Login
- Table of Contents
-
- 09-Layer 3—IP Routing Command Reference
- 00-Preface
- 01-Basic IP routing commands
- 02-Static routing commands
- 03-RIP commands
- 04-OSPF commands
- 05-IS-IS commands
- 06-Basic BGP commands
- 07-Advanced BGP commands
- 08-Policy-based routing commands
- 09-IPv6 static routing commands
- 10-RIPng commands
- 11-OSPFv3 commands
- 12-IPv6 policy-based routing commands
- 13-Routing policy commands
- 14-RIR commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Advanced BGP commands | 767.89 KB |
Contents
bgp update-delay wait-other-protocol
display bgp non-stop-routing status
display bgp peer received prefix-list
display bgp routing-table ipv6 unicast inlabel
display bgp routing-table ipv6 unicast outlabel
display ttl-security statistics
forwarding-conversational-learning
graceful-restart timer purge-time
graceful-restart timer restart
graceful-restart timer wait-for-rib
labeled-route ignore-no-tunnel
nexthop recursive-lookup delay
nexthop recursive-lookup longest-match
nexthop recursive-lookup route-policy
peer advertise additional-paths best
peer advertise origin-as-validation
peer capability-advertise conventional
peer capability-advertise graceful-restart
peer capability-advertise orf non-standard
peer capability-advertise orf prefix-list
peer capability-advertise route-refresh
peer capability-advertise suppress-4-byte-as
peer capability-advertise withdraw-refresh
peer graceful-restart timer restart
peer graceful-restart timer restart extra
peer graceful-restart timer wait-for-rib
peer nexthop-recursive-policy disable
reset bgp bmp server statistics
route-select suppress on-peer-up
Advanced BGP commands
additional-paths select-best
Use additional-paths select-best to set the maximum number of Add-Path optimal routes that can be advertised to all peers.
Use undo additional-paths select-best to restore the default.
Syntax
additional-paths select-best best-number
undo additional-paths select-best
Default
A maximum of one Add-Path optimal route can be advertised to all peers.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
BGP EVPN address family view
Predefined user roles
network-admin
Parameters
best-number: Specifies the maximum number of Add-Path optimal routes that can be advertised to all peers, in the range of 2 to 64.
Usage guidelines
The number of optimal routes cannot exceed the maximum number of Add-Path optimal routes that can be advertised to all peers.
Examples
# In BGP IPv4 unicast address family view, set the maximum number to 3 for Add-Path optimal routes that can be advertised to all peers.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] additional-paths select-best 3
Related commands
peer additional-paths
peer advertise additional-paths best
address-family link-state
Use address-family link-state to create the BGP LS address family and enter its view, or enter the view of the existing address family.
Use undo address-family link-state to remove the BGP LS address family and all its configurations.
Syntax
address-family link-state
undo address-family link-state
Default
No BGP LS address family exists.
Views
BGP instance view
Predefined user roles
network-admin
Usage guidelines
Configurations made in BGP LS address family view apply only to the BGP LS routes and peers of the public network.
Examples
# In BGP instance view, create the BGP LS address family and enter its view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family link-state
[Sysname-bgp-default-ls]
apply-label
Use apply-label to specify a label for BGP IPv6 unicast routes.
Use undo apply-label to restore the default.
Syntax
apply-label { explicit-null | static static-label-value }
undo apply-label
Default
BGP assigns labels to IPv6 unicast routes on a per next hop basis.
Views
BGP IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
explicit-null: Specifies the explicit null label.
static static-label-value: Specifies a static label. The value range for this argument is 16 to 1048575.
Usage guidelines
|
|
CAUTION: Use this command with caution, because this command causes temporary interruption on labeled unicast traffic. |
By default, a 6PE device assigns a label to each next hop. When multiple next hops exist, the device might assign too many labels to the routes from the same site and use up its label resources. In this case, the device will fail to advertise IPv6 unicast routes due to label insufficiency. To resolve this issue, use this command to specify a label for BGP IPv6 unicast routes. Then, the 6PE device will assign the label to all IPv6 unicast routes. This can save label resources.
Before using this command, use the display mpls label command to view MPLS label information first. If the specified static label is used by another routing protocol, this command does not take effect. When the state of the static label becomes idle, you can specify this label for BGP IPv6 unicast routes as follows:
1. Use the undo apply-label command to restore the default.
2. Use the apply-label command to specify this label for BGP IPv6 unicast routes.
Examples
# Specify static label 1000 for BGP IPv6 unicast routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv6
[Sysname-bgp-default-ipv6] apply-label static 1000
This configuration causes service interruption. Continue? [Y/N]:y
Related commands
display mpls label (MPLS Command Reference)
as-notation dotted
Use as-notation dotted to display 4-byte AS numbers in dotted notation.
Use undo as-notation dotted to restore the default.
Syntax
as-notation dotted
undo as-notation dotted
Default
Four-byte AS numbers are displayed in decimal integer notation.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
By default, a BGP display command uses decimal integer notation to represent 4-byte AS numbers. A 4-byte AS number in decimal integer notation tends to be long and not reader-friendly. To resolve this issue, use this command to display AS numbers in dotted notation.
Operating mechanism
The dotted notation refers to a method of representing AS numbers in X.Y format. The value range for argument Y is 0 to 65535, and the value range for a dotted AS number is 0.1 to 65535.65535. To convert an AS number from dotted notation to decimal integer notation, use the following formula: integer= X x 65536 + Y. For example, if a dotted AS number is 2.1, its decimal integer notation is (2 x 65536 + 1 =131073).
Restrictions and guidelines
After you use this command, the AS path list can match only 4-byte AS numbers in dotted notation. To avoid route filtering failure, make sure that the AS path list used in a route filtering policy is configured to match 4-byte AS numbers in dotted notation.
This command does not take effect on the 4-byte AS numbers in the system configuration file.
Examples
# Display 4-byte AS numbers in dotted notation.
<Sysname> system-view
[Sysname] as-notation dotted
bgp update-delay wait-other-protocol
Use bgp update-delay wait-other-protocol to configure the time that BGP must wait for other protocols to complete GR or NSR after BGP completes GR or NSR.
Use undo bgp update-delay wait-other-protocol to restore the default.
Syntax
bgp update-delay wait-other-protocol seconds
undo bgp update-delay wait-other-protocol
Default
After BGP completes GR or NSR, it must wait a maximum of 300 seconds for other protocols to complete GR or NSR.
Views
BGP instance view
Predefined user roles
network-admin
Parameters
seconds: Specifies the time that BGP must wait for other protocols to complete GR or NSR after BGP completes GR or NSR. The value range is 60 to 1200 seconds.
Usage guidelines
After BGP completes GR or NSR, it advertises the updated routes. If the routes rely on other protocols, for example, redistributed OSPF routes, BGP starts a wait timer for the other protocols to complete GR or NSR. This ensures that incorrect and unreachable routes are not advertised. When the following conditions exist, BGP might advertise incomplete routes after completing GR or NSR:
· The routes rely on other protocols.
· BGP maintains a large amount of routing information. In this case, BGP and the protocols take a long time to complete GR or NSR.
For BGP to correctly advertise the routes after BGP and the protocols complete GR or NSR, set a larger wait timer for BGP.
Examples
# Configure BGP to wait a maximum of 600 seconds for other protocols to complete GR or NSR after BGP completes GR or NSR.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] bgp update-delay wait-other-protocol 600
Related commands
bgp update-delay on-startup
bmp server
Use bmp server to create a BGP monitoring protocol (BMP) server and enter BMP server view.
Use undo bmp server to remove a BMP server and all its configurations.
Syntax
bmp server server-number
undo bmp server server-number
Default
No BMP servers exist.
Views
System view
Predefined user roles
network-admin
Parameters
server-number: Specifies a BMP server by its number in the range of 1 to 8.
Examples
# Create BMP server 5 and enter its view.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5]
check-origin-validation
Use check-origin-validation to enable BGP RPKI validation.
Use undo check-origin-validation to disable BGP RPKI validation.
Syntax
check-origin-validation
undo check-origin-validation
Default
BGP RPKI validation is disabled.
Views
BGP RPKI view
Predefined user roles
network-admin
Usage guidelines
This command enables BGP to validate the prefix and origin AS number of a received route. BGP determines the validation state of the route based on the following requirements:
1. A minimum of one ROA contains the prefix.
2. The mask length of the route does not exceed the longest mask length among all ROAs.
3. The AS number of an ROA is the same as the origin AS number of the route.
If the route meets all requirements, the route is in Valid state. If the route cannot meet requirement 1, the route is in Not-found state. If the route meets requirement 1, but cannot meet requirement 2 or 3, the route is in Invalid state.
You can configure a routing policy to filter routes based on the BGP RPKI validation state.
Examples
# Enable BGP RPKI validation.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] check-origin-validation
display bgp bmp server
Use display bgp bmp server to display BMP server information.
Syntax
display bgp [ instance instance-name ] bmp server server-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays BMP server information for the default BGP instance.
server-number: Specifies a BMP server by its number in the range of 1 to 8.
Examples
# Display information about BMP server 1.
<Sysname> display bgp bmp server 1
BMP server number: 1
Server VPN instance name: vpna
Server address: 100.1.1.1 Server port: 6895
Client address: 100.1.1.2 Client port: 21452
BMP server state: Connected Up for 00h41m53s
Message statistics:
Total messages sent: 15
INITIATION: 1
TERMINATION: 0
STATS-REPORT: 0
PEER-UP: 4
PEER-DOWN: 3
ROUTE-MON: 7
BMP monitor BGP peers:
10.1.1.1
Table 1 Command output
|
Field |
Description |
|
Server VPN instance name |
Name of the VPN instance to which the BMP server belongs. If the VPN instance name is followed by character string (Deleted), the VPN instance has been deleted. This field displays -- if the BMP server belongs to the public network. |
|
Server address |
IP address of the BMP server used by the TCP connection to the BMP client. |
|
Server port |
Port number of the BMP server used by the TCP connection to the BMP client. |
|
Client address |
IP address of the BMP client used by the TCP connection to the BMP server. |
|
Client port |
Port number of the BMP client used by the TCP connection to the BMP server. |
|
BMP server current state |
TCP connection status: · Connected. · Not connected. |
|
Up for |
Duration of the TCP connection. |
|
Total messages sent |
Number of messages that BGP sends to the BMP server. |
|
INITIATION |
Number of initiation messages that BGP sends to the BMP server. |
|
TERMINATION |
Number of termination messages that BGP sends to the BMP server. |
|
STATS-REPORT |
Number of statistics messages that BGP sends to the BMP server. |
|
PEER-UP |
Number of peer-up messages that BGP sends to the BMP server. |
|
PEER-DOWN |
Number of peer-down messages that BGP sends to the BMP server. |
|
ROUTE-MON |
Number of route monitoring messages that BGP sends to the BMP server. |
|
BMP monitor BGP peers |
Peers that are monitored by the BMP server. |
Related commands
reset bgp bmp server statistics
display bgp link-state
Use display bgp link-state to display BGP LS information.
Syntax
display bgp [ instance instance-name ] link-state [ ls-prefix [ advertise-info | as-path | cluster-list ] | peer { ipv4-address | ipv6-address } { advertised | received } [ statistics ] | statistics ]
display bgp [ instance instance-name ] link-state [ color color-value end-point { ipv4 ipv4-address | ipv6 ipv6-address } ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays BGP LS information for the default BGP instance.
ls-prefix: Specifies an LS prefix. If you do not specify this argument, the command displays all BGP LS information.
advertise-info: Displays advertisement information for the specified LS prefix.
as-path: Displays AS_PATH attribute information for the specified LS prefix.
cluster-list: Displays CLUSTER_LIST attribute information for the specified LS prefix.
ipv4-address: Specifies a peer by its IPv4 address.
ipv6-address: Specifies a peer by its IPv6 address.
advertised: Displays advertised LS information.
received: Displays received LS information.
statistics: Displays statistics about LS messages.
color color-value end-point { ipv4 ipv4-address | ipv6 ipv6-address }: Displays information about the SR-MPLS TE policy/SRv6 TE policy with the specified color attribute and destination node. The color-value argument specifies the color attribute value in the range of 0 to 4294967295. The ipv4 ipv4-address option specifies a destination node by its IPv4 address. The ipv6 ipv6-address option specifies a destination node by its IPv6 address.
Usage guidelines
If you do not specify any parameters, this command displays brief BGP LS route information.
Examples
# Display brief BGP LS route information for the public network.
<Sysname> display bgp link-state
Total number of routes: 2
BGP local router ID is 1.1.2.1
Status codes: * - valid, > - best, d – dampened, h – history,
s – suppressed, S – stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Prefix codes: E link, V node, T4 IPv4 route, T6 IPv6 route, SD SRv6 SID desc
u/U unknown,
I Identifier, N local node, R remote node, L link, P prefix,
L1/L2 ISIS level-1/level-2, O OSPF, O3 OSPFv3,
D direct, S static, B BGP, SS SRv6 SID,
a area-ID, l link-ID, t topology-ID, s ISO-ID,
c confed-ID/ASN, b bgp-identifier, r router-ID,
i if-address, n peer-address, o OSPF Route-type, p IP-prefix
d designated router address/interface, ID Link Descriptor Identifer
* >e Network : [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376
NextHop : 1.1.1.2 LocPrf :
PrefVal : 0 OutLabel : NULL
MED :
Path/Ogn: 20i
* >e Network : [T4][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]][P[o0x1][p1.1.1.0/24]]/480
NextHop : 1.1.1.2 LocPrf :
PrefVal : 0 OutLabel : NULL
MED :
Path/Ogn: 20i
Table 2 Command output
|
Field |
Description |
|
Status codes |
Status codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a - additional-path—Add-Path optimal route. |
|
Prefix codes |
Route prefix codes: · E—Link. · V—Node. · T4—IPv4 route. · T6—IPv6 route. · SD—SRv6 SID desc. · u/U—Unknown. · I—Identifier. · N—Local node. · R—Remote node. · L—Link. · P—Prefix. · L1/L2—ISIS level-1/level-2. · O—OSPF. · O3—OSPFv3. · D—Direct. · S—Static. · B—BGP. · SS—SRv6 SID. · a—Area-ID. · l—Link-ID. · t—Topology-ID. · s—ISO-ID. · c—Confed-ID/ASN. · b—BGP-identifier. · r—Router-ID. · i—If-address. · n—Peer-address. · o—OSPF Route-type. · p—IP-prefix. · d—Designated router address/interface ID. · ID—Link descriptor identifer. |
|
Origin |
Origin of the route: · i – IGP—Originated in the AS. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. |
|
Network |
NLRI for the LS. |
|
NextHop |
Next hop IP address. |
|
LocPrf |
Local preference. |
|
OutLabel |
Outgoing label of the route. |
|
MED |
MED attribute. |
|
Path/Ogn |
AS_PATH and ORIGIN attributes of the route: · AS_PATH—Records the ASs the route has passed, which avoids routing loops. · ORIGIN—Identifies the origin of the route. |
|
TEPOLICY |
The BGP LS route is an SR-MPLS TE policy or SRv6 TE policy route. |
|
SEGMENT-ROUTING |
Segment routing protocol. |
|
bgp-ls-identifier |
Area ID of BGP LS. |
|
bgp-router-id |
BGP router ID. |
|
TE |
Traffic engineering. |
|
protocol-origin3 |
Configuration origin. |
|
Flag |
Flag. |
|
endpoint |
Destination node address. |
|
color |
Color attribute. |
|
originator-as |
AS number. |
|
originator-address |
Address identifier. |
|
discriminator |
Path identifier. |
# Display detailed BGP LS route information with the specified LS prefix.
<Sysname> display bgp link-state [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376
BGP local router ID: 1.1.1.2
Local AS number: 20
Paths: 1 available, 1 best
BGP LS information of [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376:
Imported route.
Original nexthop: 0.0.0.0
OutLabel : NULL
RxPathID : 0x0
TxPathID : 0xffffffff
LS : Node flag bits: 30[EA] , Local TE router ID: 3006::1 LAN Adjacency Segme
nt Identifier(Flags/Weight/System-ID/SID): 0x30/0/0000.0000. 0001/1278
LAN Adjacency Segment Identifier(Flags/Weight/System-ID/SID):
0x70/0/0000.0000. 0001/1279
AS-path : (null)
Origin : igp
Attribute value : pref-val 32768
State : valid, local, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
# Display AS_PATH attribute information for the specified LS prefix.
<Sysname> display bgp link-state [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376 as-path
BGP local router ID: 1.1.1.2
Local AS number: 20
Paths: 1 available, 1 best
BGP LS information of [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376:
As-path: 100
# Display CLUSTER_LIST attribute information for the specified LS prefix.
<Sysname> display bgp link-state [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376 cluster-list
BGP local router ID: 1.1.1.2
Local AS number: 20
Paths: 1 available, 1 best
BGP LS information of [V][O][I0x0][N[c20][b1.1.1.2][a0.0.0.0][r1.1.1.2]]/376:
Cluster list: 100
Table 3 Command output
|
Field |
Description |
|
Paths |
Number of routes: · available—Number of valid routes. · best—Number of optimal routes. |
|
BGP LS information of |
NLRI prefix. |
|
Original nexthop |
Original next hop of the route. If the route was obtained from a BGP update message, the original next hop is the next hop IP address in the message. |
|
LS |
LS attribute: · Node flag bits—Node attribute in hexadecimal format: ¡ 10[A]—OSPF or OSPFv3 ABR bit. ¡ 20[E]—OSPF or OSPFv3 External bit. ¡ 30[EA]—OSPF or OSPFv3 External bit and ABR bit. · Metric—Link or prefix cost. · Local TE router ID. · Average delay flag—Flag indicating whether the average delay exceeds 16777215 microseconds. ¡ 0: Stable link state whose average delay is not higher than 16777215 microseconds. ¡ 1: Unstable link state whose average delay is higher than 16777215 microseconds. · Average delay—Average delay in microseconds. · Min/Max delay flag—Flag indicating whether the Min/Max delay exceeds 16777215 microseconds. ¡ 0: Stable link state whose Min/Max delay is not higher than 16777215 microseconds. ¡ 1: Unstable link state whose Min/Max delay is higher than 16777215 microseconds. · Min delay—Minimum delay in microseconds. · Max delay—Maximum delay in microseconds. · Delay variation—Acceptable delay variation in microseconds. · Remaining bandwidth—Available bandwidth in bit/s. · Utilized bandwidth—Used bandwidth in bit/s. · SR/SRv6 capability—SR-MPLS or SRv6 capabilities: · Segment routing local block (-)—Sub-TLV information of the segment routing local block. No flag bit is defined now. This field displays a hyphen (-), and the value is fixed at 0x00. · SRLB base—Minimum label value of the SRLB range. · SRLB range—Number of labels in the SRLB. · SRv6 node MSD—Maximum SID Depths (MSD) information about the SRv6 node: ¡ MPLS MSD—Maximum number of SIDs that SR-MPLS can encapsulate in a packet. ¡ Segment Left—Maximum Segment Left value. ¡ End Pop MSD—Maximum number of SIDs that can be popped by end nodes supporting PSP or USP. ¡ T.Insert MSD—Maximum number of SIDs that the transit node can insert into a packet by using an SR policy. ¡ T.Encaps MSD—Maximum number of SIDs that the transit node can encapsulate into a packet by using an SR policy. ¡ End D MSD—Maximum number of SIDs that can be decapsulated by the end node. · SR/SRv6 link MSD—Maximum SID Depths (MSD) information about the SR or SRv6 link. ¡ MPLS MSD—Maximum number of SIDs that SR-MPLS can encapsulate in a packet. · SRv6 End.X SID—SRv6 End.X SID information: ¡ function type—SID function type. Only End.X with PSP is supported in the current software version. ¡ algorithm—SID algorithm. 0 represent the SPF algorithm and 1 represents the strict SPF algorithm. ¡ weight—SID weight. ¡ flags(B/S/P)—SID flag. B represents the backup flag, S represents the set flag, and P represents the persistent flag. · SRv6 LAN End.X SID—SRv6 LAN End.X SID information. ¡ function type—SID function. Only End.X with PSP is supported in the current software version. ¡ algorithm—SID algorithm. 0 represent the SPF algorithm and 1 represents the strict SPF algorithm. ¡ weight—SID weight. ¡ flags(B/S/P)—SID flag. B represents the backup flag, S represents the set flag, and P represents the persistent flag. ¡ neighbor—Neighbor node ID. This field displays system ID for IS-IS and router ID for OSPFv3. · SRv6 locator—SRv6 locator information. ¡ metric—Locator metric. ¡ algorithm—Locator algorithm. 0 represent the SPF algorithm and 1 represents the strict SPF algorithm. ¡ flags(D/A)—Locator flag. D is set when the locator is leaked to an IGP area. A is set when the locator is configured with anycast. · SRv6 SID information—SRv6 SID information: · SRv6 endpoint function—SID attribute information about the SRv6 endpoint. ¡ function type—SID function type. ¡ algorithm—SID algorithm. 0 represent the SPF algorithm and 1 represents the strict SPF algorithm. · flags—SID flag. · BSID—SID of the ingress node. · Provisioned BSID—Ingress node SID configured through the command. · Flags(D/B/U/L/F)—Flags. ¡ D—BSID type. If this bit is set, the BSID type is IPv6. If this bit is not set, the BSID type is IPv4. ¡ B—If this bit is set, the BSID is statically assigned. ¡ U—If this bit is set, the BSID configured through the command failed to be assigned. ¡ L—If this bit is set, the BSID is assigned from SRLB. If this bit is not set, the BSID is dynamically assigned. ¡ F—If this bit is set, the BSID is dynamically assigned. · Priority—Priority. · Flags(S/A/B/E/V/O/D/C/I/T)—Flags. ¡ S—If this bit is set, the candidate path is in shutdown state. ¡ A—If this bit is set, the candidate path is active. ¡ B—If this bit is set, the candidate path is a backup path. ¡ E—If this bit is set, the candidate path is valid. ¡ V—If this bit is set, the candidate path has a minimum of one valid seglist. ¡ O—If this bit is set, the policy is generated through ODN. ¡ D—If this bit is set, the candidate path is calculated by the PCE/controller. ¡ C—If this bit is set, the candidate path is deployed by the PCE/controller. ¡ I—If this bit is set, the forwarding path is invalid and the packet is discarded. ¡ T—If this bit is set, the forwarding path is available. · Preference—Priority of the candidate path. · CPathName—Name of the candidate path. · SR Segment List—SID list. · Flags—Flags of the the SID list, which indicate the attributes and status of the SID list. This field is 2 bytes long and only the first 9 bits (D|E|C|V|R|F|A|T|M|) are informative: ¡ D—If the SID list only contains SRv6 SIDs, this bit is set. If the SID list only contains SR-MPLS labels, this bit is not set. ¡ E—If the SID list is associated with explicit candidate paths, this bit is set. If the SID list is associated with dynamic candidate paths, this bit is not set. ¡ C—If the SID list is used to calculate dynamic paths, this bit is set. ¡ V—If the SID list has been validated or does not require validation, this bit is set. If the SID list has not been validated, this bit is not set. ¡ R—If the first segment of the SID list has been resolved, this bit is set. If the segment resolution has failed, this bit is not set. ¡ F—If the calculation of dynamic paths has failed, this bit is set. If the calculation of dynamic paths has succeeded or is not required, this bit is not set. ¡ A—If all SIDs in the SID list belong to the specified algorithm, this bit is set. ¡ T—If all SIDs in the SID list belong to the specified topology, this bit is set. ¡ M—If the SID list has been removed from the forwarding plane due to fault detection by the monitoring mechanism, this bit is set. If no failure is detected or monitoring is not performed, this bit is not set. · MTID—Multitopology ID. · Alg—Algorithm. · Weight—Weight of the SID list in the candidate path. · Segment(<Type, Flags, SID, SID Descriptor>)—SID list information. ¡ Type—SID type. ¡ Flags—Flag. ¡ SID—SID value. ¡ SID Descriptor—SID descriptor. · LAN Adjacency Segment Identifier(Flags/Weight/System-ID/SID)—Adjacency SID list information. ¡ Flags—Flag. ¡ Weight—SID weight. ¡ System-ID—System ID. ¡ SID—SID value. |
|
RxPathID |
Add-path ID of received routes. |
|
TxPathID |
Add-path ID of advertised routes. |
|
AS-path |
AS_PATH attribute of the route, which records the ASs the route has passed and avoids routing loops. |
|
Cluster list |
CLUSTER_LIST attribute of the route. |
|
Attribute value |
BGP path attributes: · MED—MED value. · localpref—Local preference value. · pref-val—Preferred value. · pre—Route preference. |
|
State |
Current state of the route: · valid. · internal. · external. · local. · synchronize. · best. |
|
IP precedence |
IP precedence in the range of 0 to 7. N/A indicates that the route does not support this field. |
|
QoS local ID |
QoS local ID in the range of 1 to 4095. N/A indicates that the route does not support this field. |
|
Traffic index |
Traffic index in the range of 1 to 64. N/A indicates that the route does not support this field. |
# Display advertisement information for the specified LS prefix.
<Sysname> display bgp link-state [E][B][I0x0][N[r1.1.1.2]][c65008][R[r44.33.22.11]][c65009]][L[i2.1.1.3][n1.1.1.3]]/536 advertise-info
BGP local router ID: 1.1.1.2
Local AS number: 65008
Paths: 1 best
BGP LS information of [E][B][I0x0][N[r1.1.1.2]][c65008][R[r44.33.22.11]][c65009]][L[i2.1.1.3][n1.1.1.3]]/536
(TxPathID:0):
Advertised to peers (1 in total):
10.1.1.2
LS attribute :
Peer node segment identifier : Flag c0[VL], Metric 0, Label 23001
Table 4 Command output
|
Field |
Description |
|
Paths |
Number of routes: · available—Number of valid routes. · best—Number of optimal routes. |
|
BGP LS information of |
NLRI prefix. |
|
Advertised to peers (1 in total) |
Peers to which the information has been advertised, and the total number of such peers. |
|
Peer node segment identifier |
Peer node SID: · Flag c0[VL]: ¡ V—Value flag. If set, the SID carries a label value. ¡ L—Local flag. If set, the SID has local significance. · Metric—Link cost. · Label—Label value. |
|
TxPathID |
Add-path ID of advertised routes. |
# Display BGP LS route statistics.
<Sysname> display bgp link-state statistics
Total number of routes: 1
Table 5 Command output
|
Field |
Description |
|
Total number of routes |
Total number of routes. |
display bgp non-stop-routing status
Use display bgp non-stop-routing status to display BGP NSR status information.
display bgp [ instance instance-name ] non-stop-routing status
network-admin
network-operator
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays BGP NSR status information for the default BGP instance.
# Display BGP NSR status information.
<Sysname> display bgp non-stop-routing status
Location of preferred standby process: -
TCP NSR status: Not ready
Table 6 Command output
|
Field |
Description |
|
BGP NSR status |
BGP NSR status: · Ready—BGP NSR has backed up BGP neighbor and routing information from the active process to the standby process. In this state, BGP NSR can ensure continuous routing when an active/standby process switchover occurs. · Not ready—BGP NSR is backing up BGP neighbor and routing information from the active process to the standby process. If an active/standby process switchover occurs in this state, traffic is interrupted and the BGP session will be re-established. · Not configured—BGP NSR is disabled. |
|
Location of preferred standby process |
ID of the slot where the preferred standby process resides. This field displays - if no standby processes exist. |
|
TCP NSR status |
TCP NSR status: · Ready—TCP NSR has backed up TCP connection information from the active process to the standby process. · Not ready—TCP NSR is backing up TCP connection information from the active process to the standby process. |
display bgp peer received prefix-list
Use display bgp peer received prefix-list to display the ORF prefix information received by a peer.
Syntax
display bgp [ instance instance-name ] peer ipv4 [ multicast | [ unicast ] [ vpn-instance vpn-instance-name ] ] ipv4-address received prefix-list
display bgp [ instance instance-name ] peer ipv6 [ multicast | [ unicast ] [ vpn-instance vpn-instance-name ] ] ipv6-address received prefix-list
display bgp [ instance instance-name ] peer ipv4 [ unicast ] [ vpn-instance vpn-instance-name ] ipv6-address received prefix-list
display bgp [ instance instance-name ] peer ipv6 [ unicast ] [ vpn-instance vpn-instance-name ] ipv4-address received prefix-list
display bgp [ instance instance-name ] peer { vpnv4 | vpnv6 } ipv4-address received prefix-list
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays ORF prefix information for the default BGP instance.
ipv4: Displays BGP IPv4 peer information.
ipv6: Displays BGP IPv6 peer information.
vpnv4: Displays BGP VPNv4 peer information.
vpnv6: Displays BGP VPNv6 peer information.
multicast: Displays BGP multicast peer information.
unicast: Displays BGP unicast peer information.
vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must be an MPLS L3VPN instance. If you do not specify an instance, this command displays information for the public network.
ipv4-address: Specifies a peer by its IPv4 address.
ipv6-address: Specifies a peer by its IPv6 address.
Examples
# Display the ORF prefix information received by peer 10.110.25.20.
<Sysname> display bgp peer ipv4 10.110.25.20 received prefix-list
ORF prefix list entries: 2
index: 10 prefix 1.1.1.0/24 ge 26 le 32
index: 20 prefix 2.1.1.0/24 ge 26 le 32
Table 7 Command output
|
Field |
Description |
|
ORF prefix list entries |
Number of ORF prefixes. |
|
index |
Prefix index. |
|
prefix |
Prefix information. |
|
ge |
Greater than or equal to. |
|
le |
Less than or equal to. |
display bgp routing-table ipv6 unicast inlabel
Use display bgp routing-table ipv6 unicast inlabel to display incoming labels for BGP IPv6 unicast routes.
display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] inlabel
network-admin
network-operator
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays incoming labels of BGP IPv6 unicast routes in the default BGP instance.
This command displays incoming labels for BGP IPv6 unicast routes regardless of whether the unicast keyword is specified.
# Display incoming labels for all BGP IPv6 unicast routes.
<Sysname> display bgp routing-table ipv6 inlabel
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
* > Network : 1::1 PrefixLen : 128
NextHop : 10::1 OutLabel : NULL
InLabel : 1279
* > Network : 10:: PrefixLen : 64
NextHop : :: OutLabel : NULL
Table 8 Command output
|
Field |
Description |
|
Status codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a - additional-path—Add-Path optimal route. |
|
|
Origin |
Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is INCOMPLETE. |
|
Network |
Destination network address. |
|
PrefixLen |
Prefix length of the destination network address. |
|
NextHop |
Next hop IPv6 address. |
|
OutLabel |
Outgoing label of the IPv6 unicast route, which is assigned by the peer 6PE device. |
|
InLabel |
Incoming label of the IPv6 unicast route, which is assigned by the local 6PE device. |
display bgp routing-table ipv6 unicast outlabel
Use display bgp routing-table ipv6 unicast outlabel to display outgoing labels for BGP IPv6 unicast routes.
display bgp [ instance instance-name ] routing-table ipv6 [ unicast ] outlabel
network-admin
network-operator
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command display outgoing labels of BGP IPv6 unicast routes in the default BGP instance.
This command displays outgoing labels for BGP IPv6 unicast routes regardless of whether the unicast keyword is specified.
# Display outgoing labels for all BGP IPv6 unicast routes.
<Sysname> display bgp routing-table ipv6 outlabel
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
* >i Network : 4::4 PrefixLen : 128
NextHop : ::FFFF:3.3.3.3 OutLabel : 1279
* >i Network : 20:: PrefixLen : 64
NextHop : ::FFFF:3.3.3.3 OutLabel : 1278
Table 9 Command output
|
Field |
Description |
|
Status codes |
Status codes: · * – valid—Valid route. · > – best—Optimal route. · d - dampened—Dampened route. · h – history—History route. · s – suppressed—Suppressed route. · S – stale—Stale route. · i – internal—Internal route. · e – external—External route. · a - additional-path—Add-Path optimal route. |
|
Origin |
Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised with the network command is IGP. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is INCOMPLETE. |
|
Network |
Destination network address. |
|
PrefixLen |
Prefix length of the destination network address. |
|
NextHop |
Next hop IPv6 address. |
|
OutLabel |
Outgoing label of the IPv6 unicast route, which is assigned by the peer 6PE device. |
display bgp rpki server
Use display bgp rpki server to display information about connections to RPKI servers.
Syntax
display bgp [ instance instance-name ] rpki server [ [ vpn-instance vpn-instance-name ] { ipv4-address | ipv6-address } ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays information for the default BGP instance.
vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must be an MPLS L3VPN instance. If you do not specify this option, the command displays information for the public network.
ipv4-address: Specifies an RPKI server by its IPv4 address.
ipv6-address: Specifies an RPKI server by its IPv6 address.
Examples
# Display brief information about connections to RPKI servers.
<Sysname> display bgp rpki server
Server VPN-index Port State Time ROAs(IPv4/IPv6)
1.1.1.2 0 1234 Establish 00:05:51 1/0
2.2.2.2 0 1234 Establish 00:06:07 3/1
Table 10 Command output
|
Field |
Description |
|
Server |
IP address of the RPKI server. |
|
VPN-index |
VPN index. |
|
Port |
Port number of the RPKI server. |
|
State |
Connection state: · Establish—BGP has established a connection to the RPKI server. · Connect—BGP is establishing a connection to the RPKI server. · Shutdown—BGP has not established a connection to the RPKI server. |
|
Time |
Duration of the current connection state. |
|
ROAs(IPv4/IPv6) |
Number of IPv4/IPv6 ROAs. |
# Display detailed information about the connection to RPKI server 2.2.2.1.
<Sysname> display bgp rpki server 2.2.2.1
RPKI Cache-Server 2.2.2.1
Port: TCP port 1234
Local addr: 2.2.2.2, Local port: 14342
Connect state: Establish
Total byte Rx: 72
Total byte Tx: 8
Session ID: 1
Serial number: 1
Last PDU type 7, Time: 00:00:15
Last disconnect reason: Response timer expired
RPKI ROA limit: 1000
Limit state: reconnect in 1234 seconds
Table 11 Command output
|
Field |
Description |
|
RPKI Cache-Server |
IP address of the RPKI server. |
|
Port |
Port number of the RPKI server. |
|
Local addr |
Local IP address of the connection. |
|
Local port |
Local port number of the connection. |
|
Connect state |
Connection state: · Establish—BGP has established a connection to the RPKI server. · Connect—BGP is establishing a connection to the RPKI server. · Shutdown—BGP has not established a connection to the RPKI server. |
|
Total byte Rx |
Number of received bytes. |
|
Total byte Tx |
Number of sent bytes. |
|
Session ID |
Session ID assigned by the RPKI server. |
|
Serial number |
Serial number assigned by the RPKI server. |
|
Last PDU Type |
Type of the most recently received PDU. |
|
Time |
Duration of the current connection state. |
|
Last disconnect reason |
Reason for the most recent connection interruption: · Configure reset—The port number used to establish the connection was changed or the reset bgp rpki server command was executed. · Receive error report PDU—Received error report packets from the server. · Response timer expired—No response was received within the response time from the RPKI server. · Receive error PDU—Received error packets. · TCP connect failed—The TCP connection was down. · Shutdown port—No port number was specified. · Not enough memory—The memory was insufficient. · Receive cache reset PDU—Received reset packets from the RPKI server. · Maximum number of ROAs reached—The number of ROAs received from the RPKI server exceeds the limit specified by the rpki-limit command. |
|
RPKI ROA limit |
Maximum number of ROAs that can be received from the specified RPKI server. If you do not configure the rpki-limit command for an RPKI server, this field is not displayed. |
|
Limit state |
Configuration of the rpki-limit command: · reconnect after resetting—When the number of ROAs received from the RPKI server reaches the limit, the device tears down the TCP connection to the RPKI server. In this situation, the device will not attempt to re-establish the connection to the RPKI server. You can execute the reset bgp rpki server command to re-establish the connection. · reconnect in number seconds—When the number of ROAs received from the RPKI server reaches the limit, the device tears down the TCP connection to the RPKI server and starts the reconnection timer. After the reconnection timer expires, the device re-establishes the TCP connection to the RPKI server. · alert only—When the number of ROAs received from the RPKI server reaches the limit, the device generates a log message only. It does not tear down the TCP connection to the RPKI server and can continue to receive ROAs from the RPKI server. · alert and discard—When the number of ROAs received from the RPKI server reaches the value for the limit argument, the device retains the TCP connection to the RPKI server, discards excess ROAs, and generates a log message. · normal—The number of ROAs received from the RPKI server is less than the limit. If you do not configure the rpki-limit command for an RPKI server, this field is not displayed. |
display bgp rpki table
Use display bgp rpki table to display the ROA information obtained from RPKI servers.
Syntax
display bgp [ instance instance-name ] rpki table { ipv4 [ ipv4-address min min-length max max-length ] | ipv6 [ ipv6-address min min-length max max-length ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays information for the default BGP instance.
ipv4: Displays information about ROAs with IPv4 prefixes.
ipv4-address: Specifies an IPv4 prefix.
ipv6: Displays information about ROAs with IPv6 prefixes.
ipv6-address: Specifies an IPv6 prefix.
min-length: Specifies the minimum prefix length. The value range for this argument is 0 to 32 for IPv4 prefixes and 0 to 128 for IPv6 prefixes.
max-length: Specifies the maximum prefix length. The value range for this argument is 0 to 32 for IPv4 prefixes and 0 to 128 for IPv6 prefixes.
Examples
# Display brief information about ROAs with IPv4 prefixes.
<Sysname> display bgp rpki table ipv4
Total number of entries: 4
Status codes: S - stale, U - used
Network Mask-range Origin-AS Server Status
1.2.3.4 8-32 100 1.1.1.2 U
5.2.3.4 8-32 100 2.2.2.2 U
6.6.6.6 8-32 100 2.2.2.2 U
7.7.7.7 8-32 20 2.2.2.2 U
Table 12 Command output
|
Description |
|
|
Total number of entries |
Total number of ROAs. |
|
Network |
Network address. |
|
Mask-range |
Mask or prefix length range. |
|
Server |
IP address of the RPKI server. |
|
Status |
ROA state: · U—The ROA is available. · S—The ROA is in aging state. |
# Display detailed information about ROAs with IPv4 prefixes.
<Sysname> display bgp rpki table ipv4 5.2.3.4 min 8 max 32
RPKI ROA entry for 5.2.3.4/8-32
Origin-AS: 100 from 2.2.2.1, used
Table 13 Command output
|
Field |
Description |
|
Origin-AS |
ROA information: · AS number. · IP address of the RPKI server. · ROA state: ¡ used—The ROA is available. ¡ stale—The ROA is in aging state. |
display ttl-security statistics
Use display ttl-security statistics to display GTSM discarded packet statistics.
Syntax
display ttl-security statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays GTSM discarded packet statistics for all cards.
Examples
# Display statistics for packets discarded by GTSM on slot 1.
<Sysname> display ttl-security statistics slot 0
Slot 0
Protocol Drop Counters
BGP 56
BGP4+ 83
OSPF 15
OSPFv3 0
LDP 0
LDPv6 0
Table 14 Command output
|
Field |
Description |
|
Protocol |
Protocol name. Options include the following: · BGP. · BGP4+. · OSPF. · OSPFv3. · LDP. (This protocol is not supported in the current software version.) · LDPv6. (This protocol is not supported in the current software version.) |
|
Drop Counters |
Number of discarded packets for the protocol. |
Related commands
ospf ttl-security
peer ttl-security
reset ttl-security statistics
ttl-security
domain-distinguisher
Use domain-distinguisher to specify an AS number and a router ID for BGP LS messages.
Use undo domain-distinguisher to restore the default.
Syntax
domain-distinguisher as-number:router-id
undo domain-distinguisher
Default
The AS number and router ID of the current BGP process are used.
Views
BGP LS address family view
Predefined user roles
network-admin
Parameters
as-number:router-id: Specifies the AS number and router ID. The value range for the as-number argument is 1 to 4294967295, and the router ID is in IP address format.
Examples
# Set the AS number and router ID for BGP LS messages to 65009 and 1.1.1.1, respectively.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family link-state
[Sysname-bgp-default-ls] domain-distinguisher 65009:1.1.1.1
ebgp-interface-sensitive
Use ebgp-interface-sensitive to enable immediate re-establishment of direct EBGP sessions.
Use undo ebgp-interface-sensitive to disable immediate re-establishment of direct EBGP sessions.
ebgp-interface-sensitive
undo ebgp-interface-sensitive
Immediate re-establishment of direct EBGP sessions is enabled.
network-admin
When a direct link to an EBGP peer fails, BGP tears down the session and re-establishes a session to the peer immediately. If the feature is not enabled, the router does not tear down the session until the hold time expires. However, disabling this feature can prevent routing flaps from affecting EBGP session state.
This command applies only to direct EBGP sessions.
# Enable immediate re-establishment of direct EBGP sessions.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] ebgp-interface-sensitive
fast-reroute route-policy
Use fast-reroute route-policy to apply a routing policy to fast reroute (FRR) for a BGP address family.
Use undo fast-reroute route-policy to restore the default.
fast-reroute route-policy route-policy-name
undo fast-reroute route-policy
No routing policy is applied to FRR.
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
network-admin
route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
You can use the following methods to configure BGP FRR:
· Method 1—Execute the pic command in BGP address family view. BGP calculates a backup next hop for a BGP route in the address family if there are two or more unequal-cost routes to reach the destination.
· Method 2—Execute the fast-reroute route-policy command to use a routing policy in which a backup next hop is specified by using the command apply [ ipv6 ] fast-reroute backup-nexthop. For BGP to generate a backup next hop for the primary route, the backup next hop calculated by BGP must be the same as the specified backup next hop. You can also configure if-match clauses in the routing policy to identify the routes protected by FRR.
If both methods are configured, Method 2 takes precedence over Method 1.
# Apply routing policy frr-policy to FRR in BGP IPv4 unicast address family view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4
[Sysname-bgp-default-ipv4] fast-reroute route-policy frr-policy
apply fast-reroute
apply ipv6 fast-reroute
pic
route-policy
flush suboptimal-route
Use flush suboptimal-route to enable BGP to flush the suboptimal BGP route to the RIB.
Use undo flush suboptimal-route to disable BGP from flushing the suboptimal BGP route to the RIB.
flush suboptimal-route
undo flush suboptimal-route
BGP is disabled from flushing the suboptimal BGP route to the RIB. Only the optimal route is flushed to the RIB.
network-admin
This command flushes the suboptimal BGP route to the RIB when the following conditions are met:
· The optimal route is generated by the network command or is redistributed by the import-route command.
· The suboptimal route is received from a BGP peer.
After the suboptimal route is flushed to the RIB on a network, BGP immediately switches traffic to the suboptimal route when the optimal route fails.
For example, the device has a static route to the subnet 1.1.1.0/24 that has a higher priority than a BGP route. BGP redistributes the static route and receives a route to 1.1.1.0/24 from a peer. After the flush suboptimal-route command is executed, BGP flushes the received BGP route to the RIB as the suboptimal route. When the static route fails, BGP immediately switches traffic to the suboptimal route if inter-protocol FRR is enabled. For more information about inter-protocol FRR, see Layer 3—IP Routing Configuration Guide.
# Enable BGP to flush the suboptimal BGP route to the RIB.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] flush suboptimal-route
forwarding-conversational-learning
Use forwarding-conversational-learning to enable conversational remote host route learning.
Use undo forwarding-conversational-learning to disable conversational remote host route learning.
Syntax
forwarding-conversational-learning [ route-policy route-policy-name ]
undo forwarding-conversational-learning
Default
Conversational remote host route learning is disabled in BGP IPv4 and IPv6 address family views.
In BGP EVPN address family view, conversational remote host route learning is enabled.
Views
BGP IPv4 unicast address family view
BGP IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
route-policy route-policy-name: Issues only the remote host routes matching the specified routing policy to the FIB. The route-policy-name argument specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a routing policy or the specified routing policy does not exist, BGP issues all remote host routes to the FIB. The apply clauses in the specified routing policy do not take effect.
Usage guidelines
By default, BGP generates FIB entries for all host routes received from peers (remote host routes) and issues the routes to the FIB. To conserve device resources, execute this command in BGP IPv4/IPv6 unicast address family view to enable conversational remote host route learning. The command enables BGP to issue a remote host route to the FIB only if it is required for forwarding a packet.
When you execute this command in BGP IPv4/IPv6 unicast address family view, follow these restrictions and guidelines:
· This command takes effect only on remote host routes generated based on ARP or ND entries and does not take effect on local host routes and other BGP routes. Host routes generated based on ARP or ND entries carry a special mark advertised through the extended community attribute. Executing this command also enables BGP to advertise the extended community attribute to all peers and peer groups.
· This command takes effect only if you execute the ip forwarding-conversational-learning command.
· The device can perform conversational learning for a remote host route only if a local interface belongs to a network segment that contains the destination address of the host route.
Examples
# In BGP IPv4 unicast address family view, enable conversational remote host route learning and specify routing policy policy1 to match remote host routes.
<Sysname>system-view
[Sysname] bgp 200
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] forwarding-conversational-learning route-policy policy1
Related commands
ip forwarding-conversational-learning (EVPN Command Reference)
peer advertise-ext-community
graceful-restart
Use graceful-restart to enable BGP Graceful Restart (GR) capability.
Use undo graceful-restart to disable BGP GR capability.
graceful-restart
undo graceful-restart
BGP GR capability is disabled.
network-admin
GR ensures continuous forwarding when BGP restarts or an active/standby switchover occurs.
BGP peers exchange Open messages containing GR information. If both parties have GR capability, they establish a GR-capable session.
After you execute this command, the device re-establishes BGP sessions.
# Enable GR capability for BGP process 100.
[Sysname] bgp 100
[Sysname-bgp-default] graceful-restart
graceful-restart timer purge-time
graceful-restart timer restart
graceful-restart timer wait-for-rib
graceful-restart peer-reset
Use graceful-restart peer-reset to enable BGP to reset peer sessions gracefully.
Use undo graceful-restart peer-reset to disable BGP from resetting peer sessions gracefully.
Syntax
graceful-restart peer-reset [ all ]
undo graceful-restart peer-reset
Default
BGP does not reset peer sessions gracefully.
Views
BGP instance view
Predefined user roles
network-admin
Parameters
all: Enables BGP to reset peer sessions gracefully when the TCP connection goes down, the hold timer expires, or the address families supporting route exchange change. If you do not specify this keyword, BGP resets peer sessions gracefully only when the address families supporting route exchange change.
Usage guidelines
When the TCP connection goes down, the hold timer expires, or the address families supporting route exchange change, BGP tears down and then re-establishes the peer sessions, which will cause traffic interruption. To avoid traffic interruption in these cases, execute this command to enable BGP to reset peer sessions gracefully.
Examples
# Enable BGP to reset peer sessions gracefully.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] graceful-restart
[Sysname-bgp-default] graceful-restart peer-reset
Related commands
graceful-restart
graceful-restart timer purge-time
Use graceful-restart timer purge-time to set the Routing Information Base (RIB) purge timer.
Use undo graceful-restart timer purge-time to restore the default.
graceful-restart timer purge-time timer
undo graceful-restart timer purge-time
The RIB purge timer is 480 seconds.
network-admin
timer: Sets the RIB purge timer in the range of 1 to 6000 seconds.
BGP starts the RIB purge timer when an active/standby switchover occurs or BGP restarts. If BGP route exchange is not completed within the RIB purge timer, the GR restarter quits the GR process. It updates the RIB with the BGP routes already learned, and removes the stale routes from RIB.
Enable BGP GR before you execute this command.
Set the RIB purge timer to be long enough to complete GR, especially when large numbers of BGP routes exist.
As a best practice, set the RIB purge timer in the following way:
· Set the timer to be greater than the timer set by the graceful-restart timer wait-for-rib command
· Set the timer to be less than the timer set by the protocol lifetime command.
# Set the RIB purge timer to 300 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] graceful-restart
[Sysname-bgp-default] graceful-restart timer purge-time 300
graceful-restart
graceful-restart timer restart
graceful-restart timer wait-for-rib
protocol lifetime (Layer 3—IP Routing Command Reference)
graceful-restart timer restart
Use graceful-restart timer restart to configure the GR timer.
Use undo graceful-restart timer restart to restore the default.
graceful-restart timer restart timer
undo graceful-restart timer restart
The GR timer is 150 seconds.
network-admin
timer: Specifies the GR timer in the range of 3 to 600 seconds.
The GR restarter sends the GR timer to the GR helper in an Open message. When the GR helper detects that an active/standby switchover or a BGP restart occurred on the GR restarter, the GR helper performs the following operations:
1. Marks all routes learned from the GR restarter as stale.
2. Starts the GR timer.
3. If no BGP session is established before the GR timer expires, the GR helper removes the stale routes.
Before you configure this command, enable the BGP GR capability.
To apply a new GR timer, you must re-establish BGP sessions.
# Set the GR timer to 300 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] graceful-restart
[Sysname-bgp-default] graceful-restart timer restart 300
graceful-restart timer purge-time
graceful-restart timer wait-for-rib
graceful-restart timer wait-for-rib
Use graceful-restart timer wait-for-rib to configure the time to wait for the End-of-RIB marker.
Use undo graceful-restart timer wait-for-rib to restore the default.
graceful-restart timer wait-for-rib timer
undo graceful-restart timer wait-for-rib
The time to wait for the End-of-RIB marker is 600 seconds.
network-admin
timer: Specifies the time to wait for the End-of-RIB marker, in the range of 3 to 3600 seconds.
BGP uses this timer to control the time to receive updates from the peer. The timer is not advertised to the peer.
After the GR restarter and GR helper re-establish a BGP session, they start this timer. If they do not complete route exchange within the time period, the GR restarter does not receive new routes. It updates its routing table and forwarding table with learned BGP routes, and the GR helper removes the stale routes. Set a large value for the maximum time to wait for the End-of-RIB marker when a large number of routes exist.
This command controls the routing convergence speed. A smaller timer value means faster routing convergence but possibly results in incomplete routing information.
Before configuring this command, you must enable the BGP GR capability.
# Set the time to wait for the End-of-RIB marker on the local end to 100 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] graceful-restart
[Sysname-bgp-default] graceful-restart timer wait-for-rib 100
graceful-restart
graceful-restart timer purge-time
graceful-restart timer restart
ignore all-peers
Use ignore all-peers to disable BGP session establishment with all peers and peer groups.
Use undo ignore all-peers to restore the default.
Syntax
ignore all-peers [ graceful graceful-time { community { community-number | aa:nn } | local-preference preference | med med } * ]
undo ignore all-peers
Default
BGP can establish sessions to all peers and peer groups.
Views
BGP instance view
Predefined user roles
network-admin
Parameters
graceful graceful-time: Gracefully shuts down BGP sessions to all peers and peer groups in the specified graceful shutdown period of time. The value range for the graceful-time argument is 60 to 65535 seconds. If you set the value for this option to 0, the device does not shut down the sessions to peers and peer groups. If you do not specify this option, the command immediately shuts down the sessions to all peers and peer groups.
community { community-number | aa:nn }: Specifies the community attribute for routes advertised to all peers and peer groups. The community-number argument represents the community sequence number in the range of 1 to 4294967295. The aa:nn argument represents the community number. Both aa and nn are in the range of 0 to 65535. If you do not specify this option, the command does not change the community attribute for routes advertised to all peers and peer groups.
local-preference preference: Specifies the local preference for routes advertised to all peers and peer groups, in the range of 0 to 4294967295. A larger value represents a higher preference. If you do not specify this option, the command does not change the local preference for routes advertised to all peers and peer groups.
med med: Specifies the MED value for routes advertised to all peers and peer groups, in the range of 0 to 4294967295. The smaller the MED value, the higher the route priority. If you do not specify this option, the command does not change the MED value for routes advertised to all peers and peer groups.
Usage guidelines
|
|
CAUTION: Executing this command tears down all existing sessions to peers and peer groups and clears all related routing information. |
This command enables you to temporarily tear down the BGP sessions to all peers and peer groups. You can perform network upgrade and maintenance without needing to delete and reconfigure the peers and peer groups. To recover the sessions, execute the undo ignore all-peers command.
If you specify the graceful keyword in the ignore all-peers command, BGP performs the following tasks:
1. Starts the wait timer specified with the graceful keyword.
2. Advertises all routes to all peers and peer groups and changes the attribute for the advertised routes to the specified value.
3. Shuts down all sessions to peers and peer groups after the wait timer expires.
This configuration lowers the priority of the routes advertised by BGP and BGP peers can select other peers' routes as optimal routes, which avoids traffic interruption upon wait timer expiration or peer disconnection. To enable BGP to advertise low-priority routes without tearing down BGP sessions, you can set the value for the graceful graceful-time option to 0.
For a BGP peer or peer group, the configuration made by the peer ignore command takes precedence over the configuration made by the ignore all-peers command.
Examples
# In BGP instance view, configure BGP to gracefully shut down the sessions to all peers and peer groups in 60 seconds, advertise all routes to all peers and peer groups, and change the community attribute and local preference for the advertised routes to 1:1 and 200, respectively.
<Sysname> system-view
[Sysname] bgp 1
[Sysname-bgp-default] ignore all-peers graceful 60 community 1:1 local-preference 200
Related commands
peer ignore
isolate enable
Use isolate enable to enable BGP isolation.
Use undo isolate enable to restore the default.
Syntax
isolate enable
undo isolate enable
Default
BGP isolation is disabled.
Views
BGP instance view
Predefined user roles
network-admin
Usage guidelines
To maintain a BGP network device, you can use BGP isolation to remove the device from the network. This feature reduces configuration workload and impact on the network by retaining the device configuration during the maintenance. After maintenance, you can disable BGP isolation to add the device back to the network.
BGP isolation works as follows:
1. BGP withdraws all routes advertised by the device except for the direct routes.
2. BGP keeps all routes learned from its peers.
3. Each peer of the device reselects an optimal route and updates the FIB table. During optimal route selection, the peers can still use the routes advertised by the device to forward traffic.
4. After an optimal route is selected and the FIB table is updated, the peers stop forwarding packets except for those destined for the device to the device. The device is fully isolated from the network and you can upgrade it.
5. After the maintenance, disable BGP isolation on the device to gracefully add it back to the network. After returning to the network, the device advertises and learns routes as follows:
¡ Advertises routes to its peers.
¡ Learns routes if BGP was reset during the isolation.
To avoid isolation failure, do not use this feature when GR or NSR is enabled for the device.
Examples
# Isolate the device from the network in BGP instance view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] isolate enable
label-allocation-mode
Use label-allocation-mode to specify a label allocation mode.
Use undo label-allocation-mode to restore the default.
label-allocation-mode { per-prefix | per-vrf }
undo label-allocation-mode
BGP allocates labels on a per-next-hop basis.
network-admin
per-prefix: Allocates a label to each route prefix.
per-vrf: Allocates a label to each VPN instance.
Usage guidelines
|
|
CAUTION: A change to the label allocation mode enables BGP to re-advertise all routes, which will cause temporary service interruption. Use this command with caution. |
BGP supports the following label allocation modes:
· Per-prefix—Allocates a label to each route prefix.
· Per-next-hop—Allocates a label to each next hop. This mode is applicable when the number of labels required by the per-prefix mode exceeds the maximum number of labels supported by the device.
· Per-VPN-instance—Allocates a label to each VPN instance. This mode is applicable when the number of labels required by the per-next-hop mode exceeds the maximum number of labels supported by the device.
When you specify the per-prefix or per-next-hop label allocation mode, you can execute the vpn popgo command to specify the POPGO forwarding mode on an egress PE. The egress PE will pop the label for each packet and forward the packet out of the interface corresponding to the label.
When you specify the per-VPN instance label allocation mode, do not execute the vpn popgo command because it is mutually exclusive with the label-allocation-mode per-vrf command. The egress PE will pop the label for each packet and forward the packet through the FIB table.
# Specify the per-prefix label allocation mode.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] label-allocation-mode per-prefix
labeled-route ignore-no-tunnel
Use labeled-route ignore-no-tunnel to disable optimal route selection for labeled routes without tunnel information.
Use undo labeled-route ignore-no-tunnel to restore the default.
labeled-route ignore-no-tunnel
undo labeled-route ignore-no-tunnel
Labeled routes without tunnel information can participate in optimal route selection.
network-admin
# Disable optimal route selection for labeled routes without tunnel information.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] labeled-route ignore-no-tunnel
nexthop recursive-lookup delay
Use nexthop recursive-lookup delay to set the delay time for responding to recursive next hop changes.
Use undo nexthop recursive-lookup delay to disable BGP from delaying responding to recursive next hop changes.
Syntax
nexthop recursive-lookup [ non-critical-event ] delay [ delay-value ]
undo nexthop recursive-lookup [ non-critical-event ] delay
Default
BGP responds to recursive next hop changes immediately.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP-VPN VPNv4 address family view
BGP IPv6 unicast address family view
BGP LS address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
BGP L2VPN address family view
BGP EVPN address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
Predefined user roles
network-admin
Parameters
non-critical-event: Delays responding to noncritical next hop changes. If you do not specify this keyword, BGP delays responding to both critical and noncritical next hop changes.
Next hop changes include the following types:
· Critical route recursion changes—Changes that cause route unreachability and service interruption. For example, a BGP route cannot find a recursive next hop or tunnel because of network failures.
· Noncritical route recursion changes—A recursive or related route changes but the change will not cause route unreachability or service interruption. For example, the recursive interface or tunnel of a BGP route changes but traffic forwarding is not affected.
delay-value: Specifies a delay time in the range of 1 to 240 seconds. The default delay time is 5 seconds.
Usage guidelines
When recursive or related routes change frequently, configure this command to reduce unnecessary path selection and update messages and prevent traffic loss.
To avoid traffic loss, do not configure this command if only one route is available to a specific destination.
Set an appropriate delay time based on your network condition. A short delay time cannot reduce unnecessary path selection or update messages, and a long delay time might cause traffic loss.
When you configure both the nexthop recursive-lookup delay and nexthop recursive-lookup non-critical-event delay commands for an address family, follow these guidelines:
· BGP delays responding to both critical and noncritical next hop changes in the address family.
· For noncritical next hop changes, the delay time specified by the nexthop recursive-lookup non-critical-event delay command takes effect.
If you execute the nexthop recursive-lookup delay command multiple times, the most recent configuration takes effect.
If you execute the nexthop recursive-lookup non-critical-event delay command multiple times, the most recent configuration takes effect.
Examples
# In BGP IPv4 unicast address family view, set the delay time for responding to recursive next hop changes to 100 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] nexthop recursive-lookup delay 100
nexthop recursive-lookup longest-match
Use nexthop recursive-lookup longest-match to specify the longest match principle for BGP next hop recursion.
Use undo nexthop recursive-lookup longest-match to restore the default.
Syntax
nexthop recursive-lookup longest-match [ route-policy route-policy-name ]
undo nexthop recursive-lookup longest-match
Default
By default, BGP first looks up in its directly connected routes for a recursive route during a route recursion. If no matching routes exist, BGP will look up in routes generated by all routing protocols based on the longest match principle.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
The default method for next hop recursion might cause packet forwarding failure. The device considers the next hop of a received BGP route as directly connected when the next hop belongs to the same subnet as a direct route. As a result, packet forwarding failure will occur when the device uses this BGP route to forward matching packets.
To resolve this issue, you can use this feature to ensure the recursive route is reachable. BGP will directly look up in routes generated by all routing protocols and select a matching route based on the longest match principle.
The nexthop recursive-lookup longest-match command applies to all BGP routes received from peers in one of the following scenarios:
· The route-policy route-policy-name option is not specified.
· The specified routing policy does not exist.
Examples
# Specify the longest match principle to iterate routes that pass routing policy policy1 in BGP IPv4 unicast address family view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] nexthop recursive-lookup longest-match route-policy policy1
nexthop recursive-lookup route-policy
Use nexthop recursive-lookup route-policy to enable routing policy-based nexthop recursion.
Use undo nexthop recursive-lookup route-policy to restore the default.
Syntax
nexthop recursive-lookup route-policy route-policy-name
undo nexthop recursive-lookup route-policy
Default
BGP does not perform routing policy-based nexthop recursion for routes.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP-VPN VPNv4 address family view
BGP IPv6 unicast address family view
BGP LS address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
BGP EVPN address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
Predefined user roles
network-admin
Parameters
route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
|
|
CAUTION: Before executing this command, make sure that BGP routes can be iterated to the desired paths under the constraints of the specified routing policy. If the recursion results of a BGP route are all filtered out by the specified routing policy, BGP considers the route unreachable. |
Application scenarios
When BGP performs nexthop recursion for a route without any constraints, the route might be iterated to an incorrect traffic forwarding path. To resolve this issue, use this command to enable routing policy-based nexthop recursion. BGP can then iterate routes to the desired forwarding paths under the constraints of the specified routing policy.
Operating mechanism
With this command executed, a BGP route can take effect only when some of its nexthop recursion results can match a permit node of the specified routing policy. If the recursion results of a route are all filtered out by the specified routing policy, the route is considered unreachable and cannot take effect.
Restrictions and guidelines
· Before executing this command for an address family, perform the following task:
a. Determine the routes to which that the BGP routes in that address family can be iterated.
b. Configure a routing policy that contains the desired match criteria.
· After you execute this command for an address family, BGP reperforms next hop recursion for the routes in that address family.
· If the routing policy specified in this command does not exist, this command does not take effect. It will take effect immediately after you create the specified routing policy.
· This command does not take effect on the routes learned from directly-connected EBGP peers.
· This command does not take effect on the routes learned from the specified peer or peer group when you configure this command together with the peer nexthop-recursive-policy disable command.
· When you execute the nexthop recursive-lookup route-policy command and the protocol nexthop recursive-lookup command, follow these restrictions and guidelines:
¡ If the following conditions exist, only the nexthop recursive-lookup route-policy command takes effect on the routes in a BGP address family:
- You execute the nexthop recursive-lookup route-policy command in the view of the BGP address family.
- You execute the protocol nexthop recursive-lookup command in RIB IPv4 or IPv6 address family view.
¡ If the following conditions exist, BGP performs nexthop recursion for the routes in a BGP address family according to the configuration of the protocol nexthop recursive-lookup command in RIB IPv4 or IPv6 address family view:
- You do not execute the nexthop recursive-lookup route-policy command in the view of the BGP address family.
- You execute the protocol nexthop recursive-lookup command in RIB IPv4 or IPv6 address family view.
Examples
# In BGP IPv4 unicast address family view, specify routing policy test-policy to filter the nexthop recursion results of public BGP IPv4 unicast routes.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv6] nexthop recursive-lookup route-policy test-policy
Related commands
peer nexthop-recursive-policy disable
protocol nexthop recursive-lookup (Layer 3—IP Routing Command Reference)
non-stop-routing
Use non-stop-routing to enable BGP nonstop routing (NSR).
Use undo non-stop-routing to disable BGP NSR.
non-stop-routing
undo non-stop-routing
BGP NSR is disabled.
network-admin
BGP NSR ensures continuous routing by synchronizing BGP state and data information from the active BGP process to the standby BGP process. The standby BGP process can seamlessly take over all services when the active process fails.
# Enable BGP NSR.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] non-stop-routing
display bgp non-stop-routing status
passwords
Use passwords to set the MD5 authentication password.
Use undo passwords to restore the default.
Syntax
passwords { cipher | simple } string
undo passwords
Default
The MD5 authentication password is not set.
Views
BGP RPKI server view
Predefined user roles
network-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.
Usage guidelines
This command can enhance security in the following ways:
· Perform MD5 authentication when establishing TCP connections. Only the two parties that have the same password configured can establish TCP connections.
· Perform MD5 calculation on the packets transmitted over the TCP connections to avoid packet modification.
Examples
# In BGP RPKI server view, set the MD5 authentication password.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] server tcp 1.1.1.1
[Sysname-bgp-default-rpki-server] passwords simple 123456
peer additional-paths
Use peer additional-paths to configure the BGP Additional Paths capabilities.
Use undo peer additional-paths to remove the configuration.
Syntax
In BGP-VPN VPNv4 address family view/BGP VPNv6 address family view:
peer { group-name | ipv4-address [ mask-length ] } additional-paths { receive | send } *
undo peer { group-name | ipv4-address [ mask-length ] } additional-paths { receive | send } *
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view/BGP EVPN address family view:
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } additional-paths { receive | send } *
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } additional-paths { receive | send } *
Default
No BGP Additional Paths capabilities are configured.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP-VPN VPNv4 address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
BGP EVPN address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command configures the BGP Additional Paths capabilities for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command configures the BGP Additional Paths capabilities for all dynamic peers in the subnet.
receive: Enables the BGP additional path receiving capability.
send: Enables the BGP additional path sending capability.
Usage guidelines
You can enable the BGP additional path sending, receiving, or both sending and receiving capabilities on a BGP router. For two BGP peers to successfully negotiate the Additional Paths capabilities, make sure one end has the sending capability and the other end has the receiving capability.
Examples
# In BGP IPv4 unicast address family view, enable the BGP additional path receiving capability.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] peer 1.1.1.1 additional-paths receive
peer advertise additional-paths best
Use peer advertise additional-paths best to set the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group.
Use undo peer advertise additional-paths best to remove the configuration.
Syntax
In BGP-VPN VPNv4 address family view/BGP VPNv6 address family view:
peer { group-name | ipv4-address [ mask-length ] } advertise additional-paths best number
undo peer { group-name | ipv4-address [ mask-length ] } advertise additional-paths best
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view/BGP EVPN address family view:
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise additional-paths best number
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise additional-paths best
Default
A maximum of one Add-Path optimal route can be advertised to a peer or peer group.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP-VPN VPNv4 address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
BGP EVPN address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command sets the maximum number of Add-Path optimal routes that can be advertised to all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command sets the maximum number of Add-Path optimal routes that can be advertised to all dynamic peers in the subnet.
number: Specifies the maximum number of Add-Path optimal routes that can be advertised to a peer or peer group, in the range of 2 to 64.
Usage guidelines
If the number of Add-Path optimal routes advertised to a peer or peer group exceeds the number of optimal routes, the number of optimal routes takes effect.
Examples
# In BGP IPv4 unicast address family view, set the maximum number to 3 for Add-Path optimal routes that can be advertised to peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] peer 1.1.1.1 advertise additional-paths best 3
Related commands
additional-paths select-best
peer additional-paths
peer advertise origin-as-validation
Use peer advertise origin-as-validation to configure BGP to advertise the BGP RPKI validation state to a peer or peer group.
Use undo peer advertise origin-as-validation to restore the default.
Syntax
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise origin-as-validation
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } advertise origin-as-validation
In BGP VPNv4 address family view/BGP VPNv6 address family view:
peer { group-name | ipv4-address [ mask-length ] } advertise origin-as-validation
undo peer { group-name | ipv4-address [ mask-length ] } advertise origin-as-validation
Default
BGP does not advertise the BGP RPKI validation state to any peer or peer groups.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv4 address family view
BGP VPNv6 address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
Usage guidelines
BGP advertises the BGP RPKI validation state to a peer or peer group through the extended community attribute. To configure this command, you must first enable BGP to advertise the extended community attribute to the peer or peer group.
In the current software version, BGP can advertise the BGP RPKI validation state only to IBGP peers and peer groups.
Examples
# In BGP IPv4 unicast address family view, configure BGP to advertise the BGP RPKI validation state to peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] peer test advertise-ext-community
[Sysname-bgp-default-ipv4] peer test advertise origin-as-validation
peer bfd
Use peer bfd to enable BFD for the link to a BGP peer or peer group.
Use undo peer bfd to remove the configuration.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bfd [ echo | multi-hop | single-hop ]
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bfd
BFD is disabled for the link to a BGP peer or peer group.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables BFD for links to all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables BFD for links to all dynamic peers in the subnet.
echo: Specifies the echo packet mode for BFD.
multi-hop: Specifies the control packet mode for multi-hop BFD.
single-hop: Specifies the control packet mode for single-hop BFD.
When you do not specify the multi-hop, single-hop, or echo keyword:
· If an IBGP peer or peer group is specified, this command enables multi-hop BFD in control packet mode for the IBGP peer or peer group.
· If a directly connected EBGP peer or peer group is specified and the peer ebgp-max-hop command is not configured, this command enables single-hop BFD in control packet mode for the EBGP peer or peer group. If the EBGP peer or peer group is not directly connected or the peer ebgp-max-hop command is configured, this command enables multi-hop BFD in control packet mode for the EBGP peer or peer group.
Follow these restrictions and guidelines when you configure echo packet mode BFD:
· Echo packet mode BFD is applicable only to directly connected BGP peers.
· Echo packet mode BFD is not applicable to BGP peers established by using loopback interfaces.
· For successful BFD session establishment, make sure a source address has been specified for echo packets by using the bfd echo-source-ip or bfd echo-source-ipv6 command.
To detect the link to a BGP peer established through link-local addresses, you must configure single-hop BFD in control packet mode.
To establish a control packet mode BFD session to a BGP peer, you must configure the same BFD detection mode (multi-hop or single-hop) on the local router and the BGP peer.
For more information about BFD, see BFD configuration in High Availability Configuration Guide.
BFD helps speed up BGP routing convergence upon link failures. However, if you have enabled GR, use BFD with caution. BFD might detect a failure before the system performs GR, resulting in GR failure. If you have enabled both BFD and GR for BGP, do not disable BFD during a GR process to avoid GR failure.
# In BGP instance view, enable control packet mode single-hop BFD for the link to BGP peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer test bfd single-hop
bfd echo-source-ip (High Availability Command Reference)
bfd echo-source-ipv6 (High Availability Command Reference)
display bgp peer
display bfd session (High Availability Command Reference)
peer bfd parameters
Use peer bfd parameters to configure BFD parameters for the specified BGP peer or peer group.
Use undo peer bfd parameters to restore the default.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bfd parameters { detect-multiplier detect-multiplier | min-receive-interval min-receive-interval | min-transmit-interval min-transmit-interval } *
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bfd parameters { detect-multiplier | min-receive-interval | min-transmit-interval } *
Default
No BFD parameters are configured for a BGP peer or peer group.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command takes effect on all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command takes effect on all dynamic peers in the subnet.
detect-multiplier detect-multiplier: Specifies the detection time multiplier. The value range for the detect-multiplier argument is 3 to 50 and the default value is 5.
min-receive-interval min-receive-interval: Specifies the minimum interval for receiving BFD control packets, in milliseconds. The value range for the min-receive-interval argument is 10 to 10000 and the default value is 1000.
min-transmit-interval min-transmit-interval: Specifies the minimum interval for transmitting BFD control packets, in milliseconds. The value range for the min-transmit-interval argument is 10 to 10000 and the default value is 1000.
Usage guidelines
When you configure BFD parameters for a BGP peer or peer group, follow these restrictions and guidelines:
· When you add a peer to a peer group, the peer will inherit the BFD settings of the peer group.
· When you configure BFD parameters for a peer group, the configuration takes effect on all peers in the peer group.
· If you configure a BFD parameter multiple times for a peer or peer group, the most recent configuration takes effect.
· For a peer, the most recent configuration of a BFD parameter takes effect regardless of the configuration source.
Examples
# Configure BFD parameters for peer 2.2.2.9.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 2.2.2.9 bfd parameters min-transmit-interval 100 min-receive-interval 100 detect-multiplier 5
Related commands
display bfd session (High Availability Command Reference)
display bgp peer
peer bfd
peer bmp server
Use peer bmp server to specify a peer or peer group to be monitored by the specified BMP servers.
Use undo peer bmp server to remove the configuration.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bmp server server-number-list
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } bmp server
Default
No peer or peer group is specified.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
server-number-list: Specifies a list of up to 8 BMP servers. The value range for the BMP server number is 1 to 8. The BMP servers must have been created.
Usage guidelines
If you execute this command multiple times for a peer or peer group, the most recent configuration takes effect.
Examples
# In BGP instance view, configure BMP server 1 to monitor peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 bmp server 1
Related commands
bmp server
peer capability-advertise conventional
Use peer capability-advertise conventional to disable the BGP multi-protocol extension, route refresh, and 4-byte AS number features for a peer or peer group.
Use undo peer capability-advertise conventional to enable the BGP multi-protocol extension, route refresh, and 4-byte AS number features for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise conventional
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise conventional
The BGP multi-protocol extension, route refresh, and 4-byte AS number features are enabled.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command disables BGP multi-protocol extension and route refresh for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command disables BGP multi-protocol extension and route refresh for all dynamic peers in the subnet.
The route refresh feature enables BGP to send and receive Route-refresh messages and implement BGP session soft-reset.
The multi-protocol extension feature enables BGP to advertise and receive routing information for various protocols (for example, IPv6 routing information).
The 4-byte AS number feature enables BGP to use 4-byte AS numbers in the range of 1 to 4294967295.
If both the peer capability-advertise conventional and peer capability-advertise route-refresh commands are executed, the most recent configuration takes effect.
# In BGP instance view, disable the multi-protocol extension, route refresh, and 4-byte AS number features for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 100
[Sysname-bgp-default] peer 1.1.1.1 capability-advertise conventional
display bgp peer
peer capability-advertise route-refresh
peer capability-advertise graceful-restart
Use peer capability-advertise graceful-restart to enable the capability of GR negotiation with a peer.
Use undo peer capability-advertise graceful-restart to disable the capability of GR negotiation with a peer.
Syntax
peer { group-name | ipv4-address | ipv6-address } capability-advertise graceful-restart
undo peer { group-name | ipv4-address | ipv6-address } capability-advertise graceful-restart
Default
The GR negotiation capability is disabled.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created. This command does not take effect on the dynamic peers and the peers established through link-local addresses in the specified peer group.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
Usage guidelines
Application scenarios
The graceful-restart command globally enables the BGP GR capability for a BGP instance. The BGP instance can establishes GR-capable sessions to all peers. However, enabling the BGP GR capability globally will terminate and re-establish all BGP sessions and thus cause unnecessary traffic interruption. To avoid this issue, use the peer capability-advertise graceful-restart command to enable the capability of BGP GR negotiation with only desired peers.
Operating mechanism
After you configure this command, the local device re-establishes the session to the specified peer and performs GR capability negotiation with the peer through Open messages. If both the local device and the peer have GR capability, they can establish a GR-capable session. When an end of the session restarts BGP, the other end can ensure continuous data forwarding.
Restrictions and guidelines
· The local device can negotiate GR capability with a peer successfully when the GR negotiation capability is enabled globally or only for the peer on the local device.
· If the local device starts BGP GR through the configuration of the peer capability-advertise graceful-restart command, enable or disable the global GR capability with caution. This operation will terminate the current BGP GR process and re-establish BGP sessions.
· If the local device starts BGP GR through the configuration of the graceful-restart command, use the peer capability-advertise graceful-restart command with caution. This command will terminate the BGP GR process associated with the local device and the specified peer and re-establish the session between the two peers.
· If you use this command to enable the capability of GR negotiation with a peer, the time settings used by the GR process that involves the local device and the peer depend on the following commands:
¡ peer graceful-restart timer restart
¡ peer graceful-restart timer wait-for-rib
¡ graceful-restart timer purge-time
¡ peer graceful-restart timer restart extra
You can enable the GR negotiation capability globally and for a single peer on the local device at the same time. The GR time settings configured for the peer take precedence over the global GR time settings.
Examples
# In BGP instance 100, enable the capability of GR negotiation with peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 capability-advertise graceful-restart
Related commands
graceful-restart
graceful-restart timer purge-time
peer graceful-restart timer restart
peer graceful-restart timer restart extra
peer graceful-restart timer wait-for-rib
peer capability-advertise orf non-standard
Use peer capability-advertise orf non-standard to enable nonstandard ORF capabilities negotiation for a peer or peer group.
Use undo peer capability-advertise orf non-standard to disable nonstandard ORF capabilities negotiation for a peer or peer group.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf non-standard
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf non-standard
Default
Nonstandard ORF capabilities negotiation is disabled for a peer or peer group.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ip-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP to negotiate nonstandard ORF capabilities with all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP to negotiate nonstandard ORF capabilities with all dynamic peers in the subnet.
Usage guidelines
To enable BGP peers to negotiate nonstandard ORF capabilities, you must configure this command together with the peer capability-advertise orf prefix-list command.
Examples
# Enable nonstandard ORF capabilities negotiation for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 capability-advertise orf non-standard
Related commands
peer capability-advertise orf prefix-list
peer capability-advertise orf prefix-list
Use peer capability-advertise orf prefix-list to enable BGP ORF capabilities negotiation for a peer or peer group.
Use undo peer capability-advertise orf prefix-list to disable BGP ORF capabilities negotiation for a peer or peer group.
Syntax
In BGP VPNv4 address family view/BGP VPNv6 address family view/BGP IPv4 multicast address family view:
peer { group-name | ipv4-address [ mask-length ] } capability-advertise orf prefix-list { both | receive | send }
undo peer { group-name | ipv4-address [ mask-length ] } capability-advertise orf prefix-list { both | receive | send }
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }
In BGP IPv6 multicast address family view:
peer { group-name | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }
undo peer { group-name | ipv6-address [ prefix-length ] } capability-advertise orf prefix-list { both | receive | send }
Default
BGP ORF capabilities are disabled.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
both: Enables BGP to send and receive route fresh messages that carry the ORF information.
receive: Enables BGP to receive route fresh messages that carry the ORF information.
send: Enables BGP to send route fresh messages that carry the ORF information.
Usage guidelines
After you configure this command, the BGP peers negotiate the ORF capabilities through Open messages. After completing the negotiation process, the BGP peers can exchange ORF information through route refresh messages. To enable the peers to exchange nonstandard ORF information, you must also configure the peer capability-advertise orf non-standard command.
Examples
# Enables BGP ORF capabilities negotiation for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4
[Sysname-bgp-default-ipv4] peer 1.1.1.1 capability-advertise orf prefix-list both
Related commands
peer capability-advertise orf non-standard
peer capability-advertise route-refresh
Use peer capability-advertise route-refresh to enable BGP route refresh for a peer or peer group.
Use undo peer capability-advertise route-refresh to disable BGP route refresh for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise route-refresh
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise route-refresh
BGP route refresh is enabled.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP route refresh for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables BGP route refresh for all dynamic peers in the subnet.
The route refresh feature enables BGP to send and receive Route-refresh messages.
BGP uses the route refresh feature to implement BGP session soft-reset. After a policy is modified, the router advertises a Route-refresh message to the peers. The peers resend their routing information to the router. After receiving the routing information, the router filters the routing information by using the new policy. This method allows you to refresh the BGP routing table and apply the new route selection policy without tearing down BGP sessions.
BGP route refresh requires that both the local router and the peer support route refresh.
If both the peer capability-advertise route-refresh and peer capability-advertise conventional commands are executed, the most recent configuration takes effect.
# In BGP instance view, enable BGP route refresh for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 100
[Sysname-bgp-default] peer 1.1.1.1 capability-advertise route-refresh
display bgp peer
peer capability-advertise conventional
peer keep-all-routes
refresh bgp
peer capability-advertise suppress-4-byte-as
Use peer capability-advertise suppress-4-byte-as to enable 4-byte AS number suppression.
Use undo peer capability-advertise suppress-4-byte-as to disable 4-byte AS number suppression.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise suppress-4-byte-as
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise suppress-4-byte-as
The 4-byte AS number suppression feature is disabled.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables 4-byte AS number suppression for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables 4-byte AS number suppression for all dynamic peers in the subnet.
|
|
CAUTION: If the peer device supports 4-byte AS numbers, do not enable the 4-byte AS number suppression feature. If this feature is enabled, the BGP session cannot be established. |
BGP supports 4-byte AS numbers. The 4-byte AS number occupies four bytes, in the range of 1 to 4294967295. By default, a device sends an Open message to the peer device for session establishment. The Open message indicates that the device supports 4-byte AS numbers. If the peer device supports 2-byte AS numbers instead of 4-byte AS numbers, the session cannot be established. To resolve this issue, enable the 4-byte AS number suppression feature. The device then sends an Open message to inform the peer that it does not support 4-byte AS numbers, so the BGP session can be established.
# In BGP instance view, enable 4-byte AS number suppression for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 100
[Sysname-bgp-default] peer 1.1.1.1 capability-advertise suppress-4-byte-as
display bgp peer
peer capability-advertise withdraw-refresh
Use peer capability-advertise withdraw-refresh to enable BGP to exchange withdrawal ROUTE-REFRESH messages with a peer or peer group.
Use undo peer capability-advertise withdraw-refresh to disable BGP from exchanging withdrawal ROUTE-REFRESH messages with a peer or peer group.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise withdraw-refresh
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } capability-advertise withdraw-refresh
Default
BGP cannot exchange withdrawal ROUTE-REFRESH messages with any peer or peer group.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command takes effect on all dynamic peers in the network.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command takes effect on all dynamic peers in the subnet.
Usage guidelines
Application scenarios
This command is applicable to multi-level BGP networking scenarios.
When all uplinks of an upstream device fail and the device cannot complete route convergence in time, the device might also fail to send route withdrawal messages to downstream devices in time. At this time, those downstream devices still forward some user traffic to the upstream device, resulting in traffic forwarding failure.
To avoid this issue, enable the upstream device to exchange withdrawal ROUTE-REFRESH messages with downstream devices. When all uplinks of the upstream device fail, it sends withdrawal ROUTE-REFRESH messages to the downstream devices. On receipt of the withdrawal ROUTE-REFRESH messages, the downstream devices immediately perform route switchover and forward traffic to another upstream device with normal uplinks.
Operating mechanism
After this command is executed on an upstream device, the upstream device performs the following operations:
1. Terminates and re-establishes the BGP session to the specified downstream device.
2. Exchanges OPEN messages with the downstream device to negotiate the capability of exchanging withdrawal ROUTE-REFRESH messages.
To ensure successful negotiation, you must configure this command at both ends of the BGP session, specifying the other end.
With the withdrawal ROUTE-REFRESH capability negotiated successfully, if the upstream device is disconnected from all peers in the same AS, it sends a withdrawal ROUTE-REFRESH message to the downstream device. The sent message carries the AS number from which the upstream device is disconnected.
After receiving the withdrawal ROUTE-REFRESH message, the downstream device performs the following operations:
1. Searches in all BGP routes received from the upstream BGP device for routes whose NEXT_HOP attributes contain the AS number (for example, AS 10) carried by the withdrawal ROUTE-REFRESH message.
To view the NEXT_HOP attribute of a BGP route, see the AS-path field in the output of the display rib nib or display ipv6 rib nib command.
2. Marks the IP routes corresponding to routes whose NEXT_HOP attributes contain AS 10 as backup routes.
The downstream device no longer uses these routes for traffic forwarding, achieving fast route switchover.
After receiving a withdrawal ROUTE-REFRESH message, the device forwards the message to its peers as follows:
· If the message is received from an IBGP peer, the device forwards the message only to EBGP peers.
· If the message is received from an EBGP peer, the device replaces the original AS number of the message with its own AS number and forwards the message to IBGP peers.
You can use this command in conjunction with the peer tracking command on an upstream device. The peer tracking command enables the upstream device to fast detect status of the specified BGP peer session. When the related peer is unreachable, the local device immediately terminates the BGP peer session in time and sends withdrawal ROUTE-REFRESH messages to downstream devices. Collaboration of the two commands expedites forwarding path convergence upon uplink failures.
Restrictions and guidelines
Execute this command with caution, because this operation will terminate and re-establish the BGP session between the local device and the specified peer.
Examples
# In BGP instance view, enable BGP to exchange withdrawal ROUTE-REFRESH messages with peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 capability-advertise withdraw-refresh
Related commands
display ipv6 rib nib (Layer 3—IP Routing Command Reference)
display rib nib (Layer 3—IP Routing Command Reference)
peer tracking
peer dscp
Use peer dscp to set a DSCP value for outgoing BGP packets.
Use undo peer dscp to remove the configuration.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } dscp dscp-value
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } dscp
The DSCP value for outgoing BGP packets is 48.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies a DSCP value for outgoing BGP packets to all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies a DSCP value for outgoing BGP packets to all dynamic peers in the subnet.
dscp-value: Specifies a DSCP value in the range of 0 to 63.
The DSCP value of an IP packet specifies the priority level of the packet and affects the transmission priority of the packet. A larger DSCP value represents a higher priority.
# In BGP instance view, set the DSCP value to 10 for outgoing BGP packets to peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer test dscp 10
peer flap-dampen
Use peer flap-dampen to configure flap dampening for a peer or peer group.
Use undo peer flap-dampen to disable flap dampening for a peer or peer group.
Syntax
peer { group-name | ipv4-address | ipv6-address } flap-dampen [ max-idle-time max-time | min-established-time min-time ]*
undo peer { group-name | ipv4-address | ipv6-address } flap-dampen
Default
Flap dampening is disabled for all peers and peer groups.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
max-time: Specifies the maximum time during which a BGP peer remains in idle state. The value range for this argument is 1 to 65536 seconds, and the default value is 1800 seconds.
min-time: Specifies the minimum time during which a BGP peer remains in Established state so as to exit the dampened state. The value range for this argument is 1 to 4294967295 seconds, and the default value is 600 seconds.
Usage guidelines
Execute this command to dampen a BGP peer when the peer state frequently changes between up and down. BGP increases the idle time of the peer each time the peer comes up until the maximum idle time is reached. To exit the dampened state, the peer must remain in Established state for a time period longer than the minimum established time. After the peer exits the dampened state, BGP resets the idle time of the peer when the peer comes up again.
Set a maximum idle time and a minimum established time based on your network condition.
Examples
# In BGP instance view, enable flap dampening for peer group test, and set the maximum idle time and minimum established time to 800 seconds and 2000 seconds, respectively.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer test flap-dampen max-idle-time 800 min-established-time 2000
peer graceful-restart timer restart
Use peer graceful-restart timer restart to set the GR timer for a peer.
Use undo peer graceful-restart timer restart to restore the default.
Syntax
peer { group-name | ipv4-address | ipv6-address } graceful-restart timer restart time-value
undo peer { group-name | ipv4-address | ipv6-address } graceful-restart timer restart
Default
The GR timer is 150 seconds for peers.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created. This command does not take effect on the dynamic peers and the peers established through link-local addresses in the specified peer group.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
time-value: Specifies the GR timer in the range of 3 to 3600 seconds.
Usage guidelines
Application scenarios
Configure this command on the GR restarter to set a GR timer for the GR helper. The GR restarter then advertises the configured GR timer to the GR helper. If the GR restarter starts a BGP GR process, the GR helper will use the GR timer.
Operating mechanism
After you use the peer capability-advertise graceful-restart command to enable the capability of GR negotiation with a peer, the local device sends the configured GR timer to the peer upon GR capability negotiation. When the local device initiates a GR process, the peer acts as the GR helper and marks all BGP routes learned from the local device as stale. If the local device and the peer do not establish a BGP session before both the GR timer and the extra timer to wait expire, the peer removes the stale routes and reselects optimal routes. If the local device and the peer establish a BGP session timely, they start to exchange BGP routes. To configrue the extra timer to wait for BGP session re-establishment, use the peer graceful-restart timer restart extra command.
Restrictions and guidelines
This command takes effect only on the peers for which the GR negotiation capability is enabled through the peer capability-advertise graceful-restart command.
Using this command will terminate and re-establish the session between the local device and the specified peer.
If you execute this command multiple times for a peer or peer group, the most recent configuration takes effect.
Examples
# In BGP instance 100, set the GR timer to 3000 seconds for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 graceful-restart timer restart 3000
Related commands
peer capability-advertise graceful-restart
peer graceful-restart timer restart extra
Use peer graceful-restart timer restart extra to set the extra time to wait after the restart timer expires.
Use undo peer graceful-restart timer restart extra to restore the default.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } graceful-restart timer restart extra { time | no-limit }
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } graceful-restart timer restart extra
Default
The extra time to wait after the restart timer expires is 0 seconds.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
time: Specifies the extra time to wait after the restart timer expires, in the range of 0 to 16777215 seconds.
no-limit: Sets an unlimited time to wait for BGP session re-establishment.
Usage guidelines
After the active/standby switchover or BGP restart completes, the GR helper marks the routes it learned from the GR restarter as stale routes. If the GR helper fails to establish a BGP session after both the GR timer and the extra timer to wait expire, the GR helper removes the stale routes.
If you specify the no-limit keyword, the GR helper does not start the End-Of-RIB marker wait timer after BGP peer session re-establishment. Instead, it keeps waiting for the End-Of-RIB marker sent from the peer.
Examples
# Set the extra time to wait after the restart timer expires to 100 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 10.1.100.2 graceful-restart timer restart extra 100
Related commands
graceful-restart timer restart
peer graceful-restart timer wait-for-rib
Use peer graceful-restart timer wait-for-rib to configure the maximum time to wait for the End-of-RIB marker from a peer.
Use undo peer graceful-restart timer wait-for-rib to restore the default.
Syntax
peer { group-name | ipv4-address | ipv6-address } graceful-restart timer wait-for-rib time-value
undo peer { group-name | ipv4-address | ipv6-address } graceful-restart timer wait-for-rib
Default
The maximum time to wait for the End-of-RIB marker from a peer is 600 seconds.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created. This command does not take effect on the dynamic peers and the peers established through link-local addresses in the specified peer group.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
time-value: Specifies the maximum time to wait for the End-of-RIB marker from the specified peer, in the range of 3 to 16777215 seconds.
Usage guidelines
Application scenarios
Configure this command on both the GR restarter and the GR helper.
Operating mechanism
If you use the peer capability-advertise graceful-restart command to enable the capability of GR negotiation with a peer, use this command to set the maximum time to wait for the End-of-RIB marker from that peer. When the local device and the peer start a GR process and re-establish their BGP session, the specified End-Of-RIB wait timer functions as follows:
· If the local device acts as the GR restarter in the GR process, it waits for the End-of-RIB marker from the peer before the wait timer expires:
¡ If no End-of-RIB marker is received from the peer, the local device performs the following operations after the wait timer expires:
i. Updates RIB entries based on the learned BGP routes and removes expired RIB entries.
ii. Exits from the GR process.
¡ If an End-of-RIB marker is received from the peer, the local device determines that the peer has finished route sending, and immediately performs the following operations:
i. Updates RIB entries based on the received BGP routes and removes expired RIB entries.
ii. Exits from the GR process.
· If the local device acts as the GR helper, it waits for the End-of-RIB marker from the peer before the wait timer expires:
¡ If no End-of-RIB marker is received from the peer, the local device performs the following operations after the wait timer expires:
i. Removes stale BGP routes, reselects optimal routes, and updates RIB entries.
ii. Exits from the GR process.
¡ If an End-of-RIB marker is received from the peer, the local device determines that the peer has finished route sending, and immediately performs the following operations:
i. Removes stale BGP routes, reselects optimal routes, and updates RIB entries.
ii. Exits from the GR process.
Restrictions and guidelines
If you use this command to set the End-Of-RIB wait timer for a peer, the local device will not advertise the configured wait timer to that peer. The wait timer only controls the time to wait for the End-of-RIB marker from the peer. It takes effect only after the local device re-establishes the session to the peer.
If you execute this command multiple times for a peer or peer group, the most recent configuration takes effect.
Examples
# Set the maximum time to wait for the End-of-RIB marker from peer 1.1.1.1 on the local device to 3000 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 100
[Sysname-bgp-default] peer 1.1.1.1 graceful-restart timer wait-for-rib 3000
Related commands
peer capability-advertise graceful-restart
peer ignore
Use peer ignore to disable BGP session establishment with a peer or peer group.
Use undo peer ignore to enable BGP session establishment with a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ignore [ graceful graceful-time { community { community-number | aa:nn } | local-preference preference | med med } * ]
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ignore
BGP can establish a session to a peer or peer group.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, BGP tears down sessions to all dynamic peers in the subnet.
graceful graceful-time: Gracefully shuts down the session to a peer or peer group in the specified graceful shutdown period of time. The value range for the graceful-time argument is 60 to 65535 seconds. If you set the value for this option to 0, the device does not shut down the sessions to peers and peer groups. If you do not specify this option, the command immediately shuts down the session to the peer or peer group.
community { community-number | aa:nn }: Specifies the community attribute for advertised routes. The community-number argument represents the community sequence number in the range of 1 to 4294967295. The aa:nn argument represents the community number. Both aa and nn are in the range of 0 to 65535. If you do not specify this option, the command does not change the community attribute for advertised routes.
local-preference preference: Specifies the local preference for advertised routes, in the range of 0 to 4294967295. A larger value represents a higher preference. If you do not specify this option, the command does not change the local preference for advertised routes.
med med: Specifies the MED value for advertised routes, in the range of 0 to 4294967295. The smaller the MED value, the higher the route priority. If you do not specify this option, the command does not change the MED value for advertised routes.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet in this command, BGP tears down sessions to all dynamic peers in the subnet.
|
|
CAUTION: · If a session has been established to a peer, executing this command for the peer tears down the session and clears all related routing information. · If sessions have been established to a peer group, executing this command for the peer group tears down the sessions to all peers in the group and clears all related routing information. |
This command enables you to temporarily tear down the BGP session to a peer or peer group. You can perform network upgrade and maintenance without needing to delete and reconfigure the peer or peer group. To recover the session, execute the undo peer ignore command.
If you specify the graceful keyword in the peer ignore command, BGP performs the following tasks:
1. Starts the wait timer specified with the graceful keyword.
2. Advertises all routes to the specified peer or peer group and changes the attribute for the advertised routes to the specified value.
Advertises the routes from the specified peer or peer group to other peers and peer groups and changes the attribute for the advertised routes to the specified value.
3. Shuts down the session to the specified peer or peer group after the wait timer expires.
This configuration lowers the priority of the routes advertised by BGP and BGP peers can select other peers' routes as optimal routes, which avoids traffic interruption upon wait timer expiration or peer disconnection. To enable BGP to advertise low-priority routes without tearing down BGP sessions, you can set the value for the graceful graceful-time option to 0.
For a BGP peer or peer group, the configuration made by the peer ignore command takes precedence over the configuration made by the ignore all-peers command.
# In BGP instance view, disable session establishment with peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 ignore
# In BGP instance view, configure BGP to gracefully shut down the session to peer 1.1.1.1 in 60 seconds, advertise all routes to peer 1.1.1.1, and change the community attribute and local preference for the advertised routes to 1:1 and 200, respectively.
<Sysname> system-view
[Sysname] bgp 1
[Sysname-bgp-default] peer 1.1.1.1 ignore graceful 60 community 1:1 local-preference 200
Related commands
ignore all-peers
peer ipsec-profile
Use peer ipsec-profile to apply an IPsec profile to an IPv6 BGP peer or peer group.
Use undo peer ipsec-profile to remove the IPsec profile from an IPv6 BGP peer or peer group.
peer { group-name | ipv6-address [ prefix-length ] } ipsec-profile profile-name
undo peer { group-name | ipv6-address [ prefix-length ] } ipsec-profile
Default
No IPsec profile is configured for an IPv6 BGP peer or peer group.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command applies an IPsec profile to all dynamic peers in the subnet.
profile-name: Specifies an IPsec profile by its name, a case-sensitive string of 1 to 63 characters.
IPsec can protect IPv6 BGP packets from data eavesdropping, tampering, and attacks caused by forged IPv6 BGP packets.
When two IPv6 BGP neighbor devices, for example Device A and Device B, are configured with IPsec, Device A encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully receives and decapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A or learns IPv6 BGP routes to Device A. If Device B receives but fails to decapsulate the packet, or receives a packet not protected by IPsec, it discards the packet.
To use IPsec to protect IPv6 BGP packets, take the following steps:
1. Configure an IPsec transform set.
2. Configure a manual IPsec profile.
3. Execute this command to apply the IPsec profile to an IPv6 BGP peer or peer group.
For more information about IPsec transform sets and IPsec profiles, see Security Configuration Guide.
This command supports only IPsec profiles in manual mode.
If you configure IPsec on a device, you must configure IPsec on its IPv6 BGP peer. Otherwise, the peer cannot receive IPv6 BGP packets from the device.
# In BGP instance view, apply IPsec profile profile001 to peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer test ipsec-profile profile001
display bgp group
display bgp peer
peer keep-all-routes
Use peer keep-all-routes to save all route updates from a peer or peer group, regardless of whether the routes have passed the configured routing policy.
Use undo peer keep-all-routes to remove the configuration.
In BGP IPv4 multicast address family view:
peer { group-name | ipv4-address [ mask-length ] } keep-all-routes
undo peer { group-name | ipv4-address [ mask-length ] } keep-all-routes
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } keep-all-routes
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } keep-all-routes
In BGP IPv6 multicast address family view:
peer { group-name | ipv6-address [ prefix-length ] } keep-all-routes
undo peer { group-name | ipv6-address [ prefix-length ] } keep-all-routes
Route updates from a peer or peer group are not saved.
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command saves all route updates from all dynamic peers in the subnet, regardless of whether the routes have passed the configured routing policy.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command saves all route updates from all dynamic peers in the subnet, regardless of whether the routes have passed the configured routing policy.
To implement BGP session soft-reset when the local router and a peer or peer group do not support the route refresh feature, use the peer keep-all-routes command. The command saves all route updates received from the peer or peer group. After modifying the route selection policy, filter all saved routes with the new policy to refresh the routing table. This method avoids tearing down BGP sessions.
# In BGP IPv4 unicast address family view, save all route updates from peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] peer 1.1.1.1 keep-all-routes
peer capability-advertise route-refresh
peer keychain
Use peer keychain to enable keychain authentication for a BGP peer or peer group.
Use undo peer keychain to remove keychain authentication for a BGP peer or peer group.
peer { group-name | ip-address [ mask-length ] | ipv6-address [ prefix-length ] } keychain keychain-name
undo peer { group-name | ip-address [ mask-length ] | ipv6-address [ prefix-length ] } keychain
Keychain authentication is disabled.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ip-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ip-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables keychain authentication for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables keychain authentication for all dynamic peers in the subnet.
keychain-name: Specifies a keychain by its name, a case-sensitive string of 1 to 63 characters. The keychain must have been created.
Keychain authentication enhances the security of BGP in the following ways:
· BGP peers can establish TCP connections only when they use the same key for keychain authentication.
· The keys used by the BGP peers at the same time must have the same ID.
· The keys with the same ID must use the same authentication algorithm and key string.
BGP supports the HMAC-MD5 and MD5 authentication algorithms. To specify an authentication algorithm for a key, use the authentication-algorithm command.
The ID of keys used for authentication can only be in the range of 0 to 63. To create a key, use the key command.
The peer keychain and peer password commands are mutually exclusive.
# In BGP instance view, configure peer 10.1.1.1 to use keychain abc for authentication.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 10.1.1.1 as-number 100
[Sysname-bgp-default] peer 10.1.1.1 keychain abc
authentication-algorithm (Security Command Reference)
key (Security Command Reference)
peer label-route-capability
Use peer label-route-capability to enable BGP to exchange labeled routes with a peer or peer group.
Use undo peer label-route-capability to disable BGP from exchanging labeled routes with a peer or peer group.
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP IPv6 unicast address family view:
peer { group-name | ipv4-address [ mask-length ] } label-route-capability
undo peer { group-name | ipv4-address [ mask-length ] } label-route-capability
In BGP-VPN IPv6 unicast address family view:
peer ipv4-address [ mask-length ] label-route-capability
undo peer ipv4-address [ mask-length ] label-route-capability
BGP cannot exchange labeled routes with a peer or peer group.
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, BGP exchanges labeled routes with all dynamic peers in the subnet.
On an inter-AS option C network, use this command in BGP IPv4 unicast or BGP-VPN IPv4 unicast address family view to exchange labeled IPv4 unicast routes for inter-AS public LSP establishment.
On a 6PE network, use this command in BGP IPv6 unicast address family view to exchange labeled IPv6 unicast routes for forwarding IPv6 packets over an IPv4 network.
# In BGP IPv4 unicast address family view, enable BGP to exchange labeled IPv4 routes with peer 2.2.2.2.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4
[Sysname-bgp-default-ipv4] peer 2.2.2.2 label-route-capability
peer low-memory-exempt
Use peer low-memory-exempt to configure BGP to protect EBGP peers or peer groups when the memory usage reaches level 2 threshold.
Use undo peer low-memory-exempt to remove the configuration.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } low-memory-exempt
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } low-memory-exempt
When the memory usage reaches level 2 threshold, BGP tears down an EBGP session to release memory resources periodically.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, BGP protects all dynamic peers in the subnet when the memory usage reaches level 2 threshold.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet in this command, BGP protects all dynamic peers in the subnet when the memory usage reaches level 2 threshold.
When level 2 memory usage threshold is reached, BGP tears down an EBGP session to release memory resources periodically until the memory usage is exempt from level 2 threshold. You can use this command to avoid tearing down the BGP session to an EBGP peer when memory usage reaches level 2 threshold. For more information about thresholds, see Fundamentals Configuration Guide.
# In BGP instance view, configure BGP to protect EBGP peer 1.1.1.1 when the memory usage reaches level 2 threshold.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 200
[Sysname-bgp-default] peer 1.1.1.1 low-memory-exempt
peer mpls-local-ifnet disable
Use peer mpls-local-ifnet disable to disable MPLS local IFNET tunnel establishment to the specified EBGP peer or peer group.
Use undo peer mpls-local-ifnet disable to restore the default.
Syntax
peer { group name | ipv4-address [ mask-length ] } mpls-local-ifnet disable
undo peer { group name | ipv4-address [ mask-length ] } mpls-local-ifnet disable
Default
MPLS local IFNET tunnel establishment is enabled. Two MP-EBGP peers automatically establish an MPLS local IFNET tunnel after they exchange labeled routes and VPNv4 routes.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet in this command, the command takes effect on all dynamic peers in the subnet.
Usage guidelines
An MPLS local IFNET tunnel is automatically established between MP-EBGP peers. Only directly connected MP-EBGP peers are able to forward traffic through this tunnel.
For two indirectly connected MP-EBGP peers, traffic between them is interrupted upon failover to the MPLS local IFNET tunnel. To avoid this issue, you can disable BGP from establishing MPLS local IFNET tunnels to the specified EBGP peer or peer group.
When you configure this command, follow these restrictions and guidelines:
· Disabling MPLS local IFNET tunnel establishment deletes the MPLS local IFNET tunnels already established to the specified EBGP peer or peer group.
· Disabling BGP from establishing MPLS local IFNET tunnels to directly connected EBGP peers and peer groups will cause traffic loss. Make sure you fully understand the impact before performing the operation.
Examples
# In BGP instance view, create an EBGP peer 1.1.1.1, and then disable MPLS local IFNET tunnel establishment to EBGP peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 200
[Sysname-bgp-default] peer 1.1.1.1 mpls-local-ifnet disable
Related commands
display mpls lsp (MPLS Command Reference)
peer nexthop-recursive-policy disable
Use peer nexthop-recursive-policy disable to disable route recursion policy control for routes received from the specified peer or peer group.
Use undo peer nexthop-recursive-policy disable to remove the configuration.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } nexthop-recursive-policy disable
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } nexthop-recursive-policy disable
Default
The route recursion policy applies to routes received from the specified peer or peer group.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
Usage guidelines
If you configure routing policy-based recursive lookup for BGP routes, this route recursion policy applies to BGP routes learned from all peers. This command allows you to disable route recursion policy control for routes learned from certain peers, for example, direct EBGP peers.
Examples
# In BGP instance view, disable route recursion policy control for routes received from peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 200
[Sysname-bgp-default] peer 1.1.1.1 nexthop-recursive-policy disable
Related commands
protocol nexthop recursive-lookup
peer password
Use peer password to enable MD5 authentication for a BGP peer or peer group.
Use undo peer password to remove MD5 authentication for a BGP peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password { cipher | simple } password
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } password
MD5 authentication is disabled.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command enables MD5 authentication for all dynamic peers in the subnet.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
password: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.
You can enable MD5 authentication to enhance security using the following methods:
· Perform MD5 authentication when establishing TCP connections. Only the two parties that have the same password configured can establish TCP connections.
· Perform MD5 calculation on TCP segments to avoid modification to the encapsulated BGP packets.
The peer password and peer keychain commands are mutually exclusive.
# In BGP instance view, perform MD5 authentication on the TCP connection between local router 10.1.100.1 and peer router 10.1.100.2. Set the authentication password to aabbcc in plaintext form.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 10.1.100.2 password simple aabbcc
peer reflect-nearby-group
Use peer reflect-nearby-group to specify a peer or peer group as a client of the nearby cluster.
Use undo peer reflect-nearby-group to remove a peer or peer group from the nearby cluster.
Syntax
peer { group-name | ipv4-address [ mask-length ] } reflect-nearby-group
undo peer { group-name | ipv4-address [ mask-length ] } reflect-nearby-group
Default
The nearby cluster does not have any clients.
Views
BGP VPNv4 address family view
BGP VPNv6 address family view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet as clients of the nearby cluster.
Usage guidelines
The RR does not change the next hop of routes reflected to clients in the nearby cluster.
After you specify the RR as the next hop of routes to be reflected, you can execute this command to add a peer or peer group to the nearby cluster. Then, the RR does not change the next hop of routes reflected to the peer or peer group.
To specify the RR as the next hop of routes to be reflected, perform one of the following tasks:
· Execute the reflect change-path-attribute command on the RR to allow the RR to change the attributes of routes to be reflected. Then, execute the peer next-hop-local command to set the local router as the next hop of routes sent to a peer or peer group.
· Execute the reflect change-path-attribute command on the RR to allow the RR to change the attributes of routes to be reflected. Then, use a routing policy to set the RR as the next hop of routes to be reflected.
Examples
# In BGP VPNv4 address family view, specify peer 1.1.1.1 as a client of the nearby cluster.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family vpnv4
[Sysname-bgp-default-vpnv4] peer 1.1.1.1 reflect-nearby-group
peer route-mode
Use peer route-mode enable BGP to send routes exchanged with the specified monitored peer or peer group to the BMP server
Use undo peer route-mode to restore the default.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-mode { adj-rib-in { pre-policy | post-policy | both } | adj-rib-out { pre-policy | post-policy | both } } *
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } route-mode
Default
BGP determines whether to send routes exchanged with a peer or peer group to the BMP server based on the following configurations:
· Configuration of the route-mode adj-rib-in command in BMP server view.
· Configuration of the route-mode adj-rib-out command in BMP server view.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command specifies all dynamic peers in the subnet.
adj-rib-in: Sends routes received from the specified monitored peer or peer group to the BMP server.
adj-rib-out: Sends routes advertised to the specified monitored peer and peer group to the BMP server.
pre-policy: Sends routes to the BMP server without route filtering.
post-policy: Sends routes to the BMP server after route filtering.
both: Sends both filtered and unfiltered routes to the BMP server.
Usage guidelines
To enable BGP to send routes exchanged with a peer or peer group to the BMP server, make sure BGP has established a TCP connection to the BMP server.
The configuration of the route-mode adj-rib-in or route-mode adj-rib-out command in BMP server view takes effect on all peers and peer groups. The configuration of the peer route-mode command in BGP instance view or BGP-VPN instance view takes effect only on the specified peer or peer group. The configuration of the peer route-mode command takes precedence over the configuration of the route-mode adj-rib-in or route-mode adj-rib-out command.
If you execute this command multiple times for a peer or peer group, the most recent configuration takes effect.
Examples
# Send routes received from peer 1.1.1.1 to the BMP server without route filtering.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 route-mode adj-rib-in pre-policy
peer soo
Use peer soo to configure the Site of Origin (SoO) attribute for a BGP peer or peer group.
Use undo peer soo to remove the configuration.
In BGP-VPN VPNv4 address family view/BGP VPNv6 address family view/BGP IPv4 multicast address family view:
peer { group-name | ipv4-address [ mask-length ] } soo site-of-origin
undo peer { group-name | ipv4-address [ mask-length ] } soo
In BGP IPv4 unicast address family view/BGP-VPN IPv4 unicast address family view/BGP VPNv4 address family view/BGP IPv6 unicast address family view/BGP-VPN IPv6 unicast address family view:
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } soo site-of-origin
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } soo
In BGP-VPN IPv6 unicast address family view/BGP IPv6 multicast address family view:
peer { group-name | ipv6-address [ prefix-length ] } soo site-of-origin
undo peer { group-name | ipv6-address [ prefix-length ] } soo
No SoO attribute is configured for a peer or peer group.
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP VPNv4 address family view
BGP-VPN VPNv4 address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv6 address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command configures the SoO attribute for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command configures the SoO attribute for all dynamic peers in the subnet.
site-of-origin: Specifies the SoO attribute, a string of 3 to 24 characters. The SoO attribute has the following formats:
· 16-bit AS number:32-bit user-defined number. For example, 100:3.
· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.
· 32-bit AS number:16-bit user-defined number, where the minimum value of the AS number is 65536. For example, 65536:1.
· 32-bit IP address/IPv4 address mask length:16-bit user-defined number. For example, 192.168.122.15/24:1.
· 32-bit AS number in dotted format:16-bit user-defined number. For example, 65535.65535:1.
The SoO attribute specifies the site where the route was originated. It prevents advertising a route back to the originating site. If the AS-path attribute is lost, the router can use the SoO attribute to avoid routing loops.
After you configure the SoO attribute for a BGP peer or peer group, BGP adds the SoO attribute into the route updates received from the BGP peer or peer group. Before advertising route updates to the peer or peer group, BGP checks the SoO attribute of the route update against the configured SoO attribute. If they are the same, BGP does not advertise the route updates to the BGP peer or peer group to avoid loops.
If a PE configured with AS number substitution connects to multiple CEs in the same VPN site through different interfaces, routing loops will occur. To avoid routing loops, configure the same SoO attribute for the CEs on the PE.
# In BGP IPv4 unicast address family view, set the SoO attribute to 100:1 for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4
[Sysname-bgp-default-ipv4] peer 1.1.1.1 soo 100:1
peer substitute-as
peer tcp-mss
Use peer tcp-mss to set the TCP maximum segment size (MSS) for a peer or peer group.
Use undo peer tcp-mss to restore the default.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } tcp-mss mss-value
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } tcp-mss
Default
The TCP MSS is not set.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. If you use the ipv4-address and mask-length arguments together to specify a subnet, this command applies to all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. If you use the ipv6-address and prefix-length arguments together to specify a subnet, this command applies to all dynamic peers in the subnet.
mss-value: Specifies the TCP MSS in bytes. The value range for this argument is 176 to 4096.
Usage guidelines
|
|
CAUTION: This command might cause BGP session re-establishment. Make sure you understand the potential impact before executing this command. |
BGP typically establishes a multihop TCP connection with a peer. Multiple intermediate devices might fragment BGP packets due to their MTU settings, resulting in frequent packet encapsulations and decapsulations that reduce forwarding efficiency.
To resolve this issue, you can execute this command to set the TCP MSS for a peer or peer group. TCP segments sent by the source will not be re-fragmented along the path to the destination.
During TCP connection establishment with the peer or peer group specified in the peer tcp-mss command, the minimum of the following MSSs takes effect:
· The MSS calculated according to the IPv4 MTU set by the ip mtu command on the peer-facing interface.
· The MSS set by the tcp mss command for the peer-facing interface.
· The MSS calculated according to the path MTU detected by TCP path MTU discovery (enabled with the tcp path-mtu-discovery command).
· The MSS set by the peer tcp-mss command.
The MSS is calculated by using the following formula:
MSS = path MTU (or interface MTU) – IP header length – TCP header length
For more information about MTU and MSS, see IP performance optimization configuration in Layer 3—IP Services Configuration Guide.
Examples
# Set the TCP MSS to 500 for peer group test.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer test tcp-mss 500
Warning:This operation might reset the peer session. Continue? [Y/N]:
Related commands
tcp path-mtu-discovery (Layer 3—IP Services Command Reference)
peer tracking
Use peer tracking to enable peer unreachability detection.
Use undo peer tracking to disable peer unreachability detection.
Syntax
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } tracking [ delay delay-time ]
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } tracking
Default
Peer unreachability detection is disabled.
Views
BGP instance view
BGP-VPN instance view
Predefined user roles
network-admin
Parameters
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command takes effect on all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command takes effect on all dynamic peers in the subnet.
delay delay-time: Sets the delay time of peer disconnection, in seconds. The value range for the delay-time argument is 0 to 65535. If you specify this option, BGP disconnects from the specified peer or peer group immediately if that peer or peer group is detected unreachable.
Usage guidelines
Peer unreachability detection enables BGP to discover link failures quickly. With this feature enabled, BGP will disconnect from the specified peer or peer group if that peer or peer group is detected unreachable.
BGP considers a peer unreachable if one of the following conditions exists:
· BGP cannot find a route to that peer in the routing table of the public network instance or VPN instance to which the peer belongs.
· BGP finds the route to that peer is a blackhole route in the routing table of the public network instance or VPN instance to which the peer belongs.
When you set the delay time of peer disconnection, follow these guidelines to improve network stability:
· To avoid IBGP session flappings caused by unstable traffic, make sure the delay time of peer disconnection specified for an IBGP peer or peer group is longer than the convergence time of IGP routes.
· With peer unreachability detection enabled, the GR helper can detect whether the GR restarter is reachable. To ensure successful GR, make sure the delay time of peer disconnection is longer than the GR timer plus the extra timer to wait.
For more information about the GR timer and the extra timer to wait, see commands "graceful-restart timer restart" and "peer graceful-restart timer restart extra".
This command does not take effect if you specify a link-local address for the ipv6-address argument.
Examples
# Enable peer unreachability detection for peer 1.1.1.1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer 1.1.1.1 as-number 200
[Sysname-bgp-default] peer 1.1.1.1 tracking
peer ttl-security
Use peer ttl-security to configure Generalized TTL Security Mechanism (GTSM) for a BGP peer or peer group.
Use undo peer ttl-security to disable BGP GTSM for a peer or peer group.
peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ttl-security hops hop-count
undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } ttl-security hops
GTSM is disabled for BGP.
BGP-VPN instance view
network-admin
group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must have been created.
ipv4-address: Specifies a peer by its IPv4 address. The peer must have been created.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command configures GTSM for all dynamic peers in the subnet.
ipv6-address: Specifies a peer by its IPv6 address. The peer must have been created.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command configures GTSM for all dynamic peers in the subnet.
hops hop-count: Specifies the maximum number of hops to the specified peer, in the range of 1 to 254.
GTSM protects a BGP session by comparing the TTL value of an incoming IP packet against the valid TTL range. If the TTL value is within the valid TTL range, the packet is accepted. If not, the packet is discarded.
The valid TTL range is from 255 – the configured hop count + 1 to 255.
When GTSM is configured, the BGP packets sent by the device have a TTL of 255.
When GTSM is configured, the local device can establish an EBGP session to the peer after they pass GTSM check, regardless of whether the maximum number of hops is reached.
To use GTSM, you must configure GTSM on both the local and peer devices. You can specify different hop-count values for them.
# In BGP instance view, enable GTSM for BGP peer group test and set the maximum number of hops to the specified peer in the peer group to 1.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] peer test ttl-security hops 1
peer ebgp-max-hop
pic
Use pic to enable BGP FRR for a BGP address family.
Use undo pic to disable BGP FRR for a BGP address family.
pic
undo pic
BGP FRR is disabled.
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP VPNv4 address family view
BGP VPNv6 address family view
BGP EVPN address family view
network-admin
FRR is used in a dual-homing network to protect a primary route with a backup route. It uses ARP (for IPv4), ND (for IPv6), or echo-mode BFD (for IPv4) to detect the connectivity of the primary route. When the primary route fails, BGP directs packets to the backup route.
After you enable FRR, BGP calculates a backup route for each BGP route in the address family if there are two or more unequal-cost routes to reach the destination.
You can also configure BGP FRR by using the fast-reroute route-policy command, which takes precedence over the pic command. For more information about routing policies, see Layer 3—IP Routing Configuration Guide.
Use the pic command with caution because it might cause routing loops in specific scenarios.
# Enable BGP FRR in BGP IPv4 unicast address family view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] pic
port
Use port to specify the port number of the RPKI server.
Use undo port to restore the default.
Syntax
port port-number
undo port
Default
The port number of the RPKI server is not specified.
Views
BGP RPKI server view
Predefined user roles
network-admin
Parameters
port-number: Specifies the port number of the RPKI server, in the range of 1 to 65535.
Usage guidelines
After you specify the IP address and port number of the RPKI server, the device automatically establishes a TCP connection to the server.
Make sure the specified port number is the same as the port number used by the RPKI server.
Changing the port number will cause temporary connection interruption.
Examples
# In BGP RPKI server view, specify 1234 as the port number of the RPKI server.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] server tcp 1.1.1.1
[Sysname-bgp-default-rpki-server] port 1234
Related commands
server tcp
primary-path-detect bfd
Use primary-path-detect bfd to configure BGP FRR to use BFD to detect next hop connectivity for the primary route.
Use undo primary-path-detect bfd to restore the default.
primary-path-detect bfd { ctrl | echo }
undo primary-path-detect bfd
BGP FRR uses ARP to detect the connectivity to the next hop of the primary route.
network-admin
ctrl: Uses control-mode BFD to detect the connectivity to the next hop of the primary route.
echo: Uses echo-mode BFD to detect the connectivity to the next hop of the primary route.
Usage guidelines
This command enables BGP to create an IP FRR BFD session that detects next hop connectivity for the primary route. This can speed up primary and backup route switchover when the next hop of the primary route fails.
This command takes effect and creates an IP FRR BFD session only when the primary route has a backup next hop.
BGP does not support backup next hop calculation for the routes used for load balancing. This command cannot take effect when the primary route is an equal-cost route. To enable BFD-based next hop detection for equal-cost routes, use the primary-path-detect bfd protocol-ecmp bgp command or the primary-path-detect bfd protocol-ecmp bgp4+ command. For more information about the two commands, see IP routing basics commands in Layer 3—IP Routing Command Reference.
· Execute the primary-path-detect bfd command on the peer device in the primary link.
This task is applicable when both ends of the primary link are configured with FRR.
· Manually configure a static BFD session that uses the following settings on the peer device in the primary link:
¡ Source IP address: Destination IP address of the BFD session automatically created on the local device in the primary link.
¡ Destination IP address: Source IP address of the BFD session automatically created on the local device in the primary link.
¡ Remote ID: Local ID of the BFD session automatically created on the local device in the primary link.
When another routing protocol (such as RIB, OSPF, or IS-IS) uses BFD to detect next hop connectivity for the primary route, it also creates a BFD session. If the detected link is the same as the link attached to the next hop of the BGP primary route, BGP reuses the BFD session created by the protocol. In this situation, BGP will not create an additional BFD session.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# In BGP instance view, configure BGP FRR to use echo-mode BFD to detect next hop connectivity for the primary route.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] primary-path-detect bfd echo
fast-reroute route-policy
pic
primary-path-detect bfd (Layer 3—IP Routing Command Reference)
purge-time
Use purge-time to set the aging time for the ROA information.
Use undo purge-time to restore the default.
Syntax
purge-time purge-time
undo purge-time
Default
The aging time for the ROA information is 60 seconds.
Views
BGP RPKI server view
Predefined user roles
network-admin
Parameters
purge-time: Specifies the aging time for the ROA information, in the range of 30 to 360 seconds.
Usage guidelines
When the connection between a router and an RPKI server goes down (except when the shutdown command is executed), the router takes the following actions:
· Attempts to reconnect to the server.
· Places the ROA information obtained from the server in aging state, and starts the aging timer for the ROA information.
If the router reconnects to the server before the aging timer expires, it releases the ROA information from the aging state. If the router fails to reconnect to the server when the aging timer expires, it deletes the ROA information obtained from the server.
Examples
# Set the aging time for the ROA information to 150 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] server tcp 1.1.1.1
[Sysname-bgp-default-rpki-server] purge-time 150
refresh bgp
Use refresh bgp to manually soft-reset BGP sessions.
Syntax
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } ipv4 [ multicast | mvpn | rtfilter | sr-policy | [ unicast ] [ vpn-instance vpn-instance-name ] ]
refresh bgp [ instance instance-name ] ipv6-address [ mask-length ] { export | import } ipv4 [ flowspec | unicast ] [ vpn-instance vpn-instance-name ]
refresh bgp [ instance instance-name ] { ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } ipv6 [ multicast | sr-policy | [ flowspec | unicast ] [ vpn-instance vpn-instance-name ] ]
refresh bgp [ instance instance-name ] ipv4-address [ mask-length ] { export | import } ipv6 [ flowspec | unicast ] [ vpn-instance vpn-instance-name ]
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } link-state
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } vpnv4 [ vpn-instance vpn-instance-name ]
refresh bgp [ instance instance-name ] ipv6-address [ prefix-length ] { export | import } vpnv4 [ flowspec ]
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] | all | external | group group-name | internal } { export | import } vpnv6 [ flowspec ]
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } l2vpn [ evpn ]
refresh bgp [ instance instance-name ] { ipv4-address [ mask-length ] | all | external | group group-name | internal } { export | import } ipv4 tnl-encap-ext
Views
User view
Predefined user roles
network-admin
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command soft-resets BGP sessions for the default BGP instance.
ipv4-address: Soft-resets the BGP session to a peer specified by its IP address.
mask-length: Specifies a mask length in the range of 0 to 32. You can use the ipv4-address and mask-length arguments together to specify a subnet. If you specify a subnet, this command soft-resets BGP sessions to all dynamic peers in the subnet.
ipv6-address: Soft-resets the BGP session to a peer specified by its IPv6 address.
prefix-length: Specifies a prefix length in the range of 0 to 128. You can use the ipv6-address and prefix-length arguments together to specify a subnet. If you specify a subnet, this command soft-resets BGP sessions to all dynamic peers in the subnet.
all: Soft-resets all BGP sessions.
external: Soft-resets all EBGP sessions.
group group-name: Soft-resets the BGP sessions to the peers of the specified peer group. The group-name argument refers to the name of a peer group, a case-sensitive string of 1 to 47 characters.
internal: Soft-resets all IBGP sessions.
export: Performs outbound soft-reset (filters routes advertised to the specified peer or peer group by using the new configuration).
import: Performs inbound soft-reset (filters routes received from the specified peer or peer group by using the new configuration).
ipv4: Soft-resets BGP sessions for IPv4 address family.
ipv6: Soft-resets BGP sessions for IPv6 address family.
link-state: Soft-resets BGP sessions for LS address family.
multicast: Soft-resets BGP sessions for multicast address family.
mvpn: Soft-resets BGP sessions for IPv4 MVPN address family.
rtfilter: Soft-resets BGP sessions for IPv4 RT filter address family.
sr-policy: Soft-resets BGP sessions for SR policy address family.
unicast: Soft-resets BGP sessions for unicast address family.
vpnv4: Soft-resets BGP sessions for VPNv4 address family.
vpnv6: Soft-resets BGP sessions for VPNv6 address family.
l2vpn: Soft-resets BGP sessions for L2VPN address family.
evpn: Soft-resets BGP sessions for EVPN address family.
flowspec: Soft-resets BGP sessions for flowspec address family.
tnl-encap-ext: Soft-resets BGP sessions for tunnel-encap-ext address family.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command soft-resets BGP sessions for the specified address family on the public network.
Usage guidelines
A soft-reset operation enables the router to apply a new route selection policy without tearing down BGP connections.
To apply a new policy to outbound BGP sessions, execute this command with the export keyword. The router uses the new policy to filter routing information and sends the routing information that passes the filtering to the BGP peers.
To apply a new policy to inbound sessions, execute this command with the import keyword. The router advertises a route-refresh message to the peer and the peer resends its routing information to the router. After receiving the routing information, the router uses the new policy to filter the routing information.
This command requires that both the local router and the peer support route refresh.
If the peer keep-all-routes command is configured, the refresh bgp import command does not take effect.
By default, the unicast keyword is used if none of the flowspec, multicast, unicast, sr-policy, and tnl-encap-ext keywords is specified.
Examples
# Soft-reset all inbound BGP sessions for the IPv4 unicast address family.
<Sysname> refresh bgp all import ipv4
Related commands
peer capability-advertise route-refresh
peer keep-all-routes
refresh-time
Use refresh-time to set the RPKI connection check interval.
Use undo refresh-time to restore the default.
Syntax
refresh-time refresh-time
undo refresh-time
Default
The RPKI connection check interval is 600 seconds.
Views
BGP RPKI server view
Predefined user roles
network-admin
Parameters
refresh-time: Specifies the RPKI connection check interval in the range of 15 to 3600 seconds.
Usage guidelines
After a router establishes a TCP connection with an RPKI server, the router checks the connection at the specified interval. If the router does not receive a response from the RPKI server within the specified time period, it tears down the connection to the RPKI server.
Examples
# Set the RPKI connection check interval to 15 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] server tcp 1.1.1.1
[Sysname-bgp-default-rpki-server] refresh-time 15
Related commands
response-time
reset bgp bmp server statistics
Use reset bgp bmp server statistics to clear BMP server statistics.
Syntax
reset bgp [ instance instance-name ] bmp server server-number statistics
Views
User view
Predefined user roles
network-admin
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command clears the BMP server statistics of the default BGP instance.
server-number: Specifies a BMP server by its number in the range of 1 to 8.
Examples
# Clear the statistics of BMP server 1.
<Sysname> reset bgp bmp server 1 statistics
Related commands
display bgp bmp server
reset bgp rpki server
Use reset bgp rpki server to reset BGP RPKI sessions.
Syntax
reset bgp [ instance instance-name ] rpki server [ vpn-instance vpn-instance-name ] tcp { ipv4 address | ipv6 address }
Views
User view
Predefined user roles
network-admin
Parameters
instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command resets BGP RPKI sessions for the default BGP instance.
vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must be an MPLS L3VPN instance. If you do not specify this option, the command resets BGP RPKI sessions for the public network.
ipv4-address: Specifies an RPKI server by its IPv4 address.
ipv6-address: Specifies an RPKI server by its IPv6 address.
Usage guidelines
After you execute this command, the device will delete and re-establish the specified BGP RPKI session and cause temporary session interruption.
Examples
# Reset the BGP RPKI session to RPKI server 2.2.2.1.
<Sysname> reset bgp rpki server tcp 2.2.2.1
reset ttl-security statistics
Use reset ttl-security statistics to clear GTSM discarded packet statistics.
Syntax
reset ttl-security statistics [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears GTSM discarded packet statistics for all cards.
Examples
# Clear all GTSM discarded packet statistics.
<Sysname> reset ttl-security statistics
Related commands
display ttl-security statistics
ospf ttl-security
peer ttl-security
ttl-security
response-time
Use response-time to set the time to wait for the response from the RPKI server.
Use undo response-time to restore the default.
Syntax
response-time response-time
undo response-time
Default
The time to wait for the response from the RPKI server is 30 seconds.
Views
BGP RPKI server view
Predefined user roles
network-admin
Parameters
response-time: Specifies the time to wait for the response from the RPKI server, in the range of 15 to 3600 seconds.
Usage guidelines
A router checks the connection to an RPKI server at the check interval. If the router does not receive a response from the RPKI server within the specified time period, it tears down the connection to the RPKI server.
Examples
# Set the time to wait for the response from RPKI server 1.1.1.1 to 15 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] server tcp 1.1.1.1
[Sysname-bgp-default-rpki-server] response-time 15
Related commands
refresh-time
retain local-label
Use retain local-label to set an update delay for local MPLS labels.
Use undo retain local-label to restore the default.
retain local-label retain-time
undo retain local-label
The update delay is 60 seconds.
network-admin
retain-time: Specifies the update delay in the range of 1 to 21845 seconds.
BGP includes local MPLS labels in advertised VPNv4 routes, VPNv6 routes, labeled IPv4 unicast routes, and labeled IPv6 unicast routes.
When a local label is changed, BGP removes the old label and advertises the new label. Traffic interruption occurs if BGP peers use the old label to forward packets before they learn the new label. To resolve this issue, configure an update delay for local MPLS labels. BGP does not remove the old label before the update delay timer expires.
# Set the update delay for local MPLS labels to 100 seconds.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] retain local-label 100
route-mode adj-rib-in
Use route-mode adj-rib-in to enable BGP to send routes received from all the monitored peers and peer groups to the BMP server.
Use undo route-mode adj-rib-in to restore the default.
Syntax
route-mode adj-rib-in [ pre-policy | post-policy | both ]
undo route-mode adj-rib-in
Default
BGP sends routes received from all the monitored peers and peer groups to the BMP server without route filtering.
Views
BMP server view
Predefined user roles
network-admin
Parameters
pre-policy: Sends routes to the BMP server without route filtering.
post-policy: Sends routes to the BMP server after route filtering.
both: Sends both filtered and unfiltered routes to the BMP server.
Usage guidelines
To enable BGP to send routes received from all monitored peers and peer groups to the BMP server, make sure BGP has established a TCP connection to the BMP server.
If you do not specify any parameters, the command sends routes received from all the monitored peers and peer groups to the BMP server without route filtering.
The configuration of the route-mode adj-rib-in command takes effect on all peers and peer groups. The configuration of the peer route-mode command in BGP instance view or BGP-VPN instance view takes effect only on the specified peer or peer group. The configuration of the peer route-mode command takes precedence over the configuration of the route-mode adj-rib-in command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Enable BGP to send routes received from all the monitored peers and peer groups to the BMP server after route filtering.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] route-mode adj-rib-in post-policy
route-mode adj-rib-out
Use route-mode adj-rib-out to enable BGP to send routes advertised to all the monitored peers and peer groups to the BMP server.
Use undo route-mode adj-rib-out to restore the default.
Syntax
route-mode adj-rib-out [ pre-policy | post-policy | both ]
undo route-mode adj-rib-out
Default
BGP does not send routes advertised to a monitored peer or peer group to the BMP server.
Views
BMP server view
Predefined user roles
network-admin
Parameters
pre-policy: Sends routes to the BMP server without route filtering.
post-policy: Sends routes to the BMP server after route filtering.
both: Sends both filtered and unfiltered routes to the BMP server.
Usage guidelines
To enable BGP to send routes advertised to all monitored peers and peer groups to the BMP server, make sure BGP has established a TCP connection to the BMP server.
If you do not specify any parameters, the command sends routes advertised to all the monitored peers and peer groups to the BMP server after route filtering.
The configuration of the route-mode adj-rib-out command takes effect on all peers and peer groups. The configuration of the peer route-mode command in BGP instance view or BGP-VPN instance view takes effect only on the specified peer or peer group. The configuration of the peer route-mode command takes precedence over the configuration of the route-mode adj-rib-out command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Enable BGP to send routes advertised to all the monitored peers and peer groups to the BMP server without route filtering.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] route-mode adj-rib-out pre-policy
route-mode loc-rib
Use route-mode loc-rib to configure BGP to send the optimal routes in the routing table to the BMP server.
Use undo route-mode loc-rib to restore the default.
Syntax
route-mode loc-rib
undo route-mode loc-rib
Default
BGP does not send the optimal routes in the routing table to the BMP server.
Views
BMP server view
Predefined user roles
network-admin
Usage guidelines
Before executing this command, make sure BGP has established a TCP connection to the BMP server.
After you execute this command, BGP sends all routes to the BMP server. If routes update later, BGP sends only the optimal routes to the server.
This command takes effect only on BGP IPv4 unicast and BGP-VPN IPv4 unicast routes.
Examples
# Configure BGP to send the optimal routes in the routing table to the BMP server.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] route-mode loc-rib
route-select delay
Use route-select delay to configure optimal route selection delay.
Use undo route-select delay to restore the default.
Syntax
route-select delay delay-value
undo route-select delay
Default
The optimal route selection delay timer is 0 seconds, which means optimal route selection is not delayed.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
BGP VPNv4 address family view
BGP VPNv6 address family view
BGP L2VPN address family view
BGP EVPN address family view
BGP IPv4 MDT address family view
BGP IPv4 MVPN address family view
BGP LS address family view
BGP IPv4 RT-Filter address family view
BGP IPv4 SR policy address family view
BGP IPv6 SR policy address family view
Predefined user roles
network-admin
Parameters
delay-value: Specifies the optimal route selection delay timer in the range of 0 to 600 seconds. A value of 0 means optimal route selection is not delayed.
Usage guidelines
To avoid packet loss caused by path switchover, configure this command to delay optimal route selection upon a route change.
Follow these restrictions and guidelines when you configure the command:
· The optimal route selection delay setting applies only when multiple effective routes with the same prefix exist after a route change occurs.
· For routes being delayed for optimal route selection, modifying the optimal route selection delay timer has the following effects:
¡ If you modify the delay timer to a non-zero value, the routes are not affected, and they still use the original delay timer.
¡ If you execute the undo form of the command or modify the delay timer to 0, the device performs optimal route selection immediately.
· If you execute the command multiple times for an address family, the most recent configuration takes effect.
· The optimal route selection delay configuration does not apply to the following conditions:
¡ A route change is caused by execution of a command or by route withdrawal.
¡ After a route change occurs, only one route exists for a specific destination network.
¡ An active/standby process switchover occurs.
¡ A route change occurs among equal-cost routes.
¡ Only the optimal and suboptimal routes exist when FRR is configured.
¡ Optimal route selection is triggered by a redistributed route.
¡ The next hop of the optimal route changes and a route with the same prefix is waiting for the delay timer to expire.
Examples
# In BGP IPv4 unicast address family view, set the optimal route selection delay timer to 100 seconds.
<Sysname> system-view
[Sysname] bgp 65009
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] route-select delay 100
route-select suppress on-peer-up
Use route-select suppress on-peer-up to enable optimal route selection delay based on DOWN-to-UP peer state changes and set a delay timer.
Use undo route-select suppress on-peer-up to restore the default.
Syntax
route-select suppress on-peer-up milliseconds
undo route-select suppress on-peer-up
Default
When the state of a peer changes from DOWN to UP, the device does not delay optimal route selection for BGP routes received from that peer.
Views
BGP IPv4 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv6 unicast address family view
BGP IPv4 multicast address family view
BGP IPv6 multicast address family view
BGP VPNv4 address family view
BGP VPNv6 address family view
BGP L2VPN address family view
BGP EVPN address family view
BGP IPv4 MDT address family view
BGP IPv4 MVPN address family view
BGP LS address family view
BGP IPv4 RT filter address family view
BGP IPv4 SR policy address family view
BGP IPv6 SR policy address family view
Predefined user roles
network-admin
Parameters
milliseconds: Specifies the delay timer of optimal route selection in the range of 100 to 600000 milliseconds. The step is 100.
Usage guidelines
Application scenarios
When the device receives BGP routes from a peer after the state of that peer changes from DOWN to UP, the device immediately performs optimal route selection for those received routes. In this situation, packet forwarding might fail if the following conditions exist:
· The device forwards packets to the peer based on the selected optimal routes.
· The peer has not completed FIB convergence due to device restart or other reasons.
To avoid packet loss caused by this issue, use this command to delay optimal route selection for routes received from the peer.
Operating mechanism
With this command executed, the local device starts the specified delay timer when the state of a peer changes from DOWN to UP. The local device performs optimal route selection for routes received from that peer only after the delay timer expires. This mechanism avoids traffic loss caused by forwarding failures, because it ensures that the local device uses routes received from the peer for traffic forwarding only after the peer finishes FIB convergence.
Restrictions and guidelines
Follow these restrictions and guidelines when you configure the command:
· If you execute the command multiple times for an address family, the most recent configuration takes effect.
· If you edit the delay timer of optimal route selection, this operation will not take effect on the routes being delayed. The new delay timer takes effect only when a new DOWN-to-UP peer state change occurs.
· If you configure this command and the route-select delay command synchronously, only the longer delay timer takes effect.
· To have the device immediately perform optimal route selection for routes being delayed, execute either of the following commands:
¡ undo route-select suppress on-peer-up
This command takes effect only on routes that are delayed by the route-select suppress on-peer-up command.
¡ undo route-select delay
This command takes effect only on routes that are delayed by the route-select suppress on-peer-up command or the route-select delay command.
Examples
# In BGP IPv4 unicast address family view, enable optimal route selection delay based on DOWN-to-UP peer state changes and set the delay timer to 200 milliseconds.
<Sysname> system-view
[Sysname] bgp 65009
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] route-select suppress on-peer-up 200
Related commands
route-select delay
routing-table bgp-rib-only
Use routing-table bgp-rib-only to disable BGP from flushing specific routes to the IP routing table.
Use undo routing-table bgp-rib-only to restore the default.
Syntax
routing-table bgp-rib-only [ all ] [ route-policy route-policy-name ]
undo routing-table bgp-rib-only
Default
BGP flushes the optimal routes to the IP routing table.
Views
BGP IPv4 unicast address family view
BGP IPv6 unicast address family view
BGP-VPN IPv4 unicast address family view
BGP-VPN IPv6 unicast address family view
Predefined user roles
network-admin
Parameters
all: Disables BGP from flushing all routes to the IP routing table, including redistributed routes and routes received from peers and peer groups. If you do not specify this keyword, only the routes received from the specified peer or peer group cannot be flushed to the routing table and BGP still flushes redistributed routes to the routing table.
route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a routing policy or the specified routing policy does not exist, BGP does not flush any routes to the routing table. The apply clauses in the specified routing policy do not take effect.
Usage guidelines
This command applies to the following scenarios:
· In an MPLS L3VPN network, all the optimal private BGP routes will be flushed to the routing table of a PE by default. You can execute this command to prevent unnecessary routes from being flushed to the IP routing table and improve the forwarding performance of the PE.
· In a route reflection network, execute this command to disable BGP from flushing specific BGP routes to the IP routing table of the RR. Then, the RR only advertises and receives routes but does not forward service traffic, which saves the system resources of the RR.
This command is mutually exclusive with the advertise-rib-active command.
Examples
# In BGP IPv4 unicast address family view, disable BGP from flushing BGP IPv4 unicast routes matching routing policy policy1 to the routing table.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] routing-table bgp-rib-only route-policy policy1
rpki
Use rpki to enter BGP RPKI view.
Use undo rpki to remove all configurations in BGP RPKI view.
Syntax
rpki
undo rpki
Views
BGP instance view
Predefined user roles
network-admin
Examples
# Enter BGP RPKI view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki]
rpki-limit
Use rpki-limit to specify the maximum number of ROAs that can be received from an RPKI server.
Use undo rpki-limit to restore the default.
Syntax
rpki-limit limit [ alert-only | discard | reconnect reconnect-time ]
undo rpki-limit
Default
The number of ROAs that can be received from an RPKI server is not limited.
Views
RPKI server view
Predefined user roles
network-admin
Parameters
limit: Specifies the maximum number of ROAs that can be received from the specified RPKI server, in the range of 1 to 4294967295. The device tears down the TCP connection to the RPKI server if the following conditions exist:
· The alert-only, discard, and reconnect keywords are not specified.
· The number of ROAs received from the RPKI server reaches the value for the limit argument.
In this situation, the device will not attempt to re-establish the connection to the RPKI server. You can execute the reset bgp rpki server command to re-establish the connection.
alert-only: When the number of ROAs received from the RPKI server reaches the value for the limit argument, the device generates a log message only. It does not tear down the TCP connection to the RPKI server and can continue to receive ROAs from the RPKI server.
discard: When the number of ROAs received from the RPKI server reaches the value for the limit argument, the device retains the TCP connection to the RPKI server, discards excess ROAs, and generates a log message. When the number of ROAs received from the RPKI server falls below the value for the limit argument, the device can continue to receive ROAs from the RPKI server. If you execute this command with other keywords or the number of ROAs received from the RPKI server falls below the value for the limit argument, the device sends a reset query to the RPKI server. Then, the RPKI server sends the ROAs to the device again to restore the discarded ROAs.
reconnect reconnect-time: Specifies a reconnection timer. When the number of ROAs received from the RPKI server reaches the value for the limit argument, the device tears down the TCP connection to the RPKI server and starts the reconnection timer. After the reconnection timer expires, the device re-establishes the TCP connection to the RPKI server. The reconnect-time argument specifies the reconnection timer in the range of 1 to 86400 seconds.
Usage guidelines
This command saves system resources of the device, because it prevents the device from receiving too many ROAs from an RPKI server.
This command takes effect only on the TCP connection between the device and the RPKI server specified in the current view. You can execute this command in the views of multiple RPKI servers.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# In BGP RPKI server view, set the maximum number of ROAs that can be received from RPKI server 1.1.1.1 to 1000.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] server tcp 1.1.1.1
[Sysname-bgp-default-rpki-server] rpki-limit 1000
server
Use server to configure an IP address and port number for a BMP server.
Use undo server to remove the configuration.
Syntax
server address { ipv4-address | ipv6-address } port port-number
undo server
Default
No IP address and port number are configured for the BMP server.
Views
BMP server view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address for the BMP server.
Ipv6-address: Specifies an IPv6 address for the BMP server.
port-number: Specifies a port number for the BMP server, in the range of 1 to 65535.
Usage guidelines
After you configure an IP address and port number for a BMP server, the BMP client establishes a TCP connection to the BMP server and sends BMP messages to the BMP server.
Examples
# Configure IP address 100.1.1.1 and port number 8888 for BMP server 5.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] server address 100.1.1.1 port 8888
server connect-interface
Use server connect-interface to specify the source interface of TCP connections to the BMP server.
Use undo server connect-interface to restore the default.
Syntax
server connect-interface interface-type interface-number
undo server connect-interface
Default
BGP uses the primary IPv4 address of the output interface in the optimal route to the BMP server as the source address of TCP connections to the BMP server.
Views
BMP server view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
After you configure this command, BGP uses the address of the specified interface to establish TCP connections to the BMP server.
For a BMP server, this command does not take effect if the VPN instance of the specified interface is different from that specified by the server vpn-instance command.
Do not specify a virtual template (VT) interface for this command.
Examples
# Configure Loopback 0 as the source interface of TCP connections to BMP server 5.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] server address 100.1.1.1 port 8888
[Sysname-bmpserver-5] server connect-interface loopback0
Related commands
display bgp bmp server
ip vpn-instance (system view) (MPLS Command Reference)
server password
Use server password to specify the authentication mode and key for BGP to establish TCP connections to the BMP server.
Use undo server password to restore the default.
Syntax
server password { keychain keychain-name | md5 { cipher | simple } string }
undo server password
Default
BGP establishes TCP connections to the BMP server without authentication.
Views
BMP server view
Predefined user roles
network-admin
Parameters
keychain: Specifies keychain authentication.
keychain-name: Specifies a keychain by its name, a case-sensitive string of 1 to 63 characters. The keychain must have been created.
md5: Specifies MD5 authentication.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its encrypted form is a case-sensitive string of 33 to 137 characters. Its plaintext form is a case-sensitive string of 1 to 80 characters.
Usage guidelines
Configure this command to secure the TCP connections and packets exchanged with the BMP server.
You cannot repeat the server password command to edit the authentication mode and key. To edit the authentication mode and key, first execute the undo server password command and then the server password command to configure a new authentication mode and key.
Examples
# In BMP server view, use keychain abc to authenticate the TCP connections to the BMP server.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] server password keychain abc
server source-address
Use server source-address to specify the source address of TCP connections to the BMP server.
Use undo server source-address to restore the default.
Syntax
server source-address { ipv4-address | ipv6-address }
undo server source-address
Default
BGP uses the primary IPv4 or IPv6 address of the output interface in the optimal route to the BMP server as the source address of TCP connections to the BMP server.
Views
BMP server view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the source IPv4 address of TCP connections to the BMP server.
ipv6-address: Specifies the source IPv6 address of TCP connections to the BMP server.
Usage guidelines
For a BMP server, the following rules apply:
· The configuration of the server source-address command does not take effect if the server source-address and server commands specify different types of IP addresses.
· If you execute both the server source-address and server connect-interface commands, the server source-address command takes effect.
Examples
# Configure IP address 100.1.1.1 and port number 8888 for BMP server 5, and then configure 1.1.1.1 as the source address of TCP connections to BMP server 5.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] server address 100.1.1.1 port 8888
[Sysname-bmpserver-5] server source-address 1.1.1.1
Related commands
display bgp bmp server
server connect-interface
server tcp
Use server tcp to specify an RPKI server and enter BGP RPKI server view.
Use undo server tcp to cancel the configuration.
Syntax
server [ vpn-instance vpn-instance-name ] tcp { ipv4-address | ipv6-address }
undo server [ vpn-instance vpn-instance-name ] tcp { ipv4-address | ipv6-address }
Default
No RPKI server is specified.
Views
BGP RPKI view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must be an MPLS L3VPN instance. If you do not specify this option, the command specifies an RPKI server in the public network.
ipv4-address: Specifies an RPKI server by its IPv4 address.
ipv6-address: Specifies an RPKI server by its IPv6 address.
Usage guidelines
You can execute this command multiple times to configure a router to establish TCP connections to multiple RPKI servers.
After you execute the undo server command, all configurations in BGP RPKI server view are deleted.
Examples
# Specify an RPKI server with the IP address 1.1.1.1 and enter BGP RPKI server view.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] rpki
[Sysname-bgp-default-rpki] server tcp 1.1.1.1
[Sysname-bgp-default-rpki-server]
server vpn-instance
Use server vpn-instance to specify a VPN instance for a BMP server.
Use undo server vpn-instance to restore the default.
Syntax
server vpn-instance vpn-instance-name
undo server vpn-instance
Default
No VPN instance is specified for a BMP server. A BMP server belongs to the public network.
Views
BMP server view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must be an MPLS L3VPN instance and must have been created.
Usage guidelines
If you delete the MPLS L3VPN instance of a BMP server, BGP disconnects from the BMP server. After you create the VPN instance again, BGP reconnects to the BMP server.
If you execute this command multiple times for a BMP server, the most recent configuration takes effect.
Examples
# Configure IP address 100.1.1.1 and port number 8888 for BMP server 5, and specify VPN instance vpna for BMP server 5.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] server address 100.1.1.1 port 8888
[Sysname-bmpserver-5] server vpn-instance vpna
Related commands
server connect-interface
shutdown process
Use shutdown process to shut down BGP sessions to all peers and peer groups.
Use undo shutdown process to restore the default.
Syntax
shutdown process
undo shutdown process
Default
BGP does not shut down sessions to any peers or peer groups.
Views
BGP instance view
Predefined user roles
network-admin
Usage guidelines
For maintenance purposes, you can execute this command to temporarily disconnect BGP sessions from all peers and peer groups on the device. After maintenance, you can restore the sessions by simply executing the undo form of the command without reconfiguring peer or peer group settings.
This command enables the device to tear down all sessions and clear all routing information.
When you configure the shutdown process command together with the peer ignore or ignore all-peers command, follow these restrictions and guidelines:
· Once BGP shutdown is enabled by the shutdown process command, the device cannot establish BGP sessions with all peers and peer groups.
· To disable BGP session establishment with a peer or peer group if you have disabled BGP shutdown, perform one of the following tasks:
¡ Disable BGP session establishment with that peer or peer group by using the peer ignore command.
¡ Disable BGP session establishment with all peers and peer groups by using the ignore all-peers command.
Examples
# Shut down BGP sessions to all peers and peer groups for BGP instance 100.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp-default] shutdown process
statistics-interval
Use statistics-interval to set the interval at which BGP sends statistics information to the BMP server.
Use undo statistics-interval to restore the default.
Syntax
statistics-interval value
undo statistics-interval
Default
BGP does not send statistics information to the BMP server.
Views
BMP server view
Predefined user roles
network-admin
Parameters
value: Specifies the interval at which BGP sends statistics information to the BMP server, in the range of 1 to 3600 seconds.
Usage guidelines
After establishing a TCP connection to the BMP server, BGP sends statistics information to the BMP server at the specified interval.
Examples
# Set the interval to 5 seconds at which BGP sends statistics information to the BMP server.
<Sysname> system-view
[Sysname] bmp server 5
[Sysname-bmpserver-5] statistics-interval 5
user-move fast-update
Use user-move fast-update to enable fast host route update upon user migration.
Use undo user-move fast-update to disable fast host route update upon user migration.
Syntax
user-move fast-update
undo user-move fast-update
Default
Fast host route update upon user migration is disabled.
Views
BGP IPv4 unicast address family view
BGP IPv6 unicast address family view
Predefined user roles
network-admin
Usage guidelines
An access device does not detect the online state of a client actively or update the host route entries in real time. Traffic forwarding might be affected when a client roams between access devices. To resolve this issue, execute this command to enable fast host route update upon user migration.
Executing this command also enables BGP to advertise the extended community attribute to all peers and peer groups.
Examples
# In BGP IPv4 unicast address family view, enable fast host route update upon user migration.
<Sysname>system-view
[Sysname] bgp 200
[Sysname-bgp-default] address-family ipv4 unicast
[Sysname-bgp-default-ipv4] user-move fast-update
Related commands
peer advertise-ext-community
