Configuration made in BGP EVPN address family view takes effect only on routes and peers of the BGP EVPN address family that are on the public network.

Examples

# Create the BGP EVPN address family and enter its view.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn]

advertise l2vpn evpn

Use advertise l2vpn evpn to enable BGP EVPN route advertisement to the local site.

Use undo advertise l2vpn evpn to disable BGP EVPN route advertisement to the local site.

Syntax

advertise l2vpn evpn

undo advertise l2vpn evpn

Default

BGP EVPN route advertisement to the local site is enabled.

Views

BGP-VPN IPv4 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to advertise private BGP EVPN routes to the local site after the device adds the routes to the routing table of a VPN instance.

Examples

# Enable BGP EVPN route advertisement to the local site for VPN instance vpn1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpn1

[Sysname-bgp-default-vpn1] address-family ipv4

[Sysname-bgp-default-ipv4-vpn1] advertise l2vpn evpn

arp mac-learning disable

Use arp mac-learning disable to disable an EVPN instance from learning MAC addresses from ARP information.

Use undo arp mac-learning disable to restore the default.

Syntax

arp mac-learning disable

undo arp mac-learning disable

Default

An EVPN instance learns MAC addresses from ARP information.

Views

VSI EVPN instance view

Predefined user roles

network-admin

Usage guidelines

The MAC information and ARP information advertised by a remote VTEP overlap. To avoid duplication, use this command to disable the learning of MAC addresses from ARP information. EVPN will learn remote MAC addresses only from the MAC information advertised from remote sites.

Examples

# Disable an EVPN instance from learning MAC addresses from ARP information.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan] arp mac-learning disable

arp proxy-send enable

Use arp proxy-send enable to enable ARP request proxy.

Use undo arp proxy-send enable to disable ARP request proxy.

Syntax

arp proxy-send enable

undo arp proxy-send enable

Default

ARP request proxy is disabled on VSI interfaces.

Views

VSI interface view

Predefined user roles

network-admin

Usage guidelines

ARP request proxy allows a VSI interface to send an ARP request sourced from itself when the VTEP forwards an ARP request. This feature helps resolve certain communication issues.

In an EVPN VXLAN network, VM 1 and VM 2 are attached to VTEP 1 and VTEP 2, respectively, and the VMs are in the same subnet. The gateway interfaces of VM 1 and VM 2 are VSI-interface 1 on VTEP 1 and VSI-interface 2 on VTEP 2, respectively. The following conditions exist on the VTEPs:

· The VTEPs have established BGP EVPN neighbor relationships.

· EVPN is disabled from learning MAC addresses from ARP information.

· MAC address advertisement is disabled, and advertised MAC addresses are withdrawn.

· Remote-MAC address learning is disabled.

· Local proxy ARP is enabled on the VSI interfaces.

· The VSI interfaces use different IP addresses and MAC addresses.

In this network, when VM 1 attempts to communicate with VM 2, the following procedure occurs:

1. VM 1 sends an ARP request.

2. VTEP 1 learns the MAC address of VM 1 from the ARP request, replies to VM 1 on behalf of VM 2, and sends an ARP request to obtain the MAC address of VM 2.

3. VTEP 2 forwards the ARP request, and VM 2 replies to VTEP 1.

4. VTEP 2 forwards the ARP reply sent by VM 2 without learning the MAC address of VM 2 because EVPN is disabled from learning MAC addresses from ARP information.

5. VTEP 1 does not learn the MAC address of VM 2 because remote-MAC address learning is disabled.

As a result, VM 1 fails to communicate with VM 2.

For VM 1 to communicate with VM 2, enable ARP request proxy on VSI-interface 2 of VTEP 2. When receiving the ARP request sent by VTEP 1, VTEP 2 forwards it and sends an ARP request sourced from VSI-interface 2 simultaneously, and VM 2 replies to both ARP requests. Then, VTEP 2 learns the MAC address of VM 2 from the ARP reply destined from VSI-interface 2 and advertises the MAC address to VTEP 1 through BGP EVPN routes. In this way, VTEP 1 obtains the MAC address of VM 2, and VM 1 and VM 2 can communicate.

Examples

# Enable ARP request proxy on VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-vsi-interface100] arp proxy-send enable

Related commands

local-proxy-arp enable (Layer 3—IP Services Command Reference)

arp-advertising disable

Use arp-advertising disable to disable ARP information advertisement for an EVPN instance.

Use undo arp-advertising disable to restore the default.

Syntax

arp-advertising disable

undo arp-advertising disable

Default

ARP information advertisement is enabled for an EVPN instance.

Views

VSI EVPN instance view

Predefined user roles

network-admin

Usage guidelines

In an EVPN VXLAN network with distributed gateways, you can disable ARP information advertisement for a VXLAN network to save resources if all its user terminals use the same EVPN gateway device. The EVPN instance of the VXLAN network will stop advertising ARP information through MAC/IP advertisement routes and withdraw advertised ARP information. When ARP information advertisement is disabled, user terminals in other VXLANs networks still can communicate with that VXLAN through IP prefix advertisement routes.

Examples

# Disable ARP information advertisement for an EVPN instance of EVPN VXLAN.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan] arp-advertising disable

bestroute ipv6-nexthop

Use bestroute ipv6-nexthop to enable BGP to prefer routes with an IPv6 next hop during optimal route selection.

Use undo bestroute ipv6-nexthop to restore the default.

Syntax

bestroute ipv6-nexthop

undo bestroute ipv6-nexthop

Default

BGP prefers routes with an IPv4 next hop during optimal route selection.

Views

BGP EVPN address family view

Predefined user roles

network-admin

Usage guidelines

Execute this command for the VXLAN packets in an EVPN network to be forwarded through IPv6 routes when both IPv4 and IPv6 routes exist.

Examples

# In BGP EVPN address family view, enable BGP to prefer routes with an IPv6 next hop during optimal route selection.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn] bestroute ipv6-nexthop

display arp filter source service-instance

Use display arp filter source service-instance to display ARP gateway protection configuration for Ethernet service instances.

Syntax

display arp filter source service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays ARP gateway protection configuration for Ethernet service instances on all interfaces.

service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays ARP gateway protection configuration for all Ethernet service instances on the specified interface.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ARP gateway protection configuration on the master device.

Usage guidelines

After you enable ARP gateway protection in Ethernet service instance view, use this command to view the ARP gateway protection configuration for Ethernet service instances.

Examples

# Display ARP gateway protection configuration for all Ethernet service instances on Twenty-FiveGigE 1/0/1 of slot 1.

<Sysname> display arp filter source service-instance interface twenty-fivegige 1/0/1 slot 1

Interface: twenty-fivegige 1/0/1

Service instance: 1

IPv4 address: 192.168.56.1

Drop count: 10

Service instance: 2

IPv4 address: 192.168.56.2

Drop count: 10

# Display ARP gateway protection configuration for Ethernet service instance 1 on Twenty-FiveGigE 1/0/1 of slot 1.

<Sysname> display arp filter source service-instance interface twenty-fivegige 1/0/1 instance 1 slot 1

Interface: twenty-fivegige 1/0/1

Service instance: 1

IPv4 address: 192.168.56.1

Drop count: 10

# Display ARP gateway protection configuration for Ethernet service instances on all interfaces of slot 1.

<Sysname> display arp filter source service-instance slot 1

Interface: twenty-fivegige 1/0/1

Service instance: 1

IPv4 address: 192.168.56.1

Drop count: 10

Service instance: 2

IPv4 address: 192.168.56.2

Drop count: 10

Interface: twenty-fivegige 1/0/2

Service instance: 2

IPv4 address: 192.168.56.2

Drop count: 10

Table 1 Command output

Field	Description
Service instance	Ethernet service instance ID.
IPv4 address	Protected gateway IP address.
Drop count	Number of packets dropped due to gateway protection.

‌

Related commands

arp filter source

display bgp l2vpn evpn

Use display bgp l2vpn evpn to display BGP EVPN routes.

Syntax

display bgp [ instance instance-name ] l2vpn evpn [ peer { ipv4-address | ipv6-address } { advertised-routes | received-routes } [ statistics ] | [ route-distinguisher route-distinguisher | route-type { imet | ip-prefix | mac-ip } ] * [ { evpn-route route-length | evpn-prefix } [ advertise-info | as-path | cluster-list | community | ext-community ] | ipv4-address | ipv6-address | mac-address ] | statistics ]

display bgp [ instance instance-name ] l2vpn evpn [ route-distinguisher route-distinguisher ] [ statistics ] community [ community-number&<1-32> | aa:nn&<1-32> ] [ internet | no-advertise | no-export | no-export-subconfed ] [ whole-match ]

display bgp [ instance instance-name ] l2vpn evpn [ route-distinguisher route-distinguisher ] [ statistics ] community-list { basic-community-list-number | comm-list-name | adv-community-list-number } [ whole-match ]

display bgp [ instance instance-name ] l2vpn evpn [ route-distinguisher route-distinguisher ] [ statistics ] ext-community [ bandwidth link-bandwidth-value | rt route-target | soo site-of-origin | color color ]&<1-32> [ whole-match ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays BGP EVPN routes for the default BGP instance.

peer { ipv4-address | ipv6-address }: Specifies a peer by its IPv4 address or IPv6 address.

advertised-routes: Specifies the routes advertised to the specified peer.

received-routes: Specifies the routes received from the specified peer.

statistics: Displays BGP EVPN route statistics.

route-distinguisher route-distinguisher: Specifies a route distinguisher (RD), a string of 3 to 21 characters. The RD can use one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number. For example, 65536:1. The AS number must be equal to or greater than 65536.

route-type: Specifies a route type.

imet: Specifies inclusive multicast Ethernet tag (IMET) routes.

ip-prefix: Specifies IP prefix advertisement routes.

mac-ip: Specifies MAC/IP advertisement routes.

evpn-route: Specifies a BGP EVPN route, a case-insensitive string of 1 to 512 characters.

route-length: Specifies the route length in bits, in the range of 0 to 65535.

evpn-prefix: Specifies a BGP EVPN route in the format of evpn-route/route-length, a case-insensitive string of 1 to 512 characters.

advertise-info: Displays advertisement information for BGP EVPN routes.

as-path: Specifies the AS path attribute.

cluster-list: Specifies the cluster list attribute.

community: Specifies the community attribute.

ext-community: Specifies the extended community attribute.

ipv4-address: Specifies an IPv4 address.

ipv6-address: Specifies an IPv6 address.

mac-address: Specifies a MAC address in MAC/IP advertisement routes. If you specify the route-type keyword, to use this argument, you must also specify the mac-ip keyword.

community-number&<1-32>: Specifies a community sequence number. The value range for the community-number argument is 1 to 4294967295. &<1-32> indicates that a maximum of 32 numbers can be specified.

aa:nn&<1-32>: Specifies a community number. Both aa and nn are in the range of 0 to 65535. &<1-32> indicates that a maximum of 32 numbers can be specified.

internet: Specifies the INTERNET community attribute. Routes with this attribute can be advertised to all BGP peers. By default, all routes have this attribute.

no-advertise: Specifies the NO_ADVERTISE community attribute. Routes with this attribute cannot be advertised to any BGP peers.

no-export: Specifies the NO_EXPORT community attribute. Routes with this attribute cannot be advertised outside the local AS or confederation, but can be advertised to other sub-ASs in the confederation.

no-export-subconfed: Specifies the NO_EXPORT_SUBCONFED community attribute. Routes with this attribute cannot be advertised outside the local AS or to other sub-ASs in the confederation.

whole-match: Displays BGP EVPN routes that exactly match the specified community list, community numbers, or extended community attribute. If you do not specify this keyword, the command displays BGP EVPN routes that include the specified community list, community numbers, or extended community attribute.

community-list: Specifies a community list to match BGP EVPN unicast routes.

basic-community-list-number: Specifies a basic community list by its number in the range of 1 to 99.

comm-list-name: Specifies a community list by its name, a case-sensitive string of 1 to 63 characters.

adv-community-list-number: Specifies an advanced community list by its number in the range of 100 to 199.

bandwidth link-bandwidth-value: Specifies the link bandwidth extended community attribute, a string of 3 to 16 characters. This attribute is in the format of 16-bit AS number:32-bit self-defined number, 100:3 for example. The value range is 0 to 65535 for an AS number and 0 to 4294967295 for a self-defined number.

color color: Specifies the color extended community attribute, a string of 4 to 13 characters. This attribute is in the format of binary Color-Only flag:decimal color value, 10:3 for example. The value range is 00 to 11 for the Color-Only flag and 0 to 4294967295 for the color value.

rt route-target: Specifies a route target, a string of 3 to 24 characters.

soo site-of-origin: Specifies the Site of Origin (SoO) extended community attribute, a string of 3 to 24 characters.

A route target or SoO attribute has the following forms:

· 16-bit AS number:32-bit self-defined number. For example, 101:3. The value range is 0 to 65535 for an AS number and 0 to 4294967295 for a self-defined number.

· 32-bit IP address:16-bit self-defined number. For example, 192.168.122.15:1. The value range is 0 to 65535 for a self-defined number.

· 32-bit AS number:16-bit self-defined number. For example, 70000:3. The value range is 65536 to 4294967295 for an AS number and 0 to 65535 for a self-defined number.

· 32-bit IP address/IPv4 address mask length:16-bit user-defined number. For example, 192.168.122.15/24:1.

· 32-bit AS number in dotted format:16-bit user-defined number. For example, 65535.65535:1.

&<1-32>: Specifies a maximum of 32 items.

Usage guidelines

If you do not specify any parameter, this command displays brief information about all BGP EVPN routes.

This command displays BGP EVPN routes that carry any community attribute and the whole-match keyword does not take effect if you do not specify the following parameters:

· community-number

· aa:nn

· internet

· no-advertise

· no-export

· no-export-subconfed

This command displays BGP EVPN routes that carry any extended community attribute and the whole-match keyword does not take effect if you do not specify the following parameters:

· bandwidth

· color

· rt

· soo

Examples

# Display brief information about all BGP EVPN routes.

<Sysname> display bgp l2vpn evpn

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 6

Route distinguisher: 100:1

Total number of routes: 3

Network NextHop MED LocPrf PrefVal Path/Ogn

* > [2][0][48][00aa.00bb.00cc][4][0.0.0.0]/136

10.1.1.2 0 32768 ?

* e 10.1.1.1 0 0 65410?

* > [3][300][16][::ffff:1.1.1.1]/176

127.0.0.1 0 32768 ?

Route distinguisher: 200:1

Total number of routes: 2

Network NextHop MED LocPrf PrefVal Path/Ogn

* >i [2][0][48][00aa.00cc.00dd][4][1.1.1.1]/136

3.3.3.9 0 100 0 ?

* >i [3][300][16][::ffff:2.2.2.2]/176

3.3.3.9 0 100 0 65420?

Route distinguisher of public instance: 1:15

Total number of routes: 1

Network NextHop MED LocPrf PrefVal Path/Ogn

* >e [2][0][48][0011.0022.0033][32][11.22.33.55]/136

30.30.1.2 0 0 100i

# Display all BGP EVPN routes that carry community attributes.

<Sysname> display bgp l2vpn evpn community

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 6

Route distinguisher: 100:1

Total number of routes: 3

Network NextHop MED LocPrf PrefVal Path/Ogn Community

* > [2][0][48][00aa.00bb.00cc][4][0.0.0.0]/136

10.1.1.2 0 32768 ? <1:2>

* e 10.1.1.1 0 0 65410? <2:3>

* > [3][300][16][::ffff:1.1.1.1]/176

127.0.0.1 0 32768 ? <3:4>

# Display all BGP EVPN routes that carry extended community attributes.

<Sysname> display bgp l2vpn evpn ext-community

BGP local router ID is 1.1.1.9

Status codes: * - valid, > - best, d - dampened, h - history,

s - suppressed, S - stale, i - internal, e - external

a – additional-path

Origin: i - IGP, e - EGP, ? - incomplete

Total number of routes from all PEs: 6

Route distinguisher: 100:1

Total number of routes: 3

Network NextHop MED LocPrf PrefVal Path/Ogn Ext-Community

* > [2][0][48][00aa.00bb.00cc][4][0.0.0.0]/136

10.1.1.2 0 32768 ? <RT 1:2>

* e 10.1.1.1 0 0 65410? <RT 2:3>

* > [3][300][16][::ffff:1.1.1.1]/176

127.0.0.1 0 32768 ? <RT 3:4>

Table 2 Command output

Field	Description
Status codes	Route status codes: · * - valid—Valid route. · > - best—Optimal route. · d - dampened—Dampened route. · h - history—History route. · i - internal—Internal route. · e - external—External route. · s - suppressed—Suppressed route. · S - stale—Stale route. · a - additional-path—Add-Path optimal route.
Origin	Origin of the route: · i – IGP—Originated in the AS. The origin of routes advertised by using the network command is IGP. · e – EGP—Learned through EGP. · ? – incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is incomplete.
Network	BGP EVPN route/route length. For example, in the entry [2][0][48][1485-247c-0506][32][10.1.2.20]/136, [2][0][48][1485-247c-0506][32][10.1.2.20] is the route, and 136 is the route length in bytes. BGP EVPN routes are as follows: · [1][ESI][EthernetTagID] ¡ 1—Ethernet auto-discovery route. ¡ ESI—Ethernet segment identifier (ESI). ¡ EthernetTagID—Ethernet tag ID. · [2][EthernetTagID][MACLength][MAC][IPAddressLength][IPAddress] ¡ 2—MAC/IP advertisement route. ¡ EthernetTagID—Ethernet tag ID. ¡ MACLength—MAC address length. ¡ MAC—MAC address. ¡ IPAddressLength—IP address length. ¡ IPAddress—IP address. · [3][EthernetTagID][IPAddressLength][IPAddress] ¡ 3—IMET route. ¡ IPAddressLength—IP address length. ¡ IPAddress—IP address of the originating router. · [4][ESI][IPAddressLength][IPAddress] ¡ 4—ES route. ¡ ESI—ESI. ¡ IPAddressLength—IP address length. ¡ IPAddress—IP address of the originating router. · [5][EthernetTagID][IPAddressLength][IPAddress] ¡ 5—IP prefix advertisement route. ¡ EthernetTagID—Ethernet tag ID. ¡ IPAddressLength—IP address length. ¡ IPAddress—IP address of the originating router. · [6][EthernetTagID][Source Len][Source IP][Group Len][Group IP][Originator Len][Originator IP] ¡ 6—Selective multicast Ethernet tag route. ¡ EthernetTagID—Ethernet tag ID. ¡ Source Len—Length of the multicast source address. This field displays 0 if the multicast source is any (, G). ¡ Source IP—Source IP address of IGMP membership reports. This field is not displayed if the multicast source is any (, G). ¡ Group Len—Length of the multicast group address. ¡ Group IP—Multicast group address of IGMP membership reports. ¡ Originator Len—Length of the originating router's IP address. ¡ Originator IP—IP address of the originating router. · [7][ESI][EthernetTagID][Source Len][Source IP][Group Len][Group IP][Originator Len][Originator IP] ¡ 7—IGMP join synch route. ¡ ESI—ESI. ¡ EthernetTagID—Ethernet tag ID. ¡ Source Len—Length of the multicast source address. This field displays 0 if the multicast source is any (, G). ¡ Source IP—Source IP address of IGMP membership reports. This field is not displayed if the multicast source is any (, G). ¡ Group Len—Length of the multicast group address. ¡ Group IP—Multicast group address of IGMP membership reports. ¡ Originator Len—Length of the originating router's IP address. ¡ Originator IP—IP address of the originating router. · [8][ESI][EthernetTagID] [Source Len][Source IP][Group Len][Group IP][Originator Len][Originator IP][ [LeaveGroup Synchronization] ¡ 8—IGMP leave synch route. ¡ ESI—ESI. ¡ EthernetTagID—Ethernet tag ID. ¡ Source Len—Length of the multicast source address. This field displays 0 if the multicast source is any (, G). ¡ Source IP—Source IP address of IGMP membership reports. This field is not displayed if the multicast source is any (, G). ¡ Group Len—Length of the multicast group address. ¡ Group IP—Multicast group address of IGMP membership reports. ¡ Originator Len—Length of the originating router's IP address. ¡ Originator IP—IP address of the originating router. ¡ LeaveGroup Synchronization—Leave group synchronization sequence number.
NextHop	Next hop IP address.
MED	Multi-Exit Discriminator (MED) attribute.
LocPrf	Local precedence.
PrefVal	Preferred value.
Path/Ogn	AS_PATH and ORIGIN attributes of the route.
Community	Community attribute.
Ext-Community	Extended community attribute.

‌

# Display detailed information about BGP EVPN route [1][00:01:02:03:04:05:06:07:08:09][5]/120 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [1][00:01:02:03:04:05:06:07:08:09][5] 120

BGP local router ID: 172.16.250.133

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [1][00:01:02:03:04:05:06:07:08:09][5]/120:

From : 10.1.1.2 (192.168.56.17)

Rely nexthop : 10.1.1.2

Original nexthop: 10.1.1.2

OutLabel : 0

Ext-Community : <RT: 1:2>, <Encapsulation Type: VXLAN >, <ESI Label: Flag 0,

Label 1>

RxPathID : 0x0

TxPathID : 0x0

AS-path : 200

Origin : igp

Attribute value : MED 0, pref-val 0

State : valid, external, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

EVPN route type : Ethernet auto-discovery route

ESI : 00:01:02:03:04:05:06:07:08:09

Ethernet tag ID : 5

MPLS label : 10

Table 3 Command output

Field	Description
Paths	Number of routes: · available—Number of valid routes. · best—Number of optimal routes.
From	IP address of the BGP peer that advertised the route.
Rely nexthop	Next hop after route recursion. If no next hop is found, this field displays not resolved.
Original nexthop	Original next hop of the route. If the route was obtained from a BGP update message, the original next hop is the next hop IP address in the message.
OutLabel	Outgoing label of the route.
Ext-Community	Extended community attributes: · RT. · Encapsulation Type. · ESI Label.
RxPathID	Add-Path ID value of the received route. This field is not supported by the BGP EVPN address family.
TxPathID	Add-Path ID value of the sent route. This field is not supported by the BGP EVPN address family.
AS-path	AS_PATH attribute of the route. This attribute records the ASs the route has passed and avoids routing loops.
Origin	Origin of the route: · igp—Originated in the AS. The origin of routes advertised by using the network command is IGP. · egp—Learned through EGP. · incomplete—Unknown origin. The origin of routes redistributed from IGP protocols is incomplete.
Attribute value	Attributes of the route: · MED—MED value for the destination network. · localpref—Local preference value. · pref-val—Preferred value. · pre—Route preference value.
State	Current state of the route: · valid. · internal. · external. · local. · synchronize. · best. · localredist—The route is redistributed from a local VPN instance or public instance. · reoriginated.
IP precedence	IP precedence in the range of 0 to 7. N/A indicates that the IP precedence is invalid.
QoS local ID	QoS local ID in the range of 1 to 4095. N/A indicates that the QoS local ID is invalid.
Traffic index	Traffic index in the range of 1 to 64. N/A indicates that the traffic index is invalid.
MPLS label	MPLS label. The current software version does not support this field.

‌

# Display detailed information about BGP EVPN route [2][5][48][0001-0203-0405][32][4.5.5.5]/136 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [2][5][48][0001-0203-0405][32][5.5.5.5] 136

BGP local router ID: 172.16.250.133

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [2][5][48][0001-0203-0405][32][5.5.5.5]/136:

From : 10.1.1.2 (192.168.56.17)

Rely nexthop : 10.1.1.2

Original nexthop: 10.1.1.2

OutLabel : 0

Ext-Community : <RT: 1:2>, <RT: 1:3>, <RT: 1:4>, <RT: 1:5>, <RT: 1:6>, <RT: 1:7

>, <Encapsulation Type: VXLAN>, <Router's Mac: 0006-0708-0910

>, <Default GateWay>

RxPathID : 0x0

TxPathID : 0x0

AS-path : 200

Origin : igp

Attribute value : MED 0, pref-val 0

State : valid, external, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

EVPN route type : MAC/IP advertisement route

ESI : 00:01:02:03:04:05:06:07:08:09

Ethernet tag ID : 5

MAC address : 0001-0203-0405

IP address : 5.5.5.5/32

MPLS label1 : 10

MPLS label2 : 0

Re-origination : Enable

Route distinguisher: 2.2.2.2:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [2][5][48][0001-0203-0405][32][5.5.5.5]/136:

From : 10.1.1.2 (192.168.56.17)

Rely nexthop : 10.1.1.2

Original nexthop: 10.1.1.2

OutLabel : 0

Ext-Community : <RT: 1:2>, <RT: 1:3>, <RT: 1:4>, <RT: 1:5>, <RT: 1:6>, <RT: 1:7

>, <Encapsulation Type: VXLAN>, <Router's Mac: 0006-0708-0910

>, <MAC Mobility: Flag 0, SeqNum 2>, <Default GateWay>

RxPathID : 0x0

TxPathID : 0x0

AS-path : 200

Origin : igp

Attribute value : MED 0, pref-val 0

State : valid, external, best, reoriginated, remoteredist

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

EVPN route type : MAC/IP advertisement route

ESI : 0001.0203.0405.0607.0809

Ethernet tag ID : 5

MAC address : 0001-0203-0405

IP address : 5.5.5.5/32

MPLS label1 : 200

MPLS label2 : 300

Table 4 Command output

Field	Description
Ext-Community	Extended community attributes: · RT. · Encapsulation Type. · Router's Mac. · Default GateWay—Route for the default gateway.
State	Current state of the route: · valid. · internal. · external. · local. · synchronize. · best. · reoriginated—Reoriginated route. · remoteredist—MAC/IP advertisement route generated based on a remote route.
MPLS label1	VXLAN ID used for Layer 2 forwarding.
MPLS label2	L3 VXLAN ID used for Layer 3 forwarding.
Re-origination	State of route reorigination: · Enable. · Disable.

‌

# Display detailed information about BGP EVPN route [3][0][32][5.5.5.5]/80 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [3][0][32][4.5.5.5] 80

BGP local router ID: 172.16.250.133

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [3][0][32][4.5.5.5]/80:

From : 10.1.1.2 (192.168.56.17)

Rely nexthop : 10.1.1.2

Original nexthop: 10.1.1.2

OutLabel : 0

Ext-Community : <RT: 1:2>, <Encapsulation Type: VXLAN>

RxPathID : 0x0

TxPathID : 0x0

AS-path : 200

Origin : igp

Attribute value : MED 0,pref-val 0

State : valid, external, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

EVPN route type : Inclusive multicast Ethernet tag route

Ethernet tag ID : 0

Origin address : 5.5.5.5/32

Table 5 Command output

Field	Description
Ext-Community	Extended community attributes: · RT. · Encapsulation Type.
Origin address	IP address of the originating router.

Field

Description

Ext-Community

Extended community attributes:

· RT.

· Encapsulation Type.

Origin address

IP address of the originating router.

‌

# Display detailed information about BGP EVPN route [5][10][32][4.5.5.5]/80 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [5][10][32][4.5.5.5] 80

BGP local router ID: 172.16.250.133

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [5][10][32][4.5.5.5]/80:

From : 10.1.1.2 (192.168.56.17)

Rely nexthop : 10.1.1.2

Original nexthop: 10.1.1.2

OutLabel : 0

Ext-Community : <RT: 1:2>, <Encapsulation Type: VXLAN>, <Router's Mac:

0006-0708-0910>, <Priority-Color: (1:10:10)>

RxPathID : 0x0

TxPathID : 0x0

AS-path : 200

Origin : igp

Attribute value : MED 0,pref-val 0

State : valid, external, best

IP precedence : N/A

QoS local ID : N/A

Traffic index : N/A

EVPN route type : IP prefix advertisement route

ESI : 00:00:00:00:00:00:00:00:00:0a

Ethernet tag ID : 10

IP address : 4.5.5.5/32

Gateway address : 0.0.0.0

MPLS Label : 1

Table 6 Command output

Field	Description
Ext-Community	Extended community attributes: · RT. · Encapsulation Type. · Router's Mac. · Priority-Color.
IP address	IP address and prefix length.
MPLS Label	L3 VXLAN ID used for Layer 3 forwarding.

‌

# Display detailed information about BGP EVPN route [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [4][00:00:00:00:00:00:00:00:00:0a] [32][4.5.5.5] 128 advertise-info

BGP local router ID: 172.16.250.133

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 best

BGP routing table information of [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128:

Advertised to peers (1 in total):

10.2.1.2

Inlabel : 1279

Table 7 Command output

Field	Description
Paths	Number of optimal routes.
Advertised to peers (1 in total)	Peers to whom the route has been advertised and the number of the peers.
InLabel	Incoming label, which is the private network label assigned by the local PE.

‌

# Display community attribute information about BGP EVPN route [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5] 128 community

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128:

Community: no-export

# Display extended community attribute information about BGP EVPN route [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5] 128 ext-community

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128:

Ext-Community: <RT 1:1>

# Display the AS path attribute of BGP EVPN route [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5] 128 as-path

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128:

As-path: 80

# Display the cluster ID list attribute of BGP EVPN route [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128 with RD 1.1.1.1:100.

<Sysname> display bgp l2vpn evpn route-distinguisher 1.1.1.1:100 [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5] 128 cluster-list

BGP local router ID: 1.1.1.9

Local AS number: 100

Route distinguisher: 1.1.1.1:100

Total number of routes: 1

Paths: 1 available, 1 best

BGP routing table information of [4][00:00:00:00:00:00:00:00:00:0a][32][4.5.5.5]/128:

Cluster list: 80

Table 8 Command output

Field	Description
Paths	Numbers of available routes and optimal routes.
Community	Community attribute.
Ext-Community	Extended community attribute.
As-path	AS path attribute.
Cluster-list	Cluster ID list attribute.

‌

# Display statistics about the BGP EVPN routes with community attributes.

<Sysname> display bgp l2vpn evpn statistics community

Total number of routes from all PEs: 1

Route distinguisher: 100:1(vpn1)

Total number of routes: 4

display bgp route-target evpn

Use display bgp route-target evpn to display the route targets sourced from the EVPN process and ES-import route targets for BGP.

Syntax

display bgp [ instance instance-name ] route-target evpn

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

instance instance-name: Specifies a BGP instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays route targets for the default BGP instance.

Usage guidelines

Use this command to display the following information:

· ES-import route targets carried in the ES-Import Route Target extended community attribute.

· Route targets configured for all EVPN instances created in system view and VSI view.

The ES-Import Route Target extended community attribute is advertised with ES routes. An ES-import route target carried in this attribute is a 48-bit string that is automatically generated in the H-H-H format based on an ESI. The device accepts an ES route only if the ES-import route target carried in that route matches an ES-import route target created based on a local ESI.

In the command output, the route targets enumerated for each route target type cannot exceed 8191 bytes. Each character is one byte long. For example, 1:1 are three bytes. If this limit is reached, excess characters are replaced with three dots (…).

Examples

# Display the route targets sourced from the EVPN process and ES-import route targets for BGP.

<Sysname> display bgp route-target evpn

Total EVPN route target count: 6

EVPN import route-target count: 5

1:1 2:2 3:3 4:4 5:5

EVPN es-import route target count: 1

1111-2222-3333

Table 9 Command output

Field	Description
Total EVPN route target count	Total number of EVPN route targets.
EVPN import route-target count	Number of import route targets configured for all EVPN instances created in system view and VSI view.
EVPN es-import route target count	Number of ES-import route targets.

‌

display evpn auto-discovery

Use display evpn auto-discovery to display information about peers that are automatically discovered through BGP.

Syntax

display evpn auto-discovery { { imet | mac-ip } [ peer peer-address] [ vsi vsi-name ] | macip-prefix [ nexthop next-hop ] [ count ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

imet: Specifies peers discovered through IMET routes.

mac-ip: Specifies MAC/IP advertisement routes.

peer peer-address: Specifies a peer by its IP address. If you do not specify this option, the command displays information about all automatically discovered peers.

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays peer information for all VSIs.

macip-prefix: Specifies peers discovered through MAC/IP advertisement routes and IP prefix advertisement routes.

nexthop next-hop: Specifies a next hop. If you do not specify this option, the command displays peer information for all next hops.

count: Displays the number of peers. If you do not specify this keyword, the command displays detailed peer information.

Examples

# Display information about peers discovered through IMET routes for EVPN VXLAN.

<Sysname> display evpn auto-discovery imet

Total number of automatically discovered peers: 2

VSI name: vpna

EVPN instance: -

RD PE_address Tunnel_address Tunnel mode VXLAN ID

1:10 2.2.2.2 2.2.2.2 VXLAN 10

2:100 3.3.3.3 3.3.3.3 VXLAN 10

Table 10 Command output

Field	Description
EVPN instance	EVPN instance name. If the EVPN instance is created on a VSI, this field displays a hyphen (-).
PE_address	Identifier of the remote VTEP on the VSI.
Tunnel_address	Tunnel destination IP address.
Tunnel mode	Tunnel mode: VXLAN.

‌

# Display information about IPv4 peers discovered through MAC/IP advertisement routes for EVPN VXLAN.

<Sysname> display evpn auto-discovery mac-ip

Total number of automatically discovered peers: 1

VSI name: vpna

EVPN instance: -

Destination IP Source IP VXLAN ID Tunnel mode Tunnel name

6.6.6.6 1.1.1.9 100 VXLAN Tunnel1

Table 11 Command output

Field	Description
EVPN instance	EVPN instance name. If the EVPN instance is created on a VSI, this field displays a hyphen (-).
Tunnel mode	Tunnel mode: VXLAN.

Field

Description

EVPN instance

EVPN instance name. If the EVPN instance is created on a VSI, this field displays a hyphen (-).

Tunnel mode

Tunnel mode:

VXLAN.

‌

# Display information about peers discovered through MAC/IP advertisement routes and IP prefix advertisement routes.

<Sysname> display evpn auto-discovery macip-prefix

Destination IP Source IP L3VNI Tunnel mode Outgoing interface

1.1.1.1 3.3.3.3 200 VXLAN Vsi-interface3

2.2.2.2 3.3.3.3 200 VXLAN Vsi-interface3

# Display the total number of peers discovered through MAC/IP advertisement routes and IP prefix advertisement routes.

<Sysname> display evpn auto-discovery macip-prefix count

Total number of entries: 2

Table 12 Command output

Field	Description
Destination IP	Tunnel destination IP address.
Source IP	Tunnel source IP address.
L3VNI	L3 VXLAN ID used for Layer 3 forwarding.
Tunnel mode	Tunnel mode: VXLAN.
Outgoing interface	VSI interface associated with the L3 VXLAN ID.

‌

display evpn m-lag synchronized-mac

Use display evpn m-lag synchronized-mac to display M-LAG-synchronized MAC address entries.

Syntax

display evpn m-lag synchronized-mac [ vsi vsi-name ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.

count: Displays the number of MAC address entries that match the command. If you do not specify this keyword, the command displays detailed information about MAC address entries.

Usage guidelines

To ensure VM reachability information consistency in an M-LAG system, M-LAG member devices synchronize MAC address entries and ARP packets with each other through a peer link. This command displays the synchronized MAC address entries from an M-LAG peer.

Examples

# Display all M-LAG-synchronized MAC address entries.

<Sysname> display evpn m-lag synchronized-mac

VSI name: bbb

MAC address Link ID Interface

0000-0000-000a 1 BAGG10

0000-0000-0009 0 Tunnel1

# Display the total number of M-LAG-synchronized MAC address entries.

<Sysname> display evpn m-lag synchronized-mac count

Total number of entries: 2

Table 13 Command output

Field	Description
Link ID	AC's or VXLAN tunnel's link ID on a VSI.
Interface	Outgoing interface name.

‌

display evpn ipv6 auto-discovery

Use display evpn ipv6 auto-discovery to display information about IPv6 peers that are automatically discovered through BGP.

Syntax

display evpn ipv6 auto-discovery { { imet | mac-ip } [ peer ipv6-address ] [ vsi vsi-name ] | macip-prefix [ nexthop next-hop ] [ count ] }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

imet: Specifies IPv6 peers discovered through IMET routes.

mac-ip: Specifies IPv6 peers discovered through MAC/IP advertisement routes.

peer ipv6-address: Specifies a peer by its IPv6 address. If you do not specify this option, the command displays information about all automatically discovered IPv6 peers.

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays IPv6 peer information for all VSIs.

macip-prefix: Specifies IPv6 peers discovered through MAC/IP advertisement routes that carry L3 VXLAN IDs or IP prefix advertisement routes that carry L3 VXLAN IDs.

nexthop next-hop: Specifies a next hop. If you do not specify this option, the command displays IPv6 peer information for all next hops.

count: Displays the number of IPv6 peers. If you do not specify this keyword, the command displays detailed IPv6 peer information.

Examples

# Display information about IPv6 peers discovered through IMET routes for EVPN VXLAN.

<Sysname> display evpn ipv6 auto-discovery imet

Total number of automatically discovered peers: 2

VSI name: vpna

EVPN instance : -

RD : 1:10

PE address : 11::8

Tunnel address : 11::8

Tunnel mode : VXLAN

VXLAN ID : 10

RD : 2:100

PE address : 12::8

Tunnel address : 12::8

Tunnel mode : VXLAN

VXLAN ID : 10

Table 14 Command output

Field	Description
EVPN instance	EVPN instance name. This field displays a hyphen (-) if no EVPN instance exists.
PE address	Identifier of the remote VTEP on the VSI.
Tunnel address	Tunnel destination IP address.
Tunnel mode	Tunnel mode: VXLAN.

‌

# Display information about IPv6 peers discovered through MAC/IP advertisement routes that do not carry L3 VXLAN IDs for EVPN VXLAN.

<Sysname> display evpn ipv6 auto-discovery mac-ip

Total number of automatically discovered peers: 1

VSI name: vpna

Destination IP : 6:6::6:8

Source IP : 1:1::1:7

VXLAN ID : 100

Tunnel mode : VXLAN

Tunnel name : Tunnel1

Table 15 Command output

Field	Description
Destination IP	Tunnel destination IP address.
Source IP	Tunnel source IP address.
Tunnel mode	Tunnel mode: VXLAN.

‌

# Display information about IPv6 peers discovered through MAC/IP advertisement routes that carry L3 VXLAN IDs or IP prefix advertisement routes that carry L3 VXLAN IDs.

<Sysname> display evpn ipv6 auto-discovery macip-prefix

Destination IP : 6:6::6:8

Source IP : 1:1::1:7

L3VNI : 100

Tunnel mode : VXLAN

OutInterface : Vsi-interface3

# Display the total number of IPv6 peers discovered through MAC/IP advertisement routes that carry L3 VXLAN IDs or IP prefix advertisement routes that carry L3 VXLAN IDs.

<Sysname> display evpn ipv6 auto-discovery macip-prefix count

Total number of entries: 1

Table 16 Command output

Field	Description
Destination IP	Tunnel destination IP address.
Source IP	Tunnel source IP address.
L3VNI	L3 VXLAN ID used for Layer 3 forwarding.
Tunnel mode	Tunnel mode: VXLAN.
OutInterface	VSI interface associated with the L3 VXLAN ID.

‌

display evpn route arp

Use display evpn route arp to display EVPN ARP entries.

Syntax

display evpn route arp [ local | remote ] [ public-instance | vpn-instance vpn-instance-name ] [ ip ipv4-address ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies local ARP entries.

remote: Specifies remote ARP entries.

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ip ipv4-address: Specifies an IPv4 address in dotted decimal notation. If you do not specify this option, the command displays all ARP entries that match the criteria you specify.

count: Displays the number of ARP entries. If you do not specify this keyword, the command displays detailed information about ARP entries.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both local and remote EVPN ARP entries.

If you do not specify the public-instance keyword or the vpn-instance vpn-instance-name option, this command displays EVPN ARP entries for the public instance and all VPN instances.

Examples

# Display all EVPN ARP entries.

<Sysname> display evpn route arp

Flags: D - Dynamic B - BGP L - Local active

G - Gateway S - Static M - Mapping I - Invalid

E - Multihoming ES sync F - Leaf

VPN instance: vpn1 Interface: Vsi-interface1

IP address MAC address Router MAC VSI index Flags

10.1.1.1 0003-0003-0003 a0ce-7e40-0400 0 GL

10.1.1.11 0001-0001-0001 a0ce-7e40-0400 0 DL

10.1.1.12 0001-0001-0011 a0ce-7e41-0401 0 B

10.1.1.13 0001-0001-0021 a0ce-7e42-0402 0 B

Public instance Interface: Vsi-interface2

IP address MAC address Router MAC VSI index Flags

11.1.1.1 0033-0033-0033 a0ce-7e40-0400 0 GL

11.1.1.11 0011-0011-0011 a0ce-7e40-0400 0 DL

# Display the total number of EVPN ARP entries.

<Sysname> display evpn route arp count

Total number of entries: 6

Table 17 Command output

Field	Description
Interface	VSI interface.
Router MAC	Router MAC address of the device. A hyphen (-) is displayed for an SRv6 network with distributed gateways.
Flags	ARP entry type: · D—The entry is dynamically learned. · B—The entry is learned from BGP EVPN routes. · L—The local entry is active. If this flag is not set and the B flag is set, the entry learned from BGP EVPN routes is active. · G—The entry for the gateway is active. · S—The static entry is active. · M—The entry from a remote VXLAN mapped to a local VXLAN is active. · I—The entry is invalid. Reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist. · E—The entry is synchronized between devices at a multihomed site. · F—The entry is from a leaf AC of EVPN E-tree.

‌

display evpn route arp suppression

Use display evpn route arp suppression to display EVPN ARP flood suppression entries.

Syntax

display evpn route arp suppression [ local | remote ] [ vsi vsi-name ] [ ip ipv4-address ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies local ARP flood suppression entries.

remote: Specifies remote ARP flood suppression entries.

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays ARP flood suppression entries for all VSIs.

ip ipv4-address: Specifies an IPv4 address in dotted decimal notation. If you do not specify this option, the command displays all ARP flood suppression entries that match the criteria you specify.

count: Displays the number of ARP flood suppression entries. If you do not specify this keyword, the command displays detailed information about ARP flood suppression entries.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both local and remote EVPN ARP flood suppression entries.

Examples

# Display all EVPN ARP flood suppression entries.

<Sysname> display evpn route arp suppression

Flags: D - Dynamic B - BGP L - Local active

G - Gateway S - Static M - Mapping I - Invalid

E - Multihoming ES sync F - Leaf

VSI name: vpna

EVPN instance: -

IP address MAC address Flags Encap

10.1.1.12 0002-0002-0002 B VXLAN

10.1.1.13 0002-0002-0002 BI VXLAN

10.1.1.101 0001-0011-0101 BS VXLAN

10.1.1.102 0001-0011-0102 DL VXLAN

# Display the total number of ARP flood suppression entries.

<Sysname> display evpn route arp suppression count

Total number of entries: 1

Table 18 Command output

Field	Description
EVPN instance	EVPN instance name. If the EVPN instance is created on a VSI, this field displays a hyphen (-).
Flags	ARP flood suppression entry type: · D—The entry is dynamically learned. · B—The entry is learned from BGP EVPN routes. · L—The local entry is active. If this flag is not set and the B flag is set, the entry learned from BGP EVPN routes is active. · G—The entry for the gateway is active. · S—The static entry is active. · M—The entry from a remote VXLAN mapped to a local VXLAN is active. · I—The entry is invalid. Reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist. · E—The entry is synchronized between devices at a multihomed site. · F—The entry is from a leaf AC of EVPN E-tree.
Encap	Packet encapsulation type: · VXLAN.

‌

display evpn route arp-mobility

Use display evpn route arp-mobility to display EVPN ARP mobility information.

Syntax

display evpn route arp-mobility [ public-instance | vpn-instance vpn-instance-name ] [ ip ip-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ip ip-address: Specifies an IPv4 address in dotted decimal notation. If you do not specify an IP address, this command displays ARP mobility information about all IP addresses of the public instance or MPLS L3VPN instance.

verbose: Displays detailed ARP mobility information. If you do not specify this keyword, the command displays brief ARP mobility information.

Usage guidelines

If you do not specify any parameters, this command displays ARP mobility information about the public instance and all VPN instances.

Examples

# Display EVPN ARP mobility information about the public instance and all VPN instances.

<Sysname> display evpn route arp-mobility

Flags: S - Suppressed, N - Not suppressed

VPN instance : vpn1

Interface : Vsi-interface1

IP address Move count Moved from Flags Suppressed at

192.168.156.120 5 25GE1/0/1 S 17:24:33 2018/04/01

192.168.56.20 - - N -

Public instance

Interface : Vsi-interface2

IP address Move count Moved from Flags Suppressed at

192.168.156.120 5 25GE1/0/2 S 17:24:33 2018/04/01

192.168.56.20 5 2.2.2.2 S 17:24:33 2018/04/01

Table 19 Command output

Field	Description
Move count	Number of ARP moves from the interface to other interfaces.
Moved from	Source interface or source VTEP/PE IP address for the ARP move.
Flags	Whether the ARP move was suppressed: · S—Suppressed. · N—Not suppressed.
Suppressed at	Time when the ARP move was suppressed.

‌

# Display detailed EVPN ARP mobility information about the public instance and all VPN instances.

<Sysname> display evpn route arp-mobility verbose

VPN instance : vpn1

Interface : Vsi-interface1

IP address : 192.168.156.120

Move count : 5

Moved from : 25GE1/0/1

Flags : Suppressed

Suppressed at : 17:24:33 2018/04/01

Suppression threshold: 5

Detection cycle : 180s

Suppression-time : Permanent

Table 20 Command output

Field	Description
Moved from	Source interface or source VTEP/PE IP address for the ARP move.
Flags	Whether the ARP move was suppressed: · Suppressed. · Not suppressed.
Suppressed at	Time when the ARP move was suppressed.
Suppression threshold	ARP mobility suppression threshold, which is the number of ARP moves from the local site to a remote site. If ARP mobility suppression is disabled or ARP moves are not suppressed, this field displays a hyphen (-).
Detection cycle	ARP mobility detection cycle in seconds. If ARP mobility suppression is disabled or ARP moves are not suppressed, this field displays a hyphen (-).
Suppression time	ARP mobility suppression time in seconds. Permanent indicates that ARP moves are suppressed permanently. If ARP mobility suppression is disabled or ARP moves are not suppressed, this field displays a hyphen (-).

‌

Related commands

evpn route arp-mobility suppression

display evpn route mac

Use display evpn route mac to display EVPN MAC address entries.

Syntax

display evpn route mac [ local | remote ] [ vsi vsi-name ] [ mac-address mac-address ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies local MAC address entries.

remote: Specifies remote MAC address entries.

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays MAC address entries for all VSIs.

mac-address mac-address: Specifies a MAC address in the format of H-H-H. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001. If you do not specify a MAC address, this command displays all MAC address entries that match the criteria you specify.

count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.

Examples

# Display all EVPN MAC address entries for EVPN VXLAN.

<Sysname> display evpn route mac

Flags: D - Dynamic B - BGP L - Local active

G - Gateway S - Static M - Mapping I - Invalid

E - Multihoming ES sync F - Leaf

VSI name: bbb

EVPN instance: -

MAC address Link ID/Name Flags Encap Next hop

0000-0000-000a 1 DL VXLAN -

0000-0000-0009 Tunnel1 B VXLAN 2.2.2.2

0001-2000-4000 - BI VXLAN 3.3.3.3

# Display the total number of EVPN MAC address entries.

<Sysname> display evpn route mac count

Total number of entries: 2

Table 21 Command output

Field	Description
EVPN instance	EVPN instance name. If the EVPN instance is created on a VSI, this field displays a hyphen (-).
Link ID/Name	For a local MAC address, this field displays the AC's link ID on the VSI. For a remote MAC address, this field displays the tunnel interface name.
Flags	MAC address entry type: · D—The entry is dynamically learned. · B—The entry is learned from BGP EVPN routes. · L—The local entry is active. If this flag is not set and the B flag is set, the entry learned from BGP EVPN routes is active. · G—The entry for the gateway is active. · S—The static entry is active. · M—The entry from a remote VXLAN mapped to a local VXLAN is active. · I—The entry is invalid. Reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist. · E—The entry is synchronized between devices at a multihomed site. · F—The entry is from a leaf AC of EVPN E-tree.
Encap	Packet encapsulation type: VXLAN.
Next hop	IP address of the remote VTEP. If the MAC address entry is a local entry, a hyphen (-) is displayed.

‌

display evpn route mac-mobility

Use display evpn route mac-mobility to display EVPN MAC mobility information.

Syntax

display evpn route mac-mobility [ evpn-instance instance-name | interface interface-type interface-number | vsi vsi-name ] [ mac-address mac-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

evpn-instance instance-name: Specifies an EVPN instance by its name, a case-sensitive string of 1 to 31 characters.

interface interface-type interface-number: Specifies an interface by its type and number.

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC mobility information about all VSIs.

mac-address mac-address: Specifies a MAC address in the format of H-H-H. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001. If you do not specify a MAC address, this command displays MAC mobility information about all MAC addresses in the specified VSI or all VSIs.

verbose: Displays detailed MAC mobility information. If you do not specify this keyword, the command displays brief MAC mobility information.

Usage guidelines

If you do not specify any parameters, this command displays IPv4 EVPN MAC mobility information about all VSIs.

Examples

# Display IPv4 EVPN MAC mobility information about all VSIs.

<Sysname> display evpn route mac-mobility

Flags: S - Suppressed, N - Not suppressed

VSI name : vsia

EVPN instance : -

MAC address Move count Moved from Flags Suppressed at

1000-0000-0000 10 25GE1/0/1 S 15:30:30 2018/03/30

1000-0000-0001 - - N -

VSI name : vsib

EVPN instance : -

MAC address Move count Moved from Flags Suppressed at

1000-0000-0003 2 25GE1/0/2 N -

1000-0000-0005 10 5.5.5.5 S 17:24:33 2018/04/01

Table 22 Command output

Field	Description
EVPN instance	EVPN instance name. If the EVPN instance is created on a VSI, this field displays a hyphen (-). This field is supported only by EVPN VXLAN.
Move count	Number of MAC moves from the interface to other interfaces.
Moved from	Source interface or source VTEP/PE IP address for the MAC move.
Flags	Whether the MAC move was suppressed: · S—Suppressed. · N—Not suppressed.
Suppressed at	Time when the MAC move was suppressed.

‌

# Display detailed IPv4 EVPN MAC mobility information about all VSIs.

<Sysname> display evpn route mac-mobility verbose

VSI name : vsia

MAC Address : 1000-0000-0000

Move count : 10

Moved from : 25GE1/0/1

Flags : Suppressed

Suppressed at : 15:30:30 2018/03/30

Suppression threshold: 10

Detection cycle : 180s

Suppression-time : Permanent

Table 23 Command output

Field	Description
Moved from	Source interface or source VTEP/PE IP address for the MAC move.
Flags	Whether the MAC move was suppressed: · Suppressed. · Not suppressed.
Suppressed at	Time when the MAC move was suppressed.
Suppression threshold	MAC mobility suppression threshold, which is the number of MAC moves from the local site to a remote site. If MAC mobility suppression is disabled or MAC moves are not suppressed, this field displays a hyphen (-).
Detection cycle	MAC mobility detection cycle in seconds. If MAC mobility suppression is disabled or MAC moves are not suppressed, this field displays a hyphen (-).
Suppression time	MAC mobility suppression time in seconds. Permanent indicates that MAC moves are suppressed permanently. If MAC mobility suppression is disabled or MAC moves are not suppressed, this field displays a hyphen (-).

‌

Related commands

evpn route mac-mobility suppression

display evpn route nd

Use display evpn route nd to display EVPN ND entries.

Syntax

display evpn route nd [ local | remote ] [ public-instance | vpn-instance vpn-instance-name ] [ ipv6 ipv6-address ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies local ND entries.

remote: Specifies remote ND entries.

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify this option, the command displays all ND entries that match the criteria you specify.

count: Displays the number of ND entries. If you do not specify this keyword, the command displays detailed information about ND entries.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both local and remote EVPN ND entries.

If you do not specify the public-instance keyword or the vpn-instance vpn-instance-name option, this command displays EVPN ND entries for the public instance and all VPN instances.

Examples

# Display all EVPN ND entries.

<Sysname> display evpn route nd

Flags: D - Dynamic B - BGP L - Local active

G - Gateway S - Static M - Mapping I - Invalid

VPN instance: vpn1 Interface: Vsi-interface1

IPv6 address : AD80:0300:1000:0050:0200:0300:0100:0012

MAC address : 0001-0001-0001 Router MAC : a0ce-7e40-0400

VSI index : 0 Flags : GL

IPv6 address : AD10:0300:1000:0020:0200:0300:0100:0022

MAC address : 0001-0001-0002 Router MAC : a0ce-7e40-0411

VSI index : 0 Flags : GL

Public instance Interface: Vsi-interface1

IPv6 address : BC80:0300:1000:0050:0200:0300:0100:0033

MAC address : 0002-0002-0001 Router MAC : a0ce-7e40-0422

VSI index : 0 Flags : GL

IPv6 address : BC10:0300:1000:0020:0200:0300:0100:0034

MAC address : 0002-0002-0002 Router MAC : a0ce-7e40-0433

VSI index : 0 Flags : GL

# Display the total number of EVPN ND entries.

<Sysname>display evpn route nd count

Total number of entries: 2

Table 24 Command output

Field	Description
Interface	VSI interface.
Flags	ND entry type: · D—The entry is dynamically learned. · B—The entry is learned from BGP EVPN routes. · L—The local entry is active. If this flag is not set and the B flag is set, the entry learned from BGP EVPN routes is active. · G—The entry for the gateway is active. · S—The static entry is active. · M—The entry from a remote VXLAN mapped to a local VXLAN is active. · I—The entry is invalid. Reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.

Field

Description

Interface

VSI interface.

Flags

ND entry type:

· D—The entry is dynamically learned.

· B—The entry is learned from BGP EVPN routes.

· L—The local entry is active. If this flag is not set and the B flag is set, the entry learned from BGP EVPN routes is active.

· G—The entry for the gateway is active.

· S—The static entry is active.

· M—The entry from a remote VXLAN mapped to a local VXLAN is active.

· I—The entry is invalid. Reasons:

¡ The VSI has been administratively shut down by using the shutdown command.

¡ The outgoing tunnel interface does not exist.

‌

display evpn route nd suppression

Use display evpn route nd suppression to display EVPN ND flood suppression entries.

Syntax

display evpn route nd suppression [ local | remote ] [ vsi vsi-name ] [ ipv6 ipv6-address ] [ count ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies local ND flood suppression entries.

remote: Specifies remote ND flood suppression entries.

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays ND flood suppression entries for all VSIs.

ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify this option, the command displays all ND flood suppression entries that match the criteria you specify.

count: Displays the number of ND flood suppression entries. If you do not specify this keyword, the command displays detailed information about ND flood suppression entries.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both local and remote EVPN ND flood suppression entries.

Examples

# Display all EVPN ND flood suppression entries.

<Sysname> display evpn route nd suppression

Flags: D - Dynamic B - BGP L - Local active

G - Gateway S - Static M - Mapping I - Invalid

VSI name: vpna

IPv6 address MAC address Flags Encap

11::8 72cb-ce9b-0a06 DL VXLAN

11::9 0001-0001-0001 B VXLAN

# Display the total number of ND flood suppression entries.

<Sysname> display evpn route nd suppression count

Total number of entries: 2

Table 25 Command output

Field	Description
Flags	ARP flood suppression entry type: · D—The entry is dynamically learned. · B—The entry is learned from BGP EVPN routes. · L—The local entry is active. If this flag is not set and the B flag is set, the entry learned from BGP EVPN routes is active. · G—The entry for the gateway is active. · S—The static entry is active. · M—The entry from a remote VXLAN mapped to a local VXLAN is active. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.
Encap	Packet encapsulation type: VXLAN.

Field

Description

Flags

ARP flood suppression entry type:

· D—The entry is dynamically learned.

· B—The entry is learned from BGP EVPN routes.

· L—The local entry is active. If this flag is not set and the B flag is set, the entry learned from BGP EVPN routes is active.

· G—The entry for the gateway is active.

· S—The static entry is active.

· M—The entry from a remote VXLAN mapped to a local VXLAN is active.

· I—The entry is invalid. Possible reasons:

¡ The VSI has been administratively shut down by using the shutdown command.

¡ The outgoing tunnel interface does not exist.

Encap

Packet encapsulation type:

VXLAN.

‌

display evpn route nd-mobility

Use display evpn route nd-mobility to display EVPN ND mobility information.

Syntax

display evpn route nd-mobility [ public-instance | vpn-instance vpn-instance-name ] [ ipv6 ipv6-address ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays ND mobility information about all IPv6 addresses of the public instance or MPLS L3VPN instance.

verbose: Displays detailed ND mobility information. If you do not specify this keyword, the command displays brief ND mobility information.

Usage guidelines

If you do not specify any parameters, this command displays ND mobility information about the public instance and all VPN instances.

Examples

# Display brief EVPN ND mobility information about the public instance and all VPN instances.

<Sysname> display evpn route nd-mobility

VPN instance : vpn1

Interface : Vsi-interface1

IPv6 address : 1::1

Move count : 5

Moved from : 25GE1/0/1

Flags : S

Suppressed at : 15:30:30 2020/03/30

Public instance

Interface : Vsi-interface2

IPv6 address : 2::2

Move count : 5

Moved from : 20::20

Flags : S

Suppressed at : 17:24:33 2020/04/01

Table 26 Command output

Field	Description
Move count	Number of ND moves from the interface to other interfaces.
Moved from	Source interface or source VTEP/PE IP address for the ND move.
Flags	Whether the ND move was suppressed: · Suppressed. · Not suppressed.
Suppressed at	Time when the ND move was suppressed.

‌

# Display detailed EVPN ND mobility information about the public instance and all VPN instances.

<Sysname> display evpn route nd-mobility verbose

VPN instance : vpn1

Interface : Vsi-interface1

IPv6 address : 1::1

Move count : 5

Moved from : 25GE1/0/1

Flags : Suppressed

Suppressed at : 15:30:30 2020/03/30

Suppression threshold: 5

Detection cycle : 180s

Suppression-time : Permanent

IPv6 address : 1::1

Move count : 5

Moved from : 25GE1/0/1

Flags : Suppressed

Suppressed at : 15:30:30 2020/03/30

Suppression threshold: 5

Detection cycle : 180s

Suppression-time : Permanent

Table 27 Command output

Field	Description
Moved from	Source interface or source VTEP/PE IP address for the ND move.
Flags	Whether the ND move was suppressed: · Suppressed. · Not suppressed.
Suppressed at	Time when the ND move was suppressed.
Suppression threshold	ND mobility suppression threshold, which is the number of ND moves from the local site to a remote site. If ND mobility suppression is disabled or ND moves are not suppressed, this field displays a hyphen (-).
Detection cycle	ND mobility detection cycle in seconds. If ND mobility suppression is disabled or ND moves are not suppressed, this field displays a hyphen (-).
Suppression time	Suppression time in seconds. If this field displays Permanent, ND moves are suppressed permanently. If ND mobility suppression is disabled or ND moves are not suppressed, this field displays a hyphen (-).

‌

Related commands

evpn route nd-mobility suppression

display evpn routing-table

Use display evpn routing-table to display EVPN routing table information.

Syntax

display evpn routing-table [ ipv6 ] { public-instance | vpn-instance vpn-instance-name } [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6: Specifies IPv6 information. If you do not specify this keyword, the command displays IPv4 information.

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

count: Displays the number of entries in the routing table. If you do not specify this keyword, the command displays detailed information about the routing table.

Examples

# Display the EVPN IPv4 routing table for VPN instance vpn1 of an EVPN network with distributed gateways.

<Sysname> display evpn routing-table vpn-instance vpn1

Flags: E - with valid ESI A – A-D ready L - Local ES exists

VPN instance name: vpn1 Local L3VNI: 7

IP address Nexthop Outgoing interface NibID Flags

10.1.1.11 1.1.1.1 Vsi-interface3 0x18000000 -

10.1.1.12 2.2.2.2 Vsi-interface3 0x18000001 -

# Display the EVPN IPv4 routing table for the public instance of an EVPN network with distributed gateways.

<Sysname> display evpn routing-table public-instance

Flags: E - with valid ESI A – A-D ready L - Local ES exists

Public instance Local L3VNI: 3900

IP address Nexthop Outgoing interface NibID Flags

10.1.1.11 1.1.1.1 Vsi-interface3 0x18000000 -

10.1.1.12 2.2.2.2 Vsi-interface3 0x18000001 -

# Display the number of EVPN route entries in the IPv4 routing table for VPN instance vpn1.

<Sysname> display evpn routing-table vpn-instance vpn1 count

Total number of entries: 2

# Display the EVPN IPv6 routing table for VPN instance vpna of an EVPN network with distributed gateways.

<Sysname> display evpn routing-table ipv6 vpn-instance vpna

Flags: E - with valid ESI A – A-D ready L - Local ES exists

VPN instance: vpna Local L3VNI: 7

IPv6 address : BC10:0300:1000:0020:0200:0300:0100:0034

Outgoing interface : Vsi-interface3

Next hop : 1.1.1.1

NibID : 0x18000000

Flags : E

IPv6 address : BC10:0300:1000:0020:0200:0300:0100:0035

Outgoing interface : Vsi-interface3

Next hop : 2.2.2.2

NibID : 0x18000001

Flags : E

Table 28 Command output

Field	Description
Local L3VNI	L3 VXLAN ID associated with the VPN instance or the public instance.
NibID	Next hop ID.
Flags	Flags of the route: · E—The route carries a valid ESI. · A—An Ethernet auto-discovery route has been received. The ECMP routes to the next hop are ready to be issued. · L—A local active ESI exists. The remote route is not issued.

‌

evpn m-lag group

Use evpn m-lag group to enable EVPN M-LAG and specify the virtual VTEP address.

Use undo evpn m-lag group to restore the default.

Syntax

evpn m-lag group { virtual-vtep-ipv4 | virtual-vtep-ipv6 }

undo evpn m-lag group

Default

EVPN M-LAG is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

virtual-vtep-ipv4: Specifies the virtual IPv4 VTEP address.

virtual-vtep-ipv6: Specifies the virtual IPv6 VTEP address.

virtual-vtep-ip: Specifies the virtual VTEP address.

Usage guidelines

EVPN M-LAG virtualizes two VTEPs, EDs or EVPN gateways into one M-LAG system to avoid single points of failure. The VTEPs, EDs or EVPN gateways use a virtual VTEP address to establish VXLAN tunnels to remote devices.

For the device to re-establish tunnels, you must execute the address-family l2vpn evpn command in BGP instance view after you enable or disable EVPN M-LAG.

To change the virtual VTEP address, first execute the undo evpn m-lag group command to remove the original virtual VTEP address.

The evpn m-lag group and evpn m-lag local commands must specify three IPv4 or IPv6 addresses. Mixed use of IPv4 and IPv6 addresses is not allowed.

Examples

# Enable EVPN M-LAG and specify the virtual VTEP address as 1.1.1.1.

<Sysname> system-view

[Sysname] evpn m-lag group 1.1.1.1

evpn m-lag local

Use evpn m-lag local to specify the IP addresses of the VTEPs in an M-LAG system.

Use undo evpn m-lag local to restore the default.

Syntax

evpn m-lag local { local-ipv4-address remote remote-ipv4-address | local-ipv6-address remote remote-ipv6-address }

undo evpn m-lag local

Default

The IP addresses of the VTEPs in an M-LAG system are not specified.

Views

System view

Predefined user roles

network-admin

Parameters

local-ipv4-address: Specifies the IPv4 address of the local VTEP.

local-ipv6-address: Specifies the IPv6 address of the local VTEP.

remote remote-ip: Specifies the IP address of the peer VTEP.

remote-ipv4-address: Specifies the IPv4 address of the peer VTEP.

remote-ipv6-address: Specifies the IPv6 address of the peer VTEP.

Usage guidelines

An AC that is attached to only one of the VTEPs in an M-LAG system is called a single-armed AC. After you configure this command, each VTEP in an M-LAG system changes the next hop of the routes for single-armed ACs to its local VTEP IP address when advertising the routes. This ensures that the traffic of a single-armed AC is forwarded to its attached VTEP. When a VTEP receives BGP EVPN routes from the peer VTEP IP address specified by using this command, it does not set up a VXLAN tunnel to the peer VTEP.

You must execute this command if single-armed ACs are attached to an M-LAG system with a direct peer link. You do not need to execute this command on an M-LAG system with a tunnel peer link. In such an M-LAG system, a VTEP uses the source IP address of the peer link as the next hop of routes for single-armed ACs to ensure correct traffic forwarding.

When you execute this command, make sure the IP address of the local VTEP belongs to a local interface. Make sure the local VTEP IP address and peer VTEP IP address are reversed on the VTEPs in an M-LAG system.

Do not use this command on EDs.

The evpn m-lag group and evpn m-lag local commands must specify three IPv4 or IPv6 addresses. Mixed use of IPv4 and IPv6 addresses is not allowed.

Examples

# Specify the IP addresses of the local and peer VTEPs in the M-LAG system as 2.2.2.2 and 3.3.3.3, respectively.

<Sysname> system-view

[Sysname] evpn m-lag local 2.2.2.2 remote 3.3.3.3

evpn encapsulation

Use evpn encapsulation to create an EVPN instance and enter its view, or enter the view of an existing EVPN instance.

Use undo evpn encapsulation to restore the default.

Syntax

evpn encapsulation vxlan

undo evpn encapsulation

Default

No EVPN instance exists.

Views

VSI view

Predefined user roles

network-admin

Parameters

vxlan: Specifies VXLAN encapsulation.

Usage guidelines

Before you can configure EVPN settings, you must create an EVPN instance.

Examples

# Create a VSI EVPN instance and enter its view.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan]

evpn global-mac

Use evpn global-mac to configure the EVPN global MAC address.

Use undo evpn global-mac to restore the default.

Syntax

evpn global-mac mac-address

undo evpn global-mac

Default

No EVPN global MAC address is configured.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address, broadcast MAC address, or all-zeros MAC address.

Usage guidelines

The EVPN global MAC address is used only by VSI interfaces associated with an L3 VXLAN ID.

For a VSI interface associated with an L3 VXLAN ID, the MAC address assigned to it by using the mac-address command takes precedence over the EVPN global MAC address.

Do not use a reserved MAC address as the EVPN global MAC address.

Examples

# Configure the EVPN global MAC address as 0001-0001-0001.

<Sysname> system-view

[Sysname] evpn global-mac 1-1-1

evpn irb asymmetric

Use evpn irb asymmetric to enable asymmetric IRB for EVPN VXLAN.

Use undo evpn irb asymmetric to restore the default.

Syntax

evpn irb asymmetric [ route-policy route-policy-name ]

undo evpn irb asymmetric

Default

Symmetric IRB is enabled for EVPN VXLAN.

Views

System view

Predefined user roles

network-admin

Parameters

route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters. The device will perform asymmetric IRB forwarding for the traffic that matches the routing policy. If you do not specify a routing policy or the specified routing policy does not exist, the device performs asymmetric IRB forwarding for all traffic.

Usage guidelines

Use this command to set the IRB mode for EVPN VXLAN.

Examples

# Enable asymmetric IRB for EVPN VXLAN.

<Sysname> system-view

[Sysname] evpn irb asymmetric

evpn mac-ip advertise distributed-gateway

Use evpn mac-ip advertise distributed-gateway to enable the device to advertise ARP information for the distributed EVPN gateway interfaces through MAC/IP advertisement routes.

Use undo evpn mac-ip advertise distributed-gateway to disable the device from advertising ARP information for the distributed EVPN gateway interfaces through MAC/IP advertisement routes.

Syntax

evpn mac-ip advertise distributed-gateway

undo evpn mac-ip advertise distributed-gateway

Default

By default, the device does not advertise ARP information for the distributed EVPN gateway interfaces through MAC/IP advertisement routes.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If a distributed EVPN gateway has downstream VTEPs attached, the gateway advertises ARP information for gateway interfaces through IP prefix advertisement routes. Because the VTEPs do not have gateway configuration, they cannot learn the ARP information for the gateway interfaces or forward traffic to the gateway. For the VTEPs to learn ARP information for the gateway interfaces, enable the distributed EVPN gateway to advertise ARP information for the gateway interfaces through MAC/IP advertisement routes.

Examples

# Enable the device to advertise ARP information for the distributed EVPN gateway interfaces through MAC/IP advertisement routes.

<Sysname> system-view

[Sysname] evpn mac-ip advertise distributed-gateway

evpn route arp-mobility suppression

Use evpn route arp-mobility suppression to enable ARP mobility event suppression.

Use undo evpn route arp-mobility suppression to disable ARP mobility event suppression.

Syntax

evpn route arp-mobility suppression [ detect-cycle detect-time | detect-threshold move-times | suppression-time [ suppression-time | permanent ] ] *

undo evpn route arp-mobility suppression

Default

ARP mobility event suppression is disabled.

Views

System view

EVPN instance view

VSI EVPN instance view

Layer 3 interface view

Predefined user roles

network-admin

Parameters

detect-cycle detect-time: Sets the ARP mobility detection cycle in seconds, in the range of 60 to 900. The default value is 180 seconds.

detect-threshold move-times: Sets the ARP mobility suppression threshold, in the range of 3 to 10. The default is 5. This threshold is the number of ARP moves from the local site to remote sites.

suppression-time: Sets the ARP mobility suppression time. A suppressed ARP entry cannot move until the ARP mobility suppression time expires. If you do not set this parameter, the default setting permanent applies.

suppression-time: Specifies the ARP mobility suppression time in seconds, in the range of 120 to 3600 seconds.

permanent: Suppresses ARP moves permanently.

Usage guidelines

The ARP mobility event suppression feature allows an IP address to move at most the specified number of times (ARP mobility suppression threshold) out of a site within an ARP mobility detection cycle. If the suppression threshold has been reached for an IP address within a detection cycle, the VTEP at the site suppresses the subsequent move after the IP address moves back to the site. In addition, the VTEP learns ARP information for the IP address but does not advertise the ARP information.

After you execute the undo evpn route arp-mobility suppression command or when the ARP mobility suppression time expires, a VTEP acts as follows:

· Advertises ARP information immediately for the suppressed ARP entries that have not aged out.

· Relearns ARP information for the suppressed ARP entries that have aged out and advertises the ARP information.

ARP mobility event suppression takes effect only on an EVPN VXLAN network configured with distributed VXLAN IP gateways.

The ARP mobility event suppression setting configured in system view takes effect on all EVPN instances. The ARP mobility event suppression setting configured in EVPN instance view takes effect on all associated VSIs. The ARP mobility event suppression setting configured in VSI EVPN instance view takes effect only on the associated VSI. The ARP mobility event suppression setting configured in Layer 3 interface view takes effect only on that interface.

The ARP mobility event suppression settings configured in the following views are in descending order of priority:

1. Layer 3 interface view.

2. EVPN instance view or VSI EVPN instance view.

3. System view.

Examples

# Enable ARP mobility event suppression.

<Sysname> system-view

[Sysname] evpn route arp-mobility suppression

Related commands

display evpn route arp-mobility

evpn route mac-mobility suppression

Use evpn route mac-mobility suppression to enable MAC mobility event suppression.

Use undo evpn route mac-mobility suppression to disable MAC mobility event suppression.

Syntax

evpn route mac-mobility suppression [ detect-cycle detect-time | detect-threshold move-times | suppression-time [ suppression-time | permanent ] ] *

undo evpn route mac-mobility suppression

Default

MAC mobility event suppression is disabled.

Views

System view

EVPN instance view

VSI EVPN instance view

Layer 3 interface view

Predefined user roles

network-admin

Parameters

detect-cycle detect-time: Sets the MAC mobility detection cycle in seconds, in the range of 60 to 900. The default value is 180 seconds.

detect-threshold move-times: Sets the MAC mobility suppression threshold, in the range of 3 to 10. The default is 5. This threshold is the number of MAC moves from the local site to remote sites.

suppression-time: Sets the MAC mobility suppression time. A suppressed MAC entry cannot move until the MAC mobility suppression time expires. If you do not set this parameter, the default setting permanent applies.

suppression-time: Specifies the MAC mobility suppression time in seconds, in the range of 120 to 3600 seconds.

permanent: Suppresses MAC moves permanently.

Usage guidelines

On an EVPN VXLAN network, misconfiguration of MAC addresses might cause two sites to contain the same MAC address. In this condition, VTEPs at the two sites constantly synchronize and update EVPN MAC entries and determine that MAC mobility events occur. As a result, an inter-site loop might occur, and the bandwidth is occupied by MAC entry synchronization traffic. To eliminate loops and suppress those MAC mobility events, enable MAC mobility event suppression on the VTEPs.

The MAC mobility event suppression feature allows a MAC address to move at most the specified number of times (MAC mobility suppression threshold) out of a site within an MAC mobility detection cycle. If the suppression threshold has been reached for a MAC address within a detection cycle, the VTEP at the site suppresses the subsequent move after the MAC address moves back to the site. In addition, the VTEP learns the MAC address but does not advertise it.

After you execute the undo evpn route mac-mobility suppression command or when the MAC mobility suppression time expires, a VTEP acts as follows:

· Advertises MAC address entries immediately for the suppressed MAC address entries that have not aged out.

· Relearns the MAC addresses for the suppressed MAC address entries that have aged out and advertises the MAC address entries.

The MAC mobility event suppression setting configured in system view takes effect on all EVPN instances. The MAC mobility event suppression setting configured in EVPN instance view takes effect on all associated VSIs. The MAC mobility event suppression setting configured in VSI EVPN instance view takes effect only on the associated VSI. The MAC mobility event suppression setting configured in Layer 3 interface view takes effect only on that interface.

The MAC mobility event suppression settings configured in the following views are in descending order of priority:

1. Layer 3 interface view.

2. EVPN instance view or VSI EVPN instance view.

3. System view.

Examples

# Enable MAC mobility event suppression.

<Sysname> system-view

[Sysname] evpn route mac-mobility suppression

Related commands

display evpn route mac-mobility

evpn route nd-mobility suppression

Use evpn route nd-mobility suppression to enable ND mobility event suppression.

Use undo evpn route nd-mobility suppression to disable ND mobility event suppression.

Syntax

evpn route nd-mobility suppression [ detect-cycle detect-time | detect-threshold move-times | suppression-time [ suppression-time | permanent ] ] *

undo evpn route nd-mobility suppression

Default

ND mobility event suppression is disabled.

Views

System view

EVPN instance view

VSI EVPN instance view

Layer 3 interface view

Predefined user roles

network-admin

Parameters

detect-cycle detect-time: Specifies the ND mobility detection cycle in seconds. The value range for the detect-time argument is 60 to 900, and the default is 180.

detect-threshold move-times: Specifies the ND mobility suppression threshold, which is the number of ND moves from the local site to a remote site. The value range for the move-times argument is 3 to 10, and the default is 5.

suppression-time: Specifies the length of time that an ND entry is suppressed. After the suppression time expires, the ND entry can move again. The default suppression time is permanent.

suppression-time: Specifies the suppression time in seconds. The value range for this argument is 120 to 3600.

permanent: Suppresses ND moves permanently.

Usage guidelines

On an EVPN VXLAN network, misconfiguration of IP addresses might cause two sites to contain the same IP address. In this condition, VTEPs at the two sites constantly synchronize and update EVPN ND entries and determine that ND mobility events occur. As a result, an inter-site loop might occur, and the bandwidth is occupied by ND entry synchronization traffic. To eliminate loops and suppress those ND mobility events, enable ND mobility event suppression on the VTEPs. This feature allows an IP address to move a specified number of times (the ND mobility suppression threshold) from a site within an ND mobility detection cycle. If an IP address moves more than the ND mobility suppression threshold, the VTEP at the site will suppress the last ND move to the local site and will not advertise ND information for the IP address.

After you execute the undo evpn route nd-mobility suppression command or the suppression time expires, a VTEP acts as follows:

· Advertises ND information immediately for the suppressed ND entries that have not aged out.

· Relearns ND information for the suppressed ND entries that have aged out and advertises the ND information.

ND mobility event suppression takes effect only on the following networks:

· EVPN VXLAN network enabled with ND flood suppression.

· EVPN VXLAN network configured with distributed VXLAN IP gateways.

The ND mobility event suppression setting configured in system view takes effect on all EVPN instances. The ND mobility event suppression setting configured in EVPN instance view takes effect on all associated VSIs. The ND mobility event suppression setting configured in VSI EVPN instance view takes effect only on the associated VSI. The ND mobility event suppression setting configured in Layer 3 interface view takes effect only on that interface.

The ND mobility event suppression settings configured in the following views are in descending order of priority:

1. Layer 3 interface view.

2. EVPN instance view or VSI EVPN instance view.

3. System view.

Examples

# Enable ND mobility event suppression.

<Sysname> system-view

[Sysname] evpn route nd-mobility suppression

Related commands

display evpn route nd-mobility

evpn span-segment disable

Use evpn span-segment disable to disable a VSI interface from learning ARP or ND information that does not belong to its subnet from MAC/IP advertisement routes.

Use undo evpn span-segment disable to restore the default.

Syntax

evpn span-segment { arp-learning | nd-learning } disable

undo evpn span-segment { arp-learning | nd-learning } disable

Default

On a centralized EVPN gateway, a VSI interface can learn the ARP or ND information that does not belong to its subnet from MAC/IP advertisement routes.

Views

VSI interface view

Predefined user roles

network-admin

Parameters

arp-learning: Disables ARP learning.

nd-learning: Disables ND learning.

Usage guidelines

On an EVPN VXLAN network deployed with a centralized EVPN gateway, VM 1 and VM 2 belong to the same VXLAN in subnet 10.1.1.0/24. The gateway interface is VSI-interface 1 and the gateway is connected to external Layer 3 network 10.1.2.0/24. The VTEP to which VM 2 is attached is configured with ARP or ND flood suppression. The IP address of VM 2 is mistakenly configured as an IP address in subnet 10.1.2.0/24 (for example, 10.1.2.2). In this situation, the VTEP connected to VM 2 advertises MAC/IP advertisement routes that contain ARP or ND information to the gateway. The IP address and MAC address in the routes are the IP address and MAC address of VM 2, respectively. The gateway learns the ARP or ND information and issues the information to the forwarding table. When VM 1 visits 10.1.2.2 in the external network, the gateway will forward the traffic to VM 2. As a result, VM 1 cannot visit 10.1.2.2.

To resolve the above issue, perform this task on the VSI interface to disable the VSI interface from learning ARP or ND information across subnets from MAC/IP advertisement routes.

Examples

# Disable a VSI-interface 1 from learning ARP or ND information that does not belong to its subnet from MAC/IP advertisement routes.

<Sysname> system-view

[Sysname] interface vsi-interface 1

[Sysname-Vsi-interface1] evpn span-segment arp-learning disable

igp-metric inherit

Use igp-metric inherit to set the metric of a BGP EVPN route added to a VPN instance's routing table to the metric of the IGP route pointing to the next hop in the original BGP EVPN route.

Use undo igp-metric inherit to restore the default.

Syntax

igp-metric inherit

undo igp-metric inherit

Default

The device sets the metric to 0 when adding BGP EVPN routes a VPN instance's routing table.

Views

BGP EVPN address family view

Predefined user roles

network-admin

Usage guidelines

After you execute this command, the device sets the metric of a BGP EVPN route added to a VPN instance's routing table to the metric of the IGP route pointing to the next hop in the original BGP EVPN route.

Examples

# Set the metric of a BGP EVPN route added to a VPN instance's routing table to the metric of the IGP route pointing to the next hop in the original BGP EVPN route.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn] igp-metric inherit

import evpn mac-ip

Use import evpn mac-ip to enable the device to redistribute received MAC/IP advertisement routes that contain ARP or ND information into a BGP unicast routing table and advertise the routes.

Use undo import evpn mac-ip to restore the default.

Syntax

import evpn mac-ip

undo import evpn mac-ip

Default

For EVPN VXLAN, received MAC/IP advertisement routes (carrying VXLAN IDs) that contain ARP or ND information are not redistributed into any BGP unicast routing table.

For SRv6, received MAC/IP advertisement routes (carrying SIDs) that contain ARP or ND information are redistributed into BGP unicast routing tables, but the routes are not advertised.

Views

BGP IPv4 unicast address family view

BGP IPv6 unicast address family view

BGP-VPN IPv4 unicast address family view

BGP-VPN IPv6 unicast address family view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to redistribute received MAC/IP advertisement routes that contain ARP or ND information into a BGP unicast routing table.

· If you use this command in BGP IPv4 or IPv6 unicast address family view, the device will redistribute the routes into the BGP IPv4 or IPv6 unicast routing table. In addition, the device will advertise the routes to the local site.

· If you use this command in BGP-VPN IPv4 or IPv6 unicast address family view, the device will redistribute the routes into the BGP-VPN IPv4 or IPv6 unicast routing table of the corresponding VPN instance. To advertise the routes to the local site, you must configure the advertise l2vpn evpn command.

Examples

# Redistribute received MAC/IP advertisement routes into the BGP-VPN IPv4 unicast routing table of VPN instance vpna and advertise the routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] ip vpn-instance vpna

[Sysname-bgp-default-vpna] address-family ipv4

[Sysname-bgp-default-ipv4-vpna] import evpn mac-ip

Related commands

advertise l2vpn evpn

ip forwarding-conversational-learning

Use ip forwarding-conversational-learning to enable conversational learning for host route FIB entries.

Use undo ip forwarding-conversational-learning to disable conversational learning for host route FIB entries.

Syntax

ip forwarding-conversational-learning [ aging aging-time ]

undo ip forwarding-conversational-learning

Default

Conversational learning is disabled for host route FIB entries.

Views

System view

Predefined user roles

network-admin

Parameters

aging aging-time: Specifies an aging timer in minutes for host route FIB entries, in the range of 60 to 1440. The default value is 60.

Usage guidelines

Use this command only on an EVPN network.

By default, the device issues a host route FIB entry to the hardware after the entry is generated. This feature enables the device to issue a host route FIB entry to the hardware only when the entry is required for packet forwarding. This feature saves hardware resources on the device.

Set an appropriate aging timer for host route FIB entries according to your network. A much longer or shorter aging timer will degrade the device performance.

· If the aging timer is too long, the device will save many outdated host route FIB entries and fail to accommodate the most recent network changes. These entries cannot be used for correct packet forwarding and exhaust FIB resources.

· If the aging timer is too short, the device will delete the valid host route FIB entries that can still be effective for packet forwarding. As a result, FIB entry flapping will occur, and the device performance will be affected.

Examples

# Enable conversational learning for host route FIB entries.

<Sysname> system-view

[Sysname] ip forwarding-conversational-learning

ip public-instance

Use ip public-instance to create the public instance and enter its view, or enter the view of the existing public instance.

Use undo ip public-instance to delete the public instance.

Syntax

ip public-instance

undo ip public-instance

Default

The public instance does not exist.

Views

System view

Predefined user roles

network-admin

Usage guidelines

A distributed EVPN gateway uses the public instance to perform Layer 3 forwarding for the public network and to enable communication between private and public networks. The public instance is similar to a VPN instance. A distributed EVPN gateway processes traffic of the public instance in the same way it does for a VPN instance.

Examples

# Create the public instance and enter its view.

<Sysname> system-view

[Sysname] ip public-instance

[Sysname-public-instance]

ipv6 nd proxy-send enable

Use ipv6 nd proxy-send enable to enable ND request proxy.

Use undo ipv6 nd proxy-send enable to disable ND request proxy.

Syntax

ipv6 nd proxy-send enable

undo ipv6 nd proxy-send enable

Default

ND request proxy is disabled on VSI interfaces.

Views

VSI interface view

Predefined user roles

network-admin

Usage guidelines

ND request proxy allows a VSI interface to send an ND request sourced from itself when the VTEP forwards an ND request. This feature helps resolve certain communication issues.

· The VTEPs have established BGP EVPN neighbor relationships.

· EVPN is disabled from learning MAC addresses from ND information.

· MAC address advertisement is disabled, and advertised MAC addresses are withdrawn.

· Remote-MAC address learning is disabled.

· Local proxy ND is enabled on the VSI interfaces.

· The VSI interfaces use different IP addresses and MAC addresses.

In this network, when VM 1 attempts to communicate with VM 2, the following process occurs:

1. VM 1 sends an NS packet.

2. VTEP 1 learns the MAC address of VM 1 from the NS packet, replies to VM 1 on behalf of VM 2, and sends an NS packet to obtain the MAC address of VM 2.

3. VTEP 2 forwards the NS packet, and VM 2 replies to VTEP 1.

4. VTEP 2 forwards the NA packet sent by VM 2 without learning the MAC address of VM 2 because EVPN is disabled from learning MAC addresses from ND information.

5. VTEP 1 does not learn the MAC address of VM 2 because remote-MAC address learning is disabled.

As a result, VM 1 fails to communicate with VM 2.

For VM 1 to communicate with VM 2, enable NS packet proxy on VSI-interface 2 of VTEP 2. When receiving the NS packet sent by VTEP 1, VTEP 2 forwards it and sends an NS packet sourced from VSI-interface 2 simultaneously, and VM 2 replies to both NS packets. Then, VTEP 2 learns the MAC address of VM 2 from the NA packet sent to VSI-interface 2 and advertises the MAC address to VTEP 1 through BGP EVPN routes. In this way, VTEP 1 obtains the MAC address of VM 2, and VM 1 and VM 2 can communicate.

Examples

# Enable ND request proxy on VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-vsi-interface100] ipv6 nd proxy-send enable

Related commands

local-proxy-nd enable (Layer 3—IP Services Command Reference)

ipv6 nd ra tunnel-broadcast global enable

Use ipv6 nd ra tunnel-broadcast global enable to globally enable VSI interfaces to send RA messages over VXLAN tunnels.

Use undo ipv6 nd ra tunnel-broadcast global enable to globally disable VSI interfaces from sending RA messages over VXLAN tunnels.

Syntax

ipv6 nd ra tunnel-broadcast global enable

undo ipv6 nd ra tunnel-broadcast global enable

Default

VSI interfaces do not send RA messages over VXLAN tunnels.

Views

System view

Predefined user roles

network-admin

Usage guidelines

By default, a distributed EVPN gateway drops the RS messages received from VXLAN tunnels and periodically advertises RA messages only to the local site. As a result, a distributed EVPN gateway does not send RA messages over VXLAN tunnels, and remote gateways cannot update information about the gateway based on RA messages. To resolve the issue, use this command to enable distributed EVPN gateways to reply to remote RS messages with RA messages and periodically advertise RA messages over VXLAN tunnels.

Examples

# Globally enable VSI interfaces to send RA messages over VXLAN tunnels.

<Sysname> system-view

[Sysname] ipv6 nd ra tunnel-broadcast global enable

Related commands

ipv6 nd ra interval (Layer 3—IP Services Command Reference)

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

Use l2vpn m-lag peer-link ac-match-rule vxlan-mapping to enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs on the Ethernet aggregate link peer link.

Use undo l2vpn m-lag peer-link ac-match-rule vxlan-mapping to restore the default.

Syntax

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

undo l2vpn m-lag peer-link ac-match-rule vxlan-mapping

Default

On an M-LAG system with a direct peer link, dynamic ACs on the peer link use frame match criteria that are identical to those of site-facing ACs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

By default, if an M-LAG system uses a direct peer link, each M-LAG member device creates a dynamic AC on the peer link when an AC is configured on a site-facing interface. The dynamic AC and the site-facing AC have the same frame match criteria and VSI mapping. If two site-facing ACs on different interfaces have the same frame match criteria but different VSI mappings, the dynamic ACs created for the site-facing ACs will conflict with each other. To prevent this issue, enable the M-LAG member devices to create frame match criteria based on VXLAN IDs for the dynamic ACs on the peer link.

With this command configured, an M-LAG member device creates dynamic ACs on the peer link and maps them to the VSIs of VXLANs after the VXLANs are created. The matching VLAN IDs in frame match criteria are calculated for the dynamic ACs according to the following rules:

· Outer VLAN ID = VXLAN ID / 4094 + 1.

· Inner VLAN ID = VXLAN ID % 4094 + 1.

· If the calculated outer VLAN ID of a dynamic AC is the PVID of the peer-link interface, the device uses the calculated inner VLAN ID as the outer VLAN ID. The device does not add a matching inner VLAN ID to the frame match criterion of the dynamic AC.

After you execute this command, do not create VXLANs with IDs larger than 16000000.

This command deletes existing dynamic ACs from peer-link interfaces and takes effect on all VXLANs.

Examples

# Enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs on the Ethernet aggregate link peer link.

<Sysname> system-view

[Sysname] l2vpn m-lag peer-link ac-match-rule vxlan-mapping

l2vpn m-lag peer-link tunnel

Use l2vpn m-lag peer-link tunnel to enable an M-LAG member device to automatically set up a VXLAN tunnel with the peer M-LAG member device.

Use undo l2vpn m-lag peer-link tunnel to disable an M-LAG member device from automatically setting up a VXLAN tunnel with the peer M-LAG member device.

Syntax

l2vpn m-lag peer-link tunnel { source source-ipv4 destination destination-ipv4 | source source-ipv6 destination destination-ipv6 }

undo l2vpn m-lag peer-link tunnel

Default

The M-LAG member devices in an M-LAG system do not set up a VXLAN tunnel between them.

Views

System view

Predefined user roles

network-admin

Parameters

source source-ipv4 destination destination-ipv4: Specifies source and destination IPv4 addresses for the automatically established VXLAN tunnel.

source source-ipv6 destination destination-ipv6: Specifies source and destination IPv6 addresses for the automatically established VXLAN tunnel.

Usage guidelines

This command applies to an M-LAG system with a direct peer link.

By default, the dynamic ACs created on the peer link use frame match criteria and VSI mappings identical to those of the site-facing ACs. If you configure the same frame match criterion for the site-facing ACs of different VSIs, the dynamic ACs created for the site-facing ACs will conflict with each other. To resolve this issue, use this command to enable the M-LAG member devices to automatically set up a VXLAN tunnel between them.

After you execute this command, the M-LAG member devices no longer create dynamic ACs on the peer link. Instead, they set up a VXLAN tunnel and assign it to all VXLANs. The VXLAN tunnel and the peer link transmit different types of traffic.

· The VXLAN tunnel is used to forward data traffic. When a site-facing AC on one M-LAG member device fails, the device forwards the remote packets destined for the AC to the other M-LAG member device over the VXLAN tunnel. The remote packets are encapsulated with the VXLAN ID of the failed site-facing AC. When the other M-LAG member device receives the packets, it decapsulates them and forwards them in the VXLAN where they belong.

· The peer link is used to exchange M-LAG protocol packets and synchronize MAC and ARP entries.

The l2vpn m-lag peer-link tunnel and l2vpn m-lag peer-link ac-match-rule vxlan-mapping commands are mutually exclusive. Do not use them together.

If you use this command on an M-LAG system with a tunnel peer link, the M-LAG member devices do not assign the automatically established VXLAN tunnel to VXLANs and thus cannot use it to forward traffic.

To change the tunnel source and destination addresses, first execute the undo l2vpn m-lag peer-link tunnel command to delete the existing VXLAN tunnel.

Examples

# Enable the device to set up a VXLAN tunnel with its M-LAG peer. Specify the source and destination IPv4 addresses of the VXLAN tunnel as 1.1.1.1 and 2.2.2.2, respectively.

<Sysname> system-view

[Sysname] l2vpn m-lag peer-link tunnel source 1.1.1.1 destination 2.2.2.2

l2vpn statistics vsi l3-vni

Use l2vpn statistics vsi l3-vni to enable traffic statistics for the VSIs that are automatically created for L3 VXLAN IDs.

Use undo l2vpn l3-vni vsi statistics to disable traffic statistics for the VSIs that are automatically created for L3 VXLAN IDs.

Syntax

l2vpn statistics vsi l3-vni

undo l2vpn statistics vsi l3-vni

Default

The traffic statistics feature is disabled for the VSIs that are automatically created for L3 VXLAN IDs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If you configure an L3 VXLAN ID on a distributed EVPN gateway, the gateway automatically creates a VSI for the L3 VXLAN ID. You cannot enter the view of such a VSI to configure settings on it.

This command enables the device to collect incoming and outgoing traffic statistics for the automatically created VSIs. You can use the display l2vpn vsi verbose command to view the traffic statistics and use the reset l2vpn statistics vsi command to clear the traffic statistics.

Examples

# Enable traffic statistics for the VSIs that are automatically created for L3 VXLAN IDs.

<Sysname> system-view

[Sysname] l2vpn statistics vsi l3-vni

Related commands

display l2vpn vsi verbose (VXLAN Command Reference)

reset l2vpn statistics vsi (VXLAN Command Reference)

l3-vni

Use l3-vni to configure an L3 VXLAN ID for a VSI interface or for the public instance.

Use undo l3-vni to remove the L3 VXLAN ID for a VSI interface or for the public instance.

Syntax

l3-vni vxlan-id

undo l3-vni

Default

No L3 VXLAN ID is configured for a VSI interface or for the public instance.

Views

VSI interface view

Public instance view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

Usage guidelines

On distributed EVPN gateways, you must configure L3 VXLAN IDs for the gateways to differentiate traffic of different VPN instances.

To forward Layer 3 traffic of a VPN instance, you must assign an L3 VXLAN ID to the VSI interface of the VPN instance. To forward Layer 3 traffic of the public network, you must assign the same L3 VXLAN ID to the public instance and the VSI interface of the public instance.

To modify the L3 VXLAN ID for the public instance, you must first delete the original L3 VXLAN ID.

The L3 VXLAN ID specified by using this command cannot be the same as any VXLAN ID specified by using the mapping vni command.

Examples

# Configure the L3 VXLAN ID as 1000 for VSI-interface 100.

<Sysname> system-view

[Sysname] interface vsi-interface 100

[Sysname-Vsi-interface100] l3-vni 1000

mac-advertising disable

Use mac-advertising disable to disable MAC address advertisement and withdraw advertised MAC addresses.

Use undo mac-advertising disable to restore the default.

Syntax

mac-advertising disable

undo mac-advertising disable

Default

MAC address advertisement is enabled.

Views

VSI EVPN instance view

Predefined user roles

network-admin

Usage guidelines

The MAC information and ARP information advertised by the VTEP overlap. To avoid duplication, use this command to disable MAC address advertisement and withdraw the MAC addresses advertised to remote devices.

Examples

# Disable MAC address advertisement and withdraw advertised MAC addresses for an EVPN instance.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan] mac-advertising disable

nd-advertising enable

Use nd-advertising enable to enable ND information advertisement.

Use undo nd-advertising enable to disable ND information advertisement and withdraw advertised ND information.

Syntax

nd-advertising enable

undo nd-advertising enable

Default

ND information advertisement is enabled.

Views

EVPN instance view

VSI EVPN instance view

Predefined user roles

network-admin

Usage guidelines

In an EVPN network with distributed gateways, you can disable ND information advertisement for a VXLAN to save resources if all its user terminals use the same EVPN gateway device. The EVPN instance of the VXLAN will stop advertising ND information through MAC/IP advertisement routes and withdraw advertised ND information. When ND information advertisement is disabled, user terminals in other VXLANs still can communicate with that VXLAN through IP prefix advertisement routes.

Examples

# Disable ND information advertisement for a VSI EVPN instance.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan] undo nd-advertising enable

nd mac-learning disable

Use nd mac-learning disable to disable a VSI EVPN instance from learning MAC addresses from ND information.

Use undo nd mac-learning disable to restore the default.

Syntax

nd mac-learning disable

undo nd mac-learning disable

Default

A VSI EVPN instance learns MAC addresses from ND information.

Views

VSI EVPN instance view

Predefined user roles

network-admin

Usage guidelines

The MAC information and ND information advertised by a remote VTEP overlap. To avoid duplication, use this command to disable the learning of MAC addresses from ND information. EVPN will learn remote MAC addresses only from the MAC information advertised from remote sites.

Examples

# Disable a VSI EVPN instance from learning MAC addresses from ND information.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan] nd mac-learning disable

nexthop recursive-lookup default-route ignore

Use nexthop recursive-lookup default-route ignore to enable the device to ignore default routes in route recursion.

Use undo nexthop recursive-lookup default-route ignore to restore the default.

Syntax

nexthop recursive-lookup default-route ignore [ route-policy route-policy-name ]

undo nexthop recursive-lookup default-route ignore

Default

The device can select a default route for forwarding after performing route recursion.

Views

BGP EVPN address family view

Predefined user roles

network-admin

Parameters

route-policy route-policy-name: Specifies a routing policy by its name, a case-sensitive string of 1 to 63 characters. The device will ignore default routes when performing route recursion for the routes that match the if-match interface criterion in the routing policy. If you do not specify a routing policy or the specified routing policy does not exist, the device ignores default routes when performing route recursion for all received BGP routes.

Usage guidelines

CAUTION:

After you execute this command, VXLAN tunnels might be reestablished, and transient VXLAN traffic loss might occur. As a best practice, enable BGP EVPN route reception and advertisement again after you execute this command.

‌

By default, the device selects a default route to forward traffic if only the default route is obtained after BGP route recursion. If the default route does not point to the desired next hop, traffic forwarding will fail.

To resolve this issue, enable the device to ignore default routes in route recursion. If only the default route is obtained after route recursion is performed for a BGP route, that BGP route becomes invalid, and other BGP routes with the same prefix are selected for forwarding.

Enable this feature if multiple links exist between the device and a destination IP address. If one of the links fail, traffic will be switched to the other available links instead of being incorrectly forwarded based on a default route.

Examples

# Enable the device to ignore default routes when it performs route recursion for the BGP EVPN routes that match routing policy policy1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn] nexthop recursive-lookup default-route ignore route-policy policy1

Related commands

if-match interface (Layer 3—IP Routing Command Reference)

peer default-gateway no-advertise

Use peer default-gateway no-advertise to remove the default-gateway extended community attribute from the EVPN gateway routes advertised to a peer or peer group.

Use undo peer default-gateway no-advertise to restore the default.

Syntax

peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } default-gateway no-advertise

undo peer { group-name | ipv4-address [ mask-length ] | ipv6-address [ prefix-length ] } default-gateway no-advertise

Default

EVPN gateway routes advertised to peers and peer groups contain the default-gateway extended community attribute.

Views

BGP EVPN address family view

Predefined user roles

network-admin

Parameters

group-name: Specifies a peer group by its name, a case-sensitive string of 1 to 47 characters. The peer group must exist.

ipv4-address: Specifies a peer by its IPv4 address. The peer must exist.

mask-length: Specifies a mask length in the range of 0 to 32. To specify a subnet, you must specify both the ipv4-address and mask-length arguments.

ipv6-address: Specifies a peer by its IPv6 address. The peer must exist.

prefix-length: Specifies a prefix length in the range of 0 to 128. To specify a subnet, you must specify both the ipv6-address and prefix-length arguments.

Usage guidelines

An EVPN gateway route is the route for the IP address of a VSI interface on an EVPN gateway. By default, the EVPN gateway routes advertised by an EVPN gateway contain the default-gateway extended community attribute. The EVPN gateway routes with that attribute cannot be used as ECMP routes. You can use this command to remove the default-gateway extended community attribute from EVPN gateway routes for the routes to be used for load sharing.

Examples

# Remove the default-gateway extended community attribute from the EVPN gateway routes advertised to peer 1.1.1.1.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn] peer 1.1.1.1 default-gateway no-advertise

policy vpn-target

Use policy vpn-target to enable route target filtering for BGP EVPN routes.

Use undo policy vpn-target to disable route target filtering for BGP EVPN routes.

Syntax

policy vpn-target

undo policy vpn-target

Default

Route target filtering is enabled for BGP EVPN routes.

Views

BGP EVPN address family view

Predefined user roles

network-admin

Usage guidelines

When route target filtering is enabled for BGP EVPN routes, the EVPN routing table accepts only BGP EVPN routes of which the export route targets match the local import route targets. If the device must save all BGP EVPN routes, use the undo policy vpn-target command to disable route target filtering for BGP EVPN routes.

Examples

# Disable route target filtering for BGP EVPN routes.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn] undo policy vpn-target

reset evpn route arp-mobility suppression

Use reset evpn route arp-mobility suppression to cancel ARP mobility event suppression.

Syntax

reset evpn route arp-mobility suppression [ public-instance | vpn-instance vpn-instance-name [ ip ip-address ] ]

Views

User view

Predefined user roles

network-admin

Parameters

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ip ip-address: Specifies an IPv4 address in dotted decimal notation. If you do not specify an IPv4 address, this command cancels the suppression done on all ARP entries of the public instance or specified MPLS L3VPN instance.

Usage guidelines

Use this command to cancel the ARP mobility event suppression done on IPv4 addresses. After you cancel suppression for an IPv4 address, the IPv4 address can move between sites, and the device advertises ARP information for the IPv4 address. The device still suppresses the IPv4 address if the suppression criteria are met.

If you do not specify the public instance or an MPLS L3VPN instance, this command cancels ARP mobility event suppression for the public instance and all MPLS L3VPN instances.

Examples

# Cancel the ARP mobility event suppression done on 1.1.1.1 of VPN instance vpna.

<Sysname> reset evpn route arp-mobility suppression vpn-instance vpna ip 1.1.1.1

Related commands

display evpn route arp-mobility

reset evpn route nd-mobility suppression

Use reset evpn route nd-mobility suppression to cancel ND mobility event suppression.

Syntax

reset evpn route nd-mobility suppression [ public-instance | vpn-instance vpn-instance-name [ ipv6 ipv6-address ] ]

Views

User view

Predefined user roles

network-admin

Parameters

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command cancels suppression on all ND entries of the public instance or specified MPLS L3VPN instance.

Usage guidelines

Use this command to cancel the ND mobility event suppression done on IPv6 addresses. After you cancel suppression for an IPv6 address, the IPv6 address can move between sites, and the device advertises ND information for the IPv6 address. The device still suppresses the IPv6 address if the suppression criteria are met.

If you do not specify the public instance or an MPLS L3VPN instance, this command cancels ND mobility event suppression for the public instance and all MPLS L3VPN instances.

Examples

# Cancel the ND mobility event suppression done on 1::1 of VPN instance vpna.

<Sysname> reset evpn route nd-mobility suppression vpn-instance vpna ipv6 1::1

Related commands

display evpn route nd-mobility

route-distinguisher

Use route-distinguisher to configure an RD for an EVPN instance or public instance.

Use undo route-distinguisher to restore the default.

Syntax

In public instance view:

route-distinguisher route-distinguisher

undo route-distinguisher

In VSI EVPN instance (VXLAN encapsulation) view:

route-distinguisher { route-distinguisher | auto }

undo route-distinguisher

Default

No RD is configured for an EVPN instance or public instance.

Views

VSI EVPN instance view

Public instance

Predefined user roles

network-admin

Parameters

route-distinguisher: Specifies an RD, a string of 3 to 21 characters. The RD cannot be all zeros and can use one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number. For example, 65536:1. The AS number must be equal to or greater than 65536.

auto: Automatically generates an RD in the N:VXLAN ID format. The initial value of N is 1. If N:VXLAN ID is already in use, the system increases the value of N by 1 until the RD is available.

Usage guidelines

EVPN uses MP-BGP to advertise BGP EVPN routes for automatic VTEP discovery, MAC reachability information advertisement, and host route advertisement. MP-BGP uses the RD to differentiate BGP EVPN routes of different EVPN instances.

To modify the RD, first execute the undo route-distinguisher command to remove the original RD.

Examples

# Configure 22:1 as the RD of an EVPN instance.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan] route-distinguisher 22:1

rr-filter

Use rr-filter to create a route reflector (RR) reflection policy.

Use undo rr-filter to restore the default.

Syntax

rr-filter { ext-comm-list-number | ext-comm-list-name }

undo rr-filter

Default

An RR does not filter reflected BGP EVPN routes.

Views

BGP EVPN address family view

Predefined user roles

network-admin

Parameters

ext-comm-list-number: Specifies an extended community attribute list by its number in the range of 1 to 65535.

ext-comm-list-name: Specifies an extended community attribute list by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

This command enables an RR to reflect only received BGP EVPN routes that match the attributes in the specified extended community attribute list.

If a cluster contains multiple RRs, you can configure different reflection policies on the RRs for load sharing among the RRs.

For more information about the extended community attribute list, see Layer 3—IP Routing Configuration Guide.

Examples

# Configure a reflection policy for the device to reflect BGP EVPN routes that match extended community attribute list 10.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn] rr-filter 10

Related commands

ip extcommunity-list (Layer 3—IP Routing Command Reference)

snmp-agent trap enable evpn

Use snmp-agent trap enable evpn to enable SNMP notifications for EVPN.

Syntax

snmp-agent trap enable evpn [ mac-mobility-suppression ]

undo snmp-agent trap enable evpn [ mac-mobility-suppression ]

Views

System view

Default

SNMP notifications are disabled for EVPN.

Predefined user roles

network-admin

Parameters

mac-mobility-suppression: Specifies the MAC mobility suppression notification.

Usage guidelines

If SNMP notifications are enabled for EVPN, a MAC mobility suppression notification is sent to SNMP module after the MAC mobility suppression threshold is reached. For SNMP notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

If you do not specify any parameter, all EVPN notifications are enabled or disabled.

Examples

# Enable SNMP notifications for EVPN.

<Sysname> system-view

[Sysname] snmp-agent trap enable evpn

vpn-route cross multipath

Use vpn-route cross multipath to enable ECMP VPN route redistribution.

Use undo vpn-route cross multipath to disable ECMP VPN route redistribution.

Syntax

vpn-route cross multipath

undo vpn-route cross multipath

Default

ECMP VPN route redistribution is disabled. If multiple routes have the same prefix and RD, BGP only imports the optimal route into the EVPN routing table.

Views

BGP EVPN address family view

Predefined user roles

network-admin

Usage guidelines

ECMP VPN route redistribution enables BGP to import all routes that have the same prefix and RD into the EVPN routing table.

Examples

# Enable ECMP VPN route redistribution.

<Sysname> system-view

[Sysname] bgp 100

[Sysname-bgp-default] address-family l2vpn evpn

[Sysname-bgp-default-evpn] vpn-route cross multipath

vpn-target

Use vpn-target to configure route targets for EVPN.

Use undo vpn-target to delete route targets for EVPN.

Syntax

In VSI EVPN instance view (VXLAN encapsulation):

vpn-target { vpn-target&<1-8> | auto } [ both | export-extcommunity | import-extcommunity ]

undo vpn-target { vpn-target&<1-8> | auto | all } [ both | export-extcommunity | import-extcommunity ]

VPN instance EVPN view, public instance view, public instance IPv4 address family view, public instance IPv6 address family view, public instance EVPN view:

vpn-target vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ]

undo vpn-target { all | vpn-target&<1-8> [ both | export-extcommunity | import-extcommunity ] }

Default

EVPN does not have route targets.

Views

VSI EVPN instance view

VPN instance EVPN view

Public instance view

Public instance EVPN view

Public instance IPv4 address family view

Public instance IPv6 address family view

Predefined user roles

network-admin

Parameters

vpn-target&<1-8>: Specifies a space-separated list of up to eight route targets. Each route target is a string of 3 to 21 characters in one of the following formats:

· 16-bit AS number:32-bit user-defined number. For example, 101:3.

· 32-bit IP address:16-bit user-defined number. For example, 192.168.122.15:1.

· 32-bit AS number:16-bit user-defined number. For example, 65536:1. The AS number must be equal to or greater than 65536.

auto: Automatically generates a route target in the format of BGP AS number:VXLAN ID.

both: Uses the specified route targets as both import and export targets. If you do not specify the both, export-extcommunity, or import-extcommunity keyword, the both keyword applies.

export-extcommunity: Uses the specified route targets as export targets.

import-extcommunity: Uses the specified route targets as import targets.

all: Specifies all route targets.

Usage guidelines

EVPN uses MP-BGP to advertise BGP EVPN routes for automatic VTEP discovery, MAC reachability information advertisement, and host route advertisement. MP-BGP uses route targets to control the advertisement and acceptance of BGP EVPN routes.

A VTEP sets the export targets for BGP EVPN routes before advertising the routes to remote VTEPs. The VTEP checks the export targets of BGP EVPN routes from remote VTEPs and imports only BGP EVPN routes of which the export targets match the local import targets.

If you execute this command multiple times, all configured route targets take effect.

Examples

# Configure import route targets 10:1, 100:1, and 1000:1 for an EVPN instance.

<Sysname> system-view

[Sysname] vsi aaa

[Sysname-vsi-aaa] evpn encapsulation vxlan

[Sysname-vsi-aaa-evpn-vxlan] vpn-target 10:1 100:1 1000:1 import-extcommunity

22-EVPN Command Reference

Basic EVPN commands

address-family evpn (VPN instance view)

display evpn m-lag synchronized-mac

display evpn ipv6 auto-discovery

evpn encapsulation

evpn global-mac

evpn mac-ip advertise distributed-gateway

nexthop recursive-lookup default-route ignore

policy vpn-target

rr-filter

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us