message from the M-LAG module. · PKTLEARN—Added by learning from an IPv6 packet. · STATICMSG—Added through static configuration. · ADDBYRULE—Added by the IPoE or portal feature. · ADDBYOP—Added by the OpenFlow feature. · ADDBYMSG—Added through ND entry synchronization. · ADDWADJ—Added in response to an IPv6 adjacency entry refresh message sent by the WAN link adjacency table module. · ADDWADJSYN—Added in response to an inter-card IPv6 adjacency entry synchronization message sent by the WAN link adjacency table module. · DRVRELOAD—Added in response to the ND update operation done in the driver. · ADDBYVSRP—Added through ND entry adding on the VSRP module. · STATICEVENT—Added through ND entry update in response to a long static entry event. · SYNCWITHDRV—Added in synchronization with the driver. · RELOADBYPW—Added in response to the PW reload operation. · DELBYLINKLOCAL—Added because an unassociated link-local address was removed from the driver and the corresponding ND entry was deleted. · DELBYVSRP—Added through ND entry deletion by VSRP. · DELBYNODUMMY—Added because an ND entry without a DUMMY entry was deleted. · DELBYSMOOTH—Added because ND entries were deleted upon ND entry smoothing. · DELBYRULE—Added because of ND entry deletion through the IPoE or portal feature. · DELBYSTATIC—Added because of ND entry deletion through static configuration. · DELBYBEFORESMOOTH—Added because invalid ND entries were deleted before smoothing. · DELCONFIGIPIF—Added because ND entries were deleted upon an IPv6 address or interface conflict. · DELNDSYN—Added because ND entries were deleted upon an inter-card ND entry synchronization. · DELWADJMSG—Added because an IPv6 adjacency entry was deleted from the WAN link adjacency table. · DELWADJIFMSG—Added because IPv6 adjacency entries were deleted from the WAN link adjacency table by interface. · DELWADJBI—Added because IPv6 adjacency entries were deleted upon reception of the entry deletion message sent from the WAN link adjacency table module to the link layer in the kernel. · DELWADJDUMMY—Added because DUMMY entries were deleted by the WAN link adjacency table module. · DELWADJIFEVENT—Added because IPv6 adjacency entries were deleted by the WAN link adjacency table module in response to an interface event. · DELWADJALL—Added because all IPv6 adjacency entries were deleted from the WAN link adjacency table. · DELWADJ—Added because an IPv6 adjacency entry was deleted from the WAN link adjacency table. · DELWADJSAGE—Added because IPv6 adjacency entries that aged out were deleted from the WAN link adjacency table. · DELWADJIFSYN—Added because IPv6 adjacency entries were deleted from the WAN link adjacency table in response to interface entry synchronization. · DELWADJSYNMSG—Added because IPv6 adjacency entries were deleted from the WAN link adjacency table in response to inter-card entry synchronization. · DELWADJSMOOTH—Added because IPv6 adjacency entries were deleted upon entry smoothing done by the WAN link adjacency table module. · DELWADJPULLFINISH—Added because IPv6 adjacency entries were deleted after the WAN link adjacency table module successfully obtained entries in bulk. · DELPORTLVLAN—Added because ND entries were deleted upon removal of the port from the VLAN. · DELVLANMODCHG—Added because ND entries were deleted upon VLAN mode change. · DELLIMIT—Added because ND entries were deleted when the number of ND entries had reached the limit. · DELNDBYIPIF—Added because ND entries were deleted from the specified IPv6 address or interface. · DELNDBYIFAGG—Added because ND entries were deleted after the interface was added to a link aggregation group. · DELNDBYNODE—Added upon deletion of ND entries by slot. · DELNDBYALL—Added upon deletion of all ND entries. · DELNDBYALLEM—Added upon deletion of all ND entries from non-management interfaces. · DELNDBYPW—Added upon deletion of ND entries from a PW. · DELNDBYTCPKEEP—Added upon deletion of ND entries through the topology change notification (TCN) flag. · DELBYPULLFINISH—Added because of deletion of ND entries upon a successful batch data pull. · DELSTATICCONFLICT—Added because of deletion of ND entries upon a static configuration conflict. · DELBYSPANSEG—Added upon deletion of cross-subnet ND entries. · DELBYSPANSEGBYIPIF—Added upon deletion of cross-subnet ND entries from the specified IPv6 address or interface. · DELINCOMBYALL—Added upon deletion of all ND entries in Incomplete state. · DELINCOMBYIF—Added upon deletion of ND entries in Incomplete state from the specified interface. · DELINCOMBYNODE—Added upon deletion of ND entries in Incomplete state from the specified card. · DELNDBYNETDOWN—Added because ND entries were deleted upon a down event in the network layer. · DELNDBYLINKDOWN—Added because ND entries were deleted upon a down event in the link layer.
IP	IPv6 address in the ND entry.
Mac	MAC address in the ND entry.
Interface	Output interface associated with the ND entry.
SVLAN	Service provider VLAN.
CVLAN	Customer VLAN.
Time	Time when the ND log message was generated.

‌

display ipv6 nd user-ip-conflict record

Use display ipv6 nd user-ip-conflict record to d isplay user IPv6 address conflict records.

Syntax

display ipv6 nd user-ip-conflict record [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays user IP address conflict records for all cards.

Examples

# Display all user IPv6 address conflict records.

<Sysname> display ipv6 nd user-ip-conflict record

IPv6 address: 10::1

System time: 2018-02-02 11:22:29

Conflict count: 1

Log suppress count: 0

Old interface: Ten-GigabitEthernet 3/0/1

New interface: Ten-GigabitEthernet 3/0/2

Old SVLAN/CVLAN: 100/2

New SVLAN/CVLAN: 100/2

Old MAC: 00e0-ca63-8141

New MAC: 00e0-ca63-8142

IPv6 address: 10::2

System time: 2018-02-02 10:20:30

Conflict count: 1

Log suppress count: 0

Old interface: Ten-GigabitEthernet 3/0/1

New interface: Ten-GigabitEthernet 3/0/2

Old SVLAN/CVLAN: 100/--

New SVLAN/CVLAN: 100/--

Old MAC: 00e0-ca63-8141

New MAC: 00e0-ca63-8142

Table 8 Command output

Field	Description
IPv6 address	IPv6 address of a user.
System time	Time when the user IPv6 address conflict occurred.
Conflict count	Number of conflict times.
Log suppress count	Number of times user IPv6 address conflict log generation has been suppressed.
Old interface	Output interface in the old ND entry.
New interface	Output interface in the new ND entry.
Old SVLAN/CVLAN	ID of the outer VLAN or inner VLAN in the old ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN.
New SVLAN/CVLAN	ID of the outer VLAN or inner VLAN in the new ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN.
Old MAC	MAC address in the old ND entry.
New MAC	MAC address in the new ND entry.

‌

Related commands

ipv6 nd user-ip-conflict record enable

display ipv6 neighbors

Use display ipv6 neighbors to display IPv6 neighbor information.

Syntax

display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6-address: Specifies the IPv6 address of a neighbor whose information is displayed.

all: Displays information about all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks.

dynamic: Displays information about all neighbors acquired dynamically.

static: Displays information about all neighbors configured statically.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv6 neighbor information on all cards.

interface interface-type interface-number: Specifies an interface by its type and number.

vlan vlan-id: Displays information about neighbors in the specified SVLAN. The value range for the SVLAN ID is 1 to 4094.

verbose: Displays detailed neighbor information.

Examples

# Display all neighbor information.

<Sysname> display ipv6 neighbors all

Type: S-Static D-Dynamic O-Openflow R-Rule IS-Invalid static

IPv6 address MAC address VLAN/VSI Interface State T Aging

1::2 6864-6839-0202 1 XGE3/0/1 STALE D 136

FE80::6A64:68FF:FE39:202 6864-6839-0202 1 XGE3/0/1 STALE D 126

1::3 6864-6839-0203 1 Tunnel1 STALE D 136

1::4 6864-6839-0204 1 XGE3/0/2 STALE D 136

2002:2002:2002:2002:2002:2002:0:1 0222-0222-0222 -- L3VE8192.4094-L2VE8192 REACH IS --

# Display detailed information about all neighbors.

<Sysname> display ipv6 neighbors all verbose

IPv6 address : 1::2

MAC address : 6864-6839-0202 Type : Dynamic

State : STALE Aging : 136 seconds

Interface : XGE3/0/1

SVLAN/CVLAN : 1/--

VPN instance : --

Service instance : --

Link ID : --

VXLAN ID : --

VSI name : --

VSI interface : --

Nickname : 0x0

IPv6 address : FE80::6A64:68FF:FE39:202

MAC address : 6864-6839-0202 Type : Dynamic

State : STALE Aging : 126 seconds

Interface : XGE3/0/1

SVLAN/CVLAN : 1/--

VPN instance : --

Service instance : --

Link ID : --

VXLAN ID : --

VSI name : --

VSI interface : --

Nickname : 0x0

IPv6 address : 2002:2002:2002:2002:2002:2002:0:1

MAC address : 0222-0222-0222 Type : Invalid static

State : REACH Aging : --

Interface : L3VE8192.4094-L2VE8192

SVLAN/CVLAN : --/--

VPN instance : --

Service instance : --

Link ID : --

VXLAN ID : --

VSI name : --

VSI interface : --

Nickname : 0x0

Table 9 Command output

Field	Description
IPv6 address	IPv6 address of the neighbor.
MAC address	MAC address of the neighbor.
VLAN/VSI	VLAN or VSI to which the neighbor belongs. This field displays hyphens (--) if the neighbor does not belong to a VLAN or VSI.
Interface	Interface connected to the neighbor. · If the neighbor entry does not belong to a VSI, this field displays the interface name. If the interface name is not available, the field displays hyphens (--). · If the neighbor entry belongs to a VSI and the interface is a tunnel interface, the displayed value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the tunnel interface ID. · If the neighbor entry belongs to a VSI but the interface is not a tunnel interface, the displayed value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the interface. · In an L2VPN access to L3VPN network, this field displays the L3VE interface or L3VE subinterface connected to the neighbor and the associated L2VE interface or L2VE subinterface.
State	State of the neighbor: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. · DELAY—Whether the neighbor is reachable is unknown. The device does not send an NS message in the delay period. · PROBE—Whether the neighbor is reachable is unknown. The device sends an NS message to probe the reachability of the neighbor.
Type	Neighbor information type: · Static—Statically configured. · Dynamic—Dynamically obtained. · Openflow—Learned from the OpenFlow module. · Rule—Learned from the Portal module. · Invalid static—Invalid static configuration.
Aging	Reachable time of the neighbor: · For a static neighbor entry, this field displays hyphens (--), representing the neighbor entry never expires. · For a dynamic entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#).
SVLAN/CVLAN	SVLAN and CVLAN to which the interface connected to the neighbor belongs. This field displays hyphens (--) if the interface does not belong to a VLAN.
VPN instance	‌ Name of a VPN instance. This field displays hyphens (--) if the no VPN instance is configured.
Service instance	‌ Ethernet service instance. If the neighbor entry does not belong to any Ethernet service instance for the related Layer 2 Ethernet interface or Layer 2 aggregate interface, this field displays hyphens (--).
Link ID	‌ ID of the link that connects to the neighbor. This field displays hyphens (--) if the neighbor entry does not belong to a VSI. The link ID is a string with a maximum of eight hexadecimal numbers.
VXLAN ID	‌ VXLAN ID of the neighbor entry. This field displays hyphens (--) if the VXLAN ID associated with the VSI is not specified.
VSI name	‌ VSI name of the neighbor entry. This field displays hyphens (--) if the neighbor entry does not belong to a VSI.
VSI interface	‌ VSI interface associated with the VSI. This field displays hyphens (--) if the associated VSI interface is not specified.
Nickname	‌ Nickname of a neighbor entry. The name is a string of four hexadecimal numbers. F

‌

Related commands

ipv6 neighbor

reset ipv6 neighbors

display ipv6 neighbors count

Use display ipv6 neighbors count to display the number of neighbor entries.

Syntax

display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically.

dynamic: Displays the total number of neighbor entries created dynamically.

static: Displays the total number of neighbor entries configured statically.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays the number of neighbor entries on all cards. .

interface interface-type interface-number: Specifies an interface by its type and number.

vlan vlan-id: Displays the total number of neighbor entries in the specified VLAN. The value range for VLAN ID is 1 to 4094.

Examples

# Display the total number of neighbor entries created dynamically.

<Sysname> display ipv6 neighbors dynamic count

Total number of dynamic entries: 2

display ipv6 neighbors entry-limit

Use display ipv6 neighbors entry-limit to display the maximum number of ND entries that a device supports.

Syntax

display ipv6 neighbors entry-limit

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the maximum number of ND entries that the device supports.

<Sysname> display ipv6 neighbors entry-limit

ND entries: 2048

display ipv6 neighbors vpn-instance

Use display ipv6 neighbors vpn-instance to display neighbor information about a VPN instance.

Syntax

display ipv6 neighbors vpn-instance vpn-instance-name [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance must already exist.

count: Displays the total number of neighbor entries in the specified VPN instance.

Examples

# Display neighbor information about VPN instance vpn1.

<Sysname> display ipv6 neighbors vpn-instance vpn1

Type: S-Static D-Dynamic O-Openflow R-Rule IS-Invalid static

IPv6 address MAC address VLAN/VSI Interface State T Aging

FE80::200:5EFF:FE32:B800 0000-5e32-b800 -- XGE3/0/1 REACH IS --

Table 10 Command output

Field	Description
IPv6 address	IPv6 address of the neighbor.
MAC address	MAC address of the neighbor.
VLAN/VSI	VLAN ID or VSI index of the neighbor entry. This field displays hyphens (--) if the neighbor does not belong to any VLAN or VSI.
Interface	Interface connected to a neighbor.
State	Neighbor state: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. · DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. · PROBE—Whether the neighbor is reachable is unknown. The device sends an NS message to verify the reachability of the neighbor.
T	Neighbor information type: · Static—Statically configured. · Dynamic—Dynamically obtained. · Openflow—Learned from the OpenFlow module. · Rule—Learned from the IPoE module. · Invalid static—Invalid static configuration.
Aging	Reachable time of the neighbor: · For a static neighbor entry, this field displays hyphens (--), representing the neighbor entry never expires. · For a dynamic entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#).

‌

display ipv6 option source-route statistics

Use display ipv6 option source-route statistics to display statistics about dropped IPv6 packets that contain the source route option.

Syntax

display ipv6 option source-route statistics [ slot slot-number ]

Distributed devices in IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays statistics about dropped IPv6 packets that contain the source route option on all cards.

Usage guidelines

The device drops IPv6 packets that contain the source route option if processing of such packets is disabled. To view statistics about these dropped IPv6 packets, you can use this command.

Examples

# Display statistics about dropped IPv6 packets that contain the source route option.

<Sysname> display ipv6 option source-route statistics

Source route IPv6 packets dropped: 2

Table 11 Command output

Field	Description
Source route IPv6 packets dropped	Number of dropped IPv6 packets that contain the source route option.

‌

Related commands

reset ipv6 option source-route statistics

display ipv6 pathmtu

Use the display ipv6 pathmtu command to display IPv6 path MTU information.

Syntax

display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | { all | dynamic | static } [ count ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6-address: Specifies the destination IPv6 address for which the path MTU information is to be displayed.

all: Displays all path MTU information for the public network.

dynamic: Displays all dynamic path MTU information.

static: Displays all static path MTU information.

count: Displays the total number of path MTU entries.

Examples

# Display all path MTU information.

<Sysname> display ipv6 pathmtu all

IPv6 destination address PathMTU Age Type

1:2::3:2 1800 - Static

1:2::4:2 1400 10 Dynamic

1:2::5:2 1280 10 Dynamic

# Displays the total number of path MTU entries.

<Sysname> display ipv6 pathmtu all count

Total number of entries: 3

Table 12 Command output

Field	Description
PathMTU	Path MTU value on the network path to an IPv6 address.
Age	Time for a path MTU to live. For a static path MTU, this field displays a hyphen (-).
Type	Path MTU type: · Dynamic—Dynamically negotiated. · Static—Statically configured.
Total number of entries	Total number of path MTU entries.

‌

Related commands

ipv6 pathmtu

reset ipv6 pathmtu

display ipv6 prefix

Use display ipv6 prefix to display information about IPv6 prefixes, including dynamic and static prefixes.

Syntax

display ipv6 prefix [ prefix-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. If you do not specify an IPv6 prefix ID, this command displays information about all IPv6 prefixes.

Usage guidelines

A static IPv6 prefix is configured by using the ipv6 prefix command.

A dynamic IPv6 prefix is obtained from the DHCPv6 server, and its prefix ID is configured by using the ipv6 dhcp client pd command. For detailed information, see Layer 3–IP Services Configuration Guide.

Examples

# Display information about all IPv6 prefixes.

<Sysname> display ipv6 prefix

Number Prefix Type

1 1::/16 Static

2 11:77::/32 Dynamic

# Display information about the IPv6 prefix with prefix ID 1.

<Sysname> display ipv6 prefix 1

Number: 1

Type : Dynamic

Prefix: ABCD:77D8::/32

Preferred lifetime 90 sec, valid lifetime 120 sec

Table 13 Command output

Field	Description
Number	Prefix ID.
Type	Prefix type: · Static—Static IPv6 prefix. · Dynamic—Dynamic IPv6 prefix.
Prefix	Prefix and its length. If no prefix is obtained, this field displays Not-available.
Preferred lifetime 90 sec	Preferred lifetime in seconds. For a static IPv6 prefix, this field is not displayed.
valid lifetime 120 sec	Valid lifetime in seconds. For a static IPv6 prefix, this field is not displayed.

‌

Related commands

ipv6 prefix

display ipv6 proxy-forward cache

Use display ipv6 proxy-forward cache to display IPv6 packet forwarding entries on the MPU.

Syntax

display ipv6 proxy-forward cache [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an MPU by its slot number. If you do not specify an MPU, the command displays the IPv6 packet forwarding entries on the active MPU.

Usage guidelines

NOTE:

For a FIB-incapable MPU, an IPv6 packet forwarding entry is a proxy module entry cached on the MPU.

‌

A FIB-incapable MPU does not search the FIB when forwarding packets, but sends the packets to a service module. The service module then searches its own FIB and forwards those packets. Such a service module is called as a proxy module.

When t he MPU receives a data flow, it delivers the related three-tuple information to the hardware. The hardware returns a random proxy module number and the MPU's forwarding module caches an entry that records the binding of the data flow and the proxy module. The MPU forwards subsequent packets of the data flow to the same proxy module based on the cached binding entry, ensuring data flow stability and avoiding packets of the same data flow being forwarded to different proxy modules.

If no traffic of a data flow passes through the MPU for more than 3 seconds, the MPU deletes the corresponding binding entry.

Examples

# Display the cached proxy module entries on the active MPU.

<Sysname> display ipv6 proxy-forward cache

Total number of proxy-forward entries: 2

SIP DIP Protocol ProxyNode

2022::22 2022::21 8 0

2022::21 2022::22 8 0

# Display the cached proxy module entries on the specified MPU.

<Sysname> display ipv6 proxy-forward cache slot 1

Total number of proxy-forward entries: 2

SIP DIP Protocol ProxyNode

2022::22 2022::21 8 0

2022::21 2022::22 8 0

Table 14 Command output

Field	Description
Total number of proxy-forward entries	Total number of the proxy module entries cached on the MPU.
SIP	Source IP address of the data flow.
DIP	Destination IP address of the data flow.
Pro	Protocol number of the data flow.
ProxyNode	Proxy module number.

‌

display ipv6 rawip

Use display ipv6 rawip to display brief information about IPv6 RawIP connections.

Syntax

display ipv6 rawip [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about IPv6 RawIP connections on all cards.

Examples

# Display brief information about IPv6 RawIP connections.

<Sysname> display ipv6 rawip

Local Addr Foreign Addr Protocol Slot Cpu PCB

2001:2002:2003:2 3001:3002:3003:3 58 1 0 0x0000000000000009

004:2005:2006:20 004:3005:3006:30

07:2008 07:3008

2002::100 2002::138 58 2 0 0x0000000000000008

:: :: 58 5 0 0x0000000000000002

Table 15 Command output

Field	Description
Local Addr	Local IPv6 address.
Foreign Addr	Peer IPv6 address.
Protocol	Protocol number.
PCB	PCB index.

‌

display ipv6 rawip verbose

Use display ipv6 rawip verbose to display detailed information about IPv6 RawIP connections.

Syntax

display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about IPv6 RawIP connections on all cards.

pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16.

Examples

# Display detailed information about an IPv6 RawIP connection.

<Sysname> display ipv6 rawip verbose

Total RawIP socket number: 1

Connection info: src = ::, dst = ::

Location: slot 6 cpu: 0

Creator: ping ipv6[320]

State: N/A

Options: N/A

Error: 0

Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 9216 / 1 / 0 / N/A

Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

Type: 3

Protocol: 58

Inpcb flags: N/A

Inpcb extflag: INP_EXTRCVICMPERR INP_EXTFILTER

Inpcb vflag: INP_IPV6

Hop limit: 255 (minimum hop limit: 0)

Send VRF: 0xffff

Receive VRF: 0xffff

Table 16 Command output

Field	Description
Total RawIP socket number	Total number of IPv6 RawIP sockets.
Connection info	Connection information, including the source and destination IPv6 addresses.
Location	Socket location.
Creator	Task name of the socket. The process number is in the square brackets.
State	Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state.
Options	Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-of-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_FILTER—Supports setting the packet filter criterion. This option is available for OSI Socket and RawIP. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_NBMAADDR—Obtains the remote NBMA address of the ADVPN tunnel. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set.
Error	Error code.
Receiving buffer(cc/hiwat/lowat/drop/state)	Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Sending buffer(cc/hiwat/lowat/state)	Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Type	Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types.
Protocol	Number of protocol using the socket. 58 represents ICMP.
Inpcb flags	Flags in the Internet PCB: · INP_RECVOPTS—Receives IPv6 options. · INP_RECVRETOPTS—Receives replied IPv6 options. · INP_RECVDSTADDR—Receives destination IPv6 address. · INP_HDRINCL—Provides the entire IPv6 header. · INP_REUSEADDR—Reuses the IPv6 address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack. · IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet. · IN6P_HOPLIMIT—Receives the hop limit. · IN6P_HOPOPTS—Receives the hop-by-hop options extension header. · IN6P_DSTOPTS—Receives the destination options extension header. · IN6P_RTHDR—Receives the routing extension header. · IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. · IN6P_TCLASS—Receives the traffic class of the packet. · IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. · IN6P_RFC2292—Uses the API specified in RFC 2292. · IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_USEICMPSRC—Uses the specified IPv6 address as the source IPv6 address for outgoing ICMP packets. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags.
Inpcb extflag	Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTFILTER—Filters the contents in the received packet. · INP_EXTDONTDROP—Do not drop the received packet. · INP_EXLISTEN—Adds the INPCB carrying this flag to the listen hash table. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTRCVUPID—Obtains the UP ID from the received packet in the UCM control-/user-plane separated (CUPS) network. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · INP_EXLISTENNET—Sets this flag when the connection information is added to the network segment linked list. · N/A—None of the above flags.
Inpcb vflag	IP version flag in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_IPV6—IPv6 protocol. · INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags.
Hop limit	Hop limit in the Internet PCB.
Send VRF	‌ Sending instances.
Receive VRF	‌ Receiving instances.

‌

display ipv6-cache

Use display ipv6-cache to display the cached destination IPv6 address entries of packets on the active and standby modules.

Syntax

display ipv6-cache [ vpn-instance vpn-instance-name ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the specified address belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the command displays cached entries of IPv6 addresses on the public network.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information on the active MPU.

Usage guidelines

Application scenarios

Use this command to view the IPv6 cached entries on the FIB-incapable MPU. This helps determine whether the forwarded IPv6 packets are directly forwarded to the destination module through FIB or transparently forwarded to the proxy module for processing.

Operating mechanism

For a FIB-incapable MPU, both the MPU and interface module maintain cached entries for the destination IPv4 addresses of the packets. These entries contain the most recent routes with traffic passing through the active and standby modules. The device distributes the corresponding routes of the cached entries to FIB. When forwarding a packet, the device first queries the cached entries. If a cached entry for the destination address of the packet is found, the device continues to query FIB to forward the packet. If no corresponding cached entry is found, the device establishes a new cached entry and passes the packet to the proxy module.

The cached entry mechanism allows the MPU to directly forward locally transmitted packets to the target interface module through FIB, without randomly forwarding them to the proxy module for transparent transmission to the target interface module. This reduces the performance impact caused by transparent transmission between interface modules.

When no parameters are specified, the command displays the cached entries for the public network of the MPU.

Examples

# Display IPv6 cached entries on the MPU public network.

<Sysname> display ipv6-cache

Total number of ipv6-cache entries: 2

Status:BN-Before Notify N-Notified RS-Refresh Start RE-Refresh End

IPv6 address Traffic Flag Status Aging time

1::1 0x0 N -

1::2 0x1 RE 400

# Display IPv6 cached entries on a MPU private network.

<Sysname> display ipv6-cache vpn-instance vpn1

Total number of ip-cache entries: 2

Status:BN-Before Notify N-Notified RS-Refresh Start RE-Refresh End

IPv6 address Traffic Flag Status Aging time

1::1 0x0 N -

1::2 0x1 RE 400

Table 17 Command output

Field	Description
Total number of ip-cache entries	Total number of cached entries for packet destination IPv6 addresses.
IPv6 address	Packet destination IPv6 address.
Traffic Flag	Traffic flag of the IPv6 cached entry: · 0x0—The IPv6 cached entry on this device do not have traffic queries, and the entry does not age. When the entry ages on other devices, it will be synchronously deleted. · 0x1—The IPv6 cached entry on this device have traffic queries, and the system will start an aging timer for the entry. After the timer expires, the entry is deleted.
Status	Status of the IPv6 cached entry: · BN-Before Notify—The entry has not been notified to routing. · N-Notified—The entry has been notified to routing. · RS-Refresh Start—The routing table starts to issue entries. · RE-Refresh End—Entry issuing by the routing table is complete.
Aging time	For IPv6 cached entries without traffic marking, the aging time field is set to "-," which indicates that no aging time exists for the entry. For entries with traffic marking, this field may display the aging time in seconds or displays a hyphen (-) if the aging time cannot be obtained.

‌

display ipv6 router-renumber statistics

Use display ipv6 router-renumber statistics to display router renumbering statistics.

Syntax

display ipv6 router-renumber statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display router renumbering statistics.

<Sysname> display ipv6 router-renumber statistics

Enabling/disabling protocol failed: 0

Packets with sequence number error: 2

Packets with segment number error: 1

PCO check failed: 0

Packets with T-flag set and R-flag unset: 1

Router-renumber function disable: 0

Packets too short: 0

Packets with invalid destinations: 0

Create result packets failed: 0

Sent result packets failed: 0

Received command packets: 7

Received reset packets: 3

Sent result packets: 9

SequenceNumber: 0x2

ResetSequenceNumber: 0x2

SegmentNumber[0]: 0x1

SegmentNumber[1]: 0x0

SegmentNumber[2]: 0x0

SegmentNumber[3]: 0x0

SegmentNumber[4]: 0x0

SegmentNumber[5]: 0x0

SegmentNumber[6]: 0x0

SegmentNumber[7]: 0x0

Related commands

reset ipv6 router-renumber statistics

display ipv6 statistics

Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics.

Syntax

display ipv6 statistics [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv6 and ICMPv6 packet statistics on all cards.

Examples

# Display IPv6 and ICMPv6 packet statistics.

<Sysname> display ipv6 statistics

IPv6 statistics:

Sent packets:

Total: 0

Sent locally: 0 Forwarded: 0

Raw packets: 0 Discarded: 0

Fragments: 0 Fragments failed: 0

Routing failed: 0

Received packets:

Total: 0

Received locally: 0 Hop limit exceeded: 0

Fragments: 0 Reassembled: 0

Reassembly failures: 0 Reassembly timeout: 0

Format errors: 0 Option errors: 0

Protocol errors: 0

ICMPv6 statistics:

Sent packets:

Total: 0

Unreachable: 0 Too big: 0

Hop limit exceeded: 0 Reassembly timeouts: 0

Parameter problems: 0

Echo requests: 0 Echo replies: 0

Neighbor solicits: 0 Neighbor adverts: 0

Router solicits: 0 Router adverts: 0

Redirects: 0 Router renumbering: 0

Send failed:

Rate limitation: 0 Other errors: 0

Received packets:

Total: 0

Checksum errors: 0 Too short: 0

Bad codes: 0

Unreachable: 0 Too big: 0

Hop limit exceeded: 0 Reassembly timeouts: 0

Parameter problems: 0 Unknown error types: 0

Echo requests: 0 Echo replies: 0

Neighbor solicits: 0 Neighbor adverts: 0

Router solicits: 0 Router adverts: 0

Redirects: 0 Router renumbering: 0

Unknown info types: 0

Deliver failed:

Bad length: 0

Table 18 Command output

Field

Description

IPv6 statistics:

IPv6 packet statistics.

Sent packets:

Total:

Sent locally:

Forwarded:

Raw packets:

Discarded:

Fragments:

Fragments failed:

Routing failed:

Statistics for sent IPv6 packets:

· Total—Total number of packets that have been locally sent and forwarded.

· Sent locally—Number of locally sent packets.

· Forwarded—Number of forwarded packets.

· Raw packets—Number of packets sent by using a raw socket.

· Discarded—Number of discarded packets.

· Fragments—Number of sent fragments.

· Fragments failed—Number of fragments that were failed to send.

· Routing failed—Number of packets with routing failures.

Received packets:

Total:

Received locally:

Hop limit exceeded:

Fragments:

Reassembled:

Reassembly failures:

Reassembly timeout:

Format errors:

Option errors:

Protocol errors:

Statistics for received IPv6 packets:

· Total—Total number of received packets.

· Received locally—Number of received packets that are destined for the device.

· Hop limit exceeded—Number of packets with hop limit exceeded.

· Fragments—Number of received fragments.

· Reassembled—Number of reassembled packets.

· Reassembly failures—Number of packets with reassembly failures.

· Reassembly timeout—Number of packets with reassembly timed out.

· Format errors—Number of packets with format errors.

· Option errors—Number of packets with option errors.

· Protocol errors—Number of packets with protocol errors.

ICMPv6 statistics:

ICMPv6 message statistics.

Sent packets:

Total:

Unreached:

Too big:

Hop limit exceeded:

Reassembly timeouts:

Parameter problems:

Echo requests:

Echo replies:

Neighbor solicits:

Neighbor adverts:

Router solicits:

Router adverts:

Redirects:

Router renumbering

Sent failed:

Rate limitation:

Other errors:

Statistics for sent ICMPv6 messages:

· Total—Total number of sent messages.

· Unreached—Number of Destination Unreachable messages.

· Too big—Number of Packet Too Big messages.

· Hop limit exceeded—Number of Hop Limit Exceeded messages.

· Reassembly timeouts—Number of Fragment Reassembly Time Exceeded messages.

· Parameter problems—Number of Parameter Problem messages.

· Echo requests—Number of Echo Requests.

· Echo replies—Number of Echo Replies.

· Neighbor solicits—Number of Neighbor Solicitation messages.

· Neighbor adverts—Number of Neighbor Advertisement messages.

· Router solicits—Number of Router Solicitation messages.

· Router adverts—Number of Router Advertisement messages.

· Redirects—Number of Redirect messages.

· Router renumbering—Number of Router Renumbering messages.

· Sent failed—Number of messages that were failed to send locally.

· Rate limitation—Number of unsent messages because of rate limiting.

· Other errors—Number of messages with other errors.

Received packets:

Total:

Checksum errors:

Too short:

Bad codes:

Unreachable:

Too big:

Hop limit exceeded:

Reassembly timeouts:

Parameter problems:

Unknown error types:

Echo requests:

Echo replies:

Neighbor solicits:

Neighbor adverts:

Router solicits:

Router adverts:

Redirects:

Router renumbering:

Unknown info types:

Deliver failed:

Bad length:

Statistics for received ICMPv6 messages:

· Total—Total number of received messages.

· Checksum errors—Number of messages with checksum errors.

· Too short—Number of messages with a too short length.

· Bad codes—Number of messages with error codes.

· Unreached—Number of Destination Unreachable messages.

· Too big—Number of Packet Too Big messages.

· Hop limit exceeded—Number of Hop Limit Exceeded messages.

· Reassembly timeouts—Number of Fragment Reassembly Time Exceeded messages.

· Parameter problems—Number of Parameter Problem messages.

· Unknown error types—Number of messages with unknown error types.

· Echo requests—Number of Echo Requests.

· Echo replies—Number of Echo Replies.

· Neighbor solicits—Number of Neighbor Solicitation messages.

· Neighbor adverts—Number of Neighbor Advertisement messages.

· Router solicits—Number of Router Solicitation messages.

· Router adverts—Number of Router Advertisement messages.

· Redirects—Number of Redirect messages.

· Router renumbering—Number of Router Renumbering messages.

· Unknown info types—Number of messages with unknown information types.

· Deliver failed—Number of messages with local delivery failures.

· Bad length—Number of messages with error length.

‌

Related commands

reset ipv6 statistics

statistics l3-packet enable

display ipv6 tcp

Use display ipv6 tcp to display brief information about IPv6 TCP connections.

Syntax

display ipv6 tcp [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about IPv6 TCP connections on all cards.

Examples

# Display brief information about IPv6 TCP connections.

<Sysname> display ipv6 tcp

*: TCP connection with authentication

LAddr->port FAddr->port State Slot CPU PCB

*2001:2002:2003:2 3001:3002:3003:3 ESTABLISHED 1 0 0x000000000000c387

004:2005:2006:20 004:3005:3006:30

07:2008->1200 07:3008->1200

2001::1->23 2001::5->1284 ESTABLISHED 2 0 0x0000000000000008

2003::1->25 2001::2->1283 LISTEN 3 0 0x0000000000000009

Table 19 Command output

Field	Description
*	Indicates that the TCP connection uses authentication.
LAddr->port	Local IPv6 address and port number.
FAddr->port	Peer IPv6 address and port number.
State	IPv6 TCP connection state: · CLOSED—The server receives a disconnection request's reply from the client. · LISTEN—The server is waiting for connection requests. · SYN_SENT—The client is waiting for the server to reply to the connection request. · SYN_RCVD—The server receives a connection request. · ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. · CLOSE_WAIT—The server receives a disconnection request from the client. · FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. · CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other. · LAST_ACK—The server is waiting for the client to reply to a disconnection request. · FIN_WAIT_2—The client receives a disconnection reply from the server. · TIME_WAIT—The client receives a disconnection request from the server.
PCB	PCB index.

‌

display ipv6 tcp verbose

Use display ipv6 tcp verbose to display detailed information about IPv6 TCP connections.

Syntax

display ipv6 tcp verbose [ slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about IPv6 TCP connections on all cards.

pcb pcb-index: Displays detailed information about IPv6 TCP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16.

Examples

# Display detailed information about an IPv6 TCP connection.

<Sysname> display ipv6 tcp verbose

TCP inpcb number: 1(tcpcb number: 1)

Connection info: src = 2001::1->179 , dst = 2001::2->4181

Location: Slot: 6 Cpu: 0

NSR standby: N/A

Creator: bgpd[199]

State: ISCONNECTED

Options: N/A

Error: 0

Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 65536 / 1 / 0 / N/A

Sending buffer(cc/hiwat/lowat/state): 0 / 65536 / 512 / N/A

Type: 1

SocketFd:74

Reference count:1

so_file:0xd939db40

so_inode:0x0

Protocol: 6

Inpcb flags: N/A

Inpcb extflag: N/A

Inpcb vflag: INP_IPV6

Hop limit: 255 (minimum hop limit: 0)

Connection state: ESTABLISHED

TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR

NSR state: READY(M)

Send VRF: 0x0

Receive VRF: 0x0

Error count in abnormal-packet-defend period: 0

Packet Statistics:

Checksum errors: 0

Duplicate packets: 0

Part-Duplicate packets: 0

Out-of-order packets: 0

Duplicate ACK packets: 0

Out-of-order ACK packets: 0

Packets with data out of window: 0

MD5 authentication errors: 0

Keychain authentication errors: 0

Timestamp errors: 0

Total receive/send packets: 99 / 99

Receive/send packets in sequence: 47 (927 bytes) / 52 (1022 bytes)

Receive/send keepalive packets: 0 / 0

Receive keepalive ack packets: 0

Receive previous segment not captured packets: 0 (0 bytes)

send retransmission packets: 0 (0 bytes)

Send fast retransmission packets: 0 (0 bytes)

Receive spurious retransmission packets: 0 (0 bytes)

Receive/send window update packets: 0 / 0

Receive/send zero window packets: 0 / 0

Receive/send window probe packets: 0 / 0

Receive window probe ack packets: 0

Send window full packets: 0

User send data to tcp(counts/bytes): 52 / 1022

User receive data from tcp(counts/bytes): 94 / 1786

Transmission status data:

Maximum Segment Size (MSS): 1200

Window Scale (wscale): 0,7

Retransmission Timeout (rto): 208.0ms

Retransmission Count/Total: 0/0

Round-trip Time (rtt/rtvar): 11.0ms/14.0ms

Delayed Ack Timeout (ato): 40.0ms

Congestion Window (cwnd): 10

TCP Throughput: 66.63 Mbps

sendpps/sendkbps/recvpps/recvkbps/: 0/3000/0/3000

Advertised Recv Window (rcv_space): 18348

iss/unack/next/max/wnd: 1442172429/1442188127/1442188127/1442188127/66296

irs/undeliver/next/adv/wnd: 1955599364/0/1955612839/1955679120/66300

Receiving window(scale/lastadvertise/max/min): 3 / 8285 / 66300 / 66300

Sending window(scale/lastadvertise/max/min): 3 / 8287 / 66296 / 65535

NSR Info:

Total Recv/Send Count(history Recv/history Send): 41/43(41/43)

EnableMsg Recv/Send Count(history Recv/history Send): 1/2(1/2)

DisableMsg Recv/Send Count(history Recv/history Send): 0/1(0/1)

SlotchangeMsg Recv/Send Count(history Recv/history Send): 0/1(0/1)

ReadyMsg Recv/Send Count(history Recv/history Send): 2/1(2/1)

PullMsg Recv/Send Count(history Recv/history Send): 2/1(2/1)

BriefdataMsg Recv/Send Count(history Recv/history Send): 1/2(1/2)

PktMsg Recv/Send Count(history Recv/history Send): 35/35(35/35)

CmdMsg Recv/Send Count(history Recv/history Send): 0/0(0/0)

Recent Recv/Send Seq: 41/43

Recent Recv/Send Time: 11:14:44:469624 May 23 2022/11:14:44:467624 May 23 2022

Option Value:

rcvsb_timeo/sndsb_timeo/pd_type/pd_len: 0/0/0/0

so_linger: 1

ka_idle/ka_intval/ka_count: 0/0/0

so_accept_filter_str: filter1

Md5 Password:123

Tcp Key Chain: key123

Out Interface/NextHop/Local Address: 0/0.0.0.0/0.0.0.0

Filter Offset/Length/Value/Mask: 0/0/00 00 00 00 00 00 00 00 /00 00 0 00 00 00 00 00

Ip Tos/McastTTL/McastLoop/ Mcast Interface Index: 192/0/0/0

Acl Index/MacIndex: 4294967295/4294967295

Mpls Flag/Label: 0/4294967295

Kernel Event ID: 0

Send Mac: 0000-0000-0000

Bier TTL/Entropy/TunnelID: 0/0/0

Ip Option Hdr: 0x01 02 03

Time info:

Tcp connect establish: 20:50:55:797 Apr 19 2023

Usr send/datalen: 08:20:34:795 Apr 20 2023 / 19

Tcp send/datalen: 08:20:34:795 Apr 20 2023 / 19

Usr recv/datalen: 08:20:57:387 Apr 20 2023 / 19

Tcp recv/datalen: 08:20:57:386 Apr 20 2023 / 19

Retrans(datalen): - / 0

Usr connect: 20:50:55:795 Apr 19 2023

Usr shutdown: -

Usr close: -

Usr first recv epollout: 20:50:55:798 Apr 19 2023

Last info usr read: 08:20:57:386 Apr 20 2023

Usr Last recv epollevent/event: 08:20:57:386 Apr 20 2023 / 325

TimerType StarTime StopTime TimeOut

DELAY_ACK - - 0

REXMT 08:20:34:795 Apr 20 2023 08:20:34:797 Apr 20 2023 230

PERSIST - - 0

KEEP 08:20:57:386 Apr 20 2023 - 7200000

2MSL - - 0

PMTU - - 0

NSR - - 0

TimeOut Count: retransmit 0, persist: 0, keepalive: 0

Table 20 Command output

Field	Description
TCP inpcb number	Number of IPv6 TCP Internet PCBs.
Connection info	Connection information, including source IPv6 address and port number, and destination IPv6 address and port number.
Location	Socket location.
tcpcb number	Number of IPv6 TCP PCBs (excluding PCBs of TCP in TIME_WAIT state).
Creator	Task name of the socket. The process number is in the square brackets.
State	Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state.
Options	Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-of-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_FILTER—Supports setting the packet filter criterion. This option is available for OSI Socket and RawIP. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_NBMAADDR—Obtains the remote NBMA address of the ADVPN tunnel. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set.
Error	Error code.
Receiving buffer(cc/hiwat/lowat/drop/state)	Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Sending buffer(cc/hiwat/lowat/state)	Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Type	Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types.
SocketFd	Used socket information.
Reference count	Reference counter for the socket.
so_file	So_file pointer.
so_inode	So_inode pointer.
Protocol	Number of the protocol using the socket. 6 represents TCP.
Inpcb flags	Flags in the Internet PCB: · INP_RECVOPTS—Receives IPv6 options. · INP_RECVRETOPTS—Receives replied IPv6 options. · INP_RECVDSTADDR—Receives destination IPv6 address. · INP_HDRINCL—Provides the entire IPv6 header. · INP_REUSEADDR—Reuses the IPv6 address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack. · IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet. · IN6P_HOPLIMIT—Receives the hop limit. · IN6P_HOPOPTS—Receives the hop-by-hop options extension header. · IN6P_DSTOPTS—Receives the destination options extension header. · IN6P_RTHDR—Receives the routing extension header. · IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. · IN6P_TCLASS—Receives the traffic class of the packet. · IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. · IN6P_RFC2292—Uses the API specified in RFC 2292. · IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags.
Inpcb extflag	Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTDONTDROP—Does not drop the received packet. · INP_EXLISTEN—Listens to the socket. · INP_EXTFILTER—Filters the contents in the received packets. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTRCVUPID—Obtains the UP ID from the received packet in the UCM control-/user-plane separated (CUPS) network. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · INP_EXLISTENNET—Sets this flag when the connection information is added to the network segment linked list. · N/A—None of the above flags.
Inpcb vflag	IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_IPV6—IPv6 protocol. · INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags.
Hop limit	Hop limit in the Internet PCB.
Connection state	TCP connection state: · CLOSED—The server receives a disconnection request's reply from the client. · LISTEN—The server is waiting for connection requests. · SYN_SENT—The client is waiting for the server to reply to the connection request. · SYN_RCVD—The server receives a connection request. · ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. · CLOSE_WAIT—The server receives a disconnection request from the client. · FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. · CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other. · LAST_ACK—The server is waiting for the client to reply to a disconnection request. · FIN_WAIT_2—The client receives a disconnection reply from the server. · TIME_WAIT—The client receives a disconnection request from the server.
TCP options	TCP options: · TF_DELACK—Delays sending ACK packets. · TF_SENTFIN—A FIN packet has been sent. · TF_RCVD_SCALE—Requests the receive window size scale factor. · TF_RCVD_TSTMP—A timestamp was received in the SYN packet. · TF_NEEDSYN—Sends a SYN packet. · TF_NEEDFIN—Sends a FIN packet. · TF_MORETOCOME—More data is to be added to the socket. · TF_LQ_OVERFLOW—The listening queue overflows. · TF_LASTIDLE—Idle connection. · TF_RXWIN0SENT—A reply with receive window size 0 was sent. · TF_FASTRECOVERY—Enters NewReno fast recovery mode. · TF_WASFRECOVERY—In NewReno fast recovery mode. · TF_SIGNATURE—MD5 signature. · TF_FORCEDATA—Forces to send one byte. · TF_TSO—TSO is enabled. · TF_PMTU—Supports RFC 1191. · TF_PMTUD—Starts path MTU discovery. · TF_PASSIVE_CONN—Passive connection. · TF_APP_SEND—The application sends data. · TF_ABNORMAL_CLOSE—The application was abnormally closed. · TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP. · TF_NOOPT—No TCP options. · TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers. · TF_NSR—Enables TCP NSR. · TF_REQ_SCALE—Enables the TCP window scale option. · TF_REQ_TSTMP—Enables the time stamp option. · TF_SACK_PERMIT—Enables the TCP selective acknowledgement option. · TF_ENHANCED_AUTH—Enables the enhanced authentication option.
NSR state	NSR state of the TCP connection: · CLOSED—Closed (initial) state. · CLOSING—The connection is to be closed. · ENABLED—The connection backup is enabled. · OPEN—The connection synchronization has started. · PENDING—The connection backup is not ready. · READY—The connection backup is ready. · SMOOTH—The connection data is being smoothed. Between the parentheses is the role of the connection: · M—Main connection. · S—Standby connection.
Send VRF	‌ Sending instances.
Receive VRF	‌ Receiving instances.
Error count in abnormal-packet-defend period	Number of abnormal packets received with the defense period after you enable the TCP anti-attack feature.
Checksum errors	Number of received packets with checksum errors.
Duplicate packets	Number of received packets that are duplicate.
Part-Duplicate packets	Number of received packets that are partially duplicate.
Out-of-order packets	Number of received packets that are out of order.
Duplicate ACK packets	Number of received ACK packets that are duplicate.
Out-of-order ACK packets	Number of received ACK packets that are out of order.
Packets with data out of window	Number of received packets that are not in the sliding window.
MD5 authentication errors	Number of received packets that failed the MD5 authentication.
Keychain authentication errors	Number of received packets that failed the keychain authentication.
Timestamp errors	Number of received packets with timestamp errors.
Total receive/send packets	Number of packets sent or received after the connection was established.
Receive/send packets in sequence	Number of packets sent or received through the connection, and their total length in bytes.
Receive/send keepalive packets	Number of keepalive packets sent or received through the connection.
Receive keepalive ack packets	Number of keepalive ACK packets sent or received through the connection.
Receive previous segment not captured packets	Number of packets received through the connection that indicated packet loss before those packets, and their total length in bytes.
Send retransmission packets	Number of retransmitted packets sent through the connection, and their total length in bytes.
Send fast retransmission packets	Number of fast retransmitted packets sent through the connection, and their total length in bytes.
Receive spurious retransmission packets	Number of spuriously retransmitted packets received through the connection, and their total length in bytes.
Receive/send window update packets	Number of window update packets sent or received through the connection.
Receive/send zero window packets	Number of zero-window packets sent or received through the connection.
Receive/send window probe packets	The number of window probe packets sent or received through the connection.
Receive window probe ack packets	Number of window probe ACK packets received through the connection.
Send window full packets	Number of packets sent through the connection that fill the receiving window of the peer.
User send data to tcp(times/bytes)	Number of data transmissions to TCP and their total length in bytes.
User receive data from tcp(times/bytes)	Number of data receptions from TCP and their total length in bytes.
Maximum Segment Size (MSS)	Maximum segment size.
Window Scale (wscale)	Window scale.
Retransmission Timeout (rto)	Retransmission timeout in milliseconds.
Retransmission Count/Total	Current number retransmissions/total number of retransmissions.
Round-trip Time (rtt/rtvar)	Average round-trip time in milliseconds.
Delayed Ack Timeout (ato)	Delayed acknowledgement timeout in milliseconds.
Congestion Window (cwnd)	Sequance number of the packet at the congestion window.
TCP Throughput	TCP throughput in Mbps.
sendpps/sendbps/recvpps/recvbps	· sendpps—Number of packets sent per second. · sendbps—Bytes sent per second. · recvpps—Number of packets received per second. · recvbps—Bytes received per second.
Iss/unack/next/max/wnd	· Iss—Local initial sequence number. · unack—Sequence number of sent packet that has not been acknowledged. · next—Sequence number for next sending. · max—Maximum sequence number for sending. · wnd—Sequence number of the packet at the sending window.
Irs/undeliver/next/adv/wnd	· Irs—Peer initial sequence number. · undeliver—Sequence number of the packet that has not been reported. · next—Sequence number for next sending. · adv—Size of the receiving buffer. · wnd—Sequence number of the packet at the notification receiving window.
Receiving window(scale/lastadvertise/max/min)	Receiving window information: · scale—Window scaling factor (rcv_scale). · lastadvertise—Window value advertised in the most recent packet. · max—Historical maximum value of the sliding window. · min—Historical minimum value of the sliding window.
Sending window(scale/lastadvertise/max/min)	Sending window information: · scale—Window scaling factor (snd_scale). · lastadvertise—Window value advertised in the most recent packet. · max—Historical maximum value of the sliding window. · min—Historical minimum value of the sliding window.
Total Recv/Send Count	Total number of received/sent packets through the LIPC connection between TCP NSR main and standby connections.
EnableMsg Recv/Send Count	Number of received/sent EnableMsg messages through the LIPC connection between TCP NSR main and standby connections.
DisableMsg Recv/Send Count	Number of received/sent DisableMsg messages through the LIPC connection between TCP NSR main and standby connections.
SlotchangeMsg Recv/Send Count	Number of received/sent SlotchangeMsg messages through the LIPC connection between TCP NSR main and standby connections.
ReadyMsg Recv/Send Count	Number of received/sent ReadyMsg messages through the LIPC connection between TCP NSR main and standby connections.
PullMsg Recv/Send Count	Number of received/sent PullMsg messages through the LIPC connection between TCP NSR main and standby connections.
BriefdataMsg Recv/Send Count	Number of received/sent BriefdataMsg messages through the LIPC connection between TCP NSR main and standby connections.
PktMsg Recv/Send Count	Number of received/sent PktMsg messages through the LIPC connection between TCP NSR main and standby connections.
CmdMsg Recv/Send Count	Number of received/sent CmdMsg messages through the LIPC connection between TCP NSR main and standby connections.
history Recv/history Send	Number of received/sent history messages through the LIPC connection between TCP NSR main and standby connections.
Recent Recv/Send Seq	Sequence number of the message received/sent most recently between TCP NSR main and standby connections.
Recent Recv/Send Time	Absolute time of the most recent message receiving/sending between TCP NSR main and standby connections.
rcvsb_timeo/sndsb_timeo/pd_type/pd_len	· rcvsb_timeo—Socket receiving buffer timeout. · sndsb_timeo—Socket sending buffer timeout in jiffies. · pd_type—Socket private data type. · pd_len—Socket private data length in bytes.
so_linger	Socket linger value.
ka_idle/ka_interval/ka_cout	· ka_idle—Socket keepalive idle timeout. · ka_interval—Socket keepalive interval. · ka_cout—Socket keepalive count.
so_accept_filter_str	Name of the socket packet receiving filter.
Md5 Password	TCP MD5 password.
Tcp Key Chain	TCP keychain name.
Out Interface/NextHop/Local Address	· Out Interface—Outgoing interface. · NextHop. · Local Address.
Filter Offset/Length/Value/Mask	Pcb filter offset, length, value, and mask.
Ip Tos/McastTTL/McastLoop/Mcast Interface Index:	· Ip Tos—IP TOS value. · McastTTL—Multicast TTL. · McastLoop—Multicast loop. · Mcast Interface Index—Multicast interface index.
Acl Index/MacIndex	· Acl Index—ACL filtering parameters. · MacIndex—Layer 2 ACL parameters.
Mpls Flag/Label	MPLS flag and MPLS label.
Kernel Event ID	Kernel event ID.
Send Mac	Peer MAC address specified for packet sending of upper-layer applications.
Bier TTL/Entropy/TunnelID	· Bier TTL. · Entropy—BIER grouping flag. · TunnelID—BIER tunnel ID.
Ip Option Hdr	IP options required in a TCP packet.
Tcp connect establish	Time when the TCP connection was established. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Tcp send/datalen	Time of the last data transmission through the TCP connection, and length of the transmitted data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Tcp recv/datalen	Time of the last data reception through the TCP connection, and length of the received data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Retrans(datalen)	Time of the last data retransmission through the TCP connection, and length of the retransmitted data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr connect	Connect time of the service calling. The format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr shutdown	Shutdown time of the service calling. The format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr close	Close time of the service calling. The format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr send/datalen	Time when the service sent data most recently, and length of the sent data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr recv/datalen	Time when the service received data most recently, and length of the received data in bytes. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr first recv epollout	Time when the service received the Epollout event for the first time, in the format of hh:mm:ss:jiffies MMM:DD:YYYY.
Last info usr read	Most recent time when the service was notified to read data. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
Usr Last recv epollevent/event	Time when the service received the last Epoll event, and the event value. The time format is hh:mm:ss:jiffies MMM:DD:YYYY.
TimerType	Timer type statistics.
StarTime	Time when the timer was started, in the format of hh:mm:ss:jiffies MMM:DD:YYYY.
StopTime	Time when the timer was deleted, in the format of hh:mm:ss:jiffies MMM:DD:YYYY.
TimeOut	Timer timeout length, in seconds.
TimeOut Count	Statistics about timer timeouts.
retransmit	Retransmission timer.
persist	Persist timer.
keepalive	Keepalive timer.

‌

display ipv6 tcp-proxy

Use display ipv6 tcp-proxy to display brief information about IPv6 TCP proxy.

Syntax

display ipv6 tcp-proxy slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number.

Examples

# Display brief information about IPv6 TCP proxy.

<Sysname> display ipv6 tcp-proxy slot 10

LAddr->port FAddr->port State Service type

2001::1->45 11:22:33:44->54602 ESTABLISHED WAAS

11:22:33:44->54602 2001::1->45 ESTABLISHED WAAS

Table 21 Command output

Field	Description
LAddr->port	Local IPv6 address and port number.
Faddr->port	Peer IPv6 address and port number.
State	IPv6 TCP connection state: · CLOSED—The server receives a disconnection request's reply from the client. · LISTEN—The server is waiting for connection requests. · SYN_SENT—The client is waiting for the server to reply to the connection request. · SYN_RECEIVED—The server receives a connection request. · ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. · CLOSE_WAIT—The server receives a disconnection request from the client. · FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. · CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other. · LAST_ACK—The server is waiting for the client to reply to a disconnection request. · FIN_WAIT_2—The client receives a disconnection reply from the server. · TIME_WAIT—The client receives a disconnection request from the server.
Service type	Type of services that the IPv6 TCP proxy is used for: · NONE—No service type is specified. · LB—Load balancing services. · WAAS—Wide area application services. · SSL VPN—SSL VPN services.

‌

display ipv6 tcp-proxy port-info

Use display ipv6 tcp-proxy port-info to display the usage of non-well-known ports for IPv6 TCP proxy.

Syntax

display ipv6 tcp-proxy port-info slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number.

Usage guidelines

The TCP ports are divided into well-known ports (port numbers from 0 through 1023) and non-well-known ports (port numbers from 1024 through 65535).

· Well-known ports are for certain services, for example, port 23 for Telnet service, ports 20 and 21 for FTP service, and port 80 for HTTP service.

· Non-well-known ports are available for various services. You can use the display ipv6 tcp-proxy port-info command to display the usage of these ports.

Examples

# Display the usage of non-well-known ports for IPv6 TCP proxy.

<Sysname> display ipv6 tcp-proxy port-info slot 10

Index Range State

16 [1024, 1087] USABLE

17 [1088, 1151] USABLE

18 [1152, 1215] USABLE

19 [1216, 1279] USABLE

20 [1280, 1343] USABLE

...

1020 [65280, 65343] USABLE

1021 [65344, 65407] USABLE

1022 [65408, 65471] USABLE

1023 [65472, 65535] USABLE

Table 22 Command output

Field	Description
Index	Index of the port range.
Range	Start port number and end port number.
State	State of the port range: · USABLE—The ports are assignable. · ASSIGNED—Some ports are dynamically assigned and some ports are not. · ALLASSIGNED—All ports are dynamically assigned. The assigned ports can be reclaimed. · TO RECLAIM—Some ports are statically assigned. The assigned ports can be reclaimed. · RESERVED—The ports are reserved. The reserved ports cannot be dynamically assigned.

‌

display ipv6 udp

Use display ipv6 udp to display brief information about IPv6 UDP connections.

Syntax

display ipv6 udp [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays brief information about IPv6 UDP connections on all cards.

Examples

# Displays brief information about IPv6 UDP connections.

<Sysname> display ipv6 udp

LAddr->port FAddr->port Slot Cpu PCB

2001:2002:2003:2 3001:3002:3003:3 1 0 0x000000000000c387

004:2005:2006:20 004:3005:3006:30

07:2008->1200 07:3008->1200

2001::1->23 2001::5->1284 2 0 0x0000000000000008

2003::1->25 2001::2->1283 3 0 0x0000000000000009

Table 23 Command output

Field	Description
LAddr->port	Local IPv6 address and port number.
FAddr->port	Peer IPv6 address and port number.
PCB	PCB index.

‌

display ipv6 udp verbose

Use display ipv6 udp verbose to display detailed information about IPv6 UDP connections.

Syntax

display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays detailed information about IPv6 UDP connections on all cards.

pcb pcb-index: Displays detailed information about IPv6 UDP connections of the specified PCB. The value range for the pcb-index argument is 1 to 16.

Examples

# Display detailed information about an IPv6 UDP connection.

<Sysname> display ipv6 udp verbose

Total UDP socket number: 1

Connection info: src = ::->69, dst = ::->0

Location: slot: 6 cpu: 0

Creator: sock_test_mips[250]

State: N/A

Options: N/A

Error: 0

Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 41600 / 1 / 0 / N/A

Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A

Type: 2

Protocol: 17

Inpcb flags: N/A

Inpcb extflag: N/A

Inpcb vflag: INP_IPV6

Hop limit: 255 (minimum hop limit: 0)

Send VRF: 0xffff

Receive VRF: 0xffff

Table 24 Command output

Field	Description
Total UDP socket number	Total number of IPv6 UDP sockets.
Connection info	Connection information, including source IPv6 address and port number, and destination IPv6 address and port number.
Location	Socket location.
Creator	Task name of the socket. The progress number is in the square brackets.
State	Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state.
Options	Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-o-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_TIMESTAMP—Records the timestamps of the input packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_FILTER—Supports setting the packet filter criterion. This option is available for OSI Socket and RawIP. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_NBMAADDR—Obtains the remote NBMA address of the ADVPN tunnel. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set.
Error	Error code.
Receiving buffer(cc/hiwat/lowat/drop/state)	Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Sending buffer(cc/hiwat/lowat/state)	Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states.
Type	Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types.
Protocol	Number of the protocol using the socket. 17 represents UDP.
Inpcb flags	Flags in the Internet PCB: · INP_RECVOPTS—Receives IPv6 options. · INP_RECVRETOPTS—Receives replied IPv6 options. · INP_RECVDSTADDR—Receives destination IPv6 address. · INP_HDRINCL—Provides the entire IPv6 header. · INP_REUSEADDR—Reuses the IPv6 address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack. · IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet. · IN6P_HOPLIMIT—Receives the hop limit. · IN6P_HOPOPTS—Receives the hop-by-hop options extension header. · IN6P_DSTOPTS—Receives the destination options extension header. · IN6P_RTHDR—Receives the routing extension header. · IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. · IN6P_TCLASS—Receives the traffic class of the packet. · IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. · IN6P_RFC2292—Uses the API specified in RFC 2292. · IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags.
Inpcb extflag	Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTDONTDROP—Do not drop the received packet. · INP_EXLISTEN—Adds the INPCB carrying this flag to the listen hash table. · INP_EXTFILTER—Filters the contents in the received packets. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTRCVUPID—Obtains the UP ID from the received packet in the UCM control-/user-plane separated (CUPS) network. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · N/A—None of the above flags.
Inpcb vflag	IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_IPV6—IPv6 protocol. · INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags.
Hop limit	Hop limit in the Internet PCB.
Send VRF	‌ Sending instances.
Receive VRF	‌ Receiving instances.

‌

ipv6 address

Use ipv6 address to configure an IPv6 global unicast address for an interface.

Use undo ipv6 address to delete an IPv6 global unicast address of the interface.

Syntax

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }

undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]

Default

No IPv6 global unicast address is configured for an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 address.

prefix-length: Specifies a prefix length in the range of 1 to 128.

Usage guidelines

Application scenarios

Like public IPv4 addresses, IPv6 global unicast addresses are assigned to ISPs. This type of address allows for prefix aggregation to reduce the number of global routing entries. You can use this command to specify an IPv6 global unicast address for an interface.

Restrictions and guidelines

Interfaces of tunnels in IPv4 over IPv4 or IPv4 over IPv6 mode do not support this command.

If you do not specify any parameters, the undo ipv6 address command deletes all IPv6 addresses of an interface.

Examples

# Set the IPv6 global unicast address of Ten-GigabitEthernet 3/0/1 to 2001::1 with prefix length 64.

Method 1:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1/64

Method 2:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1 64

ipv6 address anycast

Use ipv6 address anycast to configure an IPv6 anycast address for an interface.

Use undo ipv6 address anycast to delete the IPv6 anycast address of the interface.

Syntax

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast

undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast

Default

No IPv6 anycast address is configured for an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 anycast address.

prefix-length: Specifies a prefix length in the range of 1 to 128.

Examples

# Set the IPv6 anycast address of interface Ten-GigabitEthernet 3/0/1 to 2001::1 with prefix length 64.

Method 1:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1/64 anycast

Method 2:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1 64 anycast

ipv6 address auto

Use ipv6 address auto to enable the stateless address autoconfiguration feature on an interface, so that the interface can automatically generate a global unicast address.

Use undo ipv6 address auto to disable this feature.

Syntax

ipv6 address auto

undo ipv6 address auto

Default

The stateless address autoconfiguration feature is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically.

To delete the global unicast address and the link-local address that are automatically generated, use either of the following commands:

· undo ipv6 address auto

· undo ipv6 address

Examples

# Enable stateless address autoconfiguration on interface Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address auto

ipv6 address auto link-local

Use ipv6 address auto link-local to automatically generate a link-local address for an interface.

Use undo ipv6 address auto link-local to restore the default.

Syntax

ipv6 address auto link-local

undo ipv6 address auto link-local

Default

No link-local address is configured on an interface. A link-local address is automatically generated after an IPv6 global unicast address is configured for the interface.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

Link-local addresses are used for neighbor discovery and stateless autoconfiguration on the local link. Packets using link-local addresses as the source or destination addresses cannot be forwarded to other links.

After an IPv6 global unicast address is configured for an interface, a link-local address is automatically generated. This link-local address is the same as the one generated by using the ipv6 address auto link-local command.

The undo ipv6 address auto link-local command deletes only the link-local addresses generated through the ipv6 address auto link-local command. If the undo command is executed on an interface with an IPv6 global unicast address configured, the interface still has a link-local address.

You can also manually assign an IPv6 link-local address for an interface by using the ipv6 address link-local command. Manual assignment takes precedence over automatic generation for IPv6 link-local addresses.

· If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated address.

· If you first use manual assignment and then automatic generation, both of the following occur:

¡ The automatically generated link-local address does not take effect.

¡ The link-local address of an interface is still the manually assigned address.

If you delete the manually assigned address, the automatically generated link-local address takes effect.

Examples

# Configure Ten-GigabitEthernet 3/0/1 to automatically generate a link-local address.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address auto link-local

Related commands

ipv6 address link-local

ipv6 address duplicate-detect enable

Use ipv6 address duplicate-detect enable to enable duplicate detection for duplicate addresses.

Use undo ipv6 address duplicate-detect enable to disable duplicate detection for duplicate addresses.

Syntax

ipv6 address duplicate-detect enable

undo ipv6 address duplicate-detect enable

Default

Duplicate detection for duplicate addresses is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If the device detects that an IPv6 address on an interface has been used on the network, the device marks that IPv6 address as duplicate. The interface cannot use the address for communication.

By default, an interface does not perform duplicate detection for duplicate addresses. Once an IPv6 address is marked as duplicate on an interface, it will be unusable even after it becomes unique on the link later.

To resolve this issue, enable duplicate detection for duplicate addresses. This feature sends NS messages to the duplicate address at random intervals until it does not receive an NA response message from that address or until duplicate detection is disabled for duplicate addresses.

You can set the maximum duplicate detection interval for duplicate addresses by using the ipv6 address duplicate-detect interval command. For more information about duplicate address detection, see IPv6 basics configuration in Layer 3—IP Services Configuration Guide.

Examples

# Enable duplicate detection for duplicate addresses.

<Sysname> system-view

[Sysname] ipv6 address duplicate-detect enable

Related commands

ipv6 address duplicate-detect interval

Use ipv6 address duplicate-detect interval to set the maximum duplicate detection interval for duplicate addresses.

Use undo ipv6 address duplicate-detect interval to restore the default.

Syntax

ipv6 address duplicate-detect interval interval

undo ipv6 address duplicate-detect interval

Default

The maximum duplicate detection interval for duplicate addresses is 5 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Sets the maximum duplicate detection interval for duplicate addresses in seconds. The value range for this argument is 1 to 60.

Usage guidelines

After the device marks a detected address as duplicate, it waits for a random amount of time between 1 and the maximum detection interval. Then, the device resends an NS message to the solicited-node multicast address of the duplicate address. This mechanism helps reduce the risk of congestion that results from the NS messages sent for duplicate detection. For more information about duplicate address detection, see IPv6 basics configuration in Layer 3—IP Services Configuration Guide.

Examples

# Set the maximum duplicate detection interval to 10 seconds for duplicate addresses.

<Sysname> system-view

[Sysname] ipv6 address duplicate-detect interval 10

Related commands

ipv6 address duplicate-detect enable

ipv6 address eui-64

Use ipv6 address eui-64 to configure an EUI-64 IPv6 address for an interface.

Use undo ipv6 address eui-64 to delete an EUI-64 IPv6 address from an interface.

Syntax

ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64

Default

No EUI-64 IPv6 address is configured for an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address prefix-length: Specifies an IPv6 address and IPv6 prefix length. The ipv6-address and prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address. The value range for the prefix-length argument is 1 to 64. The IPv6 address and IPv6 prefix length support the following formats:

· ipv6-address/prefix-length. For example: 2001::1/64.

· ipv6-address prefix-length. For example: 2001::1 64.

Usage guidelines

An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated interface ID. To display the EUI-64 IPv6 address, use the display ipv6 interface command.

The prefix length of an EUI-64 IPv6 address cannot be greater than 64.

Examples

# Configure an EUI-64 IPv6 address for interface Ten-GigabitEthernet 3/0/1. The prefix of the address is the same as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device.

Method 1:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1/64 eui-64

Method 2:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 2001::1 64 eui-64

Related commands

display ipv6 interface

ipv6 address link-local

Use ipv6 address link-local to configure a link-local address for the interface.

Use undo ipv6 address link-local to restore the default.

Syntax

ipv6 address ipv6-address link-local

undo ipv6 address ipv6-address link-local

Default

No link-local address is configured for the interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 link-local address. The first 10 bits of an address must be 1111111010 (binary). The first group of hexadecimals in the address must be FE80 to FEBF.

Usage guidelines

Manual assignment takes precedence over automatic generation.

If you use automatic generation, and then use manual assignment, the manually assigned link-local address overwrites the one that is automatically generated.

If you use manual assignment and then use automatic generation, both of the following occur:

· The automatically generated link-local address does not take effect.

· The manually assigned link-local address of an interface remains.

After you delete the manually assigned address, the automatically generated link-local address takes effect. For automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command.

Examples

# Configure a link-local address for Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address fe80::1 link-local

Related commands

ipv6 address auto link-local

ipv6 address prefix-number

Use ipv6 address prefix-number to specify an IPv6 prefix for an interface to automatically generate an IPv6 global unicast address and advertise the prefix.

Use undo ipv6 address prefix-number to restore the default.

Syntax

ipv6 address prefix-number sub-prefix/prefix-length

undo ipv6 address prefix-number

Default

No IPv6 prefix is specified for IPv6 address autoconfiguration.

Views

Interface view

Predefined user roles

network-admin

Parameters

prefix-number: Specifies an IPv6 prefix by its ID in the range of 1 to 1024. The specified IPv6 prefix can be manually configured or obtained through DHCPv6.

sub-prefix: Specifies the sub-prefix bit and host bit for the IPv6 global unicast address.

prefix-length: Specifies the sub-prefix length in the range of 1 to 128.

Usage guidelines

This command enables an interface to automatically generate an IPv6 global unicast address based on the specified IPv6 prefix, sub-prefix bit, and host bit.

An interface can generate only one IPv6 global unicast address based on the prefix specified by using the ipv6 address command. To configure the interface to generate a new IPv6 address, execute the undo ipv6 address command to delete the configuration, and then execute the ipv6 address command.

Examples

# Configure a static IPv6 prefix AAAA::/16 and assign ID 1 to the prefix. Configure Ten-GigabitEthernet 3/0/1 to use this prefix to generate the IPv6 address AAAA:CCCC:DDDD::10/32 and advertise this prefix.

<Sysname> system-view

[Sysname] ipv6 prefix 1 AAAA::/16

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 1 BBBB:CCCC:DDDD::10/32

# Configure Ten-GigabitEthernet 3/0/2 to obtain an IPv6 prefix through DHCPv6 and assign ID 2 to the obtained prefix. Configure Ten-GigabitEthernet 3/0/1 to use the obtained prefix to generate the IPv6 address AAAA:CCCC:DDDD::10/32 and advertise the prefix.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/2

[Sysname-Ten-GigabitEthernet3/0/2] ipv6 dhcp client pd 2 rapid-commit option-group 1

[Sysname-Ten-GigabitEthernet3/0/2] quit

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 address 2 BBBB:CCCC:DDDD::10/32

Related commands

ipv6 prefix

ipv6 dhcp client pd (Layer 3—IP Services Command Reference)

ipv6 bandwidth-based-sharing

Use ipv6 bandwidth-based-sharing to enable IPv6 load sharing based on bandwidth.

Use undo ipv6 bandwidth-based-sharing to disable IPv6 loading sharing based on bandwidth.

Syntax

ipv6 bandwidth-based-sharing

undo ipv6 bandwidth-based-sharing

Default

IPv6 load sharing based on bandwidth is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature load shares IPv6 traffic among multiple output interfaces based on their load percentages. The device calculates the load percentage for each output interface in terms of the interface expected bandwidth.

For devices that run load sharing protocols, they implement load sharing based on the ratios defined by these protocols.

Examples

# Enable IPv6 load sharing based on bandwidth.

<Sysname> system-view

[Sysname] ipv6 bandwidth-based-sharing

ipv6 fib max-number

Use fib max-number to specify the maximum number of FIB entries on an interface module.

Use undo fib max-number to restore the default.

Syntax

ipv6 fib max-number max-number slot slot-number

undo ipv6 fib max-number

Default

The maximum number of IPv6 FIB entries on an interface module is the maximum number of IPv6 FIB entries supported by the device.

Views

System view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of IPv6 FIB entries on an interface module. The value range for this argument is 0 to 4294967295.

slot slot-number: Specifies an interface module by its slot number.

Usage guidelines

To save memory resources, you can use this command to decrease the maximum number of FIB entries on an interface module.

If the value for the max-number argument exceeds the maximum number supported by the device, the configuration does not take effect on interface modules. The maximum number supported by the device is then applied to the interface modules.

If the number of FIB entries has reached max-number on an interface module, the module stops accepting new FIB entries issued by the MPU. The existing services on the module are not affected. If the MPU deletes some old FIB entries and notifies the interface module to delete the entries, the interface module can accept new FIB entries until the upper limit is reached again.

Examples

# Specify the maximum number of FIB entries on the interface module in slot 10 as 1000.

<Sysname> system-view

[Sysname] ipv6 fib max-number 1000 slot 10

ipv6 hop-limit

Use ipv6 hop-limit to set the Hop Limit field in the IPv6 header.

Use undo ipv6 hop-limit to restore the default.

Syntax

ipv6 hop-limit value

undo ipv6 hop-limit

Default

The hop limit is 64.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the number of hops, in the range of 1 to 255.

Usage guidelines

The hop limit determines the number of hops that an IPv6 packet generated by the device can travel.

The device advertises the hop limit in RA messages. All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent. To disable the device from advertising the hop limit, use the ipv6 nd ra hop-limit unspecified command.

Examples

# Set the maximum number of hops to 100.

<Sysname> system-view

[Sysname] ipv6 hop-limit 100

Related commands

ipv6 nd ra hop-limit unspecified

ipv6 hoplimit-expires enable

Use ipv6 hoplimit-expires enable to enable sending ICMPv6 time exceeded messages.

Use undo ipv6 hoplimit-expires to disable sending ICMPv6 time exceeded messages.

Syntax

ipv6 hoplimit-expires enable

undo ipv6 hoplimit-expires enable

Default

Sending ICMPv6 time exceeded messages is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

ICMPv6 time exceeded messages are sent to the source of IPv6 packets after the device discards IPv6 packets because hop or reassembly times out.

To prevent too many ICMPv6 error messages from affecting device performance, disable this feature. Even with the feature disabled, the device still sends fragment reassembly time exceeded messages.

Examples

# Disable sending ICMPv6 time exceeded messages.

<Sysname> system-view

[Sysname] undo ipv6 hoplimit-expires enable

ipv6 icmpv6 echo-reply traffic-priority

Use ipv6 icmpv6 echo-reply traffic-priority to set the forwarding priority value for ICMPv6 echo replies in hardware.

Use undo ipv6 icmpv6 echo-reply traffic-priority to restore the default.

Syntax

ipv6 icmpv6 echo-reply traffic-priority priority-value

undo ipv6 icmpv6 echo-reply traffic-priority

Default

The hardware responds to ICMPv6 echo requests according to their priorities.

Views

System view

Predefined user roles

network-admin

Parameters

traffic-priority priority-value: Specifies the forwarding priority value for ICMPv6 echo replies in hardware. The value range is 0 to 255. A smaller value indicates a lower priority.

Usage guidelines

Application scenarios

When you perform an ICMP echo test on an IPv6 network to test whether an NQA client can reach the NQA server, the NQA client sends ICMPv6 echo requests to the NQA server. By default, the hardware of the NQA server responds to these ICMPv6 echo requests with the lowest priority. When the NQA server forwards a large amount of packets with higher priority than ICMPv6 echo replies, the hardware might fail to send those ICMPv6 echo replies in time. As a result, the ICMPv6 echo replies will be discarded due to sending timeout errors, which causes the ICMP echo test to fail.

To avoid this issue, use this command on the NQA server to increase the forwarding priority value for ICMPv6 echo replies in hardware. When the NQA server forwards a large amount of high-priority packets, the forwarding of ICMPv6 echo replies will not be affected in hardware.

For more information about ICMP echo-type NQA tests, see NQA configuration in Network Management and Monitoring Configuration Guide.

Operating mechanism

After you configure this feature, the hardware forwards ICMPv6 echo replies according to the priority value configured in this command rather than the original priority values in those ICMPv6 echo replies.

After you undo this feature, the hardware forwards ICMPv6 echo replies according to the priority values in those ICMPv6 echo replies.

Examples

# Set the forwarding priority value to 5 for ICMPv6 echo replies in hardware.

<Sysname> system-view

[Sysname] ipv6 icmpv6 echo-reply traffic-priority 5

ipv6 icmpv6 error-interval

Use ipv6 icmpv6 error-interval to set the bucket size and the interval for tokens to arrive in the bucket for ICMPv6 error messages.

Use undo ipv6 icmpv6 error-interval to restore the default.

Syntax

ipv6 icmpv6 error-interval interval [ bucketsize ]

undo ipv6 icmpv6 error-interval

Default

The bucket allows a maximum of 200 tokens, and a token is placed in the bucket every 100 milliseconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval for tokens to arrive in the bucket. The value range is 0 to 2147483647 milliseconds. To disable the ICMPv6 rate limit, set the value to 0.

bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to 200.

Usage guidelines

This command limits the rate at which ICMPv6 error messages are sent. Use this command to prevent network congestion caused by excessive ICMPv6 error messages generated within a short period. A token bucket algorithm is used with one token representing one ICMPv6 error message.

A token is placed in the bucket at intervals until the maximum number of tokens that the bucket can hold is reached.

A token is removed from the bucket when an ICMPv6 error message is sent. When the bucket is empty, ICMPv6 error messages are not sent until a new token is placed in the bucket.

Examples

# Set the bucket size to 40 tokens and the interval for tokens to arrive in the bucket to 200 milliseconds for ICMPv6 error messages.

<Sysname> system-view

[Sysname] ipv6 icmpv6 error-interval 200 40

ipv6 icmpv6 multicast-echo-reply enable

Use ipv6 icmpv6 multicast-echo-reply enable to enable replying to multicast echo requests.

Use undo ipv6 icmpv6 multicast-echo-reply to restore the default.

Syntax

ipv6 icmpv6 multicast-echo-reply enable

undo ipv6 icmpv6 multicast-echo-reply enable

Default

The device is disabled from replying to multicast echo requests.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host. For example, the attacker can send an echo request to a multicast address with Host A as the source. All hosts in the multicast group will send echo replies to Host A.

To prevent attacks, do not enable the device to reply to multicast echo requests unless necessary.

Examples

# Enable replying to multicast echo requests.

<Sysname> system-view

[Sysname] ipv6 icmpv6 multicast-echo-reply enable

ipv6 icmpv6 receive enable

Use ipv6 icmpv6 receive enable to enable the device to receive a specific type of ICMPv6 messages.

Use undo ipv6 icmpv6 receive enable to disable the device from receiving a specific type of ICMPv6 messages.

Syntax

ipv6 icmpv6 { name name | type type code code } receive enable

undo ipv6 icmpv6 { name name | type type code code } receive enable

Default

The device receives all types of ICMPv6 messages.

Views

System view

Predefined user roles

network-admin

Parameters

name name: Specifies an ICMPv6 message name.

type type: Specifies an ICMPv6 message type. The value range for the type argument is 0 to 255.

code code: Specifies an ICMPv6 message code. The value range for the code argument is 0 to 255.

Usage guidelines

CAUTION:

Disabling receiving ICMPv6 messages of a specific type might affect network operation. Please use this feature with caution.

‌

By default, the device receives all types of ICMPv6 messages. Such a setting might affect device performance if a large number of ICMPv6 responses are received within a short time. To resolve this issue, you can use this command to disable the device from receiving a specific type of ICMPv6 messages.

Table 25 shows common ICMPv6 messages and their meanings.

Table 25 Common ICMPv6 messages

Name	Type	Code	Description
echo	128	0	Echo request used to ping a target node.
echo-reply	129	0	Echo reply sent by a target node after receiving an echo request.
err-header-field	4	0	Erroneous header field was found.
frag-time-exceeded	3	1	Fragment reassembly timed out.
hop-limit-exceeded	3	0	Hop limit decreased to 0 in transit.
host-admin-prohib	1	1	Communication with the target host was prohibited by the admin policy.
host-unreachable	1	3	The target host address was unreachable.
neighbor-advertisement	136	0	Neighbor advertisement for IPv6 neighbor discovery.
neighbor-solicitation	135	0	Neighbor solicitation for IPv6 neighbor discovery.
network-unreachable	1	0	No route to destination exists.
packet-too-big	2	0	Packet forwarding failed because the packet length was longer than the MTU.
port-unreachable	1	4	The target port was unreachable.
redirect	137	0	Route redirection message.
router-advertisement	134	0	IPv6 router advertisement.
router-solicitation	133	0	IPv6 router solicitation.
unknown-ipv6-opt	4	2	Unknown IPv6 option.
unknown-next-hdr	4	1	Unknown IPv6 Next Header field.

‌

Examples

# Disable the device from receiving ICMPv6 echo reply messages.

<Sysname> system-view

[Sysname] undo ipv6 icmpv6 name echo-reply receive enable

ipv6 icmpv6 send enable

Use ipv6 icmpv6 send enable to enable the device to send a specific type of ICMPv6 messages.

Use undo ipv6 icmpv6 send enable to disable the device from sending a specific type of ICMPv6 messages.

Syntax

ipv6 icmpv6 { name name | type type code code } send enable

undo ipv6 icmpv6 { name name | type type code code } send enable

Default

The device can send all types of ICMPv6 messages except Destination Unreachable and Redirect messages.

Views

System view

Predefined user roles

network-admin

Parameters

name name: Specifies an ICMPv6 message name.

type type: Specifies an ICMPv6 message type. The value range for the type argument is 0 to 255.

code code: Specifies an ICMPv6 message code. The value range for the code argument is 0 to 255.

Usage guidelines

CAUTION:

Disabling sending ICMPv6 messages of a specific type might affect network operation. Please use this feature with caution.

‌

By default, the device sends all types of ICMPv6 messages except Destination Unreachable and Redirect messages. Attackers might obtain device information from specific types of ICMPv6 messages, causing security issues.

For security purposes, you can use this command to disable the device from sending specific types of ICMPv6 messages.

To enable sending Destination Unreachable, Time Exceeded, or Redirect messages, you can perform one of the following tasks:

· Execute the ipv6 icmpv6 send enable command.

· Execute one of the following commands as needed:

¡ ipv6 unreachables enable

¡ ipv6 hoplimit-expires enable

¡ ipv6 redirects enable

Table 25 shows common ICMPv6 messages and their meanings.

Examples

# Disable the device from sending ICMPv6 echo reply messages.

<Sysname> system-view

[Sysname] undo ipv6 icmpv6 name echo-reply send enable

Related commands

ipv6 unreachables enable

ipv6 hoplimit-expires enable

ipv6 redirects enable

ipv6 icmpv6 source

Use ipv6 icmpv6 source to specify an IPv6 address as the source address for outgoing ICMPv6 packets.

Use undo ipv6 icmpv6 source to remove the specified IPv6 source address for outgoing ICMPv6 packets.

Syntax

ipv6 icmpv6 source [ vpn-instance vpn-instance-name ] ipv6-address

undo ipv6 icmpv6 source [ vpn-instance vpn-instance-name ]

Default

No IPv6 source address for outgoing ICMPv6 packets is specified. The device uses the IPv6 address of the sending interface as the source IPv6 address for outgoing ICMPv6 packets.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the specified address belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the ipv6-address argument specifies an IPv6 address on the public network.

ipv6-address: Specifies an IPv6 address.

Usage guidelines

It is a good practice to specify the IPv6 address of the loopback interface as the source IPv6 address for outgoing ping echo request and ICMPv6 error messages. This feature helps network administrators to easily locate the sending device.

Examples

# Specify IPv6 address 1::1 as the source address for outgoing ICMPv6 packets.

<Sysname> system-view

[Sysname] ipv6 icmpv6 source 1::1

ipv6 mtu

Use ipv6 mtu to set the interface MTU for IPv6 packets.

Use undo ipv6 mtu to restore the default MTU.

Syntax

ipv6 mtu size

undo ipv6 mtu

Default

The interface MTU is not configured.

Views

Interface view

Predefined user roles

network-admin

Parameters

size: Specifies the MTU size in bytes.The value range for this argument is 1280 to 9600.

Usage guidelines

IPv6 routers do not support packet fragmentation. After an IPv6 router receives an IPv6 packet, if the packet size is greater than the MTU of the forwarding interface, the router discards the packet. Meanwhile, the router sends the MTU to the source host through an ICMPv6 packet — Packet Too Big message. The source host fragments the packet according to the MTU and resends it. To reduce the extra flow overhead resulting from packet drops, set an appropriate interface MTU for your network.

Examples

# Set the interface MTU for IPv6 packets to 1280 bytes on Ten-GigabitEthernet 3/0/1 to 1280 bytes.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 mtu 1280

ipv6 nd autoconfig managed-address-flag

Use ipv6 nd autoconfig managed-address-flag to set the managed address configuration flag (M) to 1 in RA advertisements to be sent.

Use undo ipv6 nd autoconfig managed-address-flag to restore the default.

Syntax

ipv6 nd autoconfig managed-address-flag

undo ipv6 nd autoconfig managed-address-flag

Default

The M flag is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6 addresses through stateless autoconfiguration.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain IPv6 addresses.

· If the M flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from an DHCPv6 server) to obtain IPv6 addresses.

· If the M flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to obtain IPv6 addresses.

Examples

# Set the M flag to 1 in RA advertisements to be sent.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd autoconfig managed-address-flag

ipv6 nd autoconfig other-flag

Use ipv6 nd autoconfig other-flag to set the other stateful configuration flag (O) to 1 in RA advertisements to be sent.

Use undo ipv6 nd autoconfig other-flag to restore the default.

Syntax

ipv6 nd autoconfig other-flag

undo ipv6 nd autoconfig other-flag

Default

The O flag is set to 0 in RA advertisements. Hosts receiving the advertisements will acquire other information through stateless autoconfiguration.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The O flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain configuration information other than IPv6 addresses.

· If the O flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 addresses.

· If the O flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to obtain configuration information other than IPv6 addresses.

Examples

# Set the O flag to 0 in RA advertisements to be sent.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] undo ipv6 nd autoconfig other-flag

ipv6 nd dad attempts

Use ipv6 nd dad attempts to set the number of attempts to send an NS message for DAD.

Use undo ipv6 nd dad attempts to restore the default.

Syntax

ipv6 nd dad attempts times

undo ipv6 nd dad attempts

Default

The number of attempts to send an NS message for DAD is 1.

Views

Interface view

Predefined user roles

network-admin

Parameters

times: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. If it is set to 0, DAD is disabled.

Usage guidelines

An interface sends an NS message for DAD after obtaining an IPv6 address.

If the interface does not receive a response within the time specified by using ipv6 nd ns retrans-timer, it resends an NS message.

If the interface receives no response after making the maximum sending attempts (set by using ipv6 nd dad attempts), the interface uses the obtained address.

Examples

# Set the number of attempts to send an NS message for DAD to 20.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd dad attempts 20

Related commands

display ipv6 interface

ipv6 nd ns retrans-timer

ipv6 nd entry-limit record enable

Use ipv6 nd entry-limit record enable to enable recording ND entry learning events.

Use undo ipv6 nd entry-limit record enable to disable recording ND entry learning events.

Syntax

ipv6 nd entry-limit record enable

undo ipv6 nd entry-limit record enable

Default

The ND module does not record ND entry learning events.

Views

System view

Predefined user roles

network-admin

Usage guidelines

An ND entry learning event occurs when the number of ND entries that a card or an interface has learnt exceeds the threshold or drops below the threshold.

After you enable this feature, the ND module logs ND entry learning events and sends them to the information center. For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the log destination and output rule configuration in the information center, see information center configuration in Network Management and Monitoring Configuration Guide.

Examples

# Enable recording ND entry learning events.

<Sysname> system-view

[Sysname] ipv6 nd entry-limit record enable

Related commands

ipv6 neighbors max-learning-num

ipv6 neighbors max-learning-number

ipv6 nd local-conflict record enable

Use ipv6 nd local-conflict record enable to enable recording IP address conflicts between the local device and endpoints.

Use undo ipv6 nd local-conflict record enable to disable recording IP address conflicts between the local device and endpoints.

Syntax

ipv6 nd local-conflict record enable

undo ipv6 nd local-conflict record enable

Default

The ND module does not record IP address conflicts between the local device and endpoints.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you enable this feature, the ND module compares the IP address of the sender with the IP address of the local device when it receives an ND packet. If the two IP addresses are the same, the ND module determines that the local device has an address conflict with the sender, and then performs the following tasks:

· Generates an address conflict entry. If the address conflict does not occur again in three minutes, the system will delete the address conflict entry.

· Logs the address conflict and sends the log message to the information center.

An interface sends address conflict log messages to the information center only once per minute.

A maximum of 128 interfaces can send address conflict log messages concurrently to the information center. If the number of interfaces exceeds 128, the excess interfaces cannot send address conflict log messages to the information center unless some of the prior 128 interfaces have no address conflict.

For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the log destination and output rule configuration in the information center, see information center configuration in Network Management and Monitoring Configuration Guide.

Examples

# Enable recording IP address conflicts between the local device and endpoints.

<Sysname> system-view

[Sysname] ipv6 nd local-conflict record enable

ipv6 nd nd-miss record enable

Use ipv6 nd nd-miss record enable to en able recording overspeed events of ND Miss message generation and ND packet sending.

Use undo ipv6 nd nd-miss record enable to disable recording overspeed events of ND Miss message generation and ND packet sending.

Syntax

ipv6 nd nd-miss record enable

undo ipv6 nd nd-miss record enable

Default

The ND module does not record overspeed events of ND Miss message generation and ND packet sending.

Views

System view

Predefined user roles

network-admin

Usage guidelines

NOTE:

The alarm threshold on the speed of ND Miss message generation varies by device model. The ND packet sending rate is a fixed value in the current software version.

To avoid frequent alarms and alarm clearance, the system will not send an alarm again in one minute after the alarm is cleared.

‌

An ND Miss packet is an IPv6 packet with an irresolvable destination address. On receipt of such a packet, the device performs the following task:

1. Generates an ND Miss message and delivers the ND Miss packet to its CPU for processing.

2. Generates and issues a temporary ND entry.

3. Sends an NS packet to the destination network read from the ND Miss packet.

A host can exploit this mechanism launch to an ND Miss packet attack on the device. This attack form causes the following issues:

· The device sends a large number of NS packets to t he destination network of the received ND Miss packets and causes a heavy service load on that network.

· Repeated attempts of IPv6 address resolution causes a heavy service load on the CPU of the device.

To resolve this issue, enable the ND module to record overspeed events of ND Miss message generation and ND packet sending. The ND module sends the log messages to the information center. For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the log destination and output rule configuration in the information center, see information center configuration in Network Management and Monitoring Configuration Guide.

Examples

# Enable recording overspeed events of ND Miss message generation and ND packet sending.

<Sysname> system-view

[Sysname] ipv6 nd nd-miss record enable

ipv6 nd ns retrans-timer

Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message.

Use undo ipv6 nd ns retrans-timer to restore the default.

Syntax

ipv6 nd ns retrans-timer value

undo ipv6 nd ns retrans-timer

Default

The local interface sends NS messages at every an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0. The interval for retransmitting an NS message is determined by the receiving device.

Views

Interface view

Predefined user roles

network-admin

Parameters

value: Specifies the interval value in the range of 1000 to 4294967295 milliseconds.

Usage guidelines

If a device does not receive a response from the peer within the specified interval, the device resends an NS message. The device retransmits an NS message at the specified interval and uses the interval value to fill the Retrans Timer field in RA messages to be sent.

Examples

# Specify Ten-GigabitEthernet 3/0/1 to retransmit NS messages every 10000 milliseconds.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ns retrans-timer 10000

Related commands

display ipv6 interface

ipv6 nd nud reachable-time

Use ipv6 nd nud reachable-time to set the neighbor reachable time on an interface.

Use undo ipv6 nd nud reachable-time to restore the default.

Syntax

ipv6 nd nud reachable-time time

undo ipv6 nd nud reachable-time

Default

The neighbor reachable time on the local interface is 1200000 milliseconds, and the value of the Reachable Time field in RA messages is 0. The reachable time is determined by the receiving device.

Views

Interface view

Predefined user roles

network-admin

Parameters

time: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds.

Usage guidelines

If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device must send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable. The device sets the specified value as the neighbor reachable time on the local interface and uses the value to fill the Reachable Time field in RA messages to be sent.

Examples

# Set the neighbor reachable time on Ten-GigabitEthernet 3/0/1 to 10000 milliseconds.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd nud reachable-time 10000

Related commands

display ipv6 interface

ipv6 nd probe rate-limit

Use ipv6 nd probe rate-limit to set the maximum sending rate of ND probe messages.

Use undo ipv6 nd probe rate-limit to restore the default.

Syntax

ipv6 nd probe rate-limit pps

undo ipv6 nd probe rate-limit

Default

The maximum sending rate of ND probe messages is 1000 pps.

Views

System view

Predefined user roles

network-admin

Parameters

pps: Specifies the maximum sending rate of ND probe messages. The value range for this argument is 10 to 2000 pps.

Usage guidelines

Application scenarios

If a device sends ND probe messages too fast and the downstream devices do not have sufficient performance, those devices will be busy with processing the ND probe messages. As a result, the downstream devices might process services abnormally. To avoid this issue, use this command to adjust the sending rate of ND probe messages.

Restrictions and guidelines

To ensure successful configuration, the value for the pps argument must be a multiple of 10.

Examples

# Set the maximum sending rate of ND probe messages to 1500 pps.

<Sysname> system-view

[Sysname] ipv6 nd probe rate-limit 1500

ipv6 nd ra dns search-list

Use ipv6 nd ra dns search-list to specify DNS suffix information to be advertised in RA messages.

Use undo ipv6 nd ra dns search-list to remove a DNS suffix from RA message advertisement.

Syntax

ipv6 nd ra dns search-list domain-name [ seconds | infinite ] sequence seqno

undo ipv6 nd ra dns search-list domain-name

Default

DNS suffix information is not specified and RA messages do not contain DNS suffix options.

Views

Interface view

Predefined user roles

network-admin

Parameters

domain-name: Specifies a DNS suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.), for example, aabbcc.com. The DNS suffix can include a maximum of 253 characters, and each separated string includes no more than 63 characters.

seconds: Specifies the lifetime of the DNS suffix, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS suffix is infinite.

infinite: Sets the lifetime of the DNS suffix to infinite.

seqno: Specifies the sequence number of the DNS suffix, in the range of 0 to 4294967295. The sequence number for a DNS suffix must be unique. A smaller sequence number represents a higher priority.

Usage guidelines

The DNS search list (DNSSL) option in RA messages provides DNS suffix information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS suffix through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.

The default lifetime of the DNS suffix is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.

You can configure a maximum of eight DNS suffixes on an interface. One DNSSL option contains one DNS suffix. All DNSSL options are sorted in ascending order of the sequence number of the DNS suffix.

The sequence number uniquely identifies a DNS suffix. To modify a DNS suffix or its sequence number, you must first use the undo ipv6 nd ra dns search-list command to remove the DNS suffix from RA message advertisement.

After you execute the ipv6 nd ra dns search-list command, the device immediately sends an RA message with the existing and newly specified DNS suffix information.

After you execute the undo ipv6 nd ra dns search-list command, the device immediately sends two RA messages.

· The first RA message contains information about all DNS suffixes, including DNS suffixes specified in the undo command with their lifetime set to 0 seconds.

· The second RA message contains information about remaining DNS suffixes.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

Examples

# Specify the DNS suffix as com, the suffix lifetime as 3600 seconds, and the sequence number as 1 for RA messages on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra dns search-list com 3600 sequence 1

Related commands

ipv6 nd ra dns search-list suppress

ipv6 nd ra interval

ipv6 nd ra dns search-list suppress

Use ipv6 nd ra dns search-list suppress to enable DNS suffix suppression in RA messages.

Use undo ipv6 nd ra dns search-list suppress to disable DNS suffix suppression in RA messages.

Syntax

ipv6 nd ra dns search-list suppress

undo ipv6 nd ra dns search-list suppress

Default

DNS suffix suppression in RA messages is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command suppresses advertising DNS suffixes in RA messages on an interface. If you specify a new DNS suffix or remove a DNS suffix on the interface, the device immediately sends an RA message without any DNSSL options.

RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.

Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS suffix information configured, the device immediately sends two RA messages. In the first message, the lifetime for DNS suffixes is 0 seconds. The second RA message does not contain any DNSSL options.

· If the interface has no DNS suffix information specified, no RA messages are triggered.

Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS suffix information configured, the device immediately sends an RA message containing the DNS suffix information.

· If the interface has no DNS suffix information specified, no RA messages are triggered.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

Examples

# Enable DNS suffix suppression in RA messages on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra dns search-list suppress

Related commands

ipv6 nd ra dns search-list

ipv6 nd ra dns server

Use ipv6 nd ra dns server to specify DNS server information to be advertised in RA messages.

Use undo ipv6 nd ra dns server to remove a DNS server from RA message advertisement.

Syntax

ipv6 nd ra dns server ipv6-address [ seconds | infinite ] sequence seqno

undo ipv6 nd ra dns server ipv6-address

Default

DNS server information is not specified and RA messages do not contain DNS server options.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of the DNS server, which must be a global unicast address or a link-local address.

seconds: Specifies the lifetime of the DNS server, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS server is infinite.

infinite: Sets the lifetime of the DNS server to infinite.

sequence seqno: Specifies the sequence number of the DNS server, in the range of 0 to 4294967295. The sequence number for a DNS server must be unique. A smaller sequence number represents a higher priority.

Usage guidelines

The DNS server option in RA messages provides DNS server information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS server through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.

The default lifetime of the DNS server is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.

You can configure a maximum of eight DNS servers on an interface. One DNS server option contains one DNS server. All DNS server options are sorted in ascending order of the DNS server sequence number.

The sequence number uniquely identifies a DNS server. To modify the IPv6 address or sequence number of a DNS server, you must first use the undo ipv6 nd ra dns server command to remove the DNS server from RA message advertisement.

After you execute the ipv6 nd ra dns server command, the device immediately sends an RA message with the existing and newly specified DNS server options.

After you execute the undo ipv6 nd ra dns server command, the device immediately sends two RA messages.

· The first RA message contains information about all DNS servers, including the DNS servers specified in the undo command with their lifetime set to 0 seconds.

· The second RA message contains information about remaining DNS servers.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

In an IPv6 environment, PPP users and IPoE IPv6-ND-RS users can obtain the IPv6 DNS server address through AAA authorization. This AAA-authorized IPv6 DNS server address is also carried in RA messages. If an interface obtains the AAA-authorized and manually specified IPv6 DNS server addresses, the RA messages contain both, with the AAA-authorized address in the front. When the two addresses conflict, the AAA-authorized DNS-related attributes are used.

For more information about the PPP support for IPv6, see PPP configuration in Layer 2—WAN Access Configuration Guide.

For more information about IPoE IPv6-ND-RS users, see IPoE configuration in BRAS Services Configuration Guide.

Examples

# Specify the DNS server address as 2001:10::100, the server lifetime as 3600 seconds, and the sequence number as 1 for RA messages on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra dns server 2001:10::100 3600 sequence 1

Related commands

ipv6 nd ra dns server suppress

ipv6 nd ra interval

ipv6 nd ra dns server suppress

Use ipv6 nd ra dns server suppress to enable DNS server suppression in RA messages.

Use undo ipv6 nd ra dns server suppress to disable DNS server suppression in RA messages.

Syntax

ipv6 nd ra dns server suppress

undo ipv6 nd ra dns server suppress

Default

DNS server suppression in RA messages is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command suppresses advertising DNS server addresses in RA messages on an interface. If you specify a new DNS server or remove a DNS server on the interface, the device immediately sends an RA message without any DNS server options.

RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.

Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends two RA messages. In the first message, the lifetime for DNS server addresses is 0 seconds. The second RA message does not contain any DNS server options.

· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.

Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:

· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends an RA message containing the DNS server information.

· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.

Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.

Examples

# Enable DNS server suppression in RA messages on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra dns server suppress

Related commands

ipv6 nd ra dns server

ipv6 nd ra halt

Use ipv6 nd ra halt to suppress an interface from advertising RA messages.

Use undo ipv6 nd ra halt to disable this feature.

Syntax

ipv6 nd ra halt

undo ipv6 nd ra halt

Default

An interface is suppressed from sending RA messages.

Views

Interface view

Predefined user roles

network-admin

Examples

# Disable RA message suppression on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] undo ipv6 nd ra halt

ipv6 nd ra hop-limit unspecified

Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages.

Use undo ipv6 nd ra hop-limit unspecified to restore the default.

Syntax

ipv6 nd ra hop-limit unspecified

undo ipv6 nd ra hop-limit unspecified

Default

The maximum number of hops in the RA messages is limited to 64.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

To set the maximum number of hops to a value rather than the default setting, use the ipv6 hop-limit command.

Examples

# Specify unlimited hops in the RA messages on interface Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra hop-limit unspecified

Related commands

ipv6 hop-limit

ipv6 nd ra interval

Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages.

Use undo ipv6 nd ra interval to restore the default.

Syntax

ipv6 nd ra interval max-interval min-interval

undo ipv6 nd ra interval

Default

The maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds.

Views

Interface view

Predefined user roles

network-admin

Parameters

max-interval: Specifies the maximum interval value in seconds, in the range of 4 to 1800.

min-interval: Specifies the minimum interval value in the range of 3 seconds to three-fourths of the maximum interval.

Usage guidelines

The device advertises RA messages randomly between the maximum interval and the minimum interval.

The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.

Examples

# Set the maximum interval for advertising RA messages to 1000 seconds and the minimum interval to 700 seconds.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra interval 1000 700

Related commands

ipv6 nd ra router-lifetime

ipv6 nd ra no-advlinkmtu

Use ipv6 nd ra no-advlinkmtu to turn off the MTU option in RA messages.

Use undo ipv6 nd ra no-advlinkmtu to restore the default.

Syntax

ipv6 nd ra no-advlinkmtu

undo ipv6 nd ra no-advlinkmtu

Default

RA messages contain the MTU option.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

The MTU option in the RA messages specifies the link MTU to ensure that all nodes on the link use the same MTU.

Examples

# Turn off the MTU option in RA messages on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra no-advlinkmtu

ipv6 nd ra prefix

Use ipv6 nd ra prefix to configure the prefix information in RA messages.

Use undo ipv6 nd ra prefix to restore the default.

Syntax

ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * | no-advertise ]

undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length }

Default

No prefix information is configured for RA messages. Instead, the IPv6 address of the interface sending RA messages is used as the prefix information.

If the IPv6 address is manually configured, the prefix uses the fixed valid lifetime 2592000 seconds (30 days) and preferred lifetime 604800 seconds (7 days).

If the IPv6 address is automatically obtained (through DHCP, for example), the prefix uses the valid and preferred lifetime of the IPv6 address.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-prefix: Specifies the IPv6 prefix.

prefix-length: Specifies the prefix length of the IPv6 address.

valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).

preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The default value is 604800 seconds (7 days). The preferred lifetime cannot be longer than the valid lifetime.

no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.

off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.

no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.

Usage guidelines

If the command specifies a prefix the same as the prefix in the IPv6 address of the interface, the interface preferentially uses the prefix configured in this command for RA advertisement.

After hosts on the same link receive RA messages, they can use the prefix information in the RA messages for stateless autoconfiguration.

If this command specifies a prefix without a parameter, the prefix preferentially uses the default settings configured by using the ipv6 nd ra prefix default command. If the default settings are unavailable, the prefix uses the following settings:

· Valid lifetime of 2592000 seconds (30 days).

· Preferred lifetime of 604800 seconds (7 days).

· The prefix is used for stateless autoconfiguration.

· The address with the prefix is directly reachable on the link.

· The prefix is advertised in RA messages.

Examples

# Configure the prefix information in RA messages on Ten-GigabitEthernet 3/0/1.

Method 1:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra prefix 2001:10::100/64 100 10

Method 2:

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra prefix 2001:10::100 64 100 10

ipv6 nd ra prefix default

Use ipv6 nd ra prefix default to configure the default settings for prefixes advertised in RA messages.

Use undo ipv6 nd ra prefix default to restore the default.

Syntax

ipv6 nd ra prefix default [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * | no-advertise ]

undo ipv6 nd ra prefix default

Default

No default settings are configured for prefixes advertised in RA messages.

Views

Interface view

Predefined user roles

network-admin

Parameters

valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).

no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.

off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.

no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.

Usage guidelines

The prefix parameters (valid-lifetime, preferred-lifetime, no-autoconfig, off-link, and no-advertise) in the ipv6 nd ra prefix command take precedence over those specified in this command. If you do not specify a prefix parameter in the ipv6 nd ra prefix command, the prefix uses the setting in the ipv6 nd ra prefix default command.

All settings in this command are applicable to the prefixes that are specified by the ipv6 nd ra prefix command. For the prefix in the IPv6 address of the interface, only the no-advertise keyword takes effect.

Examples

# Configure the default settings for prefixes advertised in RA messages on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra prefix default 100 10

ipv6 nd ra router-lifetime

Use ipv6 nd ra router-lifetime to set the router lifetime in RA messages.

Use undo ipv6 nd ra router-lifetime to restore the default.

Syntax

ipv6 nd ra router-lifetime time

undo ipv6 nd ra router-lifetime

Default

The router lifetime in RA messages is three times the maximum interval for advertising RA messages.

Views

Interface view

Predefined user roles

network-admin

Parameters

time: Specifies the router lifetime in the range of 0 to 9000 seconds. If the value is set to 0, the router does not act as the default router.

Usage guidelines

The router lifetime in RA messages specifies how long the router sending the RA messages acts as the default router. Hosts receiving the RA messages check this value to determine whether to use the sending router as the default router. If the router lifetime is 0, the router cannot be used as the default router.

The router lifetime in RA messages must be greater than or equal to the advertising interval.

Examples

# Set the router lifetime in RA messages on Ten-GigabitEthernet 3/0/1 to 1000 seconds.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd ra router-lifetime 1000

Related commands

ipv6 nd ra interval

ipv6 nd route-direct advertise

Use ipv6 nd route-direct advertise to enable ND direct route advertisement.

Use undo ipv6 nd route-direct advertise to disable ND direct route advertisement.

Syntax

ipv6 nd route-direct advertise

undo ipv6 nd route-direct advertise

Default

The ND direct route advertisement feature is disabled.

Views

System view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

L3VE interface view

L3VE subinterface view

VPN instance view

Predefined user roles

network-admin

Usage guidelines

The ND direct route advertisement feature generates host routes based on ND entries for packet forwarding and route advertisement.

This feature takes effect on an interface when you perform one of the following tasks:

· Enable this feature on the interface.

· Enable this feature in system view if the interface is on the public network. This feature takes effect on all interfaces that belong to the public network on the device.

· Enable this feature in VPN instance view if the interface is bound to the VPN instance. This feature takes effect on all interfaces bound to this VPN instance.

To disable this feature on an interface, make sure both of the following requirements are met:

· This feature is disabled on the interface.

· This feature is disabled for the VPN instance or public network to which the interface belongs.

Examples

# Enable ND direct route advertisement in system view.

<Sysname> system-view

[Sysname] ipv6 nd route-direct advertise

# Enable ND direct route advertisement on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd route-direct advertise

# Enable ND direct route advertisement for L3VE interface VE-L3VPN 1.

<Sysname> system-view

[Sysname] interface ve-l3vpn 1

[Sysname-VE-L3VPN1] ipv6 nd route-direct advertise

# Enable ND direct route advertisement in VPN instance vpna.

<Sysname> system-view

[Sysname] ip vpn-instance vpna

[Sysname-vpn-instance-vpna] ipv6 nd route-direct advertise

ipv6 nd router-preference

Use ipv6 nd router-preference to set a router preference in RA messages.

Use undo ipv6 nd router-preference to restore the default.

Syntax

ipv6 nd router-preference { high | low | medium }

undo ipv6 nd router-preference

Default

The router preference is medium.

Views

Interface view

Predefined user roles

network-admin

Parameters

high: Sets the router preference to the highest setting.

low: Sets the router preference to the lowest setting.

medium: Sets the router preference to the medium setting.

Usage guidelines

A hosts selects a router with the highest preference as the default router.

When router preferences are the same in RA messages, a host selects the router corresponding to the first received RA message as the default gateway.

Examples

# Set the router preference in RA messages to the lowest on interface Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd router-preference low

ipv6 nd span-segment-learning enable

Use ipv6 nd span-segment-learning enable to enable learning ND information from a different subnet.

Use undo ipv6 nd span-segment-learning enable to disable learning ND information from a different subnet.

Syntax

ipv6 nd span-segment-learning enable

undo ipv6 nd span-segment-learning enable

Default

Cross-subnet ND information learning is disabled in both system view and interface view.

Views

System view

VLAN interface view

Layer 3 Ethernet interface view

Layer 3 Ethernet subinterface view

Layer 3 aggregate interface view

Layer 3 aggregate subinterface view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

Disabling this feature deletes existing ND entries learned from different subnets, and might disconnect sessions to the subnets.

‌

With this feature enabled, when an interface receives an NS packet from a node in a different subnet, it returns an NA packet and generates a host route with a 128-bit prefix in the FIB table. If uRPF is enabled on the interface, packets from the node to the interface will be discarded because the source IP address cannot match any unicast route in the FIB table and loose uRPF check fails. To avoid such packets from being discarded by uRPF, disable learning ND information from a different subnet as a best practice. For more information about uRPF, see Security Configuration Guide.

You can configure this feature globally or for specific interfaces. When this feature is disabled globally, you cannot enable it for any interfaces.

With this feature disabled, an interface can learn only ND information from the subnet in which the interface is in.

Examples

# Disable learning ND information from a different subnet on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] undo ipv6 nd span-segment-learning enable

This operation might result in flow interruption. Continue? [Y/N]: Y

ipv6 nd unsolicited-na-learning enable

Use ipv6 nd unsolicited-na-learning enable to enable unsolicited NA learning.

Use undo ipv6 nd unsolicited-na-learning enable to disable unsolicited NA learning.

Syntax

ipv6 nd unsolicited-na-learning enable

undo ipv6 nd unsolicited-na-learning enable

Default

Unsolicited NA learning is disabled.

Views

Layer 3 interface view

Predefined user roles

network-admin

Usage guidelines

This feature enables an interface to learn ND entries from unsolicited NA messages. The ND entries generated by using this method are in stale state. To ensure that the device learns ND entries from trusted NA messages, enable this feature only on a secure network.

This feature might cause the device to learn excessive ND entries that consume too many system resources. As a best practice, execute the ipv6 neighbor stale-aging command to set a smaller aging timer before you enable this feature. The smaller aging timer accelerates the aging of ND entries in stale state.

Examples

# Enable unsolicited NA learning on Layer 3 Ethernet interface Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface Ten-GigabitEthernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 nd unsolicited-na-learning enable

Related commands

ipv6 neighbor stale-aging

ipv6 nd user-ip-conflict record enable

Use ipv6 nd user-ip-conflict record enable to enable recording user IPv6 address conflicts.

Use undo ipv6 nd user-ip-conflict record enable to disable recording user IPv6 address conflicts.

Syntax

ipv6 nd user-ip-conflict record enable

undo ipv6 nd user-ip-conflict record enable

Default

The device does not record user IPv6 address conflicts.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature detects and records user IPv6 address conflicts. A conflict occurs if an incoming NA packet has the same source IPv6 address as an existing ND entry but a different source MAC address. The device generates a user IPv6 address conflict record, logs the conflict, and sends the log message to the information center. For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the log destination and output rule configuration in the information center, see the information center in Network Management and Monitoring Configuration Guide.

Each card can generate a maximum of 10 user IPv6 address conflict log messages per second. When this maximum number is reached, the card suppresses generating user IPv6 address conflict log messages and records the suppression times. Each card can save a maximum of 200 user IPv6 address conflict records.

When the number of saved user IPv6 address conflict records reaches the upper limit, new records overwrite old ones.

Examples

# Enable recording user IPv6 address conflicts.

<Sysname> system-view

[Sysname] ipv6 nd user-ip-conflict record enable

Related commands

display ipv6 nd user-ip-conflict record

ipv6 neighbor

Use ipv6 neighbor to configure a static neighbor entry.

Use undo ipv6 neighbor to delete a static neighbor entry.

Syntax

ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number } [ vpn-instance vpn-instance-name ]

undo ipv6 neighbor ipv6-address interface-type interface-number

Default

No static neighbor entries are configured.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of the static neighbor entry.

mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H.

vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094.

port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.

interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry by its type and number.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the static neighbor entry belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command configures a static neighbor entry for the public network.

Usage guidelines

A neighbor entry stores information about a link-local node. The entry can be created dynamically through NS and NA messages, or configured statically.

The device uniquely identifies a static neighbor entry by the neighbor's IPv6 address and the local Layer 3 interface number.

You can configure a static neighbor entry by using one of the following methods:

· Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of the local node.

· Method 2—Associate a neighbor IPv6 address and link-layer address with a Layer 2 port in a VLAN containing the local node.

To configure a static neighbor entry for a VLAN interface, use Method 1 or Method 2.

· If Method 1 is used, the neighbor entry is in INCMP state. After the device obtains the corresponding Layer 2 port information, the neighbor entry goes into REACH state.

· If Method 2 is used, the port specified by port-type port-number must belong to the VLAN specified by vlan-id and the corresponding VLAN interface must already exist. After the static neighbor entry is configured, the device associates the VLAN interface with the IPv6 address to uniquely identify the static neighbor entry. The entry will be in REACH state.

To delete a neighbor entry for a VLAN interface, specify only the VLAN interface.

You can use the undo ipv6 neighbor command to delete both static and dynamic neighbor entries.

Examples

# Configure a static neighbor entry for Layer 3 interface Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface ten-gigabitethernet 3/0/1

Related commands

display ipv6 neighbors

reset ipv6 neighbors

ipv6 neighbor link-local minimize

Use ipv6 neighbor link-local minimize to minimize link-local ND entries.

Use undo ipv6 neighbor link-local minimize to restore the default.

Syntax

ipv6 neighbor link-local minimize

undo ipv6 neighbor link-local minimize

Default

All ND entries are assigned to the hardware.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Perform this command to minimize link-local ND entries assigned to the hardware. Link-local ND entries refer to ND entries that contain link-local addresses.

With this feature enabled, the device does not add newly learned link-local ND entries to the hardware if the link local addresses of the entries are not the next hops of any routes. This feature saves hardware resources.

This feature affects only newly learned link-local ND entries rather than existing ND entries.

Examples

# Minimize link-local ND entries.

<Sysname> system-view

[Sysname] ipv6 neighbor link-local minimize

ipv6 neighbor stale-aging

Use ipv6 neighbor stale-aging to set the aging timer for ND entries in stale state.

Use undo ipv6 neighbor stale-aging to restore the default.

Syntax

ipv6 neighbor stale-aging aging-time

undo ipv6 neighbor stale-aging

Default

The aging timer for ND entries in stale state is 240 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the aging timer for ND entries in stale state, in the range of 1 to 1440 minutes.

Usage guidelines

This aging time applies to all ND entries in stale state. If an ND entry in stale state is not updated before the timer expires, it moves to the delay state. If it is still not updated in 5 seconds, the ND entry moves to the probe state. The device sends an NS message for detection a maximum of three times. If no response is received, the device deletes the ND entry.

Examples

# Set the aging timer for ND entries in stale state to 120 minutes.

<Sysname> system-view

[Sysname] ipv6 neighbor stale-aging 120

ipv6 neighbor timer stale-aging

Use ipv6 neighbor timer stale-aging to set the aging timer for ND entries in stale state on an interface.

Use undo ipv6 neighbor timer stale-aging to restore the default.

Syntax

ipv6 neighbor timer stale-aging { aging-minutes | second aging-seconds }

undo ipv6 neighbor timer stale-aging

Default

The aging timer of ND entries in stale state is not configured on an interface. The aging timer is determined by the configuration of the ipv6 neighbor stale-aging command in system view.

Views

Layer 3 Ethernet interface/subinterface view

Layer 3 aggregate interface/subinterface view

VXLAN VSI interface view

VLAN interface view

Tunnel interface view

POS interface view

Serial interface view

Predefined user roles

network-admin

Parameters

aging-time: Specifies the aging timer in minutes for ND entries in stale state, in the range of 1 to 1440.

second aging-seconds: Specifies the aging timer in seconds for ND entries in stale state, in the range of 60 to 86400.

Usage guidelines

Application scenarios

This aging timer applies to ND entries in stale state on the interface. If an ND entry in stale state is not updated before the timer expires, it changes to the delay state. If it is still not updated in 5 seconds, the ND entry changes to the probe state. The device sends an NS message for probe and a maximum of three attempts is allowed. If no response is received, the device deletes the ND entry.

Operating mechanism

You can set the aging timer for ND entries in stale state in system view and interface view. For ND entries in stale state on an interface, the aging timer in interface view has higher priority than the aging timer in system view.

Examples

# On Ten-GigabitEthernet 3/0/1, set the aging timer to 200 minutes for ND entries in stale state.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 neighbor timer stale-aging 200

Related commands

ipv6 neighbor stale-aging

ipv6 neighbors max-learning-num

Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn. This prevents the interface from occupying too many neighbor table resources.

Use undo ipv6 neighbors max-learning-num to restore the default.

Syntax

ipv6 neighbors max-learning-num max-number

undo ipv6 neighbors max-learning-num

Default

An interface can learn a maximum of 524288 dynamic neighbor entries.

Views

Layer 2/Layer 3 interface view

Layer 2/Layer 3 aggregate interface view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of dynamic neighbor entries that an interface can learn. The value range for this argument is 1 to 524288.

Usage guidelines

The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.

To avoid excessive resource consumption by neighbor entries, set the maximum number of dynamic neighbor entries that an interface can learn.

When the number of dynamic neighbor entries reaches the limit, the interface stops learning neighbor information.

The number of dynamic neighbor entries learnt by the interfaces on a device cannot exceed the maximum number of dynamic neighbor entries that the device can learn.

Examples

# Set the maximum number of dynamic neighbor entries that Ten-GigabitEthernet 3/0/1 can learn to 10.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 neighbors max-learning-num 10

ipv6 neighbors max-learning-number

Use ipv6 neighbors max-learning-number to set the maximum number of dynamic neighbor entries that the device can learn.

Use undo ipv6 neighbors max-learning-number to restore the default.

Syntax

ipv6 neighbors max-learning-number max-number slot slot-number

undo ipv6 neighbors max-learning-number slot slot-number

Default

The device can learn a maximum number of 524288 dynamic neighbor entries.

Views

System view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of dynamic neighbor entries that the device can learn.The value range for this argument is 0 to 524288. To disable the device from learning dynamic neighbor entries, set the value for this argument to 0.

slot slot-number: Specifies a card by its slot number.

Usage guidelines

The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.

To avoid excessive resource consumption by neighbor entries, s et the maximum number of dynamic neighbor entries that the device can learn.

When the number of dynamic neighbor entries reaches the limit, the device stops learning neighbor information.

Examples

# Set the maximum number of dynamic neighbor entries that slot 1 can learn to 64.

<Sysname> system-view

[Sysname] ipv6 neighbors max-learning-number 64 slot 1

ipv6 option source-route enable

Use ipv6 option source-route enable to enable processing IPv6 packets that contain the source route option.

Use undo ipv6 option source-route enable to disable processing IPv6 packets that contain the source route option.

Syntax

ipv6 option source-route enable

undo ipv6 option source-route enable

Default

The device processes IPv6 packets that contain the source route option.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The source route option in the IPv6 routing header (a type of IPv6 extension header) is used for network diagnosis and specific service transmission. By default, the device supports processing the source route option. If the option is forged by an attacker, the device will obtain incorrect source route information, affecting network diagnosis and service transmission. To avoid the situation, you can execute the undo ipv6 option source-route enable command to drop IPv6 packets that contain the source route option.

Examples

# Disable processing IPv6 packets that contain the source route option.

<Sysname> system-view

[Sysname] undo ipv6 option source-route enable

ipv6 pathmtu

Use ipv6 pathmtu to set a static path MTU for an IPv6 address.

Use undo ipv6 pathmtu to delete the path MTU configuration for an IPv6 address.

Syntax

ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address value

undo ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address

Default

No static path MTU is set.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the path MTU belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command sets the path MTU for the public network.

ipv6-address: Specifies an IPv6 address.

value: Specifies the path MTU of the specified IPv6 address, in the range of 1280 to 10240 bytes.

Usage guidelines

You can set a static path MTU for a destination IPv6 address. When a source host sends a packet through an interface, it compares the interface MTU with the static path MTU of the specified destination IPv6 address. If the packet size is larger than the smaller one of the two values, the host fragments the packet according to the smaller value.

Examples

# Set a static path MTU for an IPv6 address.

<Sysname> system-view

[Sysname] ipv6 pathmtu fe80::12 1300

Related commands

display ipv6 pathmtu

reset ipv6 pathmtu

ipv6 pathmtu age

Use ipv6 pathmtu age to set the aging time for a dynamic path MTU.

Use undo ipv6 pathmtu age to restore the default.

Syntax

ipv6 pathmtu age age-time

undo ipv6 pathmtu age

Default

The aging time for dynamic path MTU is 10 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

age-time: Specifies the aging time for path MTU in minutes, in the range of 10 to 100.

Usage guidelines

After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU. After the aging time expires, the following events occur:

· The dynamic path MTU is removed.

· The source host determines a dynamic path MTU through the path MTU mechanism again.

The aging time is invalid for a static path MTU.

Examples

# Set the aging time for a dynamic path MTU to 40 minutes.

<Sysname> system-view

[Sysname] ipv6 pathmtu age 40

Related commands

display ipv6 pathmtu

ipv6 prefer temporary-address

Use ipv6 prefer temporary-address to enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of a packet.

Use undo ipv6 prefer temporary-address to disable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of a packet.

Syntax

ipv6 prefer temporary-address

undo ipv6 prefer temporary-address

Default

The system is disabled to preferentially use the temporary IPv6 address of the sending interface as the source address of a packet.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The temporary address feature enables the system to generate and preferentially use the temporary IPv6 address of the sending interface as the source address of a packet. If the temporary IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address.

Examples

# Enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of the packet.

<Sysname> system-view

[Sysname] ipv6 prefer temporary-address

Related commands

ipv6 address auto

ipv6 nd ra prefix

ipv6 temporary-address

ipv6 prefix

Use ipv6 prefix to configure a static IPv6 prefix.

Use undo ipv6 prefix to delete a static IPv6 prefix.

Syntax

ipv6 prefix prefix-number ipv6-prefix/prefix-length

undo ipv6 prefix prefix-number

Default

No static IPv6 prefixes are configured.

Views

System view

Predefined user roles

network-admin

Parameters

prefix-number: Specifies a prefix ID in the range of 1 to 1024.

ipv6-prefix/prefix-length: Specifies a prefix and its length. The value range for the prefix-length argument is 1 to 128.

Usage guidelines

To modify an existing static prefix, execute the undo ipv6 prefix command to delete the existing static prefix, and then execute the ipv6 prefix command.

Dynamic IPv6 prefixes obtained from DHCPv6 servers cannot be manually removed or modified.

A static IPv6 prefix can have the same prefix ID with a dynamic IPv6 prefix, but the static one takes precedence over the dynamic one.

Examples

# Create static IPv6 prefix 2001:0410::/32 with prefix ID 1.

<Sysname> system-view

[Sysname] ipv6 prefix 1 2001:0410::/32

Related commands

display ipv6 prefix

ipv6 reassemble local enable

Use ipv6 reassemble local enable to enable IPv6 local fragment reassembly.

Use undo ipv6 reassemble local enable to disable IPv6 local fragment reassembly.

Syntax

ipv6 reassemble local enable

undo ipv6 reassemble local enable

Default

IPv6 local fragment reassembly is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Configure this command on a device to improve fragment reassembly efficiency. An LPU performs fragment reassembly for an IPv6 packet destined for the device if it receives fragments of that packet. If this feature is disabled, all IPv6 fragments are delivered to the active MPU for reassembly.

This feature fails to reassemble an IPv6 packet if fragments of the packet are received by different LPUs.

Examples

# Enable IPv6 local fragment reassembly.

<Sysname> system-view

[Sysname] ipv6 reassemble local enable

ipv6 redirects enable

Use ipv6 redirects enable to enable sending ICMPv6 redirect messages.

Use undo ipv6 redirects enable to disable sending ICMPv6 redirect messages.

Syntax

ipv6 redirects enable

undo ipv6 redirects enable

Default

Sending ICMPv6 redirect messages is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The default gateway sends an ICMPv6 redirect message to the source of an IPv6 packet to inform the source of a better first hop.

Sending ICMPv6 redirect messages enables hosts that hold few routes to establish routing tables and find the best route. Because this feature adds host routes into the routing tables, host performance degrades when there are too many host routes. As a result, sending ICMPv6 redirect messages is disabled by default.

Examples

# Enable sending ICMPv6 redirect messages.

<Sysname> system-view

[Sysname] ipv6 redirects enable

ipv6 router-renumber enable

Use ipv6 router-renumber enable to enable router renumbering on the interface.

Use undo ipv6 router-renumber enable to disable router renumbering on the interface.

Syntax

ipv6 router-renumber enable

undo ipv6 router-renumber enable

Default

Router renumbering is disabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

When a device receives a legitimate router renumbering message, it renumbers the prefixes and IP addresses of all Layer 3 interfaces that are enabled with the router renumbering feature.

Examples

# Enable router renumbering on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] ipv6 router-renumber enable

ipv6 temporary-address

Use ipv6 temporary-address to enable the temporary IPv6 address feature.

Use undo ipv6 temporary-address to restore the default.

Syntax

ipv6 temporary-address [ valid-lifetime preferred-lifetime ]

undo ipv6 temporary-address

Default

The system does not generate any temporary IPv6 address.

Views

System view

Predefined user roles

network-admin

Parameters

valid-lifetime: Specifies the valid lifetime for temporary IPv6 addresses, in the range of 600 to 4294967295 seconds. The default valid lifetime is 604800 seconds (7 days).

preferred-lifetime: Specifies the preferred lifetime for temporary IPv6 addresses, in the range of 600 to 4294967295 seconds. The default preferred lifetime is 86400 seconds (1 day).

Usage guidelines

You must enable stateless autoconfiguration before enabling the temporary address feature.

The valid lifetime for temporary IPv6 addresses must be greater than or equal to the preferred lifetime for temporary IPv6 addresses.

In stateless address autoconfiguration, an interface automatically generates an IPv6 global unicast address by using the address prefix in the received RA message and the interface ID. On an IEEE 802 interface (such as an Ethernet interface or a VLAN interface), the interface ID is generated based on the interface's MAC address and is globally unique. An attacker can exploit this rule to easily identify the sending device.

To fix the vulnerability, you can enable the temporary address feature. An IEEE 802 interface generates the following addresses:

· Public IPv6 address—Includes an address prefix in the RA message and a fixed interface ID generated based on the interface's MAC address.

· Temporary IPv6 address—Includes an address prefix in the RA message and a random interface ID generated through MD5.

When the valid lifetime of a temporary IPv6 address expires, the system deletes the address and generates a new one. This enables the system to send packets with different source addresses through the same interface. The preferred lifetime and valid lifetime for a temporary IPv6 address are determined as follows:

· The preferred lifetime of a temporary IPv6 address takes the smaller of the following values:

¡ The preferred lifetime of the address prefix in the RA message.

¡ The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR (a random number in the range of 0 to 600 seconds).

· The valid lifetime of a temporary IPv6 address takes the smaller of the following values:

¡ The valid lifetime of the address prefix.

¡ The valid lifetime configured for temporary IPv6 addresses.

Examples

# Enable the system to generate a temporary IPv6 address.

<Sysname> system-view

[Sysname] ipv6 temporary-address

Related commands

ipv6 address auto

ipv6 nd ra prefix

ipv6 prefer temporary-address

ipv6 unreachables enable

Use ipv6 unreachables enable to enable sending ICMPv6 destination unreachable messages.

Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable messages.

Syntax

ipv6 unreachables enable

undo ipv6 unreachables enable

Default

Sending ICMPv6 destination unreachable messages is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If the device fails to forward a received IPv6 packet because of a destination unreachable error, it performs the following operations:

· Drops the packet.

· Sends an ICMPv6 destination unreachable message to the source.

If the device is generating ICMPv6 destination unreachable messages incorrectly, disable sending ICMPv6 destination unreachable messages to prevent attack risks.

Examples

# Enable sending ICMPv6 destination unreachable messages.

<Sysname> system-view

[Sysname] ipv6 unreachables enable

local-proxy-nd enable

Use local-proxy-nd enable to enable local ND proxy.

Use undo local-proxy-nd enable to disable local ND proxy.

Syntax

local-proxy-nd enable

undo local-proxy-nd enable

Default

Local ND proxy is disabled.

Views

Layer 3 Ethernet interface/Layer 3 Ethernet subinterface view

Layer 3 aggregate interface/Layer 3 aggregate subinterface view

VSI interface view

VLAN interface view

VE-L3VPN interface/VE-L3VPN subinterface view

Predefined user roles

network-admin

Usage guidelines

ND proxy enables a device to answer an NS message requesting the hardware address of a host on another network. With ND proxy, hosts in different broadcast domains can communicate with each other as they would on the same network.

Local ND proxy ensures the communication between hosts that are connected to the same Layer 3 interface or Layer 3 subinterface but are located in different broadcast domains.

Examples

# Enable local ND proxy on interface Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] local-proxy-nd enable

Related commands

proxy-nd inter-vlan enable

proxy-nd enable

Use proxy-nd enable to enable common ND proxy.

Use undo proxy-nd enable to disable common ND proxy.

Syntax

proxy-nd enable

undo proxy-nd enable

Default

Common ND proxy is disabled.

Views

Layer 3 Ethernet interface/Layer 3 Ethernet subinterface view

Layer 3 aggregate interface/Layer 3 aggregate subinterface view

VSI interface view

VLAN interface view

VE-L3VPN interface/VE-L3VPN subinterface view

Predefined user roles

network-admin

Usage guidelines

Common ND proxy ensures the communication between hosts that are connected to different Layer 3 interfaces or Layer 3 subinterfaces and located in different broadcast domains.

Examples

# Enable common ND proxy on interface Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] proxy-nd enable

Related commands

proxy-nd inter-vlan enable

local-proxy-nd enable

proxy-nd inter-vlan enable

Use proxy-nd inter-vlan enable to enable inter-VLAN ND proxy.

Use undo proxy-nd inter-vlan enable to disable inter-VLAN ND proxy.

Syntax

proxy-nd inter-vlan enable

undo proxy-nd inter-vlan enable

Default

Inter-VLAN ND proxy is disabled.

Views

Layer 3 Ethernet subinterface view

Layer 3 aggregate subinterface view

L3VE subinterface view

Predefined user roles

network-admin

Usage guidelines

Inter-VLAN ND proxy ensures the communication between hosts that are connected to the same Layer 3 subinterface but are located in different VLANs.

Examples

# Enable inter-VLAN ND proxy on Layer 3 subinterface Ten-GigabitEthernet 3/0/1.1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1.1

[Sysname-Ten-GigabitEthernet3/0/1.1] proxy-nd inter-vlan enable

Related commands

proxy-nd enable

local-proxy-nd enable

reset ipv6 neighbors

Use reset ipv6 neighbors to clear IPv6 neighbor information.

Syntax

reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears static and dynamic neighbor information for all interfaces.

dynamic: Clears dynamic neighbor information for all interfaces.

interface interface-type interface-number: Clears dynamic neighbor information for the interface specified by its type and number.

slot slot-number: Specifies a card by its slot number. If you do not specify a cad, this command clears dynamic neighbor information on all cards.

static: Clears static neighbor information for all interfaces.

Examples

# Clear neighbor information for all interfaces.

<Sysname> reset ipv6 neighbors all

This will delete all the entries. Continue? [Y/N]:Y

# Clear dynamic neighbor information for all interfaces.

<Sysname> reset ipv6 neighbors dynamic

This will delete all the dynamic entries. Continue? [Y/N]:Y

# Clear all neighbor information for Ten-GigabitEthernet 3/0/1.

<Sysname> reset ipv6 neighbors interface ten-gigabitethernet 3/0/1

This will delete all the dynamic entries by the interface you specified. Continue? [Y/N]:Y

Related commands

display ipv6 neighbors

ipv6 neighbor

reset ipv6 option source-route statistics

Use reset ipv6 option source-route statistics to clear statistics about dropped IPv6 packets that contain the source route option.

Syntax

reset ipv6 option source-route statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears statistics about dropped IPv6 packets that contain the source route option on all cards.

Examples

# Clear statistics about dropped IPv6 packets that contain the source route option.

<Sysname> reset ipv6 option source-route statistics

Related commands

display ipv6 option source-route statistics

reset ipv6 pathmtu

Use reset ipv6 pathmtu to clear the path MTU information.

Syntax

reset ipv6 pathmtu { all | dynamic | static }

Views

User view

Predefined user roles

network-admin

Parameters

all: Clears all path MTUs.

dynamic: Clears all dynamic path MTUs.

static : Clears all static path MTUs.

Examples

# Clear all path MTUs.

<Sysname> reset ipv6 pathmtu all

Related commands

display ipv6 pathmtu

reset ipv6 router-renumber statistics

Use reset ipv6 router-renumber statistics to clear router renumbering statistics.

Syntax

reset ipv6 router-renumber statistics

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command does not clear the sequence number, the reset sequence number, or the segment number.

Examples

# Clear router renumbering statistics.

<Sysname> reset ipv6 router-renumber statistics

Related commands

display ipv6 router-renumber statistics

reset ipv6 statistics

Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics.

Syntax

reset ipv6 statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a cad, this command clears IPv6 and ICMPv6 packet statistics on all cards.

Examples

# Clear IPv6 and ICMPv6 packet statistics.

<Sysname> reset ipv6 statistics

Related commands

display ipv6 statistics

statistics l3-packet enable

Use statistics l3-packet enable to enable Layer 3 packet statistics collection.

Use undo statistics l3-packet enable to disable Layer 3 packet statistics collection.

Syntax

statistics l3-packet enable

undo statistics l3-packet enable

Default

Layer 3 packet statistics collection is disabled.

Views

Interface view

Predefined user role

network-admin

Usage guidelines

With this feature enabled on an interface, the device counts incoming and outgoing IPv4 and IPv6 packets on the interface. To display the collected statistics, execute the related commands.

When the interface is processing a large number of packets, enabling Layer 3 packet statistics collection will cause high CPU usage and degrade the forwarding performance. If the statistics are not necessary, to ensure the device performance, disable this feature.

If you do not specify any keyword, the command enables or disables statistics collection for broadcast, multicast, and unicast Layer 3 packets from both the inbound and outbound directions.

Examples

# Enable statistics collection for incoming Layer 3 unicast packets on Ten-GigabitEthernet 3/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] statistics l3-packet enable

Related commands

display ip interface

display ip statistics

display ipv6 interface

display ipv6 statistics

05-Layer 3—IP Services Command Reference

display ipv6 fib count

display ipv6 interface

display ipv6 interface prefix

Application scenarios

Operating mechanism

ipv6 address

Application scenarios

Restrictions and guidelines

Application scenarios

Operating mechanism

ipv6 icmpv6 multicast-echo-reply enable

ipv6 nd entry-limit record enable

ipv6 nd nd-miss record enable

ipv6 nd probe rate-limit

Application scenarios

Restrictions and guidelines

ipv6 nd ra halt

ipv6 nd ra interval

ipv6 nd router-preference

ipv6 nd span-segment-learning enable

ipv6 neighbor timer stale-aging

Application scenarios

Operating mechanism

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us