Contents

IP forwarding basics· 1

Basic IP forwarding commands· 1

display fib· 1

display fib usage· 3

fib consistency-check enable· 4

fib log enable· 4

forwarding split-horizon· 5

forwarding vxlan-packet inner-protocol 6

ip forwarding fast-move· 6

ip forwarding-table save· 7

snmp-agent trap enable fib· 8

snmp-agent trap enable ip-forwarding· 9

Load sharing commands· 11

bandwidth-based-sharing· 11

display ip load-sharing mode· 11

display ip load-sharing mode per-packet interface· 12

display ip load-sharing path· 13

ip dynamic-load-sharing threshold· 16

ip load-sharing acl 17

ip load-sharing local-first enable· 19

ip load-sharing mode· 20

ip load-sharing mode per-packet 22

ip load-sharing symmetric enable· 24

 

IP forwarding basics

Basic IP forwarding commands

display fib

Use display fib to display FIB entries.

Syntax

display fib [ vpn-instance vpn-instance-name ]  [ ip-address [ mask | mask-length ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display the FIB entries for the public network, do not specify any VPN instance.

ip-address: Displays the FIB entry that matches the specified destination IP address.

mask: Specifies the mask for the IP address.

mask-length: Specifies the mask length for the IP address. The value range is 0 to 32.

Usage guidelines

If you specify an IP address without a mask or mask length, this command displays the longest matching FIB entry.

If you specify an IP address and a mask or mask length, this command displays the exactly matching FIB entry.

Examples

# Display all FIB entries of the public network.

<Sysname> display fib

 

Destination count: 5 FIB entry count: 5

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

1.1.1.0/24         192.168.126.1   USGF     M-GE0/0/0                Null

127.0.0.0/8        127.0.0.1       U        InLoop0                  Null

127.0.0.0/32       127.0.0.1       UH       InLoop0                  Null

127.0.0.1/32       127.0.0.1       UH       InLoop0                  Null

# Display the FIB entries for VPN vpn1.

<Sysname> display fib vpn-instance vpn1

Destination count: 6 FIB entry count: 6

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

Destination/Mask   Nexthop         Flag     OutInterface/Token      Label

0.0.0.0/32         127.0.0.1       UH       InLoop0                  Null

20.20.20.0/24      20.20.20.25     U        M-GE0/0/0                Null

20.20.20.0/32      20.20.20.25     UBH      M-GE0/0/0                Null

20.20.20.25/32     127.0.0.1       UH       InLoop0                  Null

20.20.20.25/32     20.20.20.25     H        M-GE0/0/0                Null

20.20.20.255/32    20.20.20.25     UBH      M-GE0/0/0                Null

# Display the FIB entries matching the destination IP address 10.2.1.1.

<Sysname> display fib 10.2.1.1

 

Destination count: 1 FIB entry count: 1

 

Flag:

  U:Usable   G:Gateway   H:Host   B:Blackhole   D:Dynamic   S:Static

  R:Relay     F:FRR

 

Destination/Mask   Nexthop         Flag     OutInterface/Token       Label

10.2.1.1/32        127.0.0.1       UH       InLoop0                  Null

Table 1 Command output

Field	Description
Destination count	Total number of destination addresses.
FIB entry count	Total number of FIB entries.
Destination/Mask	Destination address and the mask length.
Nexthop	Next hop address.
Flag	Flags of routes: ·     U—Usable route. ·     G—Gateway route. ·     H—Host route. ·     B—Blackhole route. ·     D—Dynamic route. ·     S—Static route. ·     R—Relay route. ·     F—Fast reroute.
OutInterface/Token	Output interface/LSP index number.
Label	Inner label.

 

display fib usage

Use display fib usage to display FIB table usage information.

Syntax

display fib usage

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

You can view FIB table usage information collected during the most recent hour.

When the device calculates the FIB table usage, it excludes the FIB entries deployed by ARP host routes from calculation.

The device counts multiple FIB entries as one FIB entry if they are deployed by equal-cost routes that have the same destination IP address and different next hops.

Examples

# Display FIB table usage information.

<Sysname> display fib usage

FIB table upper limit: 65000

  Time          FIB count   Usage

  Current       52000       80%

  1 min ago     51351       79%

  2 min ago     50711       78%

  3 min ago     47748       77%

  …

  59 min ago    13656       21%

  60 min ago    13007       20%

Table 2 Command output

Field	Description
FIB table upper limit	Maximum number of entries supported by the FIB table.
Time	Time when the FIB table usage was recorded.
FIB count	Number of real-time FIB entries.
Usage	FIB table usage, which is the ratio of the real-time FIB entry count to the FIB entry count limit.

 

fib consistency-check enable

Use fib consistency-check enable to enable IPv4 FIB entry consistency check.

Use undo fib consistency-check enable to disable IPv4 FIB entry consistency check.

Syntax

fib consistency-check enable

undo fib consistency-check enable

Default

IPv4 FIB entry consistency check is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Packet drops or incorrect forwarding might occur when the IPv4 FIB entries in hardware are inconsistent with FIB entries configured in software. To prevent these issues, enable IPv4 FIB entry consistency check.

This feature compares all IPv4 FIB entries in software with the IPv4 FIB entries in hardware regularly. If the device detects an inconsistency, the device performs the following tasks:

·     Generates a log.

·     Updates the IPv4 FIB entry in hardware with the IPv4 FIB entry in software.

Examples

# Enable IPv4 FIB entry consistency check.

<Sysname> system-view

[Sysname] fib consistency-check enable

fib log enable

Use fib log enable to enable FIB logging.

Use undo fib log enable to disable FIB logging.

Syntax

fib log enable

undo fib log enable

Default

FIB logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The logs are sent to the information center of the device. For the logs to be output correctly, you must also configure the information center on the device. For more information about information center configuration, see Network Management and Monitoring Configuration Guide.

To avoid memory consumption caused by log recording, you can use the undo fib log enable command to disable FIB logging.

Examples

# Enable FIB logging.

<Sysname> system-view

[Sysname] fib log enable

forwarding split-horizon

Use forwarding split-horizon to enable split horizon forwarding.

Use undo forwarding split-horizon to disable split horizon forwarding.

Syntax

forwarding split-horizon

undo forwarding split-horizon

Default

Split horizon forwarding is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature prevents IPv4, IPv6, and MPLS packets from being forwarded out of the physical interface on which they were received, avoiding network loops.

Examples

# Enable split horizon forwarding globally.

<Sysname> system-view

[Sysname] forwarding split-horizon

forwarding vxlan-packet inner-protocol

Use forwarding vxlan-packet inner-protocol to enable hardware forwarding for specific packets received from VXLAN tunnels.

Use undo forwarding vxlan-packet inner-protocol to restore the default.

Syntax

forwarding vxlan-packet inner-protocol { ipv4 | ipv6 } *

undo forwarding vxlan-packet inner-protocol [ ipv4 | ipv6 ]

Default

Packets received from VXLAN tunnels are delivered to the CPU for processing.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4: Specifies IPv4 packets.

ipv6: Specifies IPv6 packets.

Usage guidelines

By default, the device forwards packets received from VXLAN tunnels to the CPU for processing when acting as a VTEP in a distributed EVPN gateway network. If a large number of packets are received, packet loss might occur because of software rate limit, which might cause service exceptions on downlink devices.

To resolve this issue, you can enable the device to forward specific packets received from VXLAN tunnels in hardware without delivering them to the CPU.

Examples

# Enable hardware forwarding for IPv4 packets received from VXLAN tunnels.

<Sysname> system-view

[Sysname] forwarding vxlan-packet inner-protocol ipv4

ip forwarding fast-move

Use ip forwarding fast-move to enable IPv4 fast traffic migration.

Use undo ip forwarding fast-move to disable IPv4 fast traffic migration.

Syntax

ip forwarding fast-move

undo ip forwarding fast-move

Default

IPv4 fast traffic migration is disabled.

Views

VLAN interface view

Predefined user roles

network-admin

Usage guidelines

After IPv4 fast traffic migration is enabled on a VLAN interface, the device immediately steers IPv4 traffic forwarded through the VLAN interface to other forwarding paths upon network topology changes or user port migrations. This reduces traffic disruption time to improve overall network response speed and user experience.

Examples

# Enable IPv4 fast traffic migration.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] ip forwarding fast-move

ip forwarding-table save

Use ip forwarding-table save to save the IP forwarding entries to a file.

Syntax

ip forwarding-table save filename filename

Views

Any view

Predefined user roles

network-admin

Parameters

filename filename: Specifies the name of a file, a string of 1 to 255 characters. For information about the filename argument, see file system management in Fundamentals Configuration Guide.

Usage guidelines

The command automatically creates the file if you specify a nonexistent file. If the file already exists, this command overwrites the file content.

To automatically save the IP forwarding entries periodically, configure a schedule for the device to automatically run the ip forwarding-table save command. For information about scheduling a task, see Fundamentals Configuration Guide.

Examples

# Save the IP forwarding entries to the fib.txt file.

<Sysname> ip forwarding-table save filename fib.txt

snmp-agent trap enable fib

Use snmp-agent trap enable fib to enable SNMP notifications for FIB events.

Use undo snmp-agent trap enable fib to disable SNMP notifications for FIB events.

Syntax

snmp-agent trap enable fib [ deliver-failed | ecmp-limit | entry-consistency | entry-limit ] *

undo snmp-agent trap enable fib [ deliver-failed | ecmp-limit | entry-consistency | entry-limit ] *

Default

SNMP notifications for FIB events are enabled.

Views

System view

Predefined user roles

network-admin

Parameters

deliver-failed: Specifies notifications to be sent when FIB entry deployment to the hardware fails.

ecmp-limit: Specifies notifications to be sent when the number of ECMP routes exceeds the upper limit.

entry-consistency: Specifies notifications to be sent when the FIB software and hardware entries are inconsistent.

entry-limit: Specifies notifications to be sent when the number of FIB entries exceeds the upper limit.

Usage guidelines

This feature enables the FIB module to generate SNMP notifications for critical FIB events. The SNMP notifications are sent to the SNMP module.

You can enable specific SNMP notifications for FIB events as needed. If you do not specify any SNMP notification types, the command enables all types of SNMP notifications.

·     With ecmp-limit specified, when the number of ECMP routes learned by a module exceeds the upper limit, the device sends an SNMP notification that carries the module number to the SNMP module.

·     With entry-consistency specified, if the FIB software and hardware entries on a module are inconsistent, the device sends an SNMP notification that carries the module number to the SNMP module.

·     With entry-limit specified, when the number of FIB entries exceeds the upper limit, the device sends an SNMP notification that carries the FIB entry module name to the SNMP module.

·     With deliver-failed specified, when FIB entry deployment to the hardware fails, the device sends an SNMP notification that carries the entry VRF, IP address type, IP address, mask, and failure reason to the SNMP module.

For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Disable SNMP notifications for FIB events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable fib

snmp-agent trap enable ip-forwarding

Use snmp-agent trap enable ip-forwarding to enable SNMP notifications for IP forwarding events.

Use undo snmp-agent trap enable ip-forwarding to disable SNMP notifications for IP forwarding events.

Syntax

snmp-agent trap enable ip-forwarding [ ttl-expired | mbuf-alloc ]

undo snmp-agent trap enable ip-forwarding

Default

SNMP notifications for IP forwarding events are enabled.

Views

System view

Predefined user roles

network-admin

Parameters

ttl-expired: Specifies notifications about TTL timeout.

mbuf-alloc: Specifies notifications about MBUF allocation failures.

Usage guidelines

This feature enables the IP forwarding module to generate SNMP notifications for critical IP forwarding events. The SNMP notifications are sent to the SNMP module. For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

You can enable SNMP notifications for the following IP forwarding events as needed:

·     After you enable SNMP notifications about TTL timeout, the device checks the number of dropped packets at the specified time interval. An SNMP notification is generated and sent to the SNMP module when the number of dropped packets reaches or exceeds the specified threshold.

·     After you enable SNMP notifications about MBUF allocation failures, an SNMP notification is generated and sent to the SNMP module when MBUF allocation fails.

If you do not specify any parameters, the command enables all types of SNMP notifications for IP forwarding events.

After you disable the SNMP notifications for IP forwarding events, the device sends only logs to the device's information center module. In this case, you can configure the log output destinations and output rules to view the log information of the basic IPv6 modules. For more information about configuring the information center, see information center configuration in Network Management and Monitoring Configuration Guide.

Examples

# Disable SNMP notifications for IP forwarding events.

<Sysname> system-view

[Sysname] undo snmp-agent trap enable ip-forwarding

Load sharing commands

bandwidth-based-sharing

Use bandwidth-based-sharing to enable IPv4 load sharing based on bandwidth.

Use undo bandwidth-based-sharing to disable IPv4 load sharing based on bandwidth.

Syntax

bandwidth-based-sharing

undo bandwidth-based-sharing

Default

The IPv4 load sharing based on bandwidth is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature load shares flow traffic among multiple output interfaces based on their load percentages. The device calculates the load percentage for each output interface in terms of their expected bandwidths.

Devices that run load sharing protocols, such as Locator/ID Separation Protocol (LISP), implement load sharing based on the ratios defined by these protocols.

This feature is supported only in normal ECMP mode. For more information about ECMP modes, see IP routing basics commands in Layer 3—IP Routing Command Reference.

If per-packet load sharing is enabled on multiple interfaces of the device, those interfaces cannot be used for IPv4 bandwidth-based load sharing.

Examples

# Enable IPv4 load sharing based on bandwidth.

<Sysname> system-view

[Sysname] bandwidth-based-sharing

display ip load-sharing mode

Use display ip load-sharing mode to display the load sharing mode in use.

Syntax

display ip load-sharing mode slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the load sharing mode for all member devices.‌‌

Examples

# Display the load sharing mode in use.

<Sysname> display ip load-sharing mode slot 1

Load-sharing mode: per-flow

Load-sharing options: dest-ip | src-ip | ip-pro | dest-port | src-port | ingress-port

Load-sharing algorithm: 1

IP tunnel load-sharing mode: outer

Table 3 Command output

Field	Description
Load-sharing mode	The load sharing mode in use: ·     per-packet—Per-packet load sharing. ·     per-flow—Per-flow load sharing.
Load-sharing options	Options configured for load sharing: ·     dest-ip—Identifies flows by packet's destination IP address. ·     src-ip—Identifies flows by packet's source IP address. ·     ip-pro—Identifies flows by packet's IP protocol. ·     dest-port—Identifies flows by packet's destination port number. ·     src-port—Identifies flows by packet's source port number. ·     ingress-port—Identifies flows by packet's ingress port.
Load-sharing algorithm	Algorithm used by load sharing.
IP tunnel load-sharing mode	Load sharing for IP tunnel packets: ·     inner—Identifies flows by inner IP header information. ·     outer—Identifies flows by outer IP header information.

 

Related commands

ip load-sharing mode

display ip load-sharing mode per-packet interface

Use display ip load-sharing mode per-packet interface to display information about interfaces enabled with per-packet load sharing.

Syntax

display ip load-sharing mode per-packet interface [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information about interfaces enabled with per-packet load sharing for all member devices.

Usage guidelines

Use this command to display information about interfaces configured with the ip load-sharing mode per-packet command.

Examples

# Display information about interfaces enabled with per-packet load sharing.

<Sysname> display ip load-sharing mode per-packet interface

Count: 3

Interface                                        Algorithm   Status

Ten-GigabitEthernet1/0/1                             Spray       Failed

Route-Aggregation1                               Spray       Succeed

Route-Aggregation2.1                             Robin       Failed

Table 4 Command output

Field	Description
Count	Number of interfaces enabled with per-packet load sharing.
Interface	Interface name.
Algorithm	Per-packet load sharing algorithm: ·     Spray. ·     Robin.
Status	Whether per-packet load sharing is enabled successfully on the interface: ·     Succeed. ·     Failed.

 

Related commands

ip load-sharing mode per-packet

display ip load-sharing path

Use display ip load-sharing path to display the load sharing path selected for a flow.

Syntax

display ip load-sharing path ingress-port interface-type interface-number packet-format { ipv4oe dest-ip ip-address [ src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address | flow-label flow-label ] } [ dest-port port-id | ip-pro protocol-id | src-port port-id | vpn-instance vpn-instance-name ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ingress-port interface-type interface-number: Specifies an ingress port by its type and number.

packet-format { ipv4oe dest-ip ip-address [src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address ] }: Specifies the packet encapsulation format.

ipv4oe: Specifies the format of IPv4 over Ethernet.

dest-ip ip-address: Specifies the destination IPv4 address in dotted decimal notation. If you do not specify this argument, the calculation uses 0.0.0.0 for path selection.

src-ip ip-address: Specifies the source IPv4 address in dotted decimal notation. If you do not specify this argument, the calculation uses 0.0.0.0 for path selection.

ipv6oe: Specifies the format of IPv6 over Ethernet.

dest-ipv6 ipv6-address: Specifies the destination IPv6 address. If you do not specify this option, the calculation uses 0:0:0:0:0:0:0:0 for path selection.

src-ipv6 ipv6-address: Specifies the source IPv6 address. If you do not specify this option, the calculation uses 0:0:0:0:0:0:0:0 for path selection.

flow-label flow-label: Specifies the IPv6 flow label in the range of 0 to 1048575. If you do not specify an IPv6 flow label, the device uses 0 for ECMP route selection.

dest-port port-id: Specifies a destination port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

ip-pro protocol-id: Specifies an IP protocol by its number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

source-port port-id: Specifies a source port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display the path on the public network, do not specify this option.

Usage guidelines

The option settings in this command must match both the options displayed in the display ip load-sharing mode command and the field values in load shared packets. If the option settings do not meet the requirement, the path displayed by this command might be different from the real path for load sharing.

This command cannot display the outgoing interface information and tunnel encapsulation packet information for unknown unicast packets.

Examples

# Display the load sharing path selected for the flow with the following attributes: ingress port Ten-GigabitEthernet 1/0/3, destination IP address 10.110.0.2, source IP address 10.100.0.2, IP protocol number 153, destination port number 2000, source port number 2000.

<Sysname> display ip load-sharing path ingress-port ten-gigabitethernet 1/0/3 packet-format ipv4oe dest-ip 10.110.0.2 src-ip 10.100.0.2 ip-pro 153 dest-port 2000 src-port 2000

 

Load-sharing algorithm: 0

Load-sharing options: dest-ip | src-ip | ip-pro | dest-port | src-port | ingress-port

Load-sharing parameters:

  Missing configured are set to 0.

  ingress-port: Ten-GigabitEthernet1/0/3

  packet-format: IPv4oE

  dest-ip: 10.110.0.2

  src-ip: 10.100.0.2

  ip-pro: 153

  dest-port: 2000

  src-port: 2000

Path selected: 20.0.0.2(interface Ten-GigabitEthernet1/0/3)

Table 5 Command output

Field	Description
Load-sharing algorithm	Load sharing algorithm ID.
Load-sharing options	Load sharing options specified by the ip load-sharing mode command.
Load-sharing parameters	Load sharing parameters that you specify for the display ip load-sharing path command.
Missing configured are set to 0.	Values of the unconfigured parameters are set to 0.
ingress-port	Ingress port of the packet.
packet-format	Packet encapsulation format.
dest-ip	Destination IP address of the packet.
src-ip	Source IP address of the packet.
ip-pro	IP protocol number.
dest-port	Destination port number.
src-port:	Source port number.
flow-label	Flow label.
Path selected	Selected path information, including the IPv4 or IPv6 address of the next hop and the egress port.

 

Related commands

ip load-sharing mode

ip dynamic-load-sharing threshold

Use ip dynamic-load-sharing threshold to configure the dynamic load sharing policy for an interface in eligibility ECMP mode.

Use undo ip dynamic-load-sharing threshold to restore the default.

Syntax

ip dynamic-load-sharing threshold lower lower-threshold [ upper upper-threshold priority priority-value ]

undo ip dynamic-load-sharing threshold

Default

No dynamic load sharing policy is configured for an interface. The device distributes traffic to the interface in eligibility ECMP mode.

Views

Layer 2 interface view

Layer 3 interface view

Predefined user roles

network-admin

Parameters

lower lower-threshold: Specifies the lower traffic scheduling threshold. The value range for the lower-threshold argument is 1 to 9999, in ten-thousandths. If the traffic size of an interface is not larger than its bandwidth multiplied by the lower threshold, the device distributes traffic to that interface in eligibility ECMP mode.

upper upper-threshold: Specifies the upper traffic scheduling threshold. The value range for the upper-threshold argument is 1 to 9999, in ten-thousandths. The upper traffic scheduling threshold must be greater than or equal to the lower traffic scheduling threshold. If the traffic size of an interface is larger than its bandwidth multiplied by the upper threshold, the device distributes traffic to that interface in eligibility ECMP mode.

priority priority-value: Specifies the interface priority value in traffic scheduling. The value range is 1 to 4.

Usage guidelines

Application scenarios

When you access the Internet through multiple links, complex traffic accounting might be involved. You can use this feature to configure the dynamic load sharing policy for an interface. The policy helps achieve fine scheduling of port resources and intelligent traffic distribution, which ensures service quality and enhances economic efficiency.

This feature takes effect only in scenarios where eligibility ECMP mode is enabled.

Operating mechanism

After you configure this feature in eligibility ECMP mode, the device dynamically adjusts its traffic distribution policy as follows:

·     When the forwarding traffic of an interface does not exceed the lower threshold, the device allocates traffic to the interface in eligibility ECMP mode to avoid resource waste and cost overruns.

·     When the forwarding traffic of all interfaces exceeds the lower threshold but does not exceed the upper threshold, the device allocates traffic based on interface priorities. For example, the device distributes traffic to interfaces with the second highest priority only if interfaces with the highest priority reach their upper thresholds.

·     When the forwarding traffic of all interfaces exceeds the upper threshold, the device continues to allocate traffic in eligibility ECMP mode.

Examples

# Configure the dynamic load sharing policy for Ten-GigabitEthernet1/0/1 in eligibility ECMP mode. The lower threshold is 30%, the upper threshold is 90%, and the interface priority value is 3.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] ip dynamic-load-sharing threshold lower 3000 upper 9000 priority 3

ip load-sharing acl

Use ip load-sharing acl to specify an ACL for load sharing.

Use undo ip load-sharing acl to stop using an ACL for load sharing.

Syntax

ip load-sharing acl [ { ipv4 { ipv4-acl-number | name ipv4-acl-name } | ipv6 { ipv6-acl-number | name ipv6-acl-name } }* | user-defined { user-define-acl-number | name user-define-acl-name } ]

undo ip load-sharing acl [ { ipv4 { ipv4-acl-number | name ipv4-acl-name } | ipv6 { ipv6-acl-number | name ipv6-acl-name } }* | user-defined { user-define-acl-number | name user-define-acl-name } ]

Default

No ACLs are specified for load sharing.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4 ipv4-acl-number: Specifies an IPv4 ACL by its number. The value range is 3000 to 3999.

name ipv4-acl-name: Specifies an IPv4 ACL by its name, a string of 1 to 63 characters.

ipv6 ipv6-acl-number: Specifies an IPv6 ACL by its number. The value range is 3000 to 3999.

name ipv6-acl-name: Specifies an IPv6 ACL by its name, a string of 1 to 63 characters.

user-defined user-define-acl-number: Specifies a user-defined ACL by its number. The value range is 5000 to 5999.

name user-define-acl-name: Specifies a user-defined ACL by its name, a string of 1 to 63 characters.

Usage guidelines

NOTE: In this section, a load sharing ACL refers to an ACL that is specified for load sharing by using this command.

 

Application scenarios

Elephant flows (such as service packets) and mice flows (such as RoCE protocol packets) always coexist in RoCE networks. Although the number of elephant flows is small, they have a large amount of traffic and is more bandwidth-hungry than mice flows. Unlike elephant flows, mice flows emerge frequently with a small amount of traffic, and they are sensitivitve to packet loss. If you use the same load sharing method for elephant and mice flows, uneven load distribution and low bandwidth efficiency will occur. To avoid this issue, use this command to specify load sharing ACLs. The device can then use the specified ACLs to distinguish traffic, and select an appropriate load sharing method based on the traffic type. This practice allows for better load balancing.

This command is applicable only to scenarios enabled with ECMP-based Dynamic Load Balancing (DLB).

Operating mechanism

After the specified load sharing ACLs are issued to the driver, they function as follows:

·     Packets that match a load sharing ACL are load shared on a per-flow basis.

·     Packets that cannot match any load sharing ACL are load shared in the DLB mode specified by using the ecmp mode or the ip load-sharing mode per-packet spray command.

If you execute this command without specify an ACL, the device uses a driver-defined ACL to identify RoCE protocol packets, and performs per-flow load sharing for those packets. For packets that cannot match the driver-defined ACL, the device load shares them in the spray mode specified by using the ecmp mode spray or ip load-sharing mode per-packet spray command.

Restrictions and guidelines

When you use this command to specify load sharing ACLs, follow these restrictions and guidelines:

·     You can specify both an IPv4 ACL and an IPv6 ACL at a time, or specify them separately by executing this command twice.

·     If the ACL specified in this command does not exist, the system will not issue that ACL to the driver unless it is created. Once the ACL is deleted, the system will notify the driver to remove the ACL.

·     To remove load sharing all ACLs, execute the undo ip load-sharing acl command without specifying any ACLs.

Examples

Specify IPv4 ACL 3000 for load sharing.

<Sysname> system

[Sysname] ip load-sharing acl ipv4 3000

Related commands

acl advanced (ACL and QoS Command Reference)

acl ipv6 advanced (ACL and QoS Command Reference)

acl user-defined advanced (ACL and QoS Command Reference)

ecmp mode (Layer 3—IP Routing Command Reference)

ip load-sharing local-first enable

Use ip load-sharing local-first enable to enable local-first load sharing.

Use undo ip load-sharing local-first enable to disable local-first load sharing.

Syntax

ip load-sharing local-first enable

undo ip load-sharing local-first enable

Default

Local-first load sharing is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Local-first load sharing takes effect only on an IRF fabric.

Examples

# Enable local-first load sharing.

<Sysname> system-view

[Sysname] ip load-sharing local-first enable

ip load-sharing mode

Use ip load-sharing mode to configure the load sharing mode.

Use undo ip load-sharing mode to restore the default.

Syntax

ip load-sharing mode { per-flow [ algorithm algorithm-number [ seed seed-number ] [ shift shift-number ] | [ dest-ip | dest-port | flow-label | ingress-port | ip-pro | src-ip | src-port ] * | tunnel { inner | outer } ] | per-packet } { global | slot slot-number }

undo ip load-sharing mode [ per-flow tunnel ]  { global | slot slot-number }

Default

The device performs per-flow load sharing based on the following criteria: source IP address, destination IP address, source port number, destination port number, IP protocol number, and ingress port.

Views

System view

Predefined user roles

network-admin

Parameters

algorithm algorithm-number: Specifies an algorithm for per-flow load sharing. The value range for the algorithm-number argument is 0 to 13. If you do not specify an algorithm, the algorithm value is set to 0.

seed seed-number: Specifies the seed value for the algorithm. The value range is 0 to ffffffff, and the default value is 0.

shift shift-number: Specifies the shift value for the hash algorithm result. The value range is 0 to 31 and the default value is 0.

per-flow: Implements per-flow load sharing. If you specify none of the dest-ip, dest-port, flow-label, ingress-port, ip-pro, src-ip, and src-port keywords, the device performs per-flow load sharing based on the default criteria. To view the default criteria, execute the display ip load-sharing mode command.

dest-ip: Identifies flows by destination IP address.

dest-port: Identifies flows by destination port.

flow-label: Identifies flows by flow label. This keyword takes effect only on IPv6 packets.

ingress-port: Identifies flows by ingress port.

ip-pro: Identifies flows by protocol number.

src-ip: Identifies flows by source IP address.

src-port: Identifies flows by source port.

tunnel { inner | outer }: Performs per-flow load sharing for IP tunnel packets. The inner keyword identifies flows by inner IP header information. The outer keyword identifies flows by outer IP header information. If you do not specify this option, the device performs per-flow load sharing based on outer IP header information.

global: Configures the load sharing mode globally.

per-packet: Implements per-packet load sharing.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command configures the load sharing mode for all member devices. ‌‌

Usage guidelines

If traffic is not shared equally, you can use the seed seed-number option and the shift shift-number option to adjust the algorithm result.

The load-sharing hash seed feature does not take effect for unknown unicast packets.

The load-sharing function for IP tunnel packets does not take effect for unknown unicast packets.

If IPv6 packets are encapsulated by MPLS, they do not support flow label-based per-flow load sharing.

The priority of slot-specific load balancing is higher than the global load balancing method. The global configuration takes effect only on slots that are not specified with a load balancing method.

To have the RDMA Telemetry feature take effect on the device, make sure the device is not configured with any of the following commands:

·     ip load-sharing mode per-packet

·     ip load-sharing mode per-flow ingress-port

For more information about RDMA Telemetry, see RDMA Telemetry configuration in Telemetry Configuration Guide.

Examples

# ‌‌Configure per-flow load sharing for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow slot 1

# ‌‌Configure per-flow load sharing based on the destination IP addresses and source IP addresses of packets for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow dest-ip src-ip slot 1

# ‌‌Configure per-flow load sharing based on the inner IP header information of IP tunnel packets for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow tunnel inner slot 1

# ‌‌Configure per-flow load sharing based on algorithm 1 for slot 1.

<Sysname> system-view

[Sysname] ip load-sharing mode per-flow algorithm 1 slot 1

Related commands

display ip load-sharing mode

ip load-sharing mode per-packet

Use ip load-sharing mode per-packet to enable per-packet load sharing on an interface and set the load sharing algorithm.

Use undo ip load-sharing mode per-packet to restore the default.

Syntax

ip load-sharing mode per-packet [ robin | spray ]

undo ip load-sharing mode per-packet

Default

No load sharing mode is specified on an interface. The interface uses the load sharing settings configured by using the ip load-sharing mode command in system view.

Views

Layer 3 interface view

Predefined user roles

network-admin

Parameters

robin: Specifies the robin algorithm, an algorithm that considers only the packet quantity.

spray: Specifies the spray algorithm, an algorithm that considers the packet size and distributes the load among a group of ECMP interfaces based on bytes.

Usage guidelines

In scenarios where service traffic and packets are forwarded through fixed interfaces, per-packet load sharing has higher performance than per-flow load sharing. When per-flow load sharing applies globally, you can use this command to enable per-packet load sharing on specific interfaces and set the load sharing algorithm for device performance test purposes. In per-packet load sharing, the robin algorithm does not consider the packet size, but the spray algorithm considers the size of different packets to achieve a more balanced load. If you do not specify an algorithm, the spray algorithm is used by default.

With this command configured, the interfaces do not inherit the load sharing settings of the ip load-sharing mode command in system view.

The feature is not supported on VSI interfaces. When you execute this command on an aggregate interface, you cannot specify the spray keyword.

If you execute the ip load-sharing mode per-packet command on an interface in conjunction with the ecmp mode command, the two commands take effect on that interface as follows:

·     If the spray keyword is specified in the ip load-sharing mode per-packet command and the enhanced keyword is specified in the ecmp mode command, this command cannot take effect on that interface.

·     In the following situation, the ip load-sharing mode per-packet command takes effect on that interface and the spray ECMP mode takes effect globally.

¡     The spray keyword is specified in the ip load-sharing mode per-packet command.

¡     The eligible keyword is specified in the ecmp mode command and the value for the flowset-inactive-time flowset-inactive-time option is not 0.

·     In other situations, the configuration of the ip load-sharing mode per-packet command takes precedence over that of the ecmp mode command.

Use this command with caution, because this command causes packet loss. As a best practice, use this command during off-peak periods or before network setup.

After you use this command, the output of the display ip load-sharing mode command might be inconsistent with the real.

This command cannot be used in conjunction with the RDMA Telemetry feature. For more information about RDMA Telemetry, see RDMA Telemetry configuration in Telemetry Configuration Guide.

Examples

# On Ten-GigabitEthernet1/0/1, enable per-packet load sharing.

<Sysname> system-view

[systerm] interface ten-gigabitethernet 1/0/1

[systerm-Ten-GigabitEthernet1/0/1] ip load-sharing mode per-packet

ip load-sharing symmetric enable

Use ip load-sharing symmetric enable to enable symmetric load sharing.

Use undo ip load-sharing symmetric enable to disable symmetric load sharing.

Syntax

ip load-sharing symmetric enable

undo ip load-sharing symmetric enable

Default

Symmetric load sharing is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Symmetric load sharing ensures that bidirectional traffic specific to a particular source and destination address pair flow along the same path.

Symmetric load sharing takes effect only on known unicast packets.

Examples

# Enable symmetric load sharing.

<Sysname> system-view

[Sysname] ip load-sharing symmetric enable