For feedback, use the following:
ipd_online_feedback@alcatel-lucent.com
Table of Contents Previous Next Index PDF

Configuring a VPRN Service with CLI
VPRN
This section provides information to configure Virtual Private Routed Network (VPRN) services using the command line interface.
Topics in this section include:
Basic Configuration
Common Configuration Tasks
Configuring VPRN Components
Creating a VPRN Service
Configuring Global VPRN Parameters
Configuring VPRN Protocols - PIM
Configuring VPRN Protocols - BGP
Configuring VPRN Protocols - RIP
Configuring VPRN Protocols - OSPF
Configuring a VPRN Interface
Configuring a VPRN Interface SAP
Configuring Overload State on a Single SFM
Service Management Tasks
Modifying VPRN Service Parameters
Deleting a VPRN Service
Disabling a VPRN Service
Re-enabling a VPRN Service
 
 
Basic Configuration
The following fields require specific input (there are no defaults) to configure a basic VPRN service:
Customer ID (refer to Configuring Customers on page 103)
Specify interface parameters
Specify spoke SDP parameters
The following example displays a sample configuration of a VPRN service.
*A:ALA-1>config>service>vprn# info
----------------------------------------------
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                proxy-arp
                exit
                sap 1/1/10:1 create
                    ingress
                        qos 100
                    exit
                    egress
                        qos 1010
                        filter ip 10
                    exit
                exit
                dhcp
                    description "DHCP test"
                exit
                vrrp 1
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            pim
                apply-to all
                rp
                    static
                    exit
                    bsr-candidate
                        shutdown
                    exit
                    rp-candidate
                        shutdown
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            no shutdown
----------------------------------------------
*A:ALA-1>config>service>vprn#
 
Common Configuration Tasks
This section provides a brief overview of the tasks that must be performed to configure a VPRN service and provides the CLI commands.
1.
Associate a VPRN service with a customer ID.
2.
Define an autonomous system (optional).
3.
Define a route distinguisher (mandatory).
4.
Define VRF route-target associations or VRF import/export policies.
5.
Define PIM parameters (optional).
6.
Create a subscriber interface (optional).
7.
Create an interface.
8.
Define SAP parameters on the interface.
Select node(s) and port(s).
Optional - select QoS policies other than the default (configured in config>qos context).
Optional - select filter policies (configured in config>filter context).
Optional - select accounting policy (configured in config>log context).
Optional - configure DHCP features.
9.
Define BGP parameters (optional).
BGP must be enabled in the config>router>bgp context.
10.
Define RIP parameters (optional).
11.
Define spoke SDP parameters (optional).
12.
Create confederation autonomous systems within an AS. (optional).
13.
Enable the service.
 
Configuring VPRN Components
This section provides VPRN configuration examples for the following entities:
Creating a VPRN Service
Configuring Global VPRN Parameters
Configuring VPRN Protocols - PIM
Configuring Router Interfaces
Configuring VPRN Protocols - OSPF
Configuring a VPRN Interface SAP
Configuring VPRN Protocols - BGP
Configuring VPRN Protocols - RIP
 
VPRN parameters
 
Creating a VPRN Service
Use the following CLI syntax to create a VRPN service. A route distinguisher must be defined in order for VPRN to be operationally active.
CLI Syntax: config>service# vprn service-id [customer customer-id]
route-distinguisher [ip-address:number1 | asn:number2]
description description-string
no shutdown
 
The following example displays a VPRN service configuration. 
*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            route-distinguisher 10001:0
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service>vprn#
 
 
Configuring Global VPRN Parameters
Other VPRN parameters
Refer to VPRN Services Command Reference for CLI syntax to configure VPRN parameters.
The following example displays a VPRN service with configured parameters. 
*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            autonomous-system 10000
            route-distinguisher 10001:1
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service#
 
Configuring a Spoke-SDP
Use the following CLI syntax to configure spoke SDP parameters:
CLI Syntax: config>service# vprn service-id [customer customer-id]
spoke-sdp sdp-id
no shutdown
interface ip-int-name
spoke-sdp sdp-id:vc-id [vc-type {ether|vlan|vpls}]
egress
filter {ip ip-filter-id}
vc-label egress-vc-label
ingress
filter {ip ip-filter-id}
vc-label ingress-vc-label
tos-marking-state {trusted|untrusted}
no shutdown 
 
The following output displays a spoke SDP configuration
A:ALA-48>config>service>vprn# info
----------------------------------------------
...
            interface "SpokeSDP" create
                spoke-sdp 3:4 create
                    ingress
                        vc-label 3000
                        filter ip 10
                    exit
                    egress
                        vc-label 2000
                        filter ip 10
                    exit
                exit
            exit
...
            spoke-sdp 3 create
            exit
            no shutdown
----------------------------------------------
A:ALA-48>config>service>vprn#
 
 
Configuring VPRN Protocols - PIM
Refer to VPRN Services Command Reference for CLI syntax to configure VPRN parameters.
The following example displays a VPRN PIM configuration:
config>service# info
#------------------------------------------
...
        vprn 1 customer 2 create
            route-distinguisher 1:11
            interface "if1" create
                address 12.13.14.15/32
                loopback
            exit
            interface "if2" create
                address 14.14.14.1/24
                sap 1/1/2:0 create
                exit
            exit
            pim
                interface "if1"
                exit
                interface "if2"
                exit
                rp
                    static
                    exit
                    bsr-candidate
                        shutdown
                    exit
                    rp-candidate
                        shutdown
                    exit
                exit
            exit
            no shutdown
        exit
    exit
#------------------------------------------
config>service#
 
 
Configuring Router Interfaces
Refer to the 7750 SR OS Router Configuration Guide for command descriptions and syntax information to configure router interfaces.
The following example displays a router interface configurations:
ALA48>config>router# info
#------------------------------------------
echo "IP Configuration"
#------------------------------------------
...
        interface "if1"
            address 2.2.2.1/24
            port 1/1/33
        exit
        interface "if2"
            address 10.49.1.46/24
            port 1/1/34
        exit
        interface "if3"
            address 11.11.11.1/24
            port 1/1/35
        exit
...
#------------------------------------------
ALA48>config>router#
 
Configuring VPRN Protocols - BGP
VPRN BGP parameters
The autonomous system number and router ID configured in the VPRN context only applies to that particular service.
The minimal parameters that should be configured for a VPRN BGP instance are:
Specify an autonomous system number for the router. See Configuring Global VPRN Parameters.
Specify a router ID - Note that if a new or different router ID value is entered in the BGP context, then the new values takes precedence and overwrites the VPRN-level router ID. See Configuring Global VPRN Parameters.
Specify a VPRN BGP peer group.
Specify a VPRN BGP neighbor with which to peer.
Specify a VPRN BGP peer-AS that is associated with the above peer.
VPRN BGP is administratively enabled upon creation. Minimally, to enable VPRN BGP in a VPRN instance, you must associate an autonomous system number and router ID for the VPRN service, create a peer group, neighbor, and associate a peer AS number. There are no default VPRN BGP groups or neighbors. Each VPRN BGP group and neighbor must be explicitly configured.
All parameters configured for VPRN BGP are applied to the group and are inherited by each peer, but a group parameter can be overridden on a specific basis. VPRN BGP command hierarchy consists of three levels:
The global level
The group level
The neighbor level
 
For example:
CLI Syntax: config>service>vprn>bgp# (global level)
group (group level)
neighbor (neighbor level)
Note that the local-address must be explicitly configured if two systems have multiple BGP peer sessions between them for the session to be established.
For more information about the BGP protocol, refer to the 7750 SR OS Router Configuration Guide.
 
Configuring VPRN BGP Group and Neighbor Parameters
A group is a collection of related VPRN BGP peers. The group name should be a descriptive name for the group. Follow your group, name, and ID naming conventions for consistency and to help when troubleshooting faults.
All parameters configured for a peer group are applied to the group and are inherited by each peer (neighbor), but a group parameter can be overridden on a specific neighbor-level basis.
After a group name is created and options are configured, neighbors can be added within the same autonomous system to create IBGP connections and/or neighbors in different autonomous systems to create EBGP peers. All parameters configured for the peer group level are applied to each neighbor, but a group parameter can be overridden on a specific neighbor basis.
 
Configuring Route Reflection
Route reflection can be implemented in autonomous systems with a large internal BGP mesh to reduce the number of IBGP sessions required. One or more routers can be selected to act as focal points, for internal BGP sessions. Several BGP-speaking routers can peer with a route reflector. A route reflector forms peer connections to other route reflectors. A router assumes the role as a route reflector by configuring the cluster cluster-id command. No other command is required unless you want to disable reflection to specific peers.
If you configure the cluster command at the global level, then all subordinate groups and neighbors are members of the cluster. The route reflector cluster ID is expressed in dotted decimal notation. The ID should be a significant topology-specific value. No other command is required unless you want to disable reflection to specific peers.
If a route reflector client is fully meshed, the disable-client-reflect command can be enabled to stop the route reflector from reflecting redundant route updates to a client.
 
Configuring BGP Confederations
A VPRN can be configured to belong to a BGP confederation. BGP confederations are one technique for reducing the degree of IBGP meshing within an AS. When the confederation command is in the configuration of a VPRN the type of BGP session formed with a VPRN BGP neighbor is determined as follows:
The session is of type IBGP if the peer AS is the same as the local AS.
The session is of type confed-EBGP if the peer AS is different than the local AS AND the peer AS is listed as one of the members in the confederation command.
The session is of type EBGP if the peer AS is different than the local AS AND the peer AS is not listed as one of the members in the confederation command.
When a VPRN is configured to belong to a confederation, the following VPRN commands cannot be configured:
vrf-target
vrf-import
vrf-export
grt-lookup
 
VPRN BGP CLI Syntax
Use the CLI syntax to configure VPRN BGP parameters (BGP Configuration Commands).
The following example displays a VPRN BGP configuration:
*A:ALA-1>config>service# info 
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service#
 
Configuring VPRN Protocols - RIP
VPRN RIP parameters
PE routers which attach to a particular VPN need to know, for each of that VPN's sites, which addresses in that VPN are at each site. There are several ways that a PE router can obtain this set of addresses. The Routing Information Protocol (RIP) sends routing update messages that include entry changes. The routing table is updated to reflect the new information.
RIP can be used as a PE/CE distribution technique. PE and CE routers may be RIP peers, and the CE may use RIP to tell the PE router the set of address prefixes which are reachable at the CE router's site. When RIP is configured in the CE, care must be taken to ensure that address prefixes from other sites (i.e., address prefixes learned by the CE router from the PE router) are never advertised to the PE. Specifically, if a PE router receives a VPN-IPv4 route, and as a result distributes an IPv4 route to a CE, then that route must not be distributed back from that CE's site to a PE router (either the same router or different routers).
In order to enable a VPRN RIP instance, the RIP protocol must be enabled in the config>service> >vprn>rip context of the VPRN. VPRN RIP is administratively enabled upon creation. Configuring other RIP commands and parameters are optional.
NOTE: Careful planning is essential to implement commands that can affect the behavior of VPRN RIP global, group, and neighbor levels. Because the RIP commands are hierarchical, analyze the values that can disable features on a particular level.
The parameters configured on the VPRN RIP global level are inherited by the group and neighbor levels. Many of the hierarchical VPRN RIP commands can be modified on different levels. The most specific value is used. That is, a VPRN RIP group-specific command takes precedence over a global VPRN RIP command. A neighbor-specific statement takes precedence over a global VPRN RIP and group-specific command. For example, if you modify a VPRN RIP neighbor-level command default, the new value takes precedence over VPRN RIP group- and global-level settings. There are no default VPRN RIP groups or neighbors. Each VPRN RIP group and neighbor must be explicitly configured.
 
The minimal parameters that should be configured for a VPRN instance are:
Specify a VPRN RIP peer group.
Specify a VPRN RIP neighbor with which to peer.
Specify a VPRN RIP peer-AS that is associated with the above peer.
VPRN RIP command hierarchy consists of three levels:
The global level
The group level
The neighbor level
 
For example:
CLI Syntax: config>service>vprn>rip# (global level)
group (group level)
neighbor (neighbor level)
 
VPRN RIP CLI Syntax
The following example displays a VPRN RIP configuration:
*A:ALA-1>config>service# info 
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service# info
 
For more information about the RIP protocol, refer to the 7750 SR OS Router Configuration Guide.
 
Configuring VPRN Protocols - OSPF
VPRN interface
Each VPN routing instance is isolated from any other VPN routing instance, and from the routing used across the backbone. OSPF can be run with any VPRN, independently of the routing protocols used in other VPRNs, or in the backbone itself. For more information about the OSPF protocol, refer to the 7750 SR OS Router Configuration Guide.
CLI Syntax: config>service>vprn>ospf#
 
VPRN OSPF CLI Syntax
Refer to OSPF Configuration Commands for CLI syntax to configure VPRN parameters.
The following example displays the VPRN OSPF configuration shown above:
*A:ALA-48>config>service# info
----------------------------------------------
	 vprn 2 customer 1 create
            interface "test" create
            exit
            no shutdown
        exit
            area 0.0.0.0
                virtual-link 1.2.3.4 transit-area 1.2.3.4
                    hello-interval 9
                    dead-interval 40
                exit
	    exit
----------------------------------------------
*A:ALA-48>config>service#
For more information about the OSPF protocol, refer to the 7750 SR OS Router Configuration Guide.
 
Configuring TMS Parameters
VPRN RIP parameters
The following example displays a VPRN TMS configuration:
configure
    service
        customer 1 create
            description "Default customer"
        exit
        vprn 1 customer 1 create
            ecmp 16
            router-id 0.0.3.1
            autonomous-system 1
            route-distinguisher 1.1.1.3:1
            auto-bind ldp
            vrf-target target:1:1
            tms-interface "mda-1-1" create
                address 20.12.0.43/32
                description "tms-1-1"
                port 1/1
                password "password=arbor zone-secret=admin"
            exit
            tms-interface "mda-2-1" create
                address 20.12.0.44/32
                description "tms-2-1"
                port 2/1
                password "password=arbor zone-secret=admin"
            exit
            tms-interface "mda-2-2" create
                address 20.12.0.45/32
                description "tms-2-2"
                port 2/2
                password "password=arbor zone-secret=admin"
            exit
            tms-interface "mda-3-1" create
                address 20.12.0.46/32
                description "tms-3-1"
                port 3/1
                password "password=arbor zone-secret=admin"
            exit
            no shutdown
        exit
    exit 
exit 
 
configure service vprn 1
         tms-interface "mda-1-1" create
             address 20.12.0.43/32
             description "tms-1-1"
             port 1/1
             password "password=arbor zone-secret=admin"
         exit
     exit
 
     configure router
        interface "itfToArborCP"
            address 10.12.0.1/24
            port 3/2/4
        exit
     exit
Configuration Notes:
Use the mda-type isa-tms parameter for this configuration
The tms-interface address 20.12.0.43/32 should be configured on the ArborSP via "Administration> Peakflow Appliances"
The port is the card/mda
The tms-interface address 20.12.0.43/32 results in a static-route in the Base instance
 
*A:Dut-C# show router route-table 20.12.0.43/32 
 
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto    Age         Pref
Next Hop[Interface Name]                                   Metric    
-------------------------------------------------------------------------------
20.12.0.43/32                                 Remote  Static   00h08m49s   5
vprn1:mda-1-1                                                1
-------------------------------------------------------------------------------
The tms-interface zone-secret=admin should match with the zone-secret used on the ArborSP
The tms-interface password=arbor should be used as password during ssh/telnet to tms
The tms-interface ipv6. This is a prerequisite for adding IPv6 TMS routes and scrubbing IPv6 traffic
The connectivity SR/ArborSP goes via port 3/2/4 interface itfToArborCP (10.12.0.1) to an interface (10.12.0.2) of the ArborSP.
On the ArborSP, to reach the TMS, a static route like this is needed: 20.12.0.0/24 with next-hop 10.12.0.1
On the SR, to reach the ArborSP a static-route like this is needed (with 138.203.71.202 the mgmt ip address of the ArborSP (eth0): static-route 138.203.71.202/32 next-hop 10.12.0.2
Use the same ntp server on both SR/ArborSP and enable ntp-server (because CPM is ntp server for isa-tms's)
A policy (in this example "exporttmsgrt") is needed to leak tms routes to bgp
If you want to telnet/ping to tms, then you should enable first following services: ssh 127.1.mda.slot -l admin router management 
           ip access add ping all 0.0.0.0/0
           ip access add telnet all 0.0.0.0/0
           ip access commit
           services telnet start
           config write
On the ArborSP
Use a TMS cluster which holds the relevant isa-tms's Administration> Mitigation> TMS-ISA Clusters
Put the TMS cluster in a TMS group Administration> Mitigation> TMS Groups
Use the TMS Group in the mitigation rule (Mitigation> Threat Management> Add> TMS Appliances)
 
 
Configuring a VPRN Interface
VPRN interface
Interface names associate an IP address to the interface, and then associate the IP interface with a physical port. The logical interface can associate attributes like an IP address, port, Link Aggregation Group (LAG) or the system.
There are no default interfaces.
Note that you can configure a VPRN interface as a loopback interface by issuing the loopback command instead of the sap sap-id command. The loopback flag cannot be set on an interface where a SAP is already defined and a SAP cannot be defined on a loopback interface.
When using mtrace/mstat in a Layer 3 VPN context then the configuration for the VPRN should have a loopback address configured which has the same address as the core instance's system address (BGP next-hop).
Refer to OSPF Configuration Commands for CLI commands and syntax.
The following example displays a VPRN interface configuration:
*A:ALA-1>config>service>vprn# info
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service#
 
 
Configuring Overload State on a Single SFM
A 7x50 system with a single SFM installed has a system multicast throughput that is only a half of a 7x50 system with dual SFMs installed. For example, in a mixed environment in which IOM1s, IOM2s, and IOM3s are installed in the same system (chassis mode B or C), system multicast throughput doubles when redundant SFMs are used instead of a single SFM. If the required system multicast throughput is between 16G and 32G (which means both SFMs are being actively used), when there is an SFM failure, multicast traffic needs to be rerouted around the node.
Some scenarios include:
There is only one SFM installed in the system
One SFM (active or standby) failed in a dual SFM configuration
The system is in the ISSU process
You can use an overload state in IGP to trigger the traffic reroute by setting the overload bit or setting the metric to maximum in OSPF. Since PIM uses IGP to find out the upstream router, a next-hop change in IGP will cause PIM to join the new path and prune the old path, which effectively reroutes the multicast traffic downstream. When the problem is resolved, the overload condition is cleared, which will cause the traffic to be routed back to the router.
 
Configuring a VPRN Interface SAP
VPRN interface
A SAP is a combination of a port and encapsulation parameters which identifies the service access point on the interface and within the SR. Each SAP must be unique within a router. A SAP cannot be defined if the interface loopback command is enabled.
When configuring VPRN interface SAP parameters, a default QoS policy is applied to each ingress and egress SAP. Additional QoS policies and scheduler policies must be configured in the config>qos context. Filter policies are configured in the config>filter context and must be explicitly applied to a SAP. There are no default filter policies.
VPRN interface ATM SAP parameters can only be configured on ATM-type MDAs and ATM-configured ports. The periodic-loopback command can only be enabled when the config>system>atm>oam context is enabled. See the 7750 SR OS Basic System Configuration Guide.
Refer to OSPF Configuration Commands for CLI commands and syntax.
The following example displays a VPRN interface SAP configuration:
*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            spoke-sdp 2 create
            exit
            no shutdown
        exit
...
----------------------------------------------
*A:ALA-1>config>service#
 
 
 
Configuring IPSec Parameters
The following output displays service with IPSec parameters configured. 
*A:ALA-49>config# info
----------------------------------------------
...
    service
        ies 100 customer 1 create
            interface "ipsec-public" create
                address 10.10.10.1/24
                sap ipsec-1.public:1 create
                exit
            exit
            no shutdown
        exit
	  vprn 200 customer 1 create
            ipsec
                security-policy 1 create
                    entry 1 create
                        local-ip 172.17.118.0/24
                        remote-ip 172.16.91.0/24
                    exit
                exit
            exit
		 route-distinguisher 1:1
            ipsec-interface "ipsec-private" create
                sap ipsec-1.private:1 create
                    tunnel "remote-office" create
                        security-policy 1
                        local-gateway-address 10.10.10.118 peer 10.10.7.91 delivery-service 100
                        dynamic-keying
                            ike-policy 1
                            pre-shared-key "humptydumpty"
                            transform 1
                        exit
                        no shutdown
                    exit
                exit
            exit
            interface "corporate-network" create
                address 172.17.118.118/24
                sap 1/1/2 create
                exit
            exit
		static-route 172.16.91.0/24 ipsec-tunnel "remote-office" 
            no shutdown
        exit
    exit
...
----------------------------------------------
*A:ALA-49>config#
 
 
 
 
Service Management Tasks
This section discusses the following service management tasks:
Modifying VPRN Service Parameters
Deleting a VPRN Service
 
Modifying VPRN Service Parameters
Use the CLI syntax to modify VPRN parameters (VPRN Services Command Reference).
The following example displays the VPRN service creation output. 
*A:ALA-1>config>service# info
----------------------------------------------
...
		vprn 1 customer 1 create
            shutdown
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            maximum-routes 2000
            autonomous-system 10000
            route-distinguisher 10001:1
            interface "to-ce1" create
                address 10.1.1.1/24
                sap 1/1/10:1 create
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-ce1"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
        exit
...
----------------------------------------------
*A:ALA-1>config>service>vprn#
 
Deleting a VPRN Service
An VPRN service cannot be deleted until SAPs and interfaces are shut down and deleted. If protocols and/or a spoke-SDP are defined, they must be shut down and removed from the configuration as well.
Use the following CLI syntax to delete a VPRN service:
CLI Syntax: config>service#
[no] vprn service-id [customer customer-id]
shutdown
[no] interface ip-int-name
shutdown
[no] sap sap-id]
[no] bgp
shutdown
[no] rip
shutdown
[no] spoke-sdp sdp-id
[no] shutdown
 
Disabling a VPRN Service
A VPRN service can be shut down without deleting any service parameters.
CLI Syntax: config>service#
vprn service-id [customer customer-id]
shutdown
Example: config>service# vprn 1
config>service>vprn# shutdown
 config>service>vprn# exit
*A:ALA-1>config>service# info
----------------------------------------------
...
        vprn 1 customer 1 create
            shutdown
            vrf-import "vrfImpPolCust1"
            vrf-export "vrfExpPolCust1"
            ecmp 8
            autonomous-system 10000
            route-distinguisher 10001:1
            auto-bind ldp
            vrf-target target:10001:1
            interface "to-ce1" create
                address 11.1.0.1/24
                sap 1/1/10:1 create
                    ingress
                        scheduler-policy "SLA2"
                        qos 100
                    exit
                    egress
                        scheduler-policy "SLA1"
                        qos 1010
                        filter ip 6
                    exit
                exit
            exit
            static-route 6.5.0.0/24 next-hop 10.1.1.2
            bgp
                router-id 10.0.0.1
                group "to-cel"
                    export "vprnBgpExpPolCust1"
                    peer-as 65101
                    neighbor 10.1.1.2
                    exit
                exit
            exit
            rip
                export "vprnRipExpPolCust1"
                group "cel"
                    neighbor "to-ce1"
                    exit
                exit
            exit
            spoke-sdp 2 create
            exit
        exit
...
----------------------------------------------
*A:ALA-1>config>service#
 
Re-enabling a VPRN Service
To re-enable a VPRN service that was shut down.
CLI Syntax: config>service#
vprn service-id [customer customer-id]
no shutdown