VPRN Service Configuration Commands

Generic Commands

description

Syntax

description description-string

no description

Context

config>service>vprn

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

config>service>vprn>dhcp>local-dhcp-server

config>service>vprn>dhcp>local-dhcp-server>pool

config>service>vprn>interface

config>service>vprn>if>dhcp

config>service>vprn>if>ipv6>dhcp6-relay

config>service>vprn>if>sap

config>service>vprn>ip-transport

config>service>vprn>ip-transport>remote-host

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

config>service>vprn>static-route-entry>black-hole

config>service>vprn>static-route-entry>grt

config>service>vprn>static-route-entry>indirect

config>service>vprn>static-route-entry>ipsec-tunnel

config>service>vprn>static-route-entry>next-hop

config>service>vprn>twamp-light>reflector

config>service>vprn>twamp-light>reflector>prefix

config>service>vprn>zone

config>service>vprn>zone>nat>pool

Description

This command creates a text description that is stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the contents in the configuration file.

The no form of this command removes the string from the configuration.

Default

no description

Parameters

description-string

the description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

shutdown

Syntax

[no] shutdown

Context

config>service>vprn

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

config>service>vprn>interface

config>service>vprn>if>dhcp

config>service>vprn>if>ipv6>dhcp6-relay

config>service>vprn>if>ipv6>dhcp6-server>prefix-delegation

config>service>vprn>if>spoke-sdp

config>service>vprn>if>sap

config>service>vprn>if>vrrp

config>service>vprn>ip-transport

config>service>vprn>msdp

config>service>vprn>msdp>group

config>service>vprn>msdp>group>peer

config>service>vprn>msdp>peer

config>service>vprn>ntp

config>service>vprn>ospf

config>service>vprn>ospf>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

config>service>vprn>ospf3

config>service>vprn>ospf3>area>interface

config>service>vprn>ospf3>area>virtual-link

config>service>vprn>pim

config>service>vprn>pim>interface

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

config>service>vprn>router-advertisement>interface

config>service>vprn>pim>rp>bsr-candidate

config>service>vprn>pim>rp>rp-candidate

config>service>vprn>spoke-sdp

config>service>vprn>static-route-entry>black-hole

config>service>vprn>static-route-entry>grt

config>service>vprn>static-route-entry>indirect

config>service>vprn>static-route-entry>ipsec-tunnel

config>service>vprn>static-route-entry>next-hop

config>service>vprn>twamp-light>reflector

config>service>vprn>zone

config>service>vprn>zone>interface

Description

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities are described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

Special Cases

Service Admin State

bindings to an SDP within the service will be put into the out-of-service state when the service is shut down. While the service is shut down, all customer packets are dropped and counted as discards for billing and debugging purposes.

A service is regarded as operational providing that one IP Interface SAP and one SDP is operational.

VPRN IP transport subservice

when an IP transport subservice within a VPRN service is shut down, all TCP/UDP packets received from remote hosts are dropped and any serial data received from the serial port is dropped. Any TCP connections that were up are closed and no new TCP connection requests are accepted.

It is not possible to make configuration changes to an IP transport subservice without performing a shutdown first.

The operational state of an IP transport subservice is relative to the operational state of the serial port for which the IP transport subservice is defined. When a serial port is shut down, the IP transport subservice associated with the serial port becomes operationally down.

When the no shutdown command is executed for an IP transport subservice, it becomes operationally up, serial data from the serial port is encapsulated in TCP/UDP packets destined for remote hosts, and TCP/UDP packets can be received by the local host, where raw serial data is then sent out the serial port.

Global Commands

vprn

Syntax

vprn service-id [customer customer-id] [create]

no vprn service-id

Context

config>service

Description

This command creates or edits a Virtual Private Routed Network (VPRN) service instance.

If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

VPRN services allow the creation of customer-facing IP interfaces in a separate routing instance from the one used for service network core routing connectivity. VPRN services allow the IP addressing scheme used by the subscriber to overlap with other addressing schemes used by other VPRN services or by the provider and, potentially, the entire Internet.

IP interfaces defined within the context of a VPRN service ID must have a SAP created as the access point to the subscriber network.

When a service is created, the customer keyword and customer-id must be specified, which associates the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. To change the association between service and customer, the service must be deleted and recreated with a new customer association.

Once a service is created, the use of customer customer-id is optional to navigate into the service configuration context. Attempting to edit a service with an incorrect customer-id results in an error.

Multiple VPRN services are created in order to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within a VPRN service ID belong to the same customer.

The no form of the command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shut down and deleted.

Default

n/a

Parameters

service-id

the unique service identification number or name that identifies the service in the service domain. The ID must be unique to this service and cannot be used for any other service of any type (such as Epipe, Cpipe, IES). However, a VPRN instance in the service provider network can include different service-ids on the routers in the network.

Values

1 to 2147483647 or service-name

customer-id

an existing customer identification number to be associated with the service. This parameter is required during service creation and is optional for service editing or deleting.

Values

1 to 2147483647

create

keyword is mandatory when creating a VPRN service

aggregate

Syntax

aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [description description-text]

no aggregate ip-prefix/ip-prefix-length

Context

config>service>vprn

Description

This command creates an aggregate route.

Use this command to group a number of routes with common prefixes into a single entry in the routing table. This reduces the number of routes that need to be advertised by this router and reduces the number of routes in the routing tables of downstream routers.

Both the original components and the aggregated route (source protocol aggregate) are offered to the Routing Table Manager (RTM). Subsequent policies can be configured to assign protocol-specific characteristics, such as the OSPF tag, to aggregate routes.

Multiple entries with the same prefix but a different mask can be configured; routes are aggregated to the longest mask. If one aggregate is configured as 10.0/16 and another as 10.0.0/24, then route 10.0.128/17 would be aggregated into 10.0/16 and route 10.0.0.128/25 would be aggregated into 10.0.0/24. If multiple entries are made with the same prefix and the same mask, the previous entry is overwritten.

The no form of the command removes the aggregate.

Default

no aggregate

Parameters

ip-prefix/ip-prefix-length

the destination address of the aggregate route

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv4-prefix-length 0 to 30

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length 0 to 128
summary-only

suppresses advertisement of more specific component routes for the aggregate. To remove the summary-only option, enter the same aggregate command without the summary-only parameter.

as-set

creates an aggregate where the path advertised for this route is an AS_SET consisting of all elements contained in all paths that are being summarized. This parameter should be used carefully as it can increase the amount of route churn due to best path changes. The parameter is only applicable to BGP.

as-number:ip-address

specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet AS number used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.

Values

as-number 1 to 4294967295

ip-address a.b.c.d

description-text

a text description, up to 80 characters long, stored in the configuration file for a configuration context

auto-bind-tunnel

Syntax

auto-bind-tunnel

Context

config>service>vprn

Description

This command enables the context to configure automatic binding of a VPRN service using tunnels to MP-BGP peers.

The auto-bind-tunnel mode is simply a context to configure the binding of VPRN routes to tunnels. The user must configure the resolution option to enable auto-binding resolution to tunnels in TTM.

When an explicit SDP to a BGP next hop is configured in a VPRN service (config>service> vprn>spoke-sdp), it overrides the auto-bind-tunnel selection for that BGP next hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke SDP in the VPRN service context to resume using the auto-bind-tunnel selection for the BGP next hop.

ecmp

Syntax

ecmp max-ecmp-routes

no ecmp

Context

config>service>vprn>auto-bind-tunnel

Description

This command configures the maximum number of routes that can be used for auto-bind tunnel resolution.

The no form of this command removes the configured value.

Parameters

max-ecmp-routes

the maximum number of routes that can be used for auto-bind tunnel resolution

Values

1 to 8

Default

1

resolution

Syntax

resolution {any | filter | disabled}

Context

config>service>vprn>auto-bind-tunnel

Description

This command configures the resolution mode in the automatic binding of a VPRN service to tunnels to MP-BGP peers.

If the resolution option is explicitly set to disabled, the auto-binding to tunnels is removed.

If resolution is set to any, any supported tunnel type in the VPRN context will be selected following the TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, only these tunnel types will be selected again following the TTM preference.

The user must set resolution to filter to activate the list of tunnel types configured under resolution-filter.

Parameters

any

enables the binding to any supported tunnel type in the VPRN context following the TTM preference

filter

enables the binding to the subset of tunnel types configured under resolution-filter

disabled

disables the automatic binding of a VPRN service to tunnels to MP-BGP peers

resolution-filter

Syntax

resolution-filter

Context

config>service>vprn>auto-bind-tunnel

Description

This command configures the subset of tunnel types that can be used in the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.

The following tunnel types are supported in a VPRN context (in order of preference): RSVP (rsvp), segment routing TE (sr-te), LDP (ldp), segment routing OSPF (sr-ospf), segment routing IS-IS (sr-isis), and GRE (gre). The segment routing precedences can be configured. The selection of an SR tunnel in SR-ISIS when using multi-instance IS-IS is based on lowest instance ID.

gre

Syntax

[no] gre

Context

config>service>vprn>auto-bind-tunnel>resolution-filter

Description

This command specifies the GRE type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.

The no form of the command removes this type of automatic binding.

Default

no gre

ldp

Syntax

[no] ldp

Context

config>service>vprn>auto-bind-tunnel>resolution-filter

Description

This command specifies the LDP tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.

The ldp value instructs BGP to search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next hop.

The no form of the command removes this type of automatic binding.

Default

no ldp

rsvp

Syntax

[no] rsvp

Context

config>service>vprn>auto-bind-tunnel>resolution-filter

Description

This command specifies the RSVP tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.

The rsvp value instructs BGP to search for the best metric RSVP LSP to the address of the BGP next hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

The no form of the command removes this type of automatic binding.

Default

no rsvp

sr-isis

Syntax

[no] sr-isis

Context

config>service>vprn>auto-bind-tunnel>resolution-filter

Description

This command specifies the SR-ISIS tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.

When the sr-isis value is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS instance.

The no form of the command removes this type of automatic binding.

Default

no sr-isis

sr-ospf

Syntax

[no] sr-ospf

Context

config>service>vprn>auto-bind-tunnel>resolution-filter

Description

This command specifies the SR-OSPF tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.

When the sr-ospf value is enabled, an SR tunnel to the BGP next hop is selected in the TTM from OSPF instance 0.

The no form of the command removes this type of automatic binding.

Default

no sr-ospf

sr-te

Syntax

[no] sr-te

Context

config>service>vprn>auto-bind-tunnel>resolution-filter

Description

This command specifies the SR-TE tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.

The sr-te value instructs the 7705 SAR to search for the best metric SR-TE LSP to the address of the BGP next hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple SR-TE LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

The no form of the command removes this type of automatic binding.

Default

no sr-te

weighted-ecmp

Syntax

[no] weighted-ecmp

Context

config>service>vprn>auto-bind-tunnel

Description

This command enables weighted ECMP for packets using tunnels that a VPRN automatically binds to. This command is applicable if the auto-bind tunnel is configured for RSVP or SR-TE using the config>service>vprn>auto-bind-tunnel>resolution-filter>rsvp/sr-te command. When weighted ECMP is enabled, packets are sprayed across RSVP-TE or SR-TE LSPs in the ECMP set according to the outcome of the hash algorithm and the configured load-balancing-weight of each LSP. See the 7705 SAR MPLS Guide, ‟MPLS Commands”, for more information about the load-balancing-weight command.

The no form of the command disables weighted ECMP for next-hop tunnel selection.

Default

no weighted-ecmp

autonomous-system

Syntax

autonomous-system as-number

no autonomous-system

Context

config>service>vprn

Description

This command defines the autonomous system (AS) to be used by this VPN virtual routing/forwarding table (VRF).

The no form of the command removes the defined AS from the given VPRN context.

Default

no autonomous-system

Parameters

as-number

specifies the AS number for the VPRN service

Values

1 to 4294967295

ecmp

Syntax

ecmp max-ecmp-routes

no ecmp

Context

config>service>vprn

Description

This command enables ECMP (Equal-Cost Multipath Protocol) in the VPRN service context of a VPRN service and configures the number of routes for path sharing; for example, the value 2 means two equal-cost routes will be used for cost sharing.

ECMP refers to the distribution of packets over two or more outgoing links that share the same routing cost. ECMP provides a fast local reaction to route failures. ECMP is supported on static routes and dynamic (OSPF, IS-IS, and BGP) routes.

ECMP can only be used for routes with the same preference and same protocol. See the preference command for information about preferences.

When more ECMP routes are available at the best preference than configured in max-ecmp-routes, then the lowest next-hop IP address algorithm is used to select the number of routes configured in max-ecmp-routes.

The no form of the command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the route with the lowest next-hop IP address is used.

Default

no ecmp

Parameters

max-ecmp-routes

specifies the maximum number of equal-cost routes allowed on this VPRN instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp.

Values

1 to 8

encryption-keygroup

Syntax

encryption-keygroup keygroup-id direction {inbound | outbound}

no encryption-keygroup direction {inbound | outbound}

Context

config>service>vprn

Description

This command is used to bind a key group to a VPRN service for inbound or outbound packet processing. When configured in the outbound direction, packets egressing the node use the active-outbound-sa associated with the key group configured. When configured in the inbound direction, received packets must be encrypted using one of the valid security associations configured for the key group.

The encryption (enabled or disabled) configured on an SDP used to terminate a Layer 3 spoke SDP of a VPRN always overrides any VPRN-level configuration for encryption.

Encryption is enabled after the outbound direction is configured.

The no form of the command removes the key group from the service in the specified direction (inbound or outbound).

Default

n/a

Parameters

keygroup-id

the number of the key group being configured

Values

1 to 15 or keygroup-name (up to 64 characters)

direction {inbound | outbound}

mandatory keywords when binding a key group to a service for a particular direction

entropy-label

Syntax

[no] entropy-label

Context

config>service>vprn

config>service>vprn>interface>spoke-sdp

Description

This command enables or disables the use of entropy labels for spoke SDPs on a VPRN.

If entropy-label is enabled, the entropy label and entropy label indicator (ELI) are inserted in packets for which at least one LSP in the stack for the far end of the tunnel used by the service has advertised entropy label capability.

If the tunnel type is RSVP-TE, entropy-label can also be controlled by disabling entropy-label-capability under the config>router>rsvp or config>router>mpls>lsp contexts at the far-end LER.

When the entropy-label and entropy-label-capability commands are both enabled, the entropy label value inserted at the iLER is always based on the service ID.

The entropy label and the hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.

Default

no entropy-label

grt-lookup

Syntax

grt-lookup

Context

config>service>vprn

Description

This command enters the context under which all GRT leaking commands are configured.

enable-grt

Syntax

[no] enable-grt

Context

config>service>vprn>grt-lookup

Description

This command enables the functions required for looking up routes in the GRT when the lookup in the local VRF fails. If this command is enabled without the use of the config>service>vprn>static-route-entry>grt command, a lookup in the local VRF is preferred over the GRT. When the local VRF returns no route table lookup matches, the result from the GRT is preferred.

The no form of this command disables the global routing table lookup function when the lookup in the local VRF fails.

Default

no enable-grt

allow-local-management

Syntax

[no] allow-local-management

Context

config>service>vprn>grt-lookup>enable-grt

Description

This command enables management traffic from GRT leaking-enabled VPRN instances to reach local interfaces in the base router instance. The local interfaces can be system IP interfaces or loopback interfaces. Management traffic is traffic generated by Telnet, SNMP, and SSH. For a complete list of supported management protocols, see  IPv4 and IPv6 GRT-Supported Management Protocols.

Ping and traceroute responses from the base router interfaces are supported but are not configurable. The allow-local-management command does not control the support for management protocols terminating on VPRN interfaces directly.

Default

no allow-local-management

export-grt

Syntax

export-grt policy-name [policy-name...(up to 5 max)]

no export-grt

Context

config>service>vprn>grt-lookup

Description

This command uses configured route policies to determine which routes are exported from the VRF to the GRT along with all the forwarding information.

On network egress, packets with a source IP address that matches the 7705 SAR system IP address and the destination IP address of the far-end node must perform a GRT lookup in order to be resolved. A route policy can be configured with the IP address prefix or loopback address of the far-end router and with the action to accept. This policy is configured under the config>router>policy-options context, and is installed in the GRT FIB using the export-grt command. The route installed in the GRT FIB will have a next hop of the IPSec tunnel.

Up to five policies can be exported to the GRT FIB.

The no form of the command restores the default of not exporting routes to the GRT FIB.

Default

no export-grt

Parameters

policy-name

the name of the route policy to be exported to the GRT FIB

export-limit

Syntax

export-limit num-routes

no export-limit

Context

config>service>vprn>grt-lookup

Description

This command limits the number of IPv4 routes that can exported from the VRF to the GRT. Setting the limit to 0 overrides the maximum limit. Setting the value to 0 does not limit the number of routes exported from the VRF to the GRT. Configuring the export-limit between 1 and 256 will limit the number of routes to the specified value.

The no form of the command resets the limit to the default of allowing five routes per route policy to be exported from the VRF to the GRT.

Default

5

Parameters

num-routes

the number of routes per policy to be exported to the GRT

Values

0 to 256

export-v6-limit

Syntax

export-v6-limit num-routes

no export-v6-limit

Context

config>service>vprn>grt-lookup

Description

This command limits the number of IPv6 routes that can be exported from the VRF to the GRT. Setting the limit to 0 overrides the maximum limit. Setting the value to 0 does not limit the number of routes exported from the VRF to the GRT. Configuring the export-limit between 1 and 256 will limit the number of routes to the specified value.

The no form of the command resets the limit to the default of allowing five routes per route policy to be exported from the VRF to the GRT.

Default

5

Parameters

num-routes

the number of IPv6 routes per policy to be exported to the GRT

Values

0 to 256

maximum-ipv6-routes

Syntax

maximum-ipv6-routes number [log-only] [threshold percent]

no maximum-ipv6routes

Context

config>service>vprn

Description

This command specifies the maximum number of IPv6 routes that can be held within a VPN virtual routing /forwarding (VRF) context. Local, host, static, and aggregate routes are not counted.

The VPRN service ID must be in a shutdown state before maximum-ipv6-routes command parameters can be modified.

If the log-only parameter is not specified and the maximum-ipv6-routes value is set to a value below the existing number of IPv6 routes in a VRF, then the extra IPv6 routes will not be added to the VRF.

The maximum IPv6 route threshold can dynamically change to increase the number of supported IPv6 routes even when the maximum has already been reached. Protocols will resubmit the IPv6 routes that were initially rejected.

The no form of the command disables any limit on the number of IPv6 routes within a VRF context. Issue the no form of the command only when the VPRN instance is shut down.

Default

no maximum-ipv6routes (0 or disabled)

Parameters

number

the maximum number of IPv6 routes to be held in a VRF context

Values

1 to 2147483647

log-only

specifies that if the maximum limit is reached, the event only will be logged. The log-only parameter does not disable the learning of new IPv6 routes.

percent

the percentage at which a warning log message and SNMP will be used. There are two warning levels: mid-level and high-level. A mid-level warning occurs when the threshold percent value is reached, and a high-level warning occurs at the halfway level between the maximum number of IPv6 routes and the percent value ([max + mid] / 2). For example, if the maximum-ipv6-routes number is 100, and percent is 60, then the mid-level warning occurs at 60 IPv6 routes, and the high-level warning occurs at 80 IPv6 routes.

Values

0 to 100

maximum-routes

Syntax

maximum-routes number [log-only] [threshold percent]

no maximum-routes

Context

config>service>vprn

Description

This command specifies the maximum number of IPv4 routes that can be held within a VPN virtual routing /forwarding (VRF) context. Local, host, static, and aggregate routes are not counted.

The VPRN service ID must be in a shutdown state before maximum-routes command parameters can be modified.

If the log-only parameter is not specified and the maximum-routes value is set to a value below the existing number of IPv4 routes in a VRF, then the extra IPv4 routes will not be added to the VRF.

The maximum IPv4 route threshold can dynamically change to increase the number of supported IPv4 routes even when the maximum has already been reached. Protocols will resubmit the IPv4 routes that were initially rejected.

The no form of the command disables any limit on the number of IPv4 routes within a VRF context. Issue the no form of the command only when the VPRN instance is shut down.

Default

no maximum-routes (0 or disabled)

Parameters

number

the maximum IPv4 number of routes to be held in a VRF context

Values

1 to 2147483647

log-only

specifies that if the maximum limit is reached, the event only will be logged. The log-only parameter does not disable the learning of new routes.

percent

the percentage at which a warning log message and SNMP will be used. There are two warning levels: mid-level and high-level. A mid-level warning occurs when the threshold percent value is reached, and a high-level warning occurs at the halfway level between the maximum number of IPv4 routes and the percent value ([max + mid] / 2). For example, if the maximum-routes number is 100, and percent is 60, then the mid-level warning occurs at 60 IPv4 routes, and the high-level warning occurs at 80 IPv6 routes.

Values

0 to 100

route-distinguisher

Syntax

route-distinguisher [rd]

no route-distinguisher

Context

config>service>vprn

Description

This command sets the identifier that gets attached to routes to which the VPN belongs. Each routing instance must have a unique (within the carrier’s domain) route distinguisher associated with it. A route distinguisher must be defined for a VPRN to be operationally active.

AS numbers can be either 2-byte or 4-byte values.

Default

no route-distinguisher

Parameters

rd

the route distinguisher value

Values

ip-addr:comm-val | 2byte-asnumber:ext-comm-val | 4-byte-asnumber:comm-val

where

ip-addr: a.b.c.d

comm-val : 0 to 65535

2-byte-asnumber : 1 to 65535

ext-comm-val : 0 to 4294967295

4-byte-asnumber: 1 to 4294967295

router-id

Syntax

router-id ip-address

no router-id

Context

config>service>vprn

config>service>vprn>bgp

Description

This command sets the router ID for a specific VPRN context.

If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.

The no form of the command removes the router ID definition from the given VPRN context.

Default

no router-id

Parameters

ip-address

the IP address, in dotted-decimal notation

Values

a.b.c.d

service-name

Syntax

service-name service-name

no service-name

Context

config>service>vprn

Description

This command configures a service name that can be used for reference in configuration and show commands.

Parameters

service-name

up to 64 characters

sgt-qos

Syntax

sgt-qos

Context

config>service>vprn

Description

This command enables the context to configure DSCP/dot1p re-marking for self-generated traffic.

application

Syntax

application dscp-app-name dscp {dscp-value | dscp-name} [fc-queue fc-name profile {in | out}]

application dot1p-app-name dot1p {dot 1p-priority} [fc-queue fc-name profile {in | out}]

no application {dscp-app-name | dot1p-app-name}

Context

config>service>vprn>sgt-qos

Description

This set of commands configures DSCP marking for self-generated IP traffic or dot1p marking for self-generated non-IP traffic (specifically, IS-IS and ARP traffic).

When an IP or Layer 3 application is configured using the dscp-app-name parameter, the specified DSCP name or DSCP value is used for all packets generated by this application within the router instance in which it is configured. The value set in this command sets the DSCP value in the egress IP header. The egress QoS policy will not overwrite this value.

When a Layer 2 application is configured using the dot1p-app-name parameter, the specified dot1p priority value is used for all packets generated by this application within the router instance in which it is configured.

Only one name or value can be configured per application. If multiple entries are configured, a subsequent entry overrides the previously configured entry.

The fc-queue option redirects SGT applications to egress data queues rather than the default control queue by assigning them to a forwarding class. If this option is configured, the profile state must be set. All packets that are assigned to this forwarding class will be considered in-profile or out-of-profile based on the configuration. In case of congestion, the in-profile packets are preferentially queued over the out-of-profile packets.

If the fc-queue option is used with the dscp-app-name application, any configuration done using the sgt-qos>dscp command is ignored for packets generated by this application, as illustrated in the following examples:

sgt-qos>application telnet dscp cp1

sgt-qos>dscp cp1 fc af

sgt-qos>application ftp dscp cp1 fc-queue be profile out

sgt-qos>dscp cp1 fc af

In the first example, all packets generated by the Telnet application use DSCP CP1 and map to FC AF as configured in the dscp command. The dot1p bits of the outgoing packets are marked from the value that FC AF points to in the egress QoS policy.

In the second example, all packets generated by the FTP application use DSCP CP1 and map to FC BE as dictated by the fc-queue redirection. The dot1p bits of the outgoing packets are marked from the value that FC BE points to in the egress QoS policy. Because redirection is configured, the mapping configured with the dscp command is ignored.

Note: The above behavior applies to all SGT IP applications with the exception of VRRP, where the dot1p value is always set to 7, regardless of the value in the FC egress QoS policy.

If the fc-queue option is used with the dot1p-app-name application, the dot1p bits of the outgoing packets are marked with the value set with the dot1p-priority parameter, regardless of the value in the FC egress queue policy.

The no form of this command resets the DSCP or dot1p value for the application to its default value and resets the application to use the egress control queue.

Default

n/a

Table 1. Applications and Support for Configurable DSCP or dot1p Markings

Application

Supported Marking

Default DSCP/dot1p

ARP

dot1p

7

IS-IS

dot1p

7

BGP

DSCP

NC1

DHCP

DSCP

NC1

DNS

DSCP

AF41

FTP

DSCP

AF41

ICMP (ping)

DSCP

BE

IGMP

DSCP

NC1

LDP (T-LDP)

DSCP

NC1

MLD

DSCP

NC1

NDIS

DSCP

NC1

NTP

DSCP

NC1

OSPF

DSCP

NC1

PIM

DSCP

NC1

1588 PTP

DSCP

NC1

RADIUS

DSCP

AF41

RIP

DSCP

NC1

RSVP

DSCP

NC1

SNMP (get, set, etc.)

DSCP

AF41

SNMP trap/log

DSCP

AF41

SSH (SCP)

DSCP

AF41

syslog

DSCP

AF41

TACACS+

DSCP

AF41

Telnet

DSCP

AF41

TFTP

DSCP

AF41

Traceroute

DSCP

BE

VRRP

DSCP

NC1

Parameters

dscp-app-name

the DSCP application name

Values

bgp, dhcp, dns, ftp, icmp, igmp, ldp, mld, ndis, ntp, ospf, pim, ptp, radius, rip, rsvp, snmp, snmp-notification, ssh, syslog, tacplus, telnet, tftp, traceroute, vrrp

Note:

  • PTP in the context of SGT QoS is defined as Precision Timing Protocol and is an application in the 7705 SAR. The PTP application name is also used in areas such as event-control and logging. Precision Timing Protocol is defined in IEEE 1588-2008.

  • PTP in the context of IP filters is defined as Performance Transparency Protocol. IP protocols can be used as IP filter match criteria; the match is made on the 8-bit protocol field in the IP header.

dscp-value

the value that maps to the DSCP name (the value none specifies that the default DSCP value for the application be used; see Applications and Support for Configurable DSCP or dot1p Markings)

Values

none | 0 to 63

dscp-name

the DSCP to be associated with the forwarding class. Valid DSCP Names lists the valid DSCP names.

dot1p-app-name

the dot1p application name

Values

arp, isis

dot1p-priority

the dot1p priority (the value none specifies that the default dot1p value for the application be used; see Applications and Support for Configurable DSCP or dot1p Markings)

Values

none | 0 to 7

fc-name

the forwarding class assigned to SGT applications redirected to data queues

Values

be, l2, af, l1, h2, ef, h1, nc

profile {in | out}

the profile state of packets assigned to the specified forwarding class; this parameter must be specified when the fc-queue parameter is configured

dscp

Syntax

dscp dscp-name fc fc-name

no dscp dscp-name

Context

config>service>vprn>sgt-qos

Description

This command creates a mapping between the DSCP of the self-generated traffic and the forwarding class. The forwarding class dot1p SAP egress QoS policy mapping is used to mark the dot1p bits of the Layer 3 or IP application. For example, configuring the dscp-name parameter as be and the fc-name parameter as l1 results in marking the dot1p bits of the outgoing Ethernet frame, which is transporting self-generated IP traffic with DSCP bits set to BE, to the value that FC L1 points to in the SAP egress QoS policy (as configured in the config>qos>sap-egress>fc context).

Note: The dot1p class of service may not apply to all IP traffic and is dependent on the egress port encapsulation type.

Based on this configured FC, the SAP egress QoS policy for the egress forwarding complex sets the IEEE 802.1 dot1p bits.

Multiple commands can be entered to associate some or all of the 64 DSCP values with the forwarding class. For undefined code points, packets are assigned to the default forwarding class for the DSCP value. DSCP-to-Default Forwarding Class Mapping lists the default forwarding class for each DSCP value.

The no form of the command resets the DSCP value to its default forwarding class.

Note: If the fc-queue option is configured in the sgt-qos>application dscp-app-name command, the mapping created with this command is ignored for packets generated by the applications that are configured with the option.
Table 2. DSCP-to-Default Forwarding Class Mapping

DSCP Value

Default FC

be

nc

cp1

be

cp2

be

cp3

be

cp4

be

cp5

be

cp6

be

cp7

be

cs1

be

cp9

be

af11

af

cp11

be

af12

af

cp13

be

af13

af

cp15

be

cs2

be

cp17

be

af21

l1

cp19

be

af22

l1

cp21

be

af23

l1

cp23

be

cs3

be

cp25

be

af31

l1

cp27

be

af32

l1

cp29

be

af33

l1

cp31

be

cs4

be

cp33

be

af41

nc

cp35

be

af42

h2

cp37

be

af43

h2

cp39

be

cs5

be

cp41

be

cp42

be

cp43

be

cp44

be

cp45

be

ef

ef

cp47

be

nc1

nc

cp49

be

cp50

h2

cp51

be

cp52

be

cp53

be

cp54

be

cp55

be

nc2

nc

cp57

be

cp58

be

cp59

be

cp60

be

cp61

be

cp62

be

cp63

be

Default

See DSCP-to-Default Forwarding Class Mapping for the default forwarding class for each DSCP value.

Parameters

dscp-name

the DSCP name to be associated with the forwarding class. DSCP can only be specified by its name and only an existing value can be specified. The software provides names for the well-known code points.

Values

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

fc-name

the forwarding class name. All packets with a DSCP value or MPLS EXP bits that are not defined will be placed in this forwarding class.

Values

be, l2, af, l1, h2, ef, h1, nc

snmp-community

Syntax

snmp-community community-name [hash | hash2] [version SNMP-version]

no snmp-community community-name [hash | hash2]

Context

config>service>vprn

Description

This command sets the SNMP community name to be used with the associated VPRN instance. If an SNMP community name is not specified, SNMP access is not allowed.

The no form of the command removes the SNMP community name from the given VPRN context.

Default

n/a

Parameters

community-name

one or more SNMP community names

Values

community-name: 32 characters (max)

hash-key: 33 characters (max)

hash2-key: 96 characters (max)

hash, hash2

the hashing scheme for the community name

SNMP-version

the SNMP version

Values

v1, v2c, both

source-address

Syntax

source-address

Context

config>service>vprn

Description

This command enters the context to specify the source address and application that should be used in all unsolicited packets.

application

Syntax

application app {[ping | ptp | ssh | telnet | traceroute]} | {[ip-int-name | ip-address]}

no application app {[ping | ptp | ssh | telnet | traceroute]}

Context

config>service>vprn>source-address

Description

This command configures the application to use the IPv4 source address.

The no form of the command removes the application name from using the IPv4 source address.

Parameters

app

the application name

Values

ping, ptp, ssh, telnet, traceroute

ip-int-name | ip-address

the name of the IPv4 interface or IPv4 address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

Values

ip-int-name: up to 32 alphanumeric characters

ip-address: a.b.c.d

application6

Syntax

application6 app {[ping | telnet | ssh | traceroute]} | ipv6-address

no application6 app {[ping | telnet | ssh | traceroute]}

Context

config>service>vprn>source-address

Description

This command configures the application to use the IPv6 source address.

The no form of the command removes the application name from using the IPv6 source address.

Parameters

app

the application name

Values

ping, telnet, ssh, traceroute

ipv6-address

the IPv6 address

Values

ipv6-address:

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255] D

spoke-sdp

Syntax

[no] spoke-sdp sdp-id

Context

config>service>vprn

Description

This command binds a service to an existing Service Distribution Point (SDP).

The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPRN service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id exists, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end routers can participate in the service. Alternatively, the auto-bind feature can be used. With auto-bind-tunnel, no vprn>spoke-sdp configuration is required. When both auto-bind-tunnel and spoke-sdp are configured, spoke-sdp takes precedence. The spoke-sdp configuration must be deconfigured for the auto-bind feature to take effect.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service is affected. Once the SDP is removed, no packets are forwarded to the far-end router.

Default

n/a

Special Cases

VPRN

several SDPs can be bound to a VPRN service. Each SDP must be destined for a different 7705 SAR or 7750 SR router. If two sdp-id bindings terminate on the same 7705 SAR, an error occurs and the second SDP binding is rejected.

Parameters

sdp-id

the SDP identifier

Values

1 to 17407

static-route-entry

Syntax

static-route-entry {ip-prefix/prefix-length}

no static-route-entry {ip-prefix/prefix-length}

Context

config>service>vprn

Description

This command creates a static route entry within the associated router instance. A prefix and prefix length must be specified.

Once the static route context for the specified prefix and length has been created, additional parameters associated with the static routes may be specified.

When configuring a static route, multiple types of static routes (blackhole, grt, indirect, ipsec-tunnel, and next-hop) can be applied to the same IPv4 or IPv6 prefix. If a static route that is forwarding traffic goes down, the default route will be used instead. The preference parameter specifies the order in which the routes are applied. If a blackhole static route has the same preference as another route with the same prefix, the blackhole route takes a lower precedence.

Before the static route entry can be deleted, the next hops associated with the prefix must be shut down and deleted.

The no form of the command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, as many parameters as are necessary to uniquely identify the static route must be entered.

Default

no static-route-entry

Parameters

ip-prefix/prefix-length

the destination address of the static route

Values

ipv4-address

a.b.c.d (host bits must be 0)

ipv4-prefix-length 0 to 30

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length 0 to 128

black-hole

Syntax

[no] black-hole

Context

config>service>vprn>static-route-entry

Description

This command specifies that the route is a blackhole route. If the destination address on a packet matches this static route, it will be silently discarded.

If the static route is configured with the same destination address and subnet mask as a previously configured static route, the newly configured route replaces the previous one, and unless specified, the defaults for preference and metric are applied.

Before the static route entry can be deleted, the next hops associated with the prefix must be shut down and deleted.

Default

no black-hole

metric

Syntax

[no] metric metric

Context

config>service>vprn>static-route-entry>black-hole

config>service>vprn>static-route-entry>grt

config>service>vprn>static-route-entry>indirect

config>service>vprn>static-route-entry>ipsec-tunnel

config>service>vprn>static-route-entry>next-hop

Description

This command specifies the cost (metric) for the static route, expressed as a decimal integer. This value is used when importing the static route into other protocols such as OSPF. When modifying the metric of an existing static route, the preference will not change unless specified.

This value is also used to determine which static route to install in the forwarding table.

  • If there are multiple static routes with the same preference but different metrics, the lower-cost (lower metric) route will be installed.

  • If there are multiple static routes with equal preference and metrics, the 7705 SAR chooses the route with the lowest next-hop IP address as the best route.

  • If there are multiple routes with unequal preferences, the lower preference route is installed.

The no form of this command returns the metric to the default value.

Default

no metric

Parameters

metric

the metric value

Values

0 to 65535

Default

1

preference

Syntax

preference preference

no preference

Context

config>service>vprn>static-route-entry>black-hole

config>service>vprn>static-route-entry>grt

config>service>vprn>static-route-entry>indirect

config>service>vprn>static-route-entry>ipsec-tunnel

config>service>vprn>static-route-entry>next-hop

Description

This command specifies the preference of this static route over routes from different sources such as BGP or OSPF. The preference is expressed as a decimal integer. A route with a lower preference value is preferred over a route with a higher preference value.

When modifying the preference value of an existing static route, the metric will not change unless specified. The preference command is also used to prioritize static routes applied to the same prefix. If a blackhole static route has the same preference as another route with the same prefix, the blackhole route takes a lower precedence.

If multiple routes are learned with an identical preference using the same protocol, the lowest-cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the ecmp command.

Default Route Preference shows the default route preference based on the route source.

Table 3. Default Route Preference

Label

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

OSPF internal routes

10

Yes

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

The no form of this command returns the static route preference to its default value.

Default

5

Parameters

preference

the route preference value

Values

1 to 255

prefix-list

Syntax

[no] prefix-list prefix-list-name {all | none}

Context

config>service>vprn>static-route-entry>black-hole

config>service>vprn>static-route-entry>indirect

config>service>vprn>static-route-entry>next-hop

Description

This command adds a constraint to the static route such that the static route is only active if none or all of the prefixes in the prefix list are present and active in the route table.

Default

no prefix-list

Parameters

prefix-list-name

the name of a currently configured prefix list

all

specifies that the static route condition is met if all prefixes in the prefix list are present in the active route table

none

specifies that the static condition is met if none of the prefixes in the prefix list are present in the active route table

tag

Syntax

[no] tag tag

Context

config>service>vprn>static-route-entry>black-hole

config>service>vprn>static-route-entry>indirect

config>service>vprn>static-route-entry>ipsec-tunnel

config>service>vprn>static-route-entry>next-hop

Description

This command adds a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols.

Default

1

Parameters

tag

specifies an integer tag value

Values

1 to 4294967295

grt

Syntax

[no] grt

Context

config>service>vprn>static-route-entry

Description

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingresses through a VPRN service to be routed out of the global routing context.

The grt type of next hop cannot be used in conjunction with any other next-hop types.

Default

no grt

indirect

Syntax

[no] indirect ip-address

Context

config>service>vprn>static-route-entry

Description

This command specifies that the route is indirect and specifies the next-hop IP address used to reach the destination.

The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only be resolved via a dynamic routing protocol. Another static route cannot be used to resolve the indirect address.

The ip-address can be either on the network side or the access side and is typically at least one hop away from the node.

Default

no indirect

Parameters

ip-address

the IP address of the IP interface

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

cpe-check

Syntax

[no] cpe-check cpe-ip-address

Context

config>service>vprn>static-route-entry>indirect

config>service>vprn>static-route-entry>next-hop

Description

This command enables CPE connectivity check and specifies the IP address of the target CPE device. ICMP pings will be sent to this target IP address. This parameter must be configured to enable the CPE connectivity feature for the static route. The cpe-ip-address cannot be in the same subnet as the static route subnet to avoid possible circular references. CPE check and BFD support are mutually exclusive on a static route.

If a CPE connectivity check target address is already being used as the target address in a different static route, cpe-check parameters must match. If they do not match, the new configuration command will be rejected.

If a static-route-entry>indirect command or static-route-entry>next-hop command is issued with no cpe-check target but the destination prefix/prefix-length and the next hop match a static route that has an associated cpe-check, the cpe-check test is removed from the static route.

The no form of this command disables the cpe-check option.

Default

no cpe-check

Parameters

cpe-ip-address

the IP address of the CPE device

Values

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

drop-count

Syntax

drop-count count

no drop-count

Context

config>service>vprn>static-route-entry>indirect>cpe-check

config>service>vprn>static-route-entry>next-hop>cpe-check

Description

This command specifies the number of consecutive ping replies that must be missed in order to declare the CPE down and to deactivate the static route.

Default

3

Parameters

count

an integer count value

Values

1 to 255

interval

Syntax

interval seconds

no interval

Context

config>service>vprn>static-route-entry>indirect>cpe-check

config>service>vprn>static-route-entry>next-hop>cpe-check

Description

This command specifies the interval, in seconds, between ICMP pings to the target IP address.

Default

1

Parameters

seconds

an integer interval value

Values

1 to 255

log

Syntax

[no] log

Context

config>service>vprn>static-route-entry>indirect>cpe-check

config>service>vprn>static-route-entry>next-hop>cpe-check

Description

This command enables the logging of transitions between active and inactive routes based on the CPE connectivity check. Events will be sent to the system log, syslog, and SNMP traps.

Default

no log

ipsec-tunnel

Syntax

[no] ipsec-tunnel ipsec-tunnel-name

Context

config>service>vprn>static-route-entry

Description

This command creates a static route in a VPRN service context that points to an IPSec tunnel.

If a static route is configured with the same destination address, subnet mask, and IPSec tunnel name as a previously configured static route, the newly configured route replaces the previous one, and unless specified, the default values for the preference and metric commands are applied.

Default

no ipsec-tunnel

Parameters

ipsec-tunnel-name

the IPSec tunnel name; the IPSec tunnel specifies the local and peer gateway addresses for the tunnel

next-hop

Syntax

[no] next-hop {ip-int-name | ip-address | ipv6-address}

Context

config>service>vprn>static-route-entry

Description

This command specifies the directly connected next-hop IP address or interface used to reach the destination. If the next hop is over an unnumbered interface, the interface name of the unnumbered interface can be used.

The configured ip-address can be either on the network side or the access side on the node. The address must be associated with a network that is directly connected to a network configured on the node.

Default

no next-hop

Parameters

ip-int-name, ip-address, ipv6-address

the IP interface name, IPv4 address, or IPv6-address

Values

ip-int-name

32 characters max

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

bfd-enable

Syntax

[no] bfd-enable

Context

config>service>vprn>static-route-entry>next-hop

Description

This command associates the static route state with a BFD session between the local system and the configured next hop. The remote end of the BFD session must also be configured to originate or accept the BFD session controlling the static route state.

The no form of this command removes the association of the static route state with the BFD session.

Default

no bfd-enable

type

Syntax

type hub

no type

Context

config>service>vprn

Description

This command designates the type of VPRN instance being configured for hub and spoke topologies.

The no form of the command resets to the default of a fully meshed VPRN.

Default

no type

Parameters

hub

a hub VPRN, which allows all traffic from the hub SAP to be routed directly to the destination, while all traffic from spoke VPRNs or network interfaces can only be routed to a hub SAP

vrf-export

Syntax

vrf-export policy-name [policy-name...(up to 5 max)]

no vrf-export

Context

config>service>vprn

Description

This command specifies the export policies to control routes exported from the local VPN virtual routing/ forwarding table (VRF) to other VRFs on the same or remote PE routers (via MP-BGP). The policy (and policy-name) are defined under the config>router>policy-options>policy-statement command.

Aggregate routes are not advertised via MP-BGP protocols to the other MP-BGP peers.

The no form of the command removes all route policy names from the export list.

Default

n/a

Parameters

policy-name

the route policy statement name (up to 32 characters)

vrf-import

Syntax

vrf-import policy-name [policy-name...(up to 5 max)]

no vrf-import

Context

config>service>vprn

Description

This command sets the import policies to control routes imported to the local VPN virtual routing/ forwarding table (VRF) from other VRFs on the same or remote PE routers (via MP-BGP). BGP-VPN routes imported with a vrf-import policy will use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs on the same router, unless the preference is changed by the policy.

The no form of the command removes all route policy names from the import list.

Default

n/a

Parameters

policy-name

the route policy statement name (up to 32 characters)

vrf-target

Syntax

vrf-target {ext-community | {[export ext-community] [import ext-community]}}

no vrf-target

Context

config>service>vprn

Description

This command facilitates a simplified method to configure the route target to be added to advertised routes or compared against received routes from other VRFs on the same or remote PE routers (via MP-BGP).

BGP-VPN routes imported with a vrf-target statement will use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs in the same router.

Specified vrf-import or vrf-export policies override the vrf-target policy.

The no form of the command removes the route target from the VRF.

Default

no vrf-target

Parameters

ext-community

an extended BGP community in the type:x:y format.

Values

ip-addr:comm-val | 2byte-asnumber:ext-comm-val | 4-byte-asnumber: comm-val

where

ip-addr : a.b.c.d

comm-val : 0 to 65535

2-byte-asnumber : 0 to 65535

ext-comm-val : 0 to 4294967295

4-byte-asnumber: 0 to 4294967295

export ext-community

communities allowed to be sent to remote PE neighbors

import ext-community

communities allowed to be accepted from remote PE neighbors

weighted-ecmp

Syntax

[no] weighted-ecmp

Context

config>service>vprn

Description

This command enables weighted load-balancing for OSPF ECMP routes for the VPRN instance. Weighted ECMP can be performed when all next hops are configured with non-zero load-balancing weights.

The no form of this command restores regular ECMP spraying of packets to OSPF route destinations.

Default

no weighted-ecmp

BGP Commands

bgp

Syntax

[no] bgp

Context

config>service>vprn

Description

This command enables the BGP protocol on the VPRN service.

The no form of this command disables the BGP protocol on the VPRN service.

Default

no bgp

advertise-inactive

Syntax

[no] advertise-inactive

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables the advertising of inactive BGP routes to other BGP peers. By default, BGP only advertises BGP routes to other BGP peers if a given BGP route is chosen by the route table manager as the most preferred route within the system and is active in the forwarding plane. This command allows system administrators to advertise a BGP route even though it is not the most preferred route within the system for a given destination.

The no form of this command disables the advertising of inactive BGP routes to other BGP peers.

Default

no advertise-inactive

aggregator-id-zero

Syntax

[no] aggregator-id-zero

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command is used to set the router ID in the BGP aggregator path attribute to 0 when BGP aggregates routes. This prevents different routers within an AS from creating aggregate routes that contain different AS paths.

When BGP is aggregating routes, it adds the aggregator path attribute to the BGP Update messages. By default, BGP adds the AS number and router ID to the aggregator path attribute.

When this command is enabled, BGP adds only the router ID (set to 0) to the aggregator path attribute. This command is used at the group level to revert to the value defined under the global level, and this command is used at the neighbor level to revert to the value defined under the group level.

The no form of the command used at the global level reverts to the default, where BGP adds the AS number and router ID to the aggregator path attribute.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no aggregator-id-zero

as-override

Syntax

[no] as-override

Context

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command replaces all instances of the peer's AS number with the local AS number in a BGP route's AS path.

This command breaks the BGP loop detection mechanism. It should be used carefully.

Default

no as-override

auth-keychain

Syntax

auth-keychain name

no auth-keychain

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command associates an authentication keychain with the BGP protocol. The keychain is a collection of keys used to authenticate BGP messages from remote neighbors. The keychain allows the rollover of authentication keys during the lifetime of a session and also supports stronger authentication algorithms than clear text and MD5.

The keychain must already be defined in the config>system>security>keychain context.

Either the authentication-key command or the auth-keychain command can be used by BGP, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.

By default, authentication is not enabled.

Default

no auth-keychain

Parameters

name

the name of an existing keychain, up to 32 characters

authentication-key

Syntax

authentication-key {authentication-key | hash-key} [hash | hash2]

no authentication-key

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the BGP authentication key.

Authentication is performed between neighboring routers before setting up the BGP session by verifying the password. Authentication is performed using the MD5 message-based digest.

The authentication key can be any combination of ASCII characters up to 255 characters long.

Either the authentication-key command or the auth-keychain command can be used by BGP, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.

The no form of the command removes the authentication password from the configuration and effectively disables authentication.

Default

Authentication is disabled and the authentication password is empty.

Parameters

authentication-key

the authentication key. The key can be any combination of ASCII characters up to 255 characters in length (unencrypted). If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).

hash-key

the hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”). This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash

specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2

specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

backup-path

Syntax

[no] backup-path [ipv4] [ipv6]

Context

config>service>vprn>bgp

Description

This command enables BGP Fast Reroute (FRR) with Prefix-Independent Convergence (PIC), allowing for the creation of a backup path for IPv4 or IPv6 BGP learned prefixes belonging to a VPRN. Multiple paths must be received for a prefix in order to take advantage of this feature.

When a prefix has a backup path, and its primary paths fail, the affected traffic is rapidly diverted to the backup path without waiting for control plane reconvergence to occur. The time to reroute the traffic is independent of the number of prefixes sharing the primary or backup paths.

The no form of the command disables BGP FRR with PIC.

Default

no backup-path

Parameters

ipv4

enables a backup path for IPv4 BGP learned prefixes

ipv6

enables a backup path for IPv6 BGP learned prefixes

best-path-selection

Syntax

best-path-selection

Context

config>service>vprn>bgp

Description

This command enables path selection configuration.

always-compare-med

Syntax

always-compare-med [zero | infinity]

always-compare-med strict-as [zero | infinity]

no always-compare-med

Context

config>service>vprn>bgp>path-selection

Description

This command specifies how the Multi-Exit Discriminator (MED) path attribute is used in the BGP route selection process.

If this command is used without the strict-as option, the MEDs of two paths are always compared even if the paths have a different neighbor AS.

If the strict-as option is used, the MEDs of two paths are compared only if they come from the same neighboring AS.

The zero and infinity options specify how to treat paths that do not have a MED attribute; for example, always-compare-med zero means that if one path is missing a MED attribute, it is treated as though it had a MED attribute with the value of 0. If neither option is specified, the zero option is implied.

The no form of the command means that only the MEDs of paths that have the same neighbor AS are compared.

Default

no always-compare-med

Parameters

zero

specifies that for routes learned without a MED attribute, a zero (0) value is used in the MED comparison. The routes with the lowest metric are the most preferred.

infinity

specifies that for routes learned without a MED attribute, a value of infinity (4294967295) is used in the MED comparison. This, in effect, makes these routes the least desirable.

strict-as

specifies that the MEDs of two paths are compared only if they come from the same neighboring AS

as-path-ignore

Syntax

as-path-ignore [ipv4] [ipv6]

no as-path-ignore

Context

config>service>vprn>bgp>path-selection

Description

This command determines whether the AS path is used to determine the best BGP route.

If this command is enabled, the AS paths of incoming routes are not used in the route selection process.

When as-path-ignore is used without specifying one or more keywords, then all keywords are configured. When one or more keywords are specified, then only those keywords are configured.

The no form of the command means that the AS paths of incoming routes are used to determine the best BGP route.

Default

no as-path-ignore

Parameters

ipv4

specifies support for IPv4 routes

ipv6

specifies support for IPv6 routes

bfd-enable

Syntax

[no] bfd-enable

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables the use of bidirectional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for BFD are set via the BFD command under the IP interface.

The no form of this command removes BFD from the associated BGP protocol peering.

Default

no bfd-enable

connect-retry

Syntax

connect-retry seconds

no connect-retry

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the BGP connect retry timer value in seconds. When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

120 s

Parameters

seconds

the BGP connect retry timer value, in seconds, expressed as a decimal integer

Values

1 to 65535

damping

Syntax

[no] damping

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables BGP damping for learned routes that are defined within the VPRN service. Damping parameters are set at the route policy level. See the 7705 SAR Router Configuration Guide, ‟Route Policy Command Reference”.

The no form of the command disables learned route damping.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no damping

disable-communities

Syntax

disable-communities [standard] [extended]

no disable-communities

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures BGP to disable sending communities.

Default

no disable-communities

Parameters

standard

specifies standard communities that existed before VPRNs or RFC 2547

extended

specifies BGP communities that were expanded after the concept of RFC 2547 was introduced, to include handling the route target in the VRF

disable-fast-external-failover

Syntax

[no] disable-fast-external-failover

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures BGP fast external failover.

For EBGP neighbors, fast external failover controls whether the router should drop an EBGP session immediately upon an interface-down event, or whether the BGP session is kept up until the hold-time expires.

When fast external failover is disabled, the EBGP session stays up until the hold-time expires or the interface comes back up again. If the BGP routes become unreachable as a result of the interface going down, they are immediately withdrawn from other peers.

Default

no disable-fast-external-failover

dynamic-neighbor

Syntax

dynamic-neighbor

Context

config>service>vprn>bgp>group

Description

This command enables the context to configure dynamic BGP sessions for a peer group.

prefix

Syntax

[no] prefix ip-prefix/ip-prefix-length

Context

config>service>vprn>bgp>group>dynamic-neighbor

Description

This command configures a prefix to accept dynamic BGP sessions, which are sessions from source IP addresses that do not match any configured (static) neighbor addresses. A dynamic session is associated with the group having the longest-match prefix entry for the source IP address of the peer. There is no limit on the number of prefixes that can be configured. The group association determines local parameters that apply to the session, including the local AS, local IP address, MP-BGP families, and import and export policies.

The no form of this command removes a prefix entry.

Default

none

Parameters

ip-prefix/ip-prefix-length

specifies a prefix from which to accept dynamic BGP sessions

Values

ipv4-prefix — a.b.c.d (host bits must be 0)

ipv4-prefix-length — 0 to 32

ipv6-prefix — x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x — [0 to FFFF]H

d — [0 to 255]D

ipv6-prefix-length — 0 to 128

dynamic-neighbor-limit

Syntax

dynamic-neighbor-limit peers

no dynamic-neighbor-limit

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

Description

This command configures the maximum number of dynamic BGP sessions that will be accepted from remote peers associated with the global BGP instance or a specific peer group. If accepting a new dynamic session would cause either the group limit or the global limit to be exceeded, the new session attempt is rejected and a notification message is sent back to the remote peer.

The no form of this command removes the limit on the number of dynamic sessions.

Default

no dynamic-neighbor-limit

Parameters

peers

specifies the maximum number of dynamic BGP sessions

Values

1 to 8192

enable-bgp-vpn-backup

Syntax

[no] enable-bgp-vpn-backup [ipv4] [ipv6]

Context

config>service>vprn>bgp

Description

This command allows BGP-VPN routes imported into the VPRN to be used as backup paths for IPv4 or IPv6 BGP learned prefixes.

Parameters

ipv4

allow BGP-VPN routes to be used as backup paths for IPv4 prefixes

ipv6

allow BGP-VPN routes to be used as backup paths for IPv6 prefixes

enable-peer-tracking

Syntax

[no] enable-peer-tracking

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables BGP peer tracking. BGP peer tracking allows a BGP peer to be dropped immediately if the route used to resolve the BGP peer address is removed from the IP routing table and there is no alternative available. The BGP peer will not wait for the hold timer to expire; therefore, the BGP reconvergence process is accelerated.

The no form of the command disables peer tracking.

Default

no enable-peer-tracking

error-handling

Syntax

error-handling

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables the context to configure BGP error handling.

legacy-mode

Syntax

[no] legacy-mode

Context

config>service>vprn>bgp>error-handling

Description

This command configures the legacy fault tolerance mode for BGP error handling. When enabled, configuration for fault tolerance can be enabled or disabled at the BGP global, group, or neighbor level and applied to sessions at that level with the update-fault-tolerance command. When disabled, update-fault-tolerance configurations are ignored and updated fault protection is automatically applied to all BGP sessions.

Default

no legacy-mode

update-fault-tolerance

Syntax

[no] update-fault-tolerance

Context

config>service>vprn>bgp>error-handling

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables updated fault tolerance for handling a wide range of BGP Update message errors. When enabled, the system uses the 'treat-as-withdraw' and other similarly non-disruptive error handling as described in RFC 7606 as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed. If the legacy-mode command is disabled, the update-fault-tolerance configuration is ignored and updated fault tolerance is automatically applied to all BGP sessions.

Default

no update-fault-tolerance

export

Syntax

export policy-name [policy-name…(up to 5 max)]

no export

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command specifies the export policies used to control routes advertised to BGP neighbors. Route policies are configured in the config>router>policy-options context. See the section on ‟Route Policy” in the 7705 SAR Router Configuration Guide.

When multiple policy names are specified, the policies are evaluated in the order in which they are specified. A maximum of five (5) policy names can be configured. The first policy that matches is applied.

If a non-existent route policy is applied to a VPRN instance, the CLI generates a warning message. This message is only generated during an interactive CLI session. No warning message is generated when a non-existent route policy is applied to a VPRN instance in a configuration file or when SNMP is used.

The no form of this command removes all route policy names from the export list.

Default

no export—BGP routes are advertised and non-BGP routes are not advertised

Parameters

policy-name

the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

family

Syntax

family [ipv4] [ipv6]

no family

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command specifies the address families to be negotiated with one or more multiprotocol BGP peers of the VPRN.

The no form of this command removes the specified address family from the associated BGP sessions.

Default

ipv4

Parameters

ipv4

provisions IPv4 support

ipv6

provisions IPv6 support

graceful-restart

Syntax

[no] graceful-restart

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables graceful restart for BGP in the VPRN context. If the control plane of a GR-capable router fails, the VPRN BGP peers (GR helpers) temporarily preserve neighbor information, so packets continue to be forwarded through the failed GR router using the last known routes. The helper state remains until the peer completes its restart or exits if the GR timer value is exceeded.

The 7705 SAR acts as a GR helper; it does not request graceful restart but agrees to graceful restart requests from a peer.

The no form of the command disables graceful restart and removes all graceful restart configurations in the VPRN BGP instance.

Default

no graceful-restart

stale-routes-time

Syntax

stale-routes-time time

no stale-routes-time

Context

config>service>vprn>bgp>graceful-restart

config>service>vprn>bgp>group>graceful-restart

config>service>vprn>bgp>group>neighbor>graceful-restart

Description

This command configures the maximum amount of time in seconds that stale routes should be maintained after a graceful restart is initiated.

The no form of the command resets the stale routes time back to the default value.

Default

360 s

Parameters

time

the amount of time that stale routes should be maintained after a graceful restart is initiated

Values

1 to 3600 s

group

Syntax

[no] group name

Context

config>service>vprn>bgp

Description

This command creates a context to configure a BGP peer group.

The no form of the command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.

Default

no group—no peer groups are defined

Parameters

name

the peer group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

neighbor

Syntax

[no] neighbor ip-address

Context

config>service>vprn>bgp>group

Description

This command creates a BGP peer/neighbor instance within the context of the BGP group.

This command can be issued repeatedly to create multiple peers and their associated configurations.

The no form of the command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shut down before it can be deleted. If the neighbor is not shut down, the command will not result in any action except a warning message on the CLI indicating that the neighbor is still administratively up.

Default

no neighbor—no neighbors are defined

Parameters

ip-address

the IP address of the BGP peer router

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

interface: 32 chars max, mandatory for link local addresses

x: [0 to FFFF]H

d: [0 to 255]D

hold-time

Syntax

hold-time seconds [strict]

no hold-time

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the BGP hold time, expressed in seconds.

The BGP hold time specifies the maximum time BGP waits between successive messages (either Keepalive or Update) from its peer, before closing the connection. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The strict option ensures that the negotiated hold time value is not set to a value less than the configured value.

Even though the 7705 SAR implementation allows setting the keepalive time separately, the configured keepalive timer is overridden by the hold-time value under the following circumstances.

  • If the specified hold-time is less than the configured keepalive time, then the operational keepalive time is set to a third of the hold-time; the configured keepalive time is not changed.

  • If the hold-time is set to 0, then the operational value of the keepalive time is set to 0; the configured keepalive time is not changed. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

90 s

Parameters

seconds

the hold-time, in seconds, expressed as a decimal integer. A value of 0 indicates the connection to the peer is permanently up.

Values

0, 3 to 65535

strict

when used, the advertised BGP hold time from the far-end BGP peer must be greater than or equal to the specified hold-time value

import

Syntax

import policy-name [policy-name…(up to 5 max)]

no import

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command specifies the import route policy to be used to determine which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. See the section on ‟Route Policy” in the 7705 SAR Router Configuration Guide.

When multiple policy names are specified, the policies are evaluated in the order in which they are specified. A maximum of five (5) policy names can be specified. The first policy that matches is applied.

When multiple import commands are issued, the last command entered will override the previous command.

The no form of the command removes all route policy names from the import list.

Default

no import—BGP routes are accepted by default

Parameters

policy-name

the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

keepalive

Syntax

keepalive seconds

no keepalive

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the BGP keepalive timer. A Keepalive message is sent every time this timer expires.

The keepalive parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used. The keepalive value is generally one-third of the hold-time interval. Even though the 7705 SAR implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value.

  • If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive value is set to one third of the current hold-time value.

  • If the specified hold-time interval is less than the configured keepalive value, then the keepalive value is reset to one third of the specified hold-time interval.

  • If the hold-time interval is set to 0, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

30 s

Parameters

seconds

the keepalive timer, in seconds, expressed as a decimal integer

Values

0 to 21845

local-address

Syntax

local-address ip-address

no local-address

Context

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the local IP address used by the group or neighbor when communicating with BGP peers.

Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.

When a local address is not specified, the 7705 SAR uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.

The no form of the command removes the configured local address for BGP.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no local-address

Parameters

ip-address

the local address. The allowed value is a valid routable IP address on the router, either an interface or system IP address.

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

local-as

Syntax

local-as as-number [private]

no local-as

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures a BGP virtual autonomous system (AS) number.

In addition to the AS number configured for BGP in the config>router>autonomous-system context, a virtual (local) AS number is configured. The virtual AS number is added to the as-path attribute before the router’s AS number makes the virtual AS the second AS in the AS path.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). By specifying this parameter at each neighbor level, it is possible to have a separate AS number per EBGP session.

When a command is entered multiple times for the same AS, the last command entered is used in the configuration. The private attribute can be added or removed dynamically by reissuing the command.

Changing the local AS at the global level in an active BGP instance causes the BGP instance to restart with the new local AS number.

Changing the local AS at the group level in an active BGP instance causes BGP to re-establish the peer relationships with all peers in the group with the new local AS number.

Changing the local AS at the neighbor level in an active BGP instance causes BGP to re-establish the peer relationship with the new local AS number.

This is an optional command and can be used in the following example:

Example: Provider router P is moved from AS1 to AS2. The customer router that is connected to P, however, is configured to belong to AS1. To avoid reconfiguring the customer router, the local-as value on router P can be set to AS1. Thus, router P adds AS1 to the as-path message for routes it advertises to the customer router.

The no form of the command used at the global level will remove any virtual AS number configured.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no local-as

Parameters

as-number

the virtual autonomous system number expressed as a decimal integer

Values

1 to 4294967295

private

specifies that the local AS is hidden in paths learned from the peering

local-preference

Syntax

local-preference local-preference

no local-preference

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the default value of the BGP local preference attribute if it is not already specified in incoming routes.

This value is used if the BGP route arrives from a BGP peer without the local-preference integer set.

The specified value can be overridden by any value set via a route policy. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command at the global level specifies that incoming routes with local preference set are not overridden and routes arriving without local preference set are interpreted as if the route had a local preference value of 100.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no local-preference

Parameters

local-preference

the local preference value to be used as the override value, expressed as a decimal integer

Values

0 to 4294967295

loop-detect

Syntax

loop-detect {drop-peer | discard-route | ignore-loop | off}

no loop-detect

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures how the BGP peer session handles loop detection in the AS path.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

When applied to an ongoing BGP peer session, this command does not take effect until the BGP peer session is re-established.

The no form of the command used at the global level reverts to the default (ignore- loop).

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

ignore-loop

Parameters

drop-peer

sends a notification to the remote peer and drops the session

discard-route

discards routes received from a peer with the same AS number as the router itself. This option prevents routes looped back to the router from being added to the routing information base and consuming memory. When this option is changed, the change will not be active for an established peer until the connection is re-established for the peer.

ignore-loop

ignores routes with loops in the AS path, but maintains peering

off

disables loop detection

med-out

Syntax

med-out [number | igp-cost]

no med-out

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables advertising the Multi-Exit Discriminator (MED) and assigns the value used for the path attribute for the advertised MED to BGP peers if the MED is not already set.

The specified value can be overridden by any value set via a route policy.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command used at the global level reverts to the default where the MED is not advertised.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no med-out

Parameters

number

the MED path attribute value, expressed as a decimal integer

Values

0 to 4294967295

igp-cost

the MED is set to the IGP cost of the IP prefix that is defined via a route policy

min-route-advertisement

Syntax

min-route-advertisement seconds

no min-route-advertisement

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the minimum interval, in seconds, at which a prefix can be advertised to a peer.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command used at the global level reverts to the default.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

30 s

Parameters

seconds

the minimum route advertising interval, in seconds, expressed as a decimal integer

Values

1 to 255

multihop

Syntax

multihop ttl-value

no multihop

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the time to live (TTL) value at an originating EBGP peer. The TTL value is entered in the IP header of packets that are sent to a terminating EBGP peer that is multiple hops away.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

1 — EBGP peers are directly connected

Parameters

ttl-value

the TTL value that will be entered in the IP header of packets that are sent to a terminating EBGP peer that is multiple hops away

Values

1 to 255

multipath

Syntax

multipath max-paths

no multipath

Context

config>service>vprn>bgp

Description

This command enables BGP multipath.

When multipath is enabled, BGP load-shares traffic across multiple links. Multipath can be configured to load-share traffic across a maximum of 16 routes. If the equal-cost routes available are more than the configured value, then routes with the lowest next-hop IP address value are chosen.

This configuration parameter is set at the global level (applies to all peers).

Multipath is disabled if the value is set to 1. When multipath is disabled and multiple equal-cost routes are available, the route with the lowest next-hop IP address will be used.

The no form of the command reverts to the default where multipath is disabled.

Default

no multipath

Parameters

max-paths

the number of equal-cost routes to use for multipath routing

Values

1 to 16

next-hop-resolution

Syntax

next-hop-resolution

Context

config>service>vprn>bgp

Description

This command enters the context to configure next-hop resolution parameters.

policy

Syntax

policy policy-name

no policy

Context

config>service>vprn>bgp>next-hop-res

Description

This command specifies the name of a policy statement to use with the BGP next-hop resolution process. The policy controls which IP routes in the RTM are eligible to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next hops to MPLS tunnels. If a BGP next hop of an IPv4 or IPv6 route is resolved in the RTM and the longest matching route for the next-hop address is an IP route that is rejected by the policy, the route is unresolved; if the route is accepted by the policy, it becomes the resolving route.

If the no form of the command is used, the default next-hop-resolution policy is to use the longest matching active route in the RTM that is not a BGP route or an aggregate route.

Default

no policy

Parameters

policy-name

specifies an existing route policy name. Route policies are configured in the config>router>policy-options context.

next-hop-self

Syntax

[no] next-hop-self

Context

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the group or neighbor to always set the next-hop path attribute to its own physical interface when advertising to a peer.

This command is primarily used to avoid third-party route advertisements when connected to a multi-access network.

The no form of the command used at the group level allows third-party route advertisements in a multi-access network.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no next-hop-self

passive

Syntax

[no] passive

Context

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables and disables passive mode for the BGP group or neighbor. When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.

The no form of the command used at the group level disables passive mode, and BGP actively attempts to connect to its peers.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no passive

peer-as

Syntax

peer-as as-number

no peer-as

Context

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.

For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level. This requirement is necessary because the peer will be in a different autonomous system than that of this router.

This command may be configured under the group level for all neighbors in a particular group.

Default

no AS numbers defined

Parameters

as-number

the autonomous system number, expressed as a decimal integer

Values

1 to 4294967295

peer-tracking-policy

Syntax

peer-tracking-policy policy-name

no peer-tracking-policy

Context

config>service>vprn>bgp

Description

This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where the peer-tracking-policy command is enabled. The policy controls which IP routes in the RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in the RTM for a BGP neighbor address is an IP route that is rejected by the policy or a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.

The no form of the command defaults to using the longest matching active route in the RTM that is not an aggregate route.

Default

no peer-tracking-policy

Parameters

policy-name

specifies an existing route policy name. Route policies are configured in the config>router>policy-options context.

preference

Syntax

preference preference

no preference

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the route preference for routes learned from the configured peers.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The lower the preference, the higher the chance of the route being the active route. The 7705 SAR assigns the highest default preference to BGP routes as compared to routes that are direct, static, or learned via MPLS or OSPF.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

170

Parameters

preference

the route preference, expressed as a decimal integer

Values

1 to 255

prefix-limit

Syntax

prefix-limit family limit [threshold percentage] [idle-timeout {minutes | forever} | log-only] [post-import]

no prefix-limit family

Context

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures the maximum number of BGP routes that can be received from a peer before administrative action is taken. The administrative action can be the generation of a log event or the taking down of the session. If a session is taken down, it can be brought back up automatically after an idle-timeout period or it can be configured to stay down (forever) until the operator performs a reset.

The prefix-limit command allows each address family to have its own limit; a set of address family limits can be applied to one neighbor or to all neighbors in a group.

The no form of the command removes the prefix-limit.

Default

No prefix limits for any address family

Parameters

family

specifies the address family to which the limit applies

Values

ipv4, vpn-ipv4, ipv6, vpn-ipv6, mvpn-ipv4, route-target, label-ipv4

limit

specifies the number of routes that can be learned from a peer, expressed as a decimal integer

Values

1 to 4294967295

percentage

specifies the threshold value, as a percentage, that triggers a warning message to be sent

Values

1 to 100

minutes

specifies the length of time, in minutes, before automatically re-establishing a session

Values

1 to 1024

forever

specifies that the session is re-established only after the clear router bgp command is executed

log-only

enables a warning message to be sent at the specified threshold percentage and also when the limit is reached. However, the BGP session is not taken down.

post-import

specifies that the limit should be applied only to the number of routes that are accepted by import policies

rapid-withdrawal

Syntax

[no] rapid-withdrawal

Context

config>service>vprn>bgp

Description

This command disables the delay on issuing BGP withdrawals.

By default, BGP withdrawals (messages containing the routes that are no longer valid) are delayed up to the min-route-advertisement to allow for efficient packing of BGP Update messages. However, when the rapid-withdrawal command is enabled, the delay on sending BGP withdrawals is disabled.

The no form of the command returns BGP withdrawal processing to its default behavior.

Default

no rapid-withdrawal

remove-private

Syntax

[no] remove-private [limited]

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command allows all private AS numbers to be removed from the AS path before advertising them to BGP peers. The no form of the command includes private AS numbers in the AS path attribute.

If the limited keyword is included, only the leading private ASNs up to the first public ASN are removed.

When the remove-private parameter is set at the global level, it applies to all peers regardless of group or neighbor configuration. When the parameter is set at the group level, it applies to all peers in the group regardless of the neighbor configuration.

The 7705 SAR recognizes the set of AS numbers that are defined by IANA as private. These are AS numbers in the range 64512 through 65535, inclusive.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default

no remove-private

rib-management

Syntax

rib-management

Context

config>service>vprn>bgp

Description

This command enables the context to configure RIB management parameters. Under the RIB management context are options for ipv4 and ipv6.

route-table-import

Syntax

route-table-import policy-name

no route-table-import

Context

config>service>vprn>bgp>rib-management>ipv4

config>service>vprn>bgp>rib-management>ipv6

Description

This command specifies the name of a route policy to control the importation of active routes from the IP route table into one of the BGP RIBs.

If the route-table-import command is not configured, or if the command refers to an empty policy, all non-BGP routes from the IP route table are imported into the applicable RIB.

If the route-table-import command is configured, routes that are dropped or rejected by the configured policy are not installed in the associated RIB. Rejected routes cannot be advertised to BGP peers associated with the RIB, but they can still be used to resolve BGP next hops of routes in that RIB. If the active route for a prefix is rejected by the route-table-import policy, then the best BGP route for that prefix in the BGP RIB can be advertised to peers as though it is used.

Aggregate routes are always imported into the applicable RIB, independent of the route-table-import policy.

Route modifications specified in the actions of a route-table-import policy are ignored and have no effect on the imported routes.

Default

no route-table-import

Parameters

policy-name

specifies the name of a policy-statement; the policy statement must already have been created

split-horizon

Syntax

[no] split-horizon

Context

config>service>vprn>bgp

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command enables the use of split-horizon. When applied globally, to a group, or to a specific peer, split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer: confed-EBGP, EBGP, or IBGP.

The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.

Caution: Use of the split-horizon command may have a detrimental impact on peer and route scaling; therefore, operators are encouraged to use it only when absolutely needed.

The no form of the command disables split-horizon, which allows the lower level to inherit the setting from an upper level.

Default

no split-horizon

ttl-security

Syntax

ttl-security min-ttl-value

no ttl-security

Context

config>service>vprn>bgp>group

config>service>vprn>bgp>group>neighbor

Description

This command configures TTL security parameters for incoming packets. When the feature is enabled, BGP accepts incoming IP packets from a peer only if the TTL value in the packet is greater than or equal to the minimum TTL value configured for that peer.

The no form of the command disables TTL security.

Default

no ttl-security

Parameters

min-ttl-value

the minimum TTL value for an incoming packet

Values

1 to 255

Default

1

OSPF and OSPFv3 Commands

ospf

Syntax

[no] ospf

Context

config>service>vprn

Description

This command enables access to the context to define OSPF parameters for VPRN.

When an OSPF instance is created, the protocol is enabled. To start or suspend execution of the OSPF protocol without affecting the configuration, use the no shutdown command.

The no form of the command deletes the OSPF protocol instance and removes all associated configuration parameters.

Default

no ospf

ospf3

Syntax

[no] ospf3

Context

config>service>vprn

Description

This command enables access to the context to define OSPFv3 parameters for VPRN.

When an OSPFv3 instance is created, the protocol is enabled. To start or suspend execution of the OSPF protocol without affecting the configuration, use the no shutdown command.

The no form of the command deletes the OSPFv3 protocol instance and removes all associated configuration parameters.

Default

no ospf3

area

Syntax

[no] area area-id

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command enables the context to configure an OSPF or OSPFv3 area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted-decimal notation or as a 32-bit decimal integer.

The no form of the command deletes the specified area from the configuration. Deleting the area also removes the OSPF or OSPFv3 configuration of all the interfaces, virtual links, sham links, address ranges, and so on, that are currently assigned to this area.

The 7705 SAR supports a maximum of four areas.

Default

no area — no OSPF or OSPFv3 areas are defined

Parameters

area-id

the OSPF or OSPFv3 area ID expressed in dotted-decimal notation or as a 32-bit decimal integer

Values

0.0.0.0 to 255.255.255.255 (dotted-decimal) 0 to 4294967295 (decimal integer)

area-range

Syntax

area-range ip-prefix/mask [advertise | not-advertise]

no area-range ip-prefix/mask

area-range ipv6-prefix/prefix-length [advertise | not-advertise]

no area-range ipv6-prefix/prefix-length

Context

config>service>vprn>ospf>area

config>service>vprn>ospf3>area

config>service>vprn>ospf>area>nssa

config>service>vprn>ospf3>area>nssa

Description

This command creates ranges of addresses on an Area Border Router (ABR) for the purpose of route summarization or suppression. When a range is created, the range is configured to be advertised or not advertised to other areas. Multiple range commands can be used to summarize or hide ranges. In the case of overlapping ranges, the most specific range command applies.

ABRs send summary link advertisements to describe routes to other areas. To minimize the number of advertisements that are flooded, you can summarize a range of IP addresses and send reachability information about these addresses in an LSA.

The ip-prefix/mask parameter applies in the ospf context. The ipv6-prefix/prefix-length parameter applies in the ospf3 context.

The no form of the command deletes the range advertisement or non-advertisement.

Default

no area-range — no range of addresses is defined

Special Cases

NSSA context

in the NSSA context, the option specifies that the range applies to external routes (via type 7 LSAs) learned within the NSSA when the routes are advertised to other areas as type 5 LSAs

Area context

if this command is not entered under the NSSA context, the range applies to summary LSAs even if the area is an NSSA

Parameters

ip-prefix/mask

the IP prefix for the range in dotted-decimal notation and the subnet mask for the range, expressed as a decimal integer

Values

ip-prefix a.b.c.d (host bits must be 0)

mask 0 to 32

ipv6-prefix/prefix-length

the IPv6 prefix for the range in hexadecimal notation

Values

ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length 0 to 128

advertise | not-advertise

specifies whether to advertise the summarized range of addresses to other areas

Default

advertise

blackhole-aggregate

Syntax

[no] blackhole-aggregate

Context

config>service>vprn>ospf>area

config>service>vprn>ospf3>area

Description

This command installs a low-priority blackhole route for the entire aggregate. Existing routes that make up the aggregate will have a higher priority and only the components of the range for which no route exists will be blackholed.

When performing area aggregation, addresses may be included in the range for which no actual route exists. This can cause routing loops. To avoid this problem, configure the blackhole aggregate option.

The no form of this command removes this option.

Default

blackhole-aggregate

interface

Syntax

interface ip-int-name [secondary]

no interface ip-int-name

Context

config>service>vprn>ospf>area

config>service>vprn>ospf3>area

Description

This command creates a context to configure an OSPF or OSPFv3 interface.

By default, interfaces are not activated in any interior gateway protocol, such as OSPF or OSPFv3, unless explicitly configured.

The no form of the command deletes the OSPF or OSPFv3 interface configuration for this interface. The shutdown command in the config>router>ospf>interface context or config>router>ospf3>interface context can be used to disable an interface without removing the configuration.

Default

no interface

Parameters

ip-int-name

the IP interface name. Interface names must be unique within the group of defined IP interfaces for the config>service>vprn>interface and config>router>interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

If the IP interface exists in a different area, the configuration will be rejected with an error message unless the keyword secondary is specified.

secondary

enables multiple secondary adjacencies to be established over this IP interface (see the 7705 SAR Routing Protocols Guide, ‟Multi-area Adjacencies”, for information about this feature)

advertise-subnet

Syntax

[no] advertise-subnet

Context

config>service>vprn>ospf>area>interface

Description

This command enables advertising point-to-point interfaces as subnet routes (network number and mask). When disabled, point-to-point interfaces are advertised as host routes.

This command is not supported in the ospf3 context.

The no form of the command disables advertising point-to-point interfaces as subnet routes, meaning they are advertised as host routes.

Default

advertise-subnet

auth-keychain

Syntax

auth-keychain name

no auth-keychain

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

Description

This command associates an authentication keychain with the OSPF interface, virtual link, or sham link. The keychain is a collection of keys used to authenticate OSPF messages from remote peers. The keychain allows the rollover of authentication keys during the lifetime of a session and also supports stronger authentication algorithms than clear text and MD5.

The keychain must already be defined in the config>system>security>keychain context.

Either the authentication-key command or the auth-keychain command can be used by OSPF, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.

This command is not supported in the ospf3 context.

The no form of the command removes the authentication keychain name from the configuration.

Default

no auth-keychain

Parameters

name

the name of an existing keychain, up to 32 characters

authentication

Syntax

authentication bidirectional sa-name

authentication inbound sa-name outbound sa-name

no authentication

Context

config>service>vprn>ospf3>area>interface

config>service>vprn>ospf3>area>virtual-link

Description

This command configures an interface with a static security association (SA) used to authenticate OSPFv3 packets.

This command is not supported in the ospf context.

The no form of the command removes the SA name from the configuration.

Parameters

bidirectional sa-name

specifies the IPSec SA name used for transmitting and receiving OSPFv3 packets

inbound sa-name

specifies the IPSec SA name used for receiving OSPFv3 packets

outbound sa-name

specifies the IPSec SA name used for transmitting OSPFv3 packets

authentication-key

Syntax

authentication-key {authentication-key | hash-key} [hash | hash2]

no authentication-key

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

Description

This command configures the password used by the OSPF interface, virtual link, or sham link to send and receive OSPF protocol packets on the interface when simple password authentication is configured.

All neighboring routers must use the same type of authentication and password for correct protocol communication. If the authentication-type is configured as password, the authentication key must be configured.

By default, no authentication key is configured.

Either the authentication-key command or the auth-keychain command can be used by OSPF, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.

This command is not supported in the ospf3 context.

The no form of the command removes the authentication key.

Default

no authentication-key

Parameters

authentication-key

the authentication key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

hash-key

the hash key can be any combination of ASCII characters up to 22 characters in length (hash parameter is used) or 121 characters in length (if the hash2 parameter is used). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash

specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2

specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

authentication-type

Syntax

authentication-type {password | message-digest}

no authentication-type

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

Description

This command enables authentication and specifies the type of authentication to be used on the OSPF interface, virtual link, or sham link.

Both simple password and message-digest authentication are supported.

By default, authentication is not enabled on an interface or link.

This command is not supported in the ospf3 context.

The no form of the command disables authentication on the interface or link.

Default

no authentication-type

Parameters

password

enables simple password (plaintext) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.

message-digest

enables message digest MD5 authentication in accordance with RFC 1321. If this option is configured, at least one message digest key must be configured.

bfd-enable

Syntax

bfd-enable [remain-down-on-failure]

no bfd-enable

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

Description

This command enables the use of bidirectional forwarding detection (BFD) to control the state of the associated OSPF or OSPFv3 interface. By enabling BFD on an OSPF or OSPFv3 interface, the state of the interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for BFD are set using the bfd command under the IP interface.

If the BFD session does not come back up within 10 s and the remain-down-on-failure parameter is enabled, OSPF will bring down the adjacency and wait for BFD to come up again. This behavior may cause OSPF neighbors to flap because OSPF will form the adjacency and then bring it down if the BFD session is still down. If this parameter is not configured, the OSPF adjacency will form even if the BFD session does not come back up after a failure.

The no form of this command removes BFD from the associated OSPF or OSPFv3 adjacency.

Default

no bfd-enable

Parameters

remain-down-on-failure

forces adjacency down on BFD failure

dead-interval

Syntax

dead-interval seconds

no dead-interval

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

config>service>vprn>ospf3>area>virtual-link

Description

This command configures the time, in seconds, that OSPF or OSPFv3 waits before declaring a neighbor router, virtual-link neighbor, or sham-link neighbor down. If no Hello packets are received from a neighbor for the duration of the dead interval, the router or link is assumed to be down. The minimum interval must be two times the hello interval.

The no form of the command resets the configured interval to the default value.

Default

40

Special Cases

OSPF or OSPFv3 interface

if the dead-interval configured applies to an interface, all nodes on the subnet must have the same dead interval

Virtual link

if the dead-interval configured applies to a virtual link, the interval on both endpoints of the virtual link must have the same dead interval

Sham link

if the dead-interval configured applies to a sham link, the interval on both endpoints of the sham link must have the same dead interval

Parameters

seconds

the dead interval in seconds, expressed as a decimal integer

Values

1 to 65535

hello-interval

Syntax

hello-interval seconds

no hello-interval

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

config>service>vprn>ospf3>area>virtual-link

Description

This command configures the interval between OSPF or OSPFv3 hello messages issued on the interface, virtual link, or sham link.

The hello interval, in combination with the dead interval, is used to establish and maintain the adjacency.

Reducing the interval, in combination with an appropriate reduction in the associated dead-interval, allows for faster detection of link and/or router failures but results in higher processing costs.

The no form of this command resets the configured interval to the default value.

Default

10

Special Cases

OSPF or OSPFv3 interface

if the hello-interval configured applies to an interface, all nodes on the subnet must have the same hello interval

Virtual link

if the hello-interval configured applies to a virtual link, the interval on both endpoints of the virtual link must have the same hello interval

Sham link

if the hello-interval configured applies to a sham link, the interval on both endpoints of the sham link must have the same hello interval

Parameters

seconds

the hello interval in seconds, expressed as a decimal integer

Values

1 to 65535

interface-type

Syntax

interface-type {broadcast | point-to-point}

no interface-type

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

Description

This command configures the interface type to be either broadcast or point-to-point.

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead of the link, provided that the link is used as a point-to-point link.

If the interface type is not known when the interface is added to OSPF or OSPFv3, and the IP interface is subsequently bound (or moved) to a different interface type, this command must be entered manually.

The no form of the command resets the configured interface type to the default value.

Default

broadcast – if the physical interface is Ethernet or unknown

point-to-point – if the physical interface is T1, E1, or SONET/SDH

Special Cases

Virtual link

a virtual link is always regarded as a point-to-point interface and is not configurable

Parameters

broadcast

configures the interface to maintain this link as a broadcast link. To significantly improve adjacency forming and network convergence, a network should be configured as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.

point-to-point

configures the interface to maintain this link as a point-to-point link

lfa-policy-map

Syntax

lfa-policy-map route-nh-template template-name

no lfa-policy-map

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

Description

This command applies a route next-hop policy template to an OSPF or OSPFv3 interface.

When a route next hop policy template is applied to an interface, it is applied in all areas. However, this command can only be executed under the area in which the specified interface is primary. When the command is executed, the template is applied in that area and in all other areas where the interface is secondary. If the user attempts to execute the command under an area where the interface is secondary, the command will fail.

If the interface has been excluded from LFA with the loopfree-alternate-exclude command, the LFA policy has no effect on the interface.

If the route next-hop policy template is applied to a loopback interface or to the system interface, the command will not be rejected, but the policy will have no effect on the interface.

The no form of the command deletes the mapping of a route next-hop policy template to an OSPF or OSPFv3 interface.

Default

no lfa-policy-map

Parameters

template-name

the name of an existing template

load-balancing-weight

Syntax

load-balancing-weight weight

no load-balancing-weight

Context

config>service>vprn>ospf>area>interface

Description

This command configures the load balancing weight for an OSPF PE-CE interface that is used to perform weighted ECMP for a VPRN service.

The no form of the command removes the configured load-balancing weight for the OSPF interface.

Default

no load-balancing-weight

Parameters

weight

specifies the load-balancing weight

Values

1 to 4294967295

loopfree-alternate-exclude

Syntax

[no] loopfree-alternate-exclude

Context

config>service>vprn>ospf>area

config>service>vprn>ospf3>area

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

Description

This command instructs OSPF or OSPFv3 to exclude a specific interface or all interfaces participating in a specific OSPF or OSPFv3 area from the LFA SPF calculation. The LFA SPF calculation can therefore be run only where it is needed.

If an interface is excluded from the LFA SPF calculation, it is excluded in all areas. However, this command can only be executed under the area in which the specified interface is primary. When the command is executed, the interface is excluded in that area and in all other areas where the interface is secondary. If the user attempts to execute the command under an area where the interface is secondary, the command will fail.

Default

no loopfree-alternate-exclude

message-digest-key

Syntax

message-digest-key key-id md5 {key | hash-key | hash2-key} [hash | hash2]

no message-digest-key key-id

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

Description

This command configures a message digest key when MD5 authentication is enabled on the interface, virtual link, or sham link. Multiple message digest keys can be configured.

This command is not supported in the ospf3 context.

The no form of the command removes the message digest key identified by the key-id.

Default

no message-digest-key

Parameters

key-id

the key-id is expressed as a decimal integer

Values

1 to 255

key

the MD5 key, any alphanumeric string up to 16 characters in length

hash-key

the MD5 hash key, any combination of ASCII characters up to 33 characters in length (hash parameter is used). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash2-key

the MD5 hash key, any combination of ASCII characters up to 132 characters in length (hash2 parameter is used). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash

specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2

specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

metric

Syntax

metric metric

no metric

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

config>service>vprn>ospf>area>sham-link

Description

This command configures an explicit route cost metric for the interface or sham link that overrides the metrics calculated based on the speed of the underlying link.

The no form of the command deletes the manually configured metric, so the interface or sham link uses the computed metric based on the reference-bandwidth command setting and the speed of the underlying link.

Default

no metric

Parameters

metric

the metric to be applied to the interface or sham link, expressed as a decimal integer

Values

1 to 65535

mtu

Syntax

mtu bytes

no mtu

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

Description

This command configures the OSPF or OSPFv3 interface MTU value used when negotiating an OSPF or OSPFv3 adjacency.

The operational OSPF MTU value is calculated as follows.

If this command is not configured:

  • the OSPF or OSPFv3 interface operational MTU derives the MTU value from the IP interface MTU (which is derived from the port MTU); for example, port MTU minus 14 bytes for a null-encapsulated Ethernet port

    • for OSPF (not OSPFv3), if the derived MTU value is less than 576 bytes, the OSPF interface operational MTU is set to 576 bytes. If a lower interface MTU is required, you must explicitly configure it using this command.

If this command is configured:

  • for OSPF (not OSPFv3):

    • if the OSPF interface MTU is less than 576 bytes, it becomes the operational OSPF MTU, regardless of the port MTU value

    • if the OSPF interface MTU is equal to or greater than 576 bytes, and the derived interface MTU is less than 576 bytes, the operational OSPF MTU is set to 576 bytes

    • if the OSPF interface MTU is equal to or greater than 576 bytes, and the derived interface MTU is greater than 576 bytes, the operational OSPF MTU is set to the lesser of the values configured with this command and the derived MTU

    The port MTU must be set to 512 bytes or higher, since OSPF cannot support port MTU values lower than 512 bytes.

  • for OSPFv3:

    • the operational OSPF MTU is set to the lesser of the values configured with this command and the derived MTU

    • this applies only when the port MTU is set to 1280 bytes or higher, since OSPFv3 cannot support port MTU values less than 1280 bytes

To determine the actual packet size, add 14 bytes for an Ethernet packet and 18 bytes for a tagged Ethernet packet to the size of the OSPF (IP) packet MTU configured with this command.

If the OSPF mtu command is configured to a value less than the interface or port MTU value, the OSPF MTU value will be used to transmit OSPF packets.

Use the no form of this command to revert to the default.

Default

no mtu — uses the value derived from the port MTU

Parameters

bytes

the MTU to be used by OSPF or OSPFv3 for this logical interface in bytes

Values

OSPF: 512 to 9710 (9724 – 14) (depends on the physical media)

OSPFv3: 1280 to 9710 (9724 – 14) (depends on the physical media)

passive

Syntax

[no] passive

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

Description

This command adds the passive property to an OSPF or OSPFv3 interface.

By default, only interface addresses that are configured for OSPF or OSPFv3 will be advertised as OSPF or OSPFv3 interfaces. The passive parameter allows an interface to be advertised as an OSPF or OSPFv3 interface without running the OSPF or OSPFv3 protocol.

While in passive mode, the interface will ignore ingress OSPF or OSPFv3 protocol packets and will not transmit any OSPF or OSPFv3 protocol packets.

The no form of the command removes the passive property from the OSPF or OSPFv3 interface.

Default

no passive

priority

Syntax

priority number

no priority

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

Description

This command configures the priority of the OSPF or OSPFv3 interface that is used in an election of the designated router on the subnet.

This parameter is only used if the interface is of type broadcast. The router with the highest-priority interface becomes the designated router. A router with priority 0 is not eligible to be a designated router or backup designated router.

The no form of the command resets the interface priority to the default value.

Default

1

Parameters

number

the interface priority expressed as a decimal integer

Values

0 to 255

retransmit-interval

Syntax

retransmit-interval seconds

no retransmit-interval

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

config>service>vprn>ospf3>area>virtual-link

Description

This command specifies the length of time, in seconds, that OSPF or OSPFv3 will wait before retransmitting an unacknowledged LSA to an OSPF or OSPFv3 neighbor.

The value should be greater than the expected round-trip delay between any two routers on the attached network. If the retransmit interval expires and no acknowledgment has been received, the LSA will be retransmitted.

The no form of this command resets the configuration to the default interval.

Default

5

Parameters

seconds

the retransmit interval in seconds, expressed as a decimal integer

Values

1 to 1800

transit-delay

Syntax

transit-delay seconds

no transit-delay

Context

config>service>vprn>ospf>area>interface

config>service>vprn>ospf3>area>interface

config>service>vprn>ospf>area>sham-link

config>service>vprn>ospf>area>virtual-link

config>service>vprn>ospf3>area>virtual-link

Description

This command configures the estimated time, in seconds, that it takes to transmit an LSA on the interface, virtual link, or sham link.

The no form of this command resets the configuration to the default delay time.

Default

1

Parameters

seconds

the transit delay in seconds, expressed as a decimal integer

Values

1 to 1800

key-rollover-interval

Syntax

key-rollover-interval key-rollover-interval

no key-rollover-interval

Context

config>service>vprn>ospf3>area

Description

This command configures the key rollover interval. The no form of the command resets the configured interval to the default setting.

Default

10

Parameters

key-rollover-interval

specifies the time, in seconds, after which a key rollover will start

Values

10 to 300

nssa

Syntax

[no] nssa

Context

config>service>vprn>ospf>area

config>service>vprn>ospf3>area

Description

This command enables the context to configure an OSPF or OSPFv3 Not So Stubby Area (NSSA) and adds or removes the NSSA designation from the area.

NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF or OSPFv3 areas. The major difference between a stub area and an NSSA is that an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF or OSPFv3 domain.

Existing virtual links of a stub area or NSSA are removed when the designation is changed to NSSA or stub.

An area can be designated as stub or NSSA but never both at the same time.

By default, an area is not configured as an NSSA area.

The no form of the command removes the NSSA designation and configuration context from the area.

Default

no nssa

originate-default-route

Syntax

originate-default-route [type-7] [adjacency-check]

originate-default-route [type-nssa] [adjacency-check]

no originate-default-route

Context

config>service>vprn>ospf>area>nssa

config>service>vprn>ospf3>area>nssa

Description

This command enables the generation of a default route and its LSA type into an NSSA by an NSSA ABR or ASBR.

The functionality of the type-7 parameter and the type-nssa parameter is the same. The type-7 parameter is available in the ospf context; the type-nssa parameter is available in the ospf3 context. Include the type-7 or type-nssa parameter to inject a type 7 LSA default route instead of a type 3 LSA into the NSSA configured with no summaries.

To return to a type 3 LSA, enter the originate-default-route command without the type-7 or type-nssa parameter.

When configuring an NSSA with no summaries, the ABR will inject a type 3 LSA default route into the NSSA area. Some older implementations expect a type 7 LSA default route.

The no form of the command disables origination of a default route.

Default

no originate-default-route

Parameters

type-7 | type-nssa

specifies that a type 7 LSA should be used for the default route

Default

type 3 LSA for the default route

adjacency-check

specifies whether adjacency checks are performed before originating a default route. If this parameter is configured, an area 0 adjacency is required for the ABR to advertise the default route.

redistribute-external

Syntax

[no] redistribute-external

Context

config>service>vprn>ospf>area>nssa

config>service>vprn>ospf3>area>nssa

Description

This command enables the redistribution of external routes into the NSSA on an NSSA ABR that is exporting the routes into non-NSSA areas.

NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF or OSPFv3 areas. The major difference between a stub area and an NSSA is that the NSSA has the capability to flood external routes that it learns (providing it is an ASBR) throughout its area and via an ABR to the entire OSPF or OSPFv3 domain.

The no form of the command disables the default behavior to automatically redistribute external routes into the NSSA area from the NSSA ABR.

Default

redistribute-external

summaries

Syntax

[no] summaries

Context

config>service>vprn>ospf>area>nssa

config>service>vprn>ospf3>area>nssa

config>service>vprn>ospf>area>stub

config>service>vprn>ospf3>area>stub

Description

This command enables sending summary (type 3) advertisements into a stub area or NSSA on an ABR.

This parameter is particularly useful to reduce the size of the routing and link-state database (LSDB) tables within the stub or NSSA area.

By default, summary route advertisements are sent into the stub area or NSSA.

The no form of the command disables sending summary route advertisements and, for stub areas, only the default route is advertised by the ABR.

Default

summaries

sham-link

Syntax

[no] sham-link [ip-int-name ip-address]

Context

config>service>vprn>ospf>area

Description

This command configures an OSPF area sham link to a far-end PE OSPF router.

The no form of the command removes the sham link.

Default

no sham-link

Parameters

ip-int-name

specifies the local interface name used for the sham- ink. This is a mandatory parameter. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes. If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.

ip-address

specifies the IP address of the sham-link remote neighbor in a dotted-decimal notation (a.b.c.d). This is a mandatory parameter. The address must be a valid IP address.

stub

Syntax

[no] stub

Context

config>service>vprn>ospf>area

config>service>vprn>ospf3>area

Description

This command enables access to the context to configure an OSPF or OSPFv3 stub area and adds or removes the stub designation from the area.

External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command.

Existing virtual links of a stub area or NSSA are removed when its designation is changed to NSSA or stub.

An OSPF or OSPFv3 area cannot be both an NSSA and a stub area at the same time.

By default, an area is not a stub area.

The no form of the command removes the stub designation and configuration context from the area.

Default

no stub

default-metric

Syntax

default-metric metric

no default-metric

Context

config>service>vprn>ospf>area>stub

config>service>vprn>ospf3>area>stub

Description

This command configures the metric used by the ABR for the default route into a stub area.

The default metric should only be configured on an ABR of a stub area.

An ABR generates a default route if the area is a stub area.

The no form of the command resets the configuration to the default value.

Default

default-metric 1

Parameters

metric

the metric, expressed as a decimal integer, for the default route cost to be advertised to the stub area

Values

1 to 16777215

virtual-link

Syntax

[no] virtual-link router-id transit-area area-id

Context

config>service>vprn>ospf>area

config>service>vprn>ospf3>area

Description

This command configures a virtual link to connect ABRs to the backbone.

The backbone area (area 0.0.0.0) must be contiguous and all other areas must be connected to the backbone area. If it is not practical or possible to connect an area to the backbone, the ABRs must be connected via a virtual link. The two ABRs form a point-to-point-like adjacency across the transit area. A virtual link can only be configured while in the area 0.0.0.0 context.

The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or an NSSA.

The no form of the command deletes the virtual link.

Default

no virtual-link

Parameters

router-id

the router ID of the virtual neighbor in IP address dotted-decimal notation

area-id

the area ID specified identifies the transit area that links the backbone area to the area that has no physical connection with the backbone, expressed in dotted-decimal notation or as a 32-bit decimal integer

Values

0.0.0.0 to 255.255.255.255 (dotted-decimal)

0 to 4294967295 (decimal integer)

export

Syntax

export policy-name [policy-name…(up to 5 max)]

no export

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command specifies export route policies to determine which routes are exported from the routing table manager to OSPF or OSPFv3. Export policies are only in effect if OSPF or OSPv3 is configured as an ASBR.

If no export policy is specified, routes that are not OSPF or OSPFv3 are not exported from the routing table manager to OSPF or OSPFv3.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

See the 7705 SAR Router Configuration Guide for information about defining route policies.

Default

no export — no export route policies specified

Parameters

policy-name

the name of an existing route policy

external-db-overflow

Syntax

external-db-overflow limit seconds

no external-db-overflow

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command enables limits on the number of non-default, AS-external LSA entries that can be stored in the link-state database (LSDB) and specifies a wait timer before processing these entries after the limit is exceeded.

The limit value specifies the maximum number of entries that can be stored in the LSDB. Placing a limit on these LSAs in the LSDB protects the router from receiving an excessive number of external routes that consume excessive memory or CPU resources. If the number of routes reaches or exceeds the limit, the table is in an overflow state. When in an overflow state, the router will not originate any new AS-external LSAs and will withdraw all the self-originated non-default external LSAs.

The seconds value specifies the time to wait after an overflow state before regenerating and processing non-default, AS-external LSAs. The waiting period acts like a dampening period, preventing the router from continuously running shortest path first (SPF) calculations caused by the excessive number of non-default, AS-external LSAs.

The external-db-overflow must be set identically on all routers attached to any regular OSPF or OSPFv3 area. OSPF or OSPFv3 stub areas and NSSAs are excluded.

The no form of the command disables limiting the number of non-default, AS-external LSA entries.

Default

no external-db-overflow

Parameters

limit

the maximum number of non-default, AS-external LSA entries that can be stored in the LSDB before going into an overflow state, expressed as a decimal integer

Values

-1 to 2147483647

seconds

the number of seconds after entering an overflow state before attempting to process non-default, AS-external LSAs, expressed as a decimal integer

Values

0 to 2147483647

external-preference

Syntax

external-preference preference

no external-preference

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command configures the preference for OSPF or OSPFv3 external routes. The preference for internal routes is set with the preference command.

A route can be learned by the router from different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide which route will be used.

Different protocols should not be configured with the same preference. If this occurs, the tiebreaker is based on the default preferences as defined in Route Preference Defaults by Route Type .

Table 4. Route Preference Defaults by Route Type

Route Type

Preference

Configurable

Direct attached

0

No

Static routes

5

Yes

OSPF/OSPFv3 internal

10

Yes

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

OSPF/OSPFv3 external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

If multiple routes are learned with the same preference using the same protocol, the lowest-cost route is used. If multiple routes are learned with the same preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the configuration of ECMP in the config>router context. See the 7705 SAR Router Configuration Guide for information about ECMP.

Note: To configure a preference for static routes, use the config>router>static-route-entry command. See the 7705 SAR Router Configuration Guide for information.

The no form of the command returns the setting to the default value.

Default

external-preference 150 — OSPF or OSPFv3 external routes have a default preference of 150

Parameters

preference

the preference for external routes, expressed as a decimal integer

Values

1 to 255

ignore-dn-bit

Syntax

[no] ignore-dn-bit

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command specifies whether to ignore the DN (down) bit for OSPF or OSPFv3 LSA packets for this instance of OSPF or OSPFv3 on the router. When enabled, the DN bit for OSPF or OSPFv3 LSA packets will be ignored. When disabled, the DN bit will not be ignored for OSPF or OSPFv3 LSA packets.

Default

no ignore-dn-bit

import

Syntax

import policy-name [policy-name...(up to 5 max)]

no import

Context

config>service>vprn>ospf

Description

This command configures up to five import route policies that determine which routes are imported into the routing table.

When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy, it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSAs is not affected by OSPF import policy actions.

The no form of this command removes all import policies from the configuration. The default behavior then applies, that is, if an OSPF route has the lowest preference value among all routes to the destination, it is installed in the routing table.

Default

no import

Parameters

policy-name

specifies the import route policy name. The route policy names must already be defined.

loopfree-alternates

Syntax

[no] loopfree-alternates

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command enables loop-free alternate (LFA) computation by SPF under the OSPFv2 or OSPFv3 routing protocol context.

When this command is enabled, the OSPF or OSPFv3 SPF attempts to precalculate both a primary next hop and a LFA backup next hop for every learned prefix. When found, the LFA next hop is populated into the routing table along with the primary next hop for the prefix.

The no form of this command disables the LFA SPF calculation.

Default

no loop-free alternates

exclude

Syntax

exclude

Context

config>service>vprn>ospf>loopfree-alternates

config>service>vprn>ospf3>loopfree-alternates

Description

This command enables the context for identifying prefix policies to be excluded from the LFA calculation by OSPF.

prefix-policy

Syntax

prefix-policy prefix-policy [prefix-policy(up to 5 max)]

no prefix-policy

Context

config>service>vprn>ospf>loopfree-alternates>exclude

config>service>vprn>ospf3>loopfree-alternates>exclude

Description

This command excludes from the LFA SPF calculation any prefixes that match a prefix entry in a prefix policy. If a prefix is excluded, it is not included in the LFA SPF calculation, regardless of its priority.

Prefix policies are created with the config>router>policy-options>prefix-list command. For information about prefix lists, see the 7705 SAR Router Configuration Guide, ‟Route Policies”.

The default action of the loopfree-alternates>exclude>prefix-policy command, when not explicitly specified in the prefix policy, is to ‟reject”. Therefore, even if the default-action reject statement was not explicitly stated for the prefix policy, a prefix that does not match any entry in the policy will be used in the LFA SPF calculation.

The no form of this command removes the excluded prefix policy.

Default

no prefix-policy

Parameters

prefix-policy

the name of the prefix policy to be excluded from the LFA SPF calculation for OSPF. Up to five prefixes can be specified. The specified prefix policy must already be defined.

overload

Syntax

overload [timeout seconds]

no overload

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command changes the overload state of the local router so that it appears to be overloaded. When overload is enabled, the router can participate in OSPF or OSPFv3 routing, but is not used for transit traffic. Traffic destined for directly attached interfaces continues to reach the router.

To put the IGP in an overload state, enter a timeout value. The IGP will enter the overload state until the timeout timer expires or a no overload command is executed.

If no timeout is specified, the overload state is maintained indefinitely.

If the overload command is encountered during the execution of an overload-on-boot command, the overload command takes precedence. This situation could occur as a result of a saved configuration file where both parameters are saved. When the file is saved by the system, the overload-on-boot command is saved after the overload command.

Use the no form of this command to return to the default. When the no overload command is executed, the overload state is terminated regardless of the reason the protocol entered the overload state.

Default

no overload

Parameters

seconds

the number of seconds to reset overloading

Values

60 to 1800

overload-include-stub

Syntax

[no] overload-include-stub

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command is used to determine if the OSPF or OSPFv3 stub networks should be advertised with a maximum metric value when the system goes into an overload state for any reason. When enabled, the system uses the maximum metric value. When this command is enabled and the router is in overload, all stub interfaces, including loopback and system interfaces, will be advertised at the maximum metric.

Default

no overload-include-stub

overload-on-boot

Syntax

overload-on-boot [timeout seconds]

no overload-on-boot

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

When the router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures OSPF or OSPFv3 upon boot-up in the overload state until one of the following events occurs:

  • the timeout timer expires (if a timeout has been specified)

  • a manual override of the current overload state is entered with the no overload command

If no timeout is specified, the overload state is maintained indefinitely.

The no overload command does not affect the overload-on-boot function.

The no form of the command removes the overload-on-boot functionality from the configuration.

Default

no overload-on-boot

Parameters

seconds

the number of seconds to reset overloading

Values

60 to 1800

preference

Syntax

preference preference

no preference

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command configures the preference for OSPF or OSPFv3 internal routes.

A route can be learned by the router from different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide which route will be used.

Different protocols should not be configured with the same preference. If this occurs, the tiebreaker is based on the default preferences as defined in Route Preference Defaults by Route Type . If multiple routes are learned with the same preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the configuration of ECMP in the config>router context. See the 7705 SAR Router Configuration Guide for information about ECMP.

The no form of the command resets the preference configuration to the default value.

Default

preference 10 — OSPF or OSPFv3 internal routes have a preference of 10

Parameters

preference

the preference for internal routes, expressed as a decimal integer

Values

1 to 255

reference-bandwidth

Syntax

reference-bandwidth bandwidth-in-kbps

reference-bandwidth [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]

no reference-bandwidth

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command configures the reference bandwidth used to calculate the default costs of interfaces based on their underlying link speed.

The default interface cost is calculated as follows:

cost = reference bandwidth/bandwidth

The default reference bandwidth is 100 000 000 kb/s or 100 Gb/s; therefore, the default auto-cost metrics for various link speeds are as follows:

  • 10 Mb/s link: default cost of 10000

  • 100 Mb/s link: default cost of 1000

  • 1 Gb/s link: default cost of 100

The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on an interface, use the metric command in the config>router>ospf>area>interface ip-int-name context or config>router >ospf3>area> interface ip-int-name context.

The no form of the command resets the reference bandwidth to the default value.

Default

reference-bandwidth 100000000

Parameters

bandwidth-in-kbps

the reference bandwidth in kilobits per second, expressed as a decimal integer

Values

1 to 400000000

Tera-bps

the reference bandwidth in terabits per second, expressed as a decimal integer

Values

1 to 4

Giga-bps

the reference bandwidth in gigabits per second, expressed as a decimal integer

Values

1 to 999

Mega-bps

the reference bandwidth in megabits per second, expressed as a decimal integer

Values

1 to 999

Kilo-bps

the reference bandwidth in kilobits per second, expressed as a decimal integer

Values

1 to 999

router-id

Syntax

router-id ip-address

no router-id

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command configures the router ID for a specific VPRN context. If the router ID is not defined under VPRN, the router ID from the base router context is inherited.

When configuring the router ID in the base instance of OSPF or OSPFv3, the value overrides the router ID configured in the config>router context.

The default value for the base instance is inherited from the configuration in the config>router context. If the router ID in the config>router context is not configured, the following applies:

  • the system uses the system interface address (which is also the loopback address)

  • if a system interface address is not configured, the last 4 bytes of the chassis MAC address are used

When configuring a new router ID, the instance is not automatically restarted with the new router ID. The next time the instance is initialized, the new router ID is used.

To force the new router ID to be used, issue the shutdown and no shutdown commands for the instance, or reboot the entire router.

The no form of the command to resets the router ID to the default value.

Default

0.0.0.0 (base OSPF)

Parameters

ip-address

a 32-bit, unsigned integer uniquely identifying the router in the Autonomous System

super-backbone

Syntax

[no] super-backbone

Context

config>service>vprn>ospf

Description

This command specifies whether CE-PE functionality is required. The OSPF super-backbone indicates the type of the LSA generated as a result of routes redistributed into OSPF. When enabled, the redistributed routes are injected as summary, external, or NSSA LSAs. When disabled, the redistributed routes are injected as either external or NSSA LSAs only.

Default

no super-backbone

suppress-dn-bit

Syntax

[no] suppress-dn-bit

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command specifies whether to suppress the setting of the DN (down) bit for OSPF or OSPFv3 LSA packets generated by this instance of OSPF or OSPFv3 on the router. When enabled, the DN bit will not be set. When disabled, this instance of the OSPF or OSPFv3 router will follow the usual procedure to determine whether to set the DN bit.

Default

no suppress-dn-bit

timers

Syntax

timers

Context

config>service>vprn>ospf

config>service>vprn>ospf3

Description

This command enables the context that allows for the configuration of OSPF or OSPFv3 timers. Timers control the delay between receipt of an LSA requiring an SPF calculation and the minimum time between successive SPF calculations.

Changing the timers affects CPU usage and network reconvergence times. Lower values reduce reconvergence time but increase CPU usage. Higher values reduce CPU usage but increase reconvergence time.

Default

n/a

lsa-arrival

Syntax

lsa-arrival lsa-arrival-time

no lsa-arrival

Context

config>service>vprn>ospf>timers

config>service>vprn>ospf3>timers

Description

This command defines the minimum delay that must pass between receipt of the same LSAs arriving from neighbors.

It is recommended that the configured lsa-generate lsa-second-wait interval for the neighbors be equal to or greater than the lsa-arrival-time.

Use the no form of this command to return to the default.

Default

no lsa-arrival

Parameters

lsa-arrival-time

the timer in milliseconds

Values

0 to 600000

lsa-generate

Syntax

lsa-generate max-lsa-wait[lsa-initial-wait[lsa-second-wait]]

no lsa-generate

Context

config>service>vprn>ospf>timers

config>service>vprn>ospf3>timers

Description

This command customizes the throttling of OSPF or OSPFv3 LSA generation. Timers that determine when to generate the first, second, and subsequent LSAs can be controlled with this command. Subsequent LSAs are generated at increasing intervals of the lsa-second-wait timer until a maximum value is reached.

It is recommended that the lsa-arrival-time be equal to or less than the lsa-second-wait interval.

Use the no form of this command to return to the default.

Default

no lsa-generate

Parameters

max-lsa-wait

the maximum interval, in milliseconds, between two consecutive occurrences of an LSA being generated

Values

10 to 600000

Default

5000

lsa-initial-wait

the first waiting period between LSAs generated, in milliseconds. When the LSA exceeds the lsa-initial-wait timer value and the topology changes, there is no wait period and the LSA is immediately generated.

When an LSA is generated, the initial wait period commences. If, within the specified lsa-initial-wait period, another topology change occurs, the lsa-initial-wait timer applies.

Values

10 to 600000

Default

5000

lsa-second-wait

the hold time, in milliseconds, between the first and second LSA generation. The next topology change is subject to this second wait period. With each subsequent topology change, the wait time doubles (that is, two times the previous wait time). This assumes that each failure occurs within the relevant wait period.

Values

10 to 600000

Default

5000

spf-wait

Syntax

spf-wait max-spf-wait [spf-initial-wait [spf-second-wait]]

no spf-wait

Context

config>service>vprn>ospf>timers

config>service>vprn>ospf3>timers

Description

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs can be controlled with this command.

Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, the next SPF will run after 2000 ms, and the next SPF will run after 4000 ms, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

The timer must be entered in increments of 100 ms. Values entered that do not match this requirement will be rejected.

Use the no form of this command to return to the default.

Default

no spf-wait

Parameters

max-spf-wait

the maximum interval, in milliseconds, between two consecutive SPF calculations

Values

10 to 120000

Default

1000

spf-initial-wait

the initial SPF calculation delay, in milliseconds, after a topology change

Values

10 to 100000

Default

1000

spf-second-wait

the hold time, in milliseconds, between the first and second SPF calculation

Values

10 to 100000

Default

1000

vpn-domain

Syntax

vpn-domain id {0005 | 0105 | 0205 | 8005}

no vpn-domain

Context

config>service>vprn>ospf

Description

This command specifies the type of extended community attribute exchanged using BGP to carry the OSPF VPN domain ID. The command applies to VPRN instances of OSPF only. An attempt to modify the value of this attribute will result in an inconsistent value error when the instance is not a VPRN instance. The parameters are mandatory and can be entered in any order.

This command is not supported in the ospf3 context.

Default

no vpn-domain

Parameters

id

specifies the 6-octet OSPF VPN domain identifier in the format ‟xxxx.xxxx.xxxx”. This ID is exchanged using BGP in the extended community attribute associated with a prefix. This parameter applies to VPRN instances of OSPF only.

0005 | 0105 | 0205 | 8005

specifies the type of extended community attribute exchanged using BGP to carry the OSPF VPN domain ID

vpn-tag

Syntax

vpn-tag vpn-tag

no vpn-tag

Context

config>service>vprn>ospf

Description

This command specifies the route tag for an OSPF VPN on a PE router and is used mainly to prevent routing loops. This field is set in the tag field of the OSPF external LSAs generated by the PE. The command applies to VPRN instances of OSPF only. An attempt to modify the value of this tag will result in an inconsistent value error when the instance is not a VPRN instance.

This command is not supported in the ospf3 context.

Default

vpn-tag 0

Parameters

vpn-tag

specifies the route tag for an OSPF VPN

Values

0 to 4294967295

IGMP Commands

igmp

Syntax

[no] igmp

Context

config>service>vprn

Description

This command enables the context to configure IGMP parameters.

The no form of the command disables IGMP.

Default

disabled

interface

Syntax

[no] interface ip-int-name

Context

config>service>vprn>igmp

Description

This command enables the context to configure IGMP interface parameters.

Parameters

ip-int-name

specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed between double quotes.

disable-router-alert-check

Syntax

[no] disable-router-alert-check

Context

config>service>vprn>igmp>if

Description

This command enables or disables the IGMP router alert check option.

The no form of the command enables the router alert check.

Default

no disable-router-alert-check

import

Syntax

import policy-name

no import

Context

config>service>vprn>igmp>if

Description

This command imports a policy to filter IGMP packets on this interface.

The no form of the command removes the policy association from the IGMP instance.

Default

no import

Parameters

policy-name

the import route policy name. The specified names must already be defined.

max-groups

Syntax

max-groups value

no max-groups

Context

config>service>vprn>igmp>if

Description

This command specifies the maximum number of groups for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed.

The no form of the command removes the value.

Default

0 — no limit to the number of groups

Parameters

value

specifies the maximum number of groups for this interface

Values

1 to 2047

max-grp-sources

Syntax

max-grp-sources max-grp-sources

no max-grp-sources

Context

config>service>vprn>igmp>if

Description

This command configures the maximum number of group sources for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than the currently accepted number of group sources, the group sources that are already accepted are not deleted. Only new group sources will not be allowed.

The no form of the command reverts to the default.

Default

0

Parameters

max-grp-sources

specifies the maximum number of group sources

Values

1 to 2407

ssm-translate

Syntax

ssm-translate

Context

config>service>vprn>igmp

config>service>vprn>igmp>if

Description

This command enables the context to configure group ranges that are translated to SSM (S,G) entries. If the static entry needs to be created, it must be translated from an IGMPv1 or IGMPv2 request to a Source Specific Multicast (SSM) join request. An SSM translate source can only be added when the starg command is not enabled. An error message is generated when trying to configure the source command while the starg command is enabled.

grp-range

Syntax

[no] grp-range start end

Context

config>service>vprn>igmp>ssm-translate

config>service>vprn>igmp>if>ssm-translate

Description

This command is used to configure group ranges that are translated to SSM (S,G) entries.

Parameters

start

specifies the start address of the multicast group range, in a.b.c.d format

end

specifies the end address of the multicast group range, in a.b.c.d format. This value should always be greater than or equal to the start value.

source

Syntax

[no] source ip-address

Context

config>service>vprn>igmp>ssm-translate>grp-range

config>service>vprn>igmp>if>ssm-translate>grp-range

Description

This command specifies the source IP address for the group range. Whenever a (*,G) report is received and is in the range specified by grp-range start and end parameters, it is translated to an (S,G) report where ip-address is the source address.

Parameters

ip-address

specifies the unicast source address, in a.b.c.d format

static

Syntax

static

Context

config>service>vprn>igmp>if

Description

This command accesses the context to test forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without having received membership reports from host members.

Default

n/a

group

Syntax

[no] group grp-ip-address

Context

config>service>vprn>igmp>if>static

Description

This command adds a static multicast group as either a (*,G) record or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding when there is no receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.

Default

n/a

Parameters

grp-ip-address

specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group. The address must be in dotted-decimal notation.

source

Syntax

[no] source ip-address

Context

config>service>vprn>igmp>if>static>group

Description

This command specifies the source address of the multicast group. It is an IPv4 unicast address. By specifying the source address, a multicast receiver host signals to the router that the multicast group will only be receiving multicast traffic from this specific source.

The source command and the specification of individual sources for the same group are mutually exclusive.

The source command, in combination with the group command, is used to create a specific (S,G) static group entry.

The no form of the command removes the source from the configuration.

Default

n/a

Parameters

ip-address

specifies the IPv4 unicast address

Values

a.b.c.d

subnet-check

Syntax

[no] subnet-check

Context

config>service>vprn>igmp>if

Description

This command enables or disables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.

The no form of the command disables subnet-check.

Default

enabled

version

Syntax

version version

no version

Context

config>service>vprn>igmp>if

Description

This command specifies the IGMP version. If routers run different versions of IGMP, they negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP.

For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.

Default

3

Parameters

version

specifies the IGMP version number

Values

1, 2, or 3

query-interval

Syntax

query-interval seconds

no query-interval

Context

config>service>vprn>igmp

Description

This command specifies the frequency at which the querier router transmits general host-query messages. The host-query messages solicit group membership information and are sent to the all-systems multicast group address, 224.0.0.1.

Default

125

Parameters

seconds

specifies the frequency, in seconds, at which the router transmits general host-query messages

Values

2 to 1024

query-last-member-interval

Syntax

query-last-member-interval seconds

no query-last-member-interval

Context

config>service>vprn>igmp

Description

This command configures the frequency at which the querier sends group-specific query messages, including messages sent in response to leave-group messages; the shorter the interval, the faster the detection of the loss of the last member of a group.

Default

1

Parameters

seconds

specifies the frequency, in seconds, at which query messages are sent

Values

1 to 1023

query-response-interval

Syntax

query-response-interval seconds

no query-response-interval

Context

config>service>vprn>igmp

Description

This command specifies how long the querier router waits to receive a response to a host-query message from a host.

Default

10

Parameters

seconds

specifies the length of time, in seconds, that the router waits to receive a response to the host-query message from the host

Values

1 to 1023

robust-count

Syntax

robust-count robust-count

no robust-count

Context

config>service>vprn>igmp

Description

This command configures the robust count. The robust-count allows adjusting for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count can be increased.

Default

2

Parameters

robust-count

specifies the robust count value

Values

2 to 10

PIM Commands

pim

Syntax

[no] pim

Context

config>service>vprn

Description

This command configures a Protocol Independent Multicast (PIM) instance in the VPRN service. When a PIM instance is created, the protocol is enabled. PIM is used for multicast routing within the network. Devices in the network can receive the requested multicast feed and non-participating routers can be pruned. The router supports PIM sparse mode (PIM-SM).

The no form of the command deletes the PIM protocol instance, removing all associated configuration parameters.

Default

n/a

apply-to

Syntax

apply-to {all | none}

Context

config>service>vprn>pim

Description

This command creates a PIM interface configured with default parameters.

If a manually created interface or a modified interface is deleted, the interface will be recreated when the apply-to command is executed. If PIM is not required on a specific interface, execute a shutdown command on the interface.

The apply-to command is saved first in the PIM configuration structure; all subsequent apply-to commands either create new structures or modify the defaults as created by the apply-to command.

Default

none (keyword)

Parameters

all

specifies that all VPRN and non-VPRN interfaces are automatically applied in PIM

none

specifies that no interfaces are automatically applied in PIM; PIM interfaces must be manually configured

import

Syntax

import {join-policy | register-policy} policy-name [policy-name…(up to 5 max)]

no import {join-policy | register-policy}

Context

config>service>vprn>pim

Description

This command specifies up to five import route policies to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.

The no form of the command removes the policy associations from the PIM instance for the specified type.

Default

no import join-policy no import register-policy

Parameters

join-policy

specifies filtering PIM join messages to prevent unwanted multicast streams from traversing the network

register-policy

specifies filtering PIM messages to prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.

policy-name

specifies the route policy name

interface

Syntax

[no] interface ip-int-name

Context

config>service>vprn>pim

Description

This command enables PIM on an interface and enables the context to configure interface-specific parameters. By default, interfaces are activated in PIM based on the apply-to command and do not have to be configured on an individual basis unless the default values must be changed.

The no form of the command deletes the PIM interface configuration for this interface. If the apply-to command parameter is configured, then the no interface form must be saved in the configuration to avoid automatic recreation of the interface after the next apply-to command is executed as part of a reboot.

The shutdown command can be used to disable an interface without removing the configuration for the interface.

Default

Interfaces are activated in PIM based on the apply-to command.

Parameters

ip-int-name

specifies the interface name up to 32 characters; if the string contains special characters (such as #, $, or spaces), then the entire string must be enclosed between double quotes

assert-period

Syntax

assert-period assert-period

no assert-period

Context

config>service>vprn>pim>if

Description

This command configures the time between refreshes of PIM assert messages on an interface.

The no form of the command reverts to the default.

Default

60

Parameters

assert-period

specifies the time, in seconds, between refreshes of PIM assert messages on an interface

Values

1 to 300

bsm-check-rtr-alert

Syntax

[no] bsm-check-rtr-alert

Context

config>service>vprn>pim>if

Description

This command enables the checking of the router alert option in the bootstrap messages received on this interface.

Default

no bsm-check-rtr-alert

bfd-enable

Syntax

[no] bfd-enable [ipv4]

Context

config>service>vprn>pim>if

Description

This command enables the use of bidirectional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set via the bfd command under the IP interface.

The no form of this command removes BFD from the associated IGP protocol adjacency.

Default

no bfd-enable

hello-interval

Syntax

hello-interval hello-interval

no hello-interval

Context

config>service>vprn>pim>if

Description

This command configures the interval at which PIM hello messages are transmitted on this interface.

The no form of this command reverts to the default value.

Default

30

Parameters

hello-interval

specifies the hello interval, in seconds; a 0 value disables the sending of hello messages

Values

0 to 255

hello-multiplier

Syntax

hello-multiplier deci-units

no hello-multiplier

Context

config>service>vprn>pim>if

Description

This command configures the multiplier used to determine the hold time for a PIM neighbor.

The hello-multiplier in conjunction with the hello-interval determines the hold time for a PIM neighbor.

Parameters

deci-units

specifies the value of the hello-multiplier, in multiples of 0.1, for the formula used to calculate the hello hold-time

hello hold-time = (hello-interval * hello-multiplier) / 10

This allows the PIMv2 default timeout of 3.5 s to be supported. For example, if hello-interval = 1 s, and hello-multiplier = 35 deci-units, then hold-time = (1 * 35) / 10 = 3.5 s.

Values

20 to 100

Default

35 (3.5 s)

improved-assert

Syntax

[no] improved-assert

Context

config>service>vprn>pim>if

Description

This command enables improved assert processing on this interface. The PIM assert process establishes a forwarder node for a LAN and requires interaction between the control and forwarding planes.

The assert process is started when data is received on an outgoing interface. There can be an impact on performance if data is continuously received on an outgoing interface.

When enabled, the PIM assert process occurs entirely on the control plane, with no interaction between the control and forwarding planes.

Default

enabled

instant-prune-echo

Syntax

[no] instant-prune-echo

Context

config>service>vprn>pim>if

Description

This command enables or disables instant PruneEcho for a PIM interface.

Default

no instant-prune-echo

ipv4-multicast-disable

Syntax

[no] ipv4-multicast-disable

Context

config>service>vprn>pim

config>service>vprn>pim>if

Description

This command administratively disables or enables PIM operation for IPv4.

Default

no ipv4-multicast-disable

max-groups

Syntax

max-groups value

no max-groups

Context

config>service>vprn>pim>if

Description

This command configures the maximum number of groups for which PIM can have a downstream state based on received PIM join messages on this interface. This number does not include IGMP local receivers on the interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed. When this configuration has a value of 0, there is no limit to the number of groups.

Parameters

value

specifies the maximum number of groups for this interface

Values

1 to 2047

multicast-senders

Syntax

multicast-senders {auto | always | never}

no multicast-senders

Context

config>service>vprn>pim>if

Description

This command configures the way subnet matching is done for incoming data packets on this interface. An IP multicast sender is a user entity to be authenticated in a receiving host.

Parameters

auto

specifies that subnet matching is automatically performed for incoming data packets on this interface

always

specifies that subnet matching is always performed for incoming data packets on this interface

never

specifies that subnet matching is never performed for incoming data packets on this interface

multicast-to-multicast

Syntax

multicast-to-multicast source ip-address group-start ip-address group-end ip-address to-multicast group-address

no multicast-to-multicast

Context

config>service>vprn>pim>interface

Description

This command enables multicast-to-multicast address translation by mapping a range of source IP addresses to a range of multicast group addresses. The PIM interface on the 7705 SAR translator router is the source of the multicast address. Multiple (S,G)s (for example, s1,g1 / s2,g1 / s3,g1) can be mapped to a single PIM interface, using the same source IP address for the translated (S,G) but for a range of groups.

The PIM interface on the translator router must first be enabled for multicast translation with the config>router>interface>multicast-translation command.

Default

no multicast-to-multicast

Parameters

source ip-address

the source address of the (S,G) being translated

group-start ip-address

the starting group address of the (S,G) being translated

group-end ip-address

the ending group address of the (S,G) being translated

group-address

the multicast group address used for translation

priority

Syntax

priority dr-priority

no priority

Context

config>service>vprn>pim>if

Description

This command sets the priority value for the interface to become the designated router (DR), so that multiple PIM routers do not exist on one Layer 2 network.

The no form of the command resets the priority to the default value.

Default

1 (the router is least likely to become the designated router)

Parameters

dr-priority

specifies the priority to become the designated router; greater values have higher priority

Values

1 to 4294967295

sticky-dr

Syntax

sticky-dr [priority dr-priority]

no sticky-dr

Context

config>service>vprn>pim>if

Description

This command enables sticky-dr operation on this interface. When enabled, the priority value used in PIM hello messages sent on this interface when elected as the designated router (DR) is changed to the value configured with this command. This is done to avoid forwarding delays caused by DR recovery, which occurs when switching back to the old DR on a LAN when the old DR comes back up.

By enabling sticky-dr on this interface, the interface continues to act as the DR for the LAN even after the old DR comes back up.

When sticky-dr is used without the priority keyword, the sticky-dr priority value is 1024 (default).

The no form of the command disables sticky-dr operation on this interface.

Default

disabled (no sticky-dr)

Parameters

dr-priority

when sticky-dr operation is enabled, dr-priority sets the DR priority sent in PIM hello messages after the election of that interface as the DR

Default

1024

Values

1 to 4294967295

three-way-hello

Syntax

[no] three-way-hello

Context

config>service>vprn>pim>if

Description

This command configures the compatibility mode to enable three-way hello. By default, three-way hello is disabled on all interfaces and the standard two-way hello is supported.

Default

no three-way-hello

tracking-support

Syntax

[no] tracking-support

Context

config>service>vprn>pim>if

Description

This command sets the T-bit in the LAN prune delay option of the hello message. This indicates the router's capability to disable join-message suppression.

Default

no tracking-support

unicast-to-multicast

Syntax

unicast-to-multicast unicast-start ip-address unicast-end ip-address destination ip-address to-multicast ip-address

no unicast-to-multicast

Context

config>service>vprn>pim>interface

Description

This command enables unicast-to-multicast address translation by mapping a range of unicast source addresses and a unicast destination address to a multicast group address. The unicast destination address is a loopback IP address configured on the 7705 SAR that is performing the translation. This translator router becomes the source of the multicast packets. The multicast source address is a loopback interface IP address configured on the PIM interface of the translator router. The PIM interface on the 7705 SAR translator router must first be enabled for multicast translation with the config>service>vprn>interface> multicast-translation command.

The unicast destination and the multicast source can be the same loopback address or different loopback addresses.

The translation can map a range of unicast source addresses to a range of multicast group addresses. For example, if the unicast source address range is 1.1.1.1 to 1.1.1.4 and the multicast group address is 230.0.0.100, the following multicast destination address range is created:

Unicast Source

Multicast Group

1.1.1.1

230.0.0.100

1.1.1.2

230.0.0.101

1.1.1.3

230.0.0.102

1.1.1.4

230.0.0.103

Default

no unicast-to-multicast

Parameters

unicast-start ip-address

the start of the range of unicast source addresses to be translated

unicast-end ip-address

the end of the range of unicast source addresses to be translated

destination ip-address

the destination address of the unicast stream being translated

multicast ip-address

the group and destination addresses for the multicast stream

non-dr-attract-traffic

Syntax

[no] non-dr-attract-traffic

Context

config>service>vprn>pim

Description

This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.

An operator can configure an interface (router or IES or VPRN interfaces) with IGMP and PIM. The interface IGMP state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM, which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers, a non-dr-attract-traffic flag can be used in the PIM context to have the router ignore the DR state and attract traffic when it is not the DR. While using this flag, the router may not send the stream to the DSLAM when it is not the DR.

The no form of the command disables the DR state. When disabled, the DR state is used.

Default

no non-dr-attract-traffic

rp

Syntax

rp

Context

config>service>vprn>pim

Description

This command enables access to the context to configure the rendezvous point (RP) of a PIM protocol instance.

A PIM router acting as an RP must respond to a PIM register message that specifies an SSM multicast group address by sending stop register messages to the first-hop router. The PIM router does not build an (S, G) shortest path tree toward the first-hop router. An SSM multicast group address can be an address either from the SSM default range of 232/8 or from a multicast group address range that was explicitly configured for SSM.

Default

rp enabled when PIM is enabled

anycast

Syntax

[no] anycast rp-ip-address

Context

config>service>vprn>pim>rp

Description

This command configures a PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.

The no form of the command removes the anycast instance from the configuration.

Default

n/a

Parameters

rp-ip-address

specifies the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If a subsequent anycast command is entered with an address then the old address will be replaced with the new address. If no ip-address is entered then the command is used to enter the anycast CLI level.

Values

a.b.c.d (any valid loopback address configured on the node)

rp-set-peer

Syntax

[no] rp-set-peer ip-address

Context

config>service>vprn>pim>rp>anycast

Description

This command configures a peer in the anycast RP-set. The ip-address identifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.

Caution: This is a manual procedure. Caution should be taken to produce a consistent configuration of an RP-set for a given multicast group address range. The priority should be identical on each node and be a higher value than any other configured RP candidate that is not a member of this RP-set.

Although there is no set maximum number of addresses that can be configured in an RP-set, up to 15 multicast addresses is recommended.

The no form of the command removes an entry from the list.

Default

n/a

Parameters

ip-address

specifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.

Values

a.b.c.d

auto-rp-discovery

Syntax

[no] auto-rp-discovery

Context

config>service>vprn>pim>rp

Description

This command enables auto-RP protocol in discovery mode. In discovery mode, RP-mapping and RP-candidate messages are received and forwarded to downstream nodes. RP-mapping messages are received locally to learn about availability of RP nodes present in the network.

Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together. The auto-rp-discovery command cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.

The no form of the command disables auto-RP discovery.

Default

no auto-rp-discovery

bootstrap-export

Syntax

bootstrap-export policy-name [policy-name... (up to 5 max)]

no bootstrap-export

Context

config>service>vprn>pim>rp

Description

This command exports policies to control the flow of bootstrap messages from the RP. Up to five policies can be defined.

The no form of this command removes the specified policy names from the configuration.

Default

n/a

Parameters

policy-name

specifies the policy name, where the policy statement must already be configured in the config>router>policy-options context

bootstrap-import

Syntax

bootstrap-import policy-name [policy-name... (up to 5 max)]

no bootstrap-import

Context

config>service>vprn>pim>rp

Description

This command imports policies to control the flow of bootstrap messages to the RP. Up to five policies can be defined.

The no form of this command removes the specified policy names from the configuration.

Default

n/a

Parameters

policy-name

specifies the policy name, where the policy statement must already be configured in the config>router>policy-options context

bsr-candidate

Syntax

bsr-candidate

Context

config>service>vprn>pim>rp

Description

This command enables the context to configure candidate bootstrap router (BSR) parameters.

Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together.

Default

bsr-candidate shutdown

address

Syntax

[no] address ip-address

Context

config>service>vprn>pim>rp>bsr-candidate

config>service>vprn>pim>rp>rp-candidate

Description

This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.

Use the no form of this command to remove the static RP from the configuration.

Default

no address

Parameters

ip-address

specifies the IP host address that will be used by the IP interface within the subnet. This address must be a unique unicast address within the subnet and specified in dotted-decimal notation (1.0.0.0 to 223.255.255.255).

Values

a.b.c.d

hash-mask-len

Syntax

hash-mask-len hash-mask-length

no hash-mask-len

Context

config>service>vprn>pim>rp>bsr-candidate

Description

This command is used to configure the length of the mask that is combined with the group address before the hash function is called. All groups with the same hash result will map to the same RP. For example, if the hash-mask-length value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

Default

30

Parameters

hash-mask-length

the hash mask length

Values

0 to 32

priority

Syntax

priority bootstrap-priority

Context

config>service>vprn>pim>rp>bsr-candidate

Description

This command defines the priority used when determining the rendezvous point (RP). The higher the priority value the more likely that this router becomes the RP. If there is a tie, the router with the highest IP address is elected.

Parameters

bootstrap-priority

the priority value used to become the bootstrap router

Values

0 to 255

Default

0 (the router is not eligible to be the bootstrap router)

rp-candidate

Syntax

rp-candidate

Context

config>service>vprn>pim>rp

Description

This command enables the context to configure the candidate rendezvous point (RP) parameters.

Default

enabled when PIM is enabled

group-range

Syntax

[no] group-range {grp-ip-prefix/mask | grp-ip-prefix netmask}

Context

config>service>vprn>pim>rp>rp-candidate

Description

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.

Default

n/a

Parameters

grp-ip-address

specifies the multicast group IP address expressed in dotted-decimal notation (224.0.0.0 to 239.255.255.255)

Values

a.b.c.d (multicast group address)

mask

specifies the mask associated with the IP prefix expressed as a mask length or in dotted-decimal notation; for example /16 for a sixteen-bit mask. The mask can also be entered in dotted-decimal notation (255.255.0.0).

Values

4 to 32

netmask

specifies the subnet mask in dotted-decimal notation (0.0.0.0 to 255.255.255.255)

Values

a.b.c.d (network bits all 1 and host bits all 0)

holdtime

Syntax

holdtime holdtime

no holdtime holdtime

Context

config>service>vprn>pim>rp>rp-candidate

Description

This command defines the length of time a neighboring router considers this router to be up.

The no form of this command reverts to the default value.

Default

150

Parameters

holdtime

specifies the length of time, in seconds, that neighbor should consider the sending router to be operational

Values

5 to 255

priority

Syntax

priority priority

no priority priority

Context

config>service>vprn>pim>rp>rp-candidate

Description

This command defines the priority used to determine the rendezvous point (RP). The higher the priority value, the more likely that this router will become the RP.

Use the no form of this command to revert to the default value.

Default

192

Parameters

priority

specifies the priority to become the designated router

Values

0 to 255

static

Syntax

static

Context

config>service>vprn>pim>rp

Description

This command enables access to the context to configure a static rendezvous point (RP) for a PIM-SM protocol instance.

Default

n/a

address

Syntax

[no] address ip-address

Context

config>service>vprn>pim>rp>static

Description

This command configures the static rendezvous point (RP) address.

The no form of this command removes the static RP entry from the configuration.

Default

n/a

Parameters

ip-address

specifies the IP host address in dotted-decimal notation (1.0.0.0 to 223.255.255.255).

Values

a.b.c.d

group-prefix

Syntax

[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}

Context

config>service>vprn>pim>rp>static

Description

The command defines a range of multicast IP addresses for which a certain RP is applicable.

The no form of the command removes the criterion.

Default

n/a

Parameters

grp-ip-address

specifies the multicast IP address

Values

a.b.c.d (multicast group address)

mask

defines the mask of the multicast-ip-address

Values

4 to 32

netmask

the subnet mask in dotted-decimal notation

Values

a.b.c.d (network bits all 1 and host bits all 0)

override

Syntax

[no] override

Context

config>service>vprn>pim>rp>static

Description

This command changes the precedence of static RP over dynamically-learned RP.

When enabled, the static group-to-RP mappings take precedence over the dynamically-learned mappings.

Default

no override

spt-switchover-threshold

Syntax

spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold

no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}

Context

config>service>vprn>pim

Description

This command configures a shortest path tree (SPT) switchover threshold for a group prefix.

PIM-SM routers with directly connected routers receive multicast traffic initially on a shared tree rooted at the rendezvous point (RP). Once the traffic arrives on the shared tree and the source of the traffic is known, a switchover to the SPT tree rooted at the source is attempted.

For a group that falls in the range of a prefix configured in the table, the corresponding threshold value determines when the router should switch over from the shared tree to the source specific tree. The switchover is attempted only if the traffic rate on the shared tree for the group exceeds the configured threshold.

In the absence of any matching prefix in the table, the default behavior is to switchover when the first packet is seen. In the presence of multiple prefixes matching a given group, the most specific entry is used.

Parameters

grp-ip-address

specifies the multicast group address

Values

a.b.c.d (multicast group address)

mask

defines the mask of the multicast IP address

Values

4 to 32

netmask

the subnet mask in dotted-decimal notation

Values

a.b.c.d (network bits all 1 and host bits all 0)

spt-threshold

specifies the configured threshold, in kilobits per second (kb/s), for the group to which this (S,G) belongs. For a group (G) configured with a threshold, switchover to SPT for an (S,G) is attempted only if the (S,G) rate exceeds this configured threshold. When the infinity keyword is specified, no switchover will occur at any time, regardless of the traffic level detected.

Values

1 to 4294967294 | infinity (threshold in kbps)

ssm-default-range-disable

Syntax

[no] ssm-default-range-disable ipv4

Context

config>service>vprn>pim

Description

This command specifies whether to disable the use of default range (232/8) for SSM so that it can be used by ASM to process (*,G). When enabled, the use of the default range is disabled for SSM and it (the default range) can be used by ASM. When disabled, the SSM default range is enabled.

The no form of the command enables the use of the default range.

Default

no ssm-default-range-disable (enabled)

ssm-groups

Syntax

[no] ssm-groups

Context

config>service>vprn>pim

Description

This command enables access to the context to enable a source-specific multicast (SSM) configuration instance.

Default

n/a

group-range

Syntax

[no] group-range {ip-prefix/mask | ip-prefix netmask}

Context

config>service>vprn>pim>ssm-groups

Description

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.

Default

n/a

Parameters

ip-prefix

specifies the addresses or address ranges for which this router can be an RP

Values

a.b.c.d

mask

specifies the address mask used with the address to define a range of addresses

Values

0 to 32

netmask

specifies the subnet mask in dotted-decimal notation

Values

a.b.c.d (network bits all 1 and host bits all 0)

RIP Commands

rip

Syntax

[no] rip

Context

config>service>vprn

Description

This command enables the RIP protocol on a VPRN interface.

The no form of the command disables the RIP protocol on a VPRN interface.

authentication-key

Syntax

authentication-key [authentication-key | hash-key] [hash | hash2]

no authentication-key

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command sets the authentication password to be passed between RIP neighbors. The authentication type and authentication key must match exactly in order for the RIP message to be considered authentic.

The authentication key can be any combination of ASCII characters up to 16 characters long. The hash-key can be any combination of ASCII characters up to 33 characters long.

The no form of the command removes the authentication password from the configuration and disables authentication.

Default

no authentication-key

Parameters

authentication-key

the authentication key. The key can be any combination of ASCII characters up to 16 characters in length (unencrypted). If spaces are used in the string, the entire string must be enclosed in double quotes.

hash-key

the hash key. The key can be any combination of ASCII characters up to 33 characters in length (encrypted). If spaces are used in the string, the entire string must be enclosed in double quotes.

hash

specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

hash2

specifies the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.

authentication-type

Syntax

authentication-type {none | password | message-digest-20}

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command sets the type of authentication to be used between RIP neighbors. Authentication type can be specified regardless of the configured send and receive parameters, but will only apply to RIPv2 packets.

The type and password must match exactly for the RIP message to be considered authentic and processed.

The no form of the command removes the authentication type from the configuration and disables authentication.

Default

no authentication-type

Parameters

none

disables authentication

password

enables simple password (plaintext) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.

message-digest-20

configures 16-byte message digest for MD5 authentication. If this option is configured, then at least one message-digest key must be configured.

check-zero

Syntax

check-zero {enable | disable}

no check-zero

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The check-zero enable command enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting of non-compliant RIP messages.

The check-zero disable command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

The check-zero command can be enabled at all three RIP levels. The most specific value is used. If no check-zero value is set (no check-zero), the setting from the less-specific level is inherited by the lower level.

The no form of the command disables check-zero on the configuration.

Default

no check-zero

Parameters

enable

configures the router to reject RIP messages that do not have zero in the mandatory fields

disable

configures the router to accept RIP messages that do not have zero in the mandatory fields

export

Syntax

export policy-name [policy-name... (up to 5 max)]

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command specifies the export policies to be used to control routes advertised to RIP neighbors.

By default, when no export policies are specified, RIP routes are advertised and non-RIP routes are not advertised.

The no form of the command removes all route policy names from the export list.

Default

no export

Parameters

policy-name

the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

export-limit

Syntax

export-limit number [log percentage]

no export-limit

Context

config>service>vprn>rip

Description

This command configures the maximum number of routes (prefixes) that can be exported into RIP from the route table.

The no form of the command removes the configured parameter values.

Default

no export-limit

Parameters

number

specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table

Values

1 to 4294967295

percentage

specifies the percentage of the export-limit, that when reached, causes a warning log message and SNMP notification to be sent

Values

1 to 100

group

Syntax

[no] group group-name

Context

config>service>vprn>rip

Description

This command creates a context for configuring a RIP group of neighbors.

RIP groups logically associate RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

The no form of the command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.

Default

no group

Parameters

group-name

the RIP group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

import

Syntax

import policy-name [policy-name... (up to 5 max)]

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command specifies the import policy to be used to control routes advertised from RIP neighbors.

By default, RIP accepts all routes from RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

The no form of the command removes all route policy names from the import list.

Default

no import

Parameters

policy-name

the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

message-size

Syntax

message-size max-num-of-routes

no message-size

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command configures the maximum number of routes per RIP update message.

By default, each update can contain a maximum of 25 route advertisements. This limit is imposed by RIP specifications. RIP can be configured to send as many as 255 routes per update.

The no form of the command reverts to the default value.

Default

no message-size

Parameters

max-num-of-routes

an integer value

Default

25

Values

25 to 255

metric-in

Syntax

metric-in metric

no metric-in

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command configures the metric added to routes received from a RIP neighbor. The specified metric value is added to the hop count and shortens the maximum distance of the route.

When applying an export policy to a RIP configuration, the policy overrides the metric values determined through calculations involving the metric-in and metric-out values.

The no form of the command reverts to the default value.

Default

no metric-in

Parameters

metric

the value added to the metric of routes received from a RIP neighbor, expressed as a decimal integer

Values

1 to 16

metric-out

Syntax

metric-out metric

no metric-out

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command configures the metric added to routes exported into RIP and advertised to RIP neighbors. The specified metric value is added to the hop count and shortens the maximum distance of the route.

When applying an export policy to a RIP configuration, the policy overrides the metric values determined through calculations involving the metric-in and metric-out values.

The no form of the command removes the command from the configuration and resets the metric-in value to the default.

Default

no metric-out

Parameters

metric

the value added to the metric of routes exported into RIP and advertised to RIP neighbors, expressed as a decimal integer

Values

1 to 16

neighbor

Syntax

[no] neighbor ip-int-name

Context

config>service>vprn>rip>group

Description

This command creates a context for configuring a RIP neighbor interface.

By default, interfaces are not activated unless explicitly configured.

The no form of the command deletes the RIP interface configuration for this interface. The shutdown command in the config>router>rip>group>neighbor context can be used to disable an interface without removing the configuration for the interface.

Default

no neighbor

Parameters

ip-int-name

the IP interface name. Interface names must be unique within the group of defined IP interfaces for config>router>interface and config>service>vprn>interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

preference

Syntax

preference preference

no preference

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command configures the route preference assigned to RIP routes. This value can be overridden by route policies.

The no form of the command reverts to the default value.

Default

no preference

Parameters

preference

the route preference, expressed as an integer value

Default

100

Values

1 to 255

propagate-metric

Syntax

[no] propagate-metric

Context

config>service>vprn>rip

Description

This command allows the RIP metric to be used to set the MP-BGP MED attribute when RIP is used as the CE-PE routing protocol for VPRNs. This is similar to the way the OSPF metric can be used to set the MP-BGP metric when OSPF is used as the CE-PE protocol.

MP-BGP uses the RIP metric to set the MED attribute, which is flooded throughout the MP-BGP peers and is then used to set the RIP metric at the other end and re-advertise the RIP metric to the far-end RIP neighbors.

receive

Syntax

receive receive-type

no receive

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command configures the types of RIP updates that will be accepted and processed.

If you specify both or version-2, the RIP instance listens for, and accepts, packets sent to the broadcast (255.255.255.255) and multicast (224.0.0.9) addresses.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

The default behavior is to accept and process both RIPv1 and RIPv2 messages.

The no form of the command reverts to the default value.

Default

both

Parameters

receive-type

configures the type of RIP updates that will be accepted and processed

Values

receiver-type values are both, none, version-1, and version-2, where:

both

specifies that RIP updates in either version 1 or version 2 format will be accepted

none

specifies that RIP updates will not be accepted

version-1

specifies that only RIP updates in version 1 format will be accepted

version-2

specifies that only RIP updates in version 2 format will be accepted

send

Syntax

send send-type

no send

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command specifies the type of RIP messages sent to RIP neighbors.

If multicast is specified, the router sends RIPv2 messages to the multicast (224.0.0.9) destination address.

If broadcast, or version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

The no form of this command reverts to the default value.

Default

broadcast

Parameters

send-type

configures the type of RIP messages that are sent to RIP neighbors

Values

send-type values are broadcast, multicast, none, and version-1, where:

broadcast:

sends RIPv2 formatted messages to the broadcast address

multicast:

sends RIPv2 formatted messages to the multicast address

none:

does not send any RIP messages (silent listener)

version-1:

sends RIPv1 formatted messages to the broadcast address

split-horizon

Syntax

split-horizon {enable | disable}

no split-horizon

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command enables the use of split-horizon. RIP uses split-horizon with poison-reverse to protect from such problems as ‟counting to infinity”. Split-horizon with poison reverse means that routes learned from a neighbor through an interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

The split-horizon disable command enables split-horizon without poison-reverse. This allows the routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.

This parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group), or neighbor level (only applies to the specified neighbor interface). The most specific value is used. If no value is set (no split-horizon), the setting from the less-specific level is inherited by the lower level.

The no form of the command disables split-horizon.

Default

enable

Parameters

enable

enables split-horizon and poison-reverse

disable

disables poison-reverse but leaves split-horizon enabled

timers

Syntax

timers update timeout flush

Context

config>service>vprn>rip

config>service>vprn>rip>group

config>service>vprn>rip>group>neighbor

Description

This command configures values for the update, timeout, and flush RIP timers.

The RIP update timer determines how often RIP updates are sent.

If the route is not updated by the time the RIP timeout timer expires, the route is declared invalid but is maintained in the RIP database.

The RIP flush timer determines how long a route is maintained in the RIP database after it has been declared invalid. After the flush timer expires, the route is removed from the RIP database.

The no form of the command reverts all timers to their default values.

Default

no timers

Parameters

update

the RIP update timer value, in seconds, expressed as a decimal integer

Values

1 to 600

Default

30

timeout

the RIP timeout value, in seconds, expressed as a decimal integer

Values

1 to 1200

Default

180

flush

the RIP flush timer value, in seconds, expressed as a decimal integer

Values

1 to 1200

Default

120

VPRN Security Configuration Commands

zone

Syntax

zone {zone-id | zone-name} [create]

no zone zone-id

Context

config>service>vprn

Description

This command creates or specifies a security zone within a VPRN context. Each zone must have a unique ID.

All zones must be explicitly created with the create keyword. If no zones are created within a service or router context, a zone will not exist on that object.

Enter an existing zone without the create keyword to edit zone parameters.

The no form of this command deletes the zone. When a zone is deleted, all configuration parameters for the zone are also deleted.

Parameters

zone-id

the zone ID number. The zone ID must be unique within the system.

Values

1 to 65534

abort

Syntax

abort

Context

config>service>vprn>zone

Description

This command discards changes made to a security feature.

Default

n/a

begin

Syntax

begin

Context

config>service>vprn>zone

Description

This command enters the mode to create or edit security features.

Default

n/a

commit

Syntax

commit

Context

config>service>vprn>zone

Description

This command saves changes made to security features.

Default

n/a

auto-bind

Syntax

auto-bind

no auto-bind

Context

config>service>vprn>zone

Description

This command creates a security zone on automatically bound GRE, MPLE, or LDP transport tunnels configured for this service. Depending on how the security policy is configured, any traffic entering or exiting the zone is firewalled; traffic traveling between auto-bind LSPs in the zone is not firewalled.

Default

n/a

inbound

Syntax

inbound

Context

config>service>vprn>zone

Description

This command enables the context to configure limit parameters on inbound security sessions.

Default

n/a

outbound

Syntax

outbound

Context

config>service>vprn>zone

Description

This command enables the context to configure limit parameters for outbound security sessions on the CSM.

Default

n/a

limit

Syntax

limit

Context

config>service>vprn>zone>inbound

config>service>vprn>zone>outbound

Description

This command enables the context to configure limits on concurrent sessions for inbound or outbound firewall sessions on the CSM.

Default

n/a

concurrent-sessions

Syntax

concurrent-sessions {tcp | udp | icmp | other} sessions

no concurrent-sessions {tcp | udp | icmp | other}

Context

config>service>vprn>zone>inbound>limit

config>service>vprn>zone>outbound>limit

Description

This command configures the maximum number of concurrent firewall sessions that can be established per zone, in either the inbound or outbound direction.

Default

n/a

Parameters

tcp

specifies that TCP connection traffic is to be firewalled

udp

specifies that UDP connection traffic is to be firewalled

icmp

specifies that ICMP connection traffic is to be firewalled

other

specifies that the traffic to be firewalled is other than TCP, UDP, or ICMP

sessions

the maximum number of concurrent firewall sessions that can be created in a zone for the configured direction

Values

1 to 16383

interface

Syntax

[no] interface ip-int-name

Context

config>service>vprn>zone

Description

This command creates a logical IP routing interface for a zone. Once created, attributes such as an IP address can be associated with the IP interface. Multiple interfaces can be configured on a zone.

The no form of this command removes the IP interface and all the associated configurations.

Parameters

ip-int-name

the name of the interface to be configured within the zone

Values

1 to 32 characters (must start with a letter)

log

Syntax

log {log-id | name}

no log

Context

config>service>vprn>zone

Description

This command applies a security log to the specified zone. The security log must already be configured in the config>security>policy context.

The no form of this command removes logging for the zone.

Parameters

log-id

the identifier for the log

Values

1 to 32 characters

name

the name of the log

Values

1 to 32 characters

name

Syntax

name zone-name

no name

Context

config>service>vprn>zone

Description

This command configures a zone name. The zone name is unique within the system. It can be used to refer to the zone under configure, show, and clear commands.

Parameters

zone-name

 specifies the name of the zone

Values

1 to 32 characters (must start with a letter). If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

nat

Syntax

nat

Context

config>service>vprn>zone

Description

This command enters the context to configure NAT security parameters for a zone.

pool

Syntax

pool pool-id [create]

no pool pool-id

Context

config>service>vprn>zone>nat

Description

This command configures the NAT pool for the security zone within a VPRN service. Each pool must have a unique ID.

All pools must be explicitly created with the create keyword.

Enter an existing pool without the create keyword to edit pool parameters.

The no form of this command deletes the specified NAT pool. When a pool is deleted, all configuration parameters for the pool will also be deleted.

Parameters

pool-id

the pool ID number

Values

1 to 100

direction

Syntax

direction {zone-outbound | zone-inbound | both}

no direction

Context

config>service>vprn>zone>nat>pool

Description

This command configures the NAT pool direction for the security zone. A specific NAT pool can be configured for different directions while using the same policy. For example, if the security policy entry direction is set to both, separate inbound and outbound pools can be created for that policy.

The no form of this command deletes the direction.

Parameters

zone-outbound

configures a pool for the policy outbound traffic

zone-inbound

configures a pool for the policy inbound traffic

both

configures a pool for policy inbound and outbound traffic

entry

Syntax

entry entry-id [create]

no entry entry-id

Context

config>service>vprn>zone>nat>pool

Description

This command configures a NAT pool entry within a VPRN service.

The no form of this command deletes the entry with the specified ID. When an entry is deleted, all configuration parameters for the entry will also be deleted.

Parameters

entry-id

the entry ID number

Values

1 to 65535

ip-address

Syntax

ip-address ip-address [to ip-address] interface ip-int-name

no ip-address

Context

config>service>vprn>zone>nat>pool>entry

Description

This command configures the source IP address or IP address range to which packets that match NAT policy are routed using NAT. An interface can also be configured, in which case all packets that match NAT policy are routed to the interface IP address. If the interface IP address is changed dynamically, NAT is updated accordingly. Only one IP address can be associated with an IP interface. Source IP addresses and interfaces cannot be used together in a single NAT pool.

The IP address for the interface must be entered in dotted-decimal notation.

The no form of the command removes the IP address assignment. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.

Parameters

ip-address

the source IP address to be used by NAT. The ip-address portion of the ip-address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.

Values

1.0.0.0 to 223.255.255.255

ip-int-name

the name of the interface to be used by NAT

port

Syntax

port port [to port]

no port

Context

config>service>vprn>zone>nat>pool>entry

Description

This command configures the UDP/TCP port or port range. Packets that match NAT policy undergo network port address translation (NPAT) and are routed to their source UDP/TCP port. Configuring a UDP/TCP port pool requires an IP-address pool because the 7705 SAR does not support port address translation (PAT) alone.

The no form of this command deletes the port or port range.

Parameters

port

the UDP/TCP port or range of ports to which NPAT is applied

name

Syntax

name pool-name

no name

Context

config>service>vprn>zone>nat>pool

Description

This command configures a zone pool name. Pool names must be unique within the group of pools defined for a zone. It can be used to refer to the pool under configure, show, and clear commands.

Parameters

pool-name

 specifies the name of the pool. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

Values

1 to 32 characters (must start with a letter).

policy

Syntax

policy {policy-id | policy-name}

no policy policy-id

Context

config>service>vprn>zone

Description

This command sets the policy to be used by the security zone to build its matching criteria for incoming packets.

The no form of this command deletes the specified policy.

Parameters

policy-id

the number of the referenced policy

Values

1 to 65535

VPRN Raw Socket IP Transport Configuration Commands

ip-transport

Syntax

[no] ip-transport ipt-id [create]

no ip-transport ipt-id

Context

config>service>vprn

Description

This command creates an IP transport subservice within a VPRN service. An IP transport subservice is used to transmit serial raw socket data to and from a local host and remote host.

All IP transport subservices must be explicitly created using the create keyword. An IP transport subservice is owned by the service within which it is created. An IP transport subservice can only be associated with a single service. The create keyword is not needed when editing parameters for an existing IP transport subservice. An IP transport subservice must be first shut down before changes can be made to the configured parameters.

The no form of this command deletes the IP transport subservice with the specified ipt-id. When an IP transport subservice is deleted, all configured parameters for the IP transport subservice are also deleted.

Default

no ip-transport

Parameters

ipt-id

the IP transport subservice physical port identifier. The ipt-id must reference an RS-232 serial port that has been configured as a socket and has its encapsulation type set to raw. See the 7705 SAR Interface Configuration Guide, ‟Serial Commands”, for more information.

Values

value in the format slot/mda/port.channel

create

creates this IP transport subservice

dscp

Syntax

dscp dscp-name

Context

config>service>vprn>ip-transport

Description

This command configures the DSCP name used to mark the DSCP field in IP transport packets originating from this node.

Raw socket traffic redirection to a specific queue is enabled by the fc command.

Default

ef

Parameters

dscp-name

the DSCP name used to mark the DSCP field in IP transport packets. Valid DSCP Names lists the valid DSCP names.

Table 5. Valid DSCP Names

dscp-name

be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

fc

Syntax

fc fc-name profile {in | out}

Context

config>service>vprn>ip-transport

Description

This command configures the forwarding class and profile marking for IP transport packets originating from this node.

Default

ef for fc, in for profile

Parameters

fc-name

the forwarding class name to use for the IP transport packets

Values

be, l2, af, l1, h2, ef, h1, nc

profile {in| out}

specifies the profile marking for the IP transport packets, either in or out

filter-unknown-host

Syntax

[no] filter-unknown-host

Context

config>service>vprn>ip-transport

Description

This command filters connections from unknown hosts. An unknown host is any host that is not configured as a remote host.

The no form of this command disables the filter.

Default

no filter-unknown-host

local-host

Syntax

local-host ip-addr ip-addr port-num port-num protocol {tcp | udp}

no local-host

Context

config>service>vprn>ip-transport

Description

This command creates the local host within the IP transport subservice.

The local host is required to accept TCP/UDP sessions initiated from far-end remote hosts, and for the node to initiate sessions toward the far-end remote hosts.

The no form of this command deletes the local host.

Default

no local-host

Parameters

ip-addr

the IP address that is used for this local host. The IP address must be the same as a loopback or local interface IP address that is already configured within this service.

Values

a.b.c.d (IPv4 address)

port-num

the port number that is used by remote hosts to establish TCP/UDP sessions to this local host

Values

1026 to 49150

protocol {tcp | udp}

the protocol type that is used for all sessions to and from this local host, either tcp or udp

remote-host

Syntax

remote-host host-id ip-addr ip-addr port-num port-num [create]

no remote-host host-id

Context

config>service>vprn>ip-transport

Description

This command creates a remote host within the IP transport subservice. Multiple remote hosts may be created in order to send serial raw socket IP transport data to multiple destinations. The create keyword must be used for each remote host that is created.

The no form of this command deletes the remote host.

Default

no remote-host

Parameters

host-id

the remote host identifier

Values

1 to 2147483647 or a name string up to 64 characters long

ip-addr

the IP address that is used to reach the remote host in order to route IP transport packets to that remote host

Values

a.b.c.d (IPv4 address)

port-num

the destination port number that is used to reach the serial port socket on the remote host

Values

1 to 65535

create

creates this remote host

name

Syntax

name host-name

no name

Context

config>service>vprn>ip-transport>remote-host

Description

This command configures a unique name for this remote host.

The no form of this command deletes the remote host name.

Default

n/a

Parameters

host-name

a unique name for this remote host, up to 64 characters long

tcp

Syntax

tcp

Context

config>service>vprn>ip-transport

Description

This command enables the context to configure TCP parameters within this IP transport subservice.

Default

n/a

inactivity-timeout

Syntax

inactivity-timeout seconds

Context

config>service>vprn>ip-transport>tcp

Description

This command specifies how long to wait before disconnecting a TCP connection due to traffic inactivity over the connection.

Default

30 s

Parameters

seconds

how long to wait, in seconds, before disconnecting a TCP connection

Values

1 to 65535

max-retries

Syntax

max-retries number

Context

config>service>vprn>ip-transport>tcp

Description

This command specifies the number of times that a remote host, acting as a client, tries to establish a TCP connection after the initial attempt fails.

Default

5

Parameters

number

the number of attempts to establish a TCP connection after the initial attempt fails

Values

1 to 10

retry-interval

Syntax

retry-interval seconds

Context

config>service>vprn>ip-transport>tcp

Description

This command specifies how long to wait before each TCP max-retries attempt.

Default

5 s

Parameters

seconds

how long to wait, in seconds, before each TCP max-retries attempt

Values

1 to 300

Multicast VPN Commands

mvpn

Syntax

mvpn

Context

config>service>vprn

Description

This command enables the context to configure MVPN-related parameters for the IP VPN.

auto-discovery

Syntax

auto-discovery [default]

Context

config>service>vprn>mvpn

Description

This command enables MVPN membership auto-discovery through BGP. When auto-discovery is enabled, PIM peering on the inclusive provider tunnel is disabled. Changing the auto-discovery configuration requires a shutdown of this VPRN instance.

Default

default

Parameters

default

enables auto-discovery route exchange based on the format defined in NG-MVPN (RFC 6514)

c-mcast-signaling

Syntax

c-mcast-signaling bgp

Context

config>service>vprn>mvpn

Description

This command specifies BGP for PE-to-PE signaling of CE multicast states.

Default

bgp

Parameters

bgp

specifies to use BGP for PE-to-PE signaling of CE multicast states. Auto-discovery must be enabled.

mdt-type

Syntax

mdt-type {sender-only | receiver-only | sender-receiver}

no mdt-type

Context

config>service>vprn>mvpn

Description

This command allows the restriction of an MVPN instance per PE node to a specific role. By default, an MVPN instance on a PE node assumes the role of a sender as well as a receiver. This creates a mesh of MDT/PMSI across all PE nodes from this PE.

This command provides an option to configure either a sender-only or receiver-only mode per PE node. Restricting the role of a PE node avoids creating a full mesh of MDT/PMSI across all PE nodes that are participating in the MVPN instance.

The no version of this command restores the default (sender-receiver).

Default

sender-receiver

Parameters

sender-only

MVPN has only senders connected to the PE node

receiver-only

MVPN has only receivers connected to the PE node

sender-receiver

MVPN has both senders and receivers connected to the PE node

provider-tunnel

Syntax

provider-tunnel

Context

config>service>vprn>mvpn

Description

This command enables the context to configure tunnel parameters for the MVPN.

inclusive

Syntax

inclusive

Context

config>service>vprn>mvpn>pt

Description

This command enables the context for specifying inclusive provider tunnels.

mldp

Syntax

[no] mldp

Context

config>service>vprn>mvpn>pt>inclusive

config>service>vprn>mvpn>provider-tunnel>selective

Description

This command enables the use of an mLDP LSP for the provider tunnel.

Default

no mldp

shutdown

Syntax

[no] shutdown

Context

config>service>vprn>mvpn>ptl>inclusive>mldp

config>service>vprn>mvpn>provider-tunnel>selective>mldp

Description

This command administratively disables or enables the use of an mLDP LSP for the provider tunnel.

Default

no shutdown

selective

Syntax

selective

Context

config>service>vprn>mvpn>provider-tunnel

Description

This command enables the context to specify selective provider tunnel parameters.

Default

n/a

data-delay-interval

Syntax

data-delay-interval value

no data-delay-interval

Context

config>service>vprn>mvpn>provider-tunnel>selective

Description

This command specifies the interval, in seconds, before a PE router connected to the source switches traffic from the inclusive provider tunnel to the selective provider tunnel.

The no form of the command resets the value to the default.

Default

3 s

Parameters

value

specifies the data delay interval, in seconds

Values

3 to 180

data-threshold

Syntax

data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold

no data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask}

Context

config>service>vprn>mvpn>provider-tunnel>selective

Description

This command specifies the data rate threshold that triggers the switch from the inclusive provider tunnel to the selective provider tunnel for (C-S, C-G) within the group range. Optionally, PE thresholds for creating or deleting NG-MVPN S-PMSI may also be specified. Omitting the PE thresholds preserves the currently set value (or defaults, if never set). Multiple statements (one per unique group) are allowed in the configuration.

The no form of the command removes the values from the configuration.

Default

no data-threshold

Parameters

c-grp-ip-addr/mask | c-grp-ip-addr netmask

specifies an IPv4 multicast group address and netmask length or network mask

Values

c-grp-ip-addr

multicast group address a.b.c.d

mask

4 to 32

netmask

a.b.c.d (network bits all 1 and host bits all 0)

s-pmsi-threshold

specifies the rate, in kb/s. If the rate for a (C-S, C-G) within the specified group range exceeds the threshold, traffic for the (C-S, C-G) will be switched to the selective provider tunnel.

Values

1 to 4294967294

maximum-p2mp-spmsi

Syntax

maximum-p2mp-spmsi range

no maximum-p2mp-spmsi

Context

config>service>vprn>mvpn>provider-tunnel>selective

Description

This command specifies the maximum number of LDP point-to-multipoint S-PMSI tunnels for the MVPN. When the limit is reached, no more LDP point-to-multipoint S-PMSI tunnels are created and traffic over the data threshold will stay on I-PMSI.

Default

10

Parameters

number

specifies the maximum number of LDP point-to-multipoint S-PMSI tunnels for the MVPN

Values

1 to 4000

Default

10

umh-selection

Syntax

umh-selection {highest-ip | hash-based | unicast-rt-pref}

no umh-selection

Context

config>service>vprn>mvpn

Description

This command specifies which upstream multicast hop (UMH) selection mechanism to use, highest IP address, hash-based, or preferred unicast route.

The no form of the command resets it back to the default.

Default

umh-selection highest-ip

Parameters

highest-ip

specifies that the highest IP address is selected as the UMH

hash-based

specifies that the UMH selection is based on the hash based procedures

unicast-rt-pref

when selected, preferred unicast route will decide which UMH is chosen. All PE routers must prefer the same route to the UMH for the UMH selection criterion (for example, BGP path selection criteria must not influence one PE to choose a different UMH from another PE).

vrf-export

Syntax

vrf-export unicast

vrf-export policy-name [policy-name... (up to 15 max)]

no vrf-export

Context

config>service>vprn>mvpn

Description

This command specifies the export policy (up to 15) to control MVPN routes exported from the local VRF to other VRFs on the same or remote PE routers.

Default

vrf-export unicast

Parameters

unicast

specifies to use the unicast VRF export policy for the MVPN

policy-name

the route policy name

vrf-import

Syntax

vrf-import unicast

vrf-import policy-name [policy-name... (up to 15 max)]

no vrf-import

Context

config>service>vprn>mvpn

Description

This command specifies the import policy (up to 15) to control MVPN routes imported to the local VRF from other VRFs on the same or remote PE routers.

Default

vrf-import unicast

Parameters

unicast

specifies to use a unicast VRF import policy for the MVPN

policy-name

the route policy name

vrf-target

Syntax

vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}

no vrf-target

Context

config>service>vprn>mvpn

Description

This command specifies the route target to be added to the advertised routes or compared against the received routes from other VRFs on the same or remote PE routers. The VRF import or VRF export policies override the VRF target policy.

The no form of the command removes the VRF target.

Default

no vrf-target

Parameters

unicast

specifies to use the unicast vrf-target ext-community for the multicast VPN

ext-community

an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. The x and y values are 16-bit integers.

Values

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

0 to 65535

ext-comm-val:

0 to 4294967295

4byte-asnumber

0 to 4294967295

export

Syntax

export {unicast | ext-community}

Context

config>service>vprn>mvpn>vrf-target

Description

This command specifies communities to be sent to peers.

Parameters

unicast

specifies to use the unicast vrf-target ext-community for the multicast VPN

ext-community

an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. The x and y values are 16-bit integers.

Values

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

0 to 65535

ext-comm-val:

0 to 4294967295

4byte-asnumber

0 to 4294967295

import

Syntax

import {unicast | ext-community}

Context

config>service>vprn>mvpn>vrf-target

Description

This command specifies communities to be accepted from peers.

Parameters

unicast

specifies to use the unicast vrf-target ext-community for the multicast VPN

ext-community

an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. The x and y values are 16-bit integers.

Values

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

0 to 65535

ext-comm-val:

0 to 4294967295

4byte-asnumber

0 to 4294967295

MSDP Commands

msdp

Syntax

[no] msdp

Context

config>service>vprn

Description

This command enables a Multicast Source Discovery Protocol (MSDP) instance. When an MSDP instance is created, the protocol is enabled. To start or suspend execution of the MSDP protocol without affecting the configuration, use the [no] shutdown command.

For MSDP to function, at least one peer must be configured.

When MSDP is configured and started, an event message is generated.

Before the no form of the command is executed, all sessions are terminated and an event message is generated.

When all peering sessions are terminated, event messages are not generated for each peer.

The no form of the command deletes the MSDP instance, removing all associated configuration parameters.

Default

no msdp

active-source-limit

Syntax

active-source-limit number

no active-source-limit

Context

config>service>vprn>msdp

config>service>vprn>msdp>group

config>service>vprn>msdp>group>peer

config>service>vprn>msdp>peer

config>service>vprn>msdp>source

Description

This command controls the maximum number of source-active (SA) messages that will be accepted by MSDP, which controls the number of active sources that can be stored on the system.

The no form of this command resets the SA message limit to its default operation.

Default

no active-source-limit

Parameters

number

defines how many active sources can be maintained by MSDP

Values

0 to 1000000

data-encapsulation

Syntax

[no] data-encapsulation

Context

config>service>vprn>msdp

Description

This command configures a rendezvous point (RP) that uses MSDP to encapsulate multicast data received in MSDP register messages inside forwarded MSDP SA messages.

Default

data-encapsulation

export

Syntax

export policy-name [policy-name...(up to 5 max)]

no export

Context

config>service>vprn>msdp

config>service>vprn>msdp>peer

config>service>vprn>msdp>group

config>service>vprn>msdp>group>peer

Description

This command specifies the policies to export the SA state from the SA list into MSDP.

If multiple policy names are specified, the policies are evaluated in the order they are specified. A maximum of five policy names can be specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command.

If you configure an export policy at the global level, each individual peer inherits the global policy. If you configure an export policy at the group level, each individual peer in a group inherits the group’s policy. If you configure an export policy at the peer level, the policy only applies to the peer where it is configured.

The no form of the command removes all policies from the configuration and all SA entries are allowed.

Default

no export

Parameters

policy-name

specifies the export policy name. Up to five policy names can be specified.

group

Syntax

[no] group group-name

Context

config>service>vprn>msdp

Description

This command enables access to the context to create or modify an MSDP group. To configure multiple MSDP groups, multiple group statements must be included in the configuration.

By default, the group’s parameter settings are inherited from the global MSDP parameter settings. To override the global settings, group-specific settings within the group can be configured.

If the specified group name is already configured, this command enables the context to configure or modify group-specific parameters.

If the specified group name is not already configured, this command creates the group and enables the context to configure the group-specific parameters.

For a group to be functional, at least one peer must be configured.

Default

no group

Parameters

group-name

specifies a unique name for the MSDP group

import

Syntax

import policy-name [policy-name...(up to 5 max)]

no import

Context

config>service>vprn>msdp

config>service>vprn>msdp>peer

config>service>vprn>msdp>group

config>service>vprn>msdp>group>peer

Description

This command specifies the policies to import the SA state from MSDP into the SA list.

If multiple policy names are specified, the policies are evaluated in the order they are specified. A maximum of five policy names can be specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command.

If you configure an import policy at the global level, each individual peer inherits the global policy.

If you configure an import policy at the group level, each individual peer in a group inherits the group’s policy.

If you configure an import policy at the peer level, the policy only applies to the peer where it is configured.

The no form of the command removes all policies from the configuration and all SA messages are allowed.

Default

no import

Parameters

policy-name

specifies the import policy name. Up to five policy names can be specified.

local-address

Syntax

local-address address

no local-address

Context

config>service>vprn>msdp

config>service>vprn>msdp>peer

config>service>vprn>msdp>group

config>service>vprn>msdp>group>peer

Description

This command configures the local end of an MSDP session. For MSDP to function, at least one peer must be configured. When configuring a peer, you must include this local-address command. This address must be present on the node and is used to validate incoming connections to the peer and to establish connections to the remote peer.

When the address is configured, it is validated and will be used as the local address for MSDP peers from that point. If a subsequent local-address command is entered, it will replace the existing configuration and existing sessions will be terminated.

Similarly, when the no form of this command is entered, the existing local-address will be removed from the configuration and the existing sessions will be terminated.

Whenever a session is terminated, all information pertaining to and learned from that peer will be removed.

Whenever a new peering session is created or a peering session is lost, an event message is generated.

The no form of this command removes the local-address from the configuration.

Default

no local-address

Parameters

address

specifies an existing address on the node

mode

Syntax

mode {mesh-group | standard}

Context

config>service>vprn>msdp>group

Description

This command configures groups of peers either in non-meshed mode or in a full mesh topology to limit excessive flooding of SA messages to neighboring peers. When the mode is specified as mesh-group, SA messages received from a mesh group member are always accepted but are not flooded to other members of the same mesh group. These SA messages are only flooded to non-mesh-group peers or members of other mesh groups.

In a meshed configuration, all members of the group must have a peer connection with every other mesh group member. If this rule is not adhered to, unpredictable results may occur.

Default

standard

Parameters

mesh-group

specifies that all members of the group have full mesh MSDP connectivity with each other

standard

specifies a non-meshed mode

peer

Syntax

[no] peer peer-address

Context

config>service>vprn>msdp

config>service>vprn>msdp>group

Description

This command configures an MSDP peer or MDSP group peer. MSDP must have at least one peer configured. A peer is defined by configuring a local-address that is used by the local node to set up a peering session and by configuring the address of a remote MSDP router. It is the address of this remote peer that is configured with this command.

After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. If multiple peering sessions are required, multiple peer statements should be included in the configuration.

By default, the parameters applied to a peer are inherited from the global or group level. To override these inherited settings, the parameters must be configured at the peer level.

If the specified peer address is already a configured peer, this command enables the context to configure or modify the peer-specific parameters.

If the specified peer address is not already a configured peer, this command creates the peer instance and enables the context to configure the peer-specific parameters.

The peer address is validated and, if valid, will be used as the remote address for an MSDP peering session.

When the no form of this command is entered, the existing peering address is removed from the configuration and the existing session is terminated. Whenever a session is terminated, all SA information pertaining to and learned from that peer is removed. Whenever a new peering session is created or a peering session is lost, an event message is generated.

Default

n/a

Parameters

peer-address

specifies the peer address that identifies the remote MSDP router with which the peering session will be established

authentication-key

Syntax

authentication-key [authentication-key | hash-key] [hash | hash2]

no authentication-key

Context

config>service>vprn>msdp>group>peer

config>service>vprn>msdp>peer

Description

This command configures a Message Digest 5 (MD5) authentication key to be used with a specific MSDP peering session. The authentication key must be configured per peer; therefore, no global or group configuration is possible.

Using the no form of the command accepts all MSDP messages and disables the MD5 signature option authentication key.

Default

no authentication-key

Parameters

authentication-key

specifies the authentication key. Allowed values are any string up to 256 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed in quotation marks (‟ ”).

hash-key

specifies the hash key. The key can be any combination of ASCII characters up to 451 characters in length (encrypted). If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).

This parameter is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash

specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

default-peer

Syntax

[no] default-peer

Context

config>service>vprn>msdp>peer

config>service>vprn>msdp>group>peer

Description

This command enables the default peer mechanism, where a peer can be selected as the default MSDP peer. As a result, all SA messages from the peer will be accepted without the usual peer reverse path forwarding (RPF) check.

The MSDP peer-RPF check is different from the normal multicast RPF checks. The peer-RPF check is used to stop SA messages from looping. A router validates SA messages originated from other routers in a deterministic fashion.

A set of rules is applied to validate received SA messages, and the first rule that applies determines the peer-RPF neighbor. All SA messages from other routers are rejected. The following rules are applied to SA messages originating at router_S and received at router_R from router_N.

  • If router_N and router_S are the same, the message is originated by a direct peer-RPF neighbor and is accepted.

  • If router_N is a configured peer or a member of the router_R mesh group, its SA messages are accepted.

  • If router_N is the BGP next hop of the active multicast RPF route toward router_S,then router_N is the peer-RPF neighbor and its SA messages are accepted.

  • If router_N is an external BGP peer of router_R and the last autonomous system (AS) number in the BGP AS-path to router_S is the same as router_N’s AS number, then router_N is the peer-RPF neighbor and its SA messages are accepted.

  • If router_N uses the same next hop as the next hop to router_S, then router_N is the peer-RPF neighbor and its SA messages are accepted.

  • If router_N fits none of the above rules, then router_N is not a peer-RPF neighbor and its SA messages are rejected.

When the no form the command is issued, no default peer is established and all SA messages are RPF checked.

Default

no default-peer

receive-msdp-msg-rate

Syntax

receive-msdp-msg-rate number interval seconds [threshold number]

no receive-msdp-msg-rate

Context

config>service>vprn>msdp

config>service>vprn>msdp>group

config>service>vprn>msdp>group>peer

config>service>vprn>msdp>peer

Description

This command limits the number of MSDP messages that are read from the TCP session to prevent an MSDP RP router from receiving a large number of MSDP message packets in an SA message.

After the number of MSDP packets (including SA messages) defined by the threshold number have been processed, all other MSDP packets are rate-limited. Messages from the TCP session are no longer accepted until the configured interval seconds has elapsed. Setting the threshold is useful during at system startup and initialization. No limit is placed on the number of MSDP and SA messages that will be accepted.

The no form of this command resets the message limit to its default operation.

Default

n/a

Parameters

receive-msdp-msg-rate number

specifies the number of MSDP messages (including SA messages) that are read from the TCP session per interval seconds

Values

10 to 10000

Default

0

seconds

specifies the interval of time in which the number of MSDP messages set by the receive-msdp-msg-rate number parameter are read from the TCP session

Values

1 to 600

Default

0

threshold number

specifies the number of MSDP messages that can be processed before the MSDP message rate-limiting function is activated

Values

1 to 1000000

Default

0

rpf-table

Syntax

rpf-table {rtable-m | rtable-u | both}

no rpf-table

Context

config>service>vprn>msdp

Description

This command configures the sequence of route tables used to find an RPF interface for a particular multicast route.

By default, only the unicast route table is looked up to calculate an RPF interface toward the source/rendezvous point. However, the operator can specify one of the following options:

  • use the unicast route table only

  • use the multicast route table only

  • use both route tables

Default

rtable-u

Parameters

rtable-m

specifies that only the multicast route table is used by the multicast protocol (PIM) for IPv4 RPF checks. This route table contains routes submitted by static routes, ISIS, and OSPF.

rtable-u

specifies that only the unicast route table is used by the multicast protocol (PIM) for IPv4 RPF checks. This route table contains routes submitted by all unicast routing protocols.

both

specifies that the first lookup is always in the multicast route table, and if there is a route, it will use it. If PIM does not find a route in the first lookup, it tries to find it in the unicast route table.

sa-timeout

Syntax

sa-timeout seconds

no sa-timeout

Context

config>service>vprn>msdp

Description

This command configures the timeout value for the SA entries in the cache. If these entries are not refreshed within the timeout value, they are removed from the cache. Normally, the entries are refreshed at least once a minute. However, under high load with many MSDP peers, the refresh cycle could be incomplete. A higher timeout value (more than 90 seconds) could be useful to prevent instabilities in the MSDP cache.

Default

90

Parameters

seconds

specifies the time, in seconds, to wait for a response from the peer before declaring the peer unavailable

Values

90 to 600

source

Syntax

[no] source ip-prefix/mask

Context

config>service>vprn>msdp

Description

This command configures an MSDP source.

If the specified prefix and mask is already configured, this command enables the context to configure or modify the source-specific parameters.

If the specified prefix and mask is not already configured, this command creates the source node instance and enables the context to configure the source-specific parameters.

The SA messages are not rate-limited based on the source address range.

The no form of this command removes the sources in the address range.

Default

n/a

Parameters

ip-prefix

specifies the IP prefix, in dotted-decimal notation, for the MSDP source

Values

a.b.c.d (host bits must be 0)

mask

specifies the subnet mask for the range, expressed as a decimal integer mask length or in dotted-decimal notation

Values

0 to 32 (mask length)

0.0.0.0 to 255.255.255.255 (dotted-decimal)

Router Advertisement Commands

router-advertisement

Syntax

[no] router-advertisement

Context

config>service>vprn

Description

This command enables the context to configure router advertisement properties for all VPRN IPv6-enabled interfaces. By default, the command is disabled for all IPv6-enabled interfaces.

The no form of the command disables router advertisement on all IPv6 interfaces.

Default

no router-advertisement

interface

Syntax

[no] interface ip-int-name

Context

config>service>vprn>router-advertisement

Description

This command configures router advertisement properties on a specified interface. The interface name must already exist in the config>service>vprn>interface context.

The no form of the command disables router advertisement on the specified router interface.

Default

n/a

Parameters

ip-int-name

a 1 to 32 character name (must start with a letter) of the IP interface. Interface names must be unique within the group of defined IP interfaces for the config>service>vprn>interface command. An interface name cannot be in the form of an IP address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

current-hop-limit

Syntax

current-hop-limit number

no current-hop-limit

Context

config>service>vprn>router-advertisement>interface

Description

This command configures the current hop limit in the router advertisement messages. It informs the nodes on the subnet about the hop limit when originating IPv6 packets.

Default

64

Parameters

number

the hop limit

Values

0 to 255 (a value of 0 means that there are an unspecified number of hops)

managed-configuration

Syntax

[no] managed-configuration

Context

config>service>vprn>router-advertisement>interface

Description

This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address autoconfigured using stateless address autoconfiguration.

Default

no managed-configuration

max-advertisement-interval

Syntax

max-advertisement-interval seconds

no max-advertisement-interval

Context

config>service>vprn>router-advertisement>interface

Description

This command configures the maximum interval between sending router advertisement messages.

Default

600

Parameters

seconds

the maximum interval, in seconds, between sending router advertisement messages

Values

4 to 1800

min-advertisement-interval

Syntax

min-advertisement-interval seconds

no min-advertisement-interval

Context

config>service>vprn>router-advertisement>interface

Description

This command configures the minimum interval between sending ICMPv6 router advertisement messages.

Default

200

Parameters

seconds

the minimum interval, in seconds, between sending ICMPv6 router advertisement messages

Values

3 to 1350

mtu

Syntax

mtu mtu-bytes

no mtu

Context

config>service>vprn>router-advertisement>interface

Description

This command configures the MTU for the nodes to use when sending packets on the link.

The no form of the command means that the MTU option is not sent in the router advertisement messages.

Default

no mtu

Parameters

mtu-bytes

the MTU for the nodes to use when sending packets

Values

1280 to 9212

other-stateful-configuration

Syntax

[no] other-stateful-configuration

Context

config>router>vprn>router-advertisement>interface

Description

This command sets the ‟Other configuration” flag. This flag indicates that DHCPv6lite is available for autoconfiguration of other (non-address) information such as DNS-related information or information about other servers in the network.

Default

no other-stateful configuration

prefix

Syntax

prefix ipv6-prefix/prefix-length

no prefix

Context

config>service>vprn>router-advertisement>interface

Description

This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until it is explicitly configured using prefix statements.

Default

n/a

Parameters

ipv6-prefix/prefix-length

the IPv6 prefix

Values

ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length 0 to 128

autonomous

Syntax

[no] autonomous

Context

config>service>vprn>router-advertisement>if>prefix

Description

This command specifies whether the prefix can be used for stateless address autoconfiguration.

Default

autonomous

on-link

Syntax

[no] on-link

Context

config>service>vprn>router-advertisement>if>prefix

Description

This command specifies whether the prefix can be used for on-link determination.

Default

on-link

preferred-lifetime

Syntax

preferred-lifetime {seconds | infinite}

no preferred-lifetime

Context

config>service>vprn>router-advertisement>if>prefix

Description

This command configures the time that this prefix will continue to be preferred. The address generated from a prefix that is no longer preferred should not be used as a source address in new communications. However, packets received on such an interface are processed as expected.

Default

604800

Parameters

seconds

the length of time, in seconds, that this prefix will be preferred

Values

1 to 4294967294

infinite

the prefix will always be preferred. A value of 4294967295 also represents infinity.

valid-lifetime

Syntax

valid-lifetime {seconds | infinite}

no valid-lifetime

Context

config>service>vprn>router-advertisement>if>prefix

Description

This command specifies the length of time, in seconds, that the prefix is valid for the purpose of onlink determination. The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

Default

2592000

Parameters

seconds

the remaining length of time, in seconds, that this prefix will be valid

Values

1 to 4294967294

infinite

the prefix will always be valid. A value of 4294967295 also represents infinity.

reachable-time

Syntax

reachable-time milli-seconds

no reachable-time

Context

config>service>vprn>router-advertisement>interface

Description

This command configures how long the router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

Default

no reachable-time

Parameters

milli-seconds

the length of time, in milliseconds, that the router should be considered reachable

Values

0 to 3600000

retransmit-time

Syntax

retransmit-time milli-seconds

no retransmit-time

Context

config>service>vprn>router-advertisement>interface

Description

This command configures the retransmission frequency of neighbor solicitation messages.

Default

no retransmit-time

Parameters

milli-seconds

the amount of time, in milliseconds, that a host should wait before retransmitting neighbor solicitation messages

Values

0 to 1800000

router-lifetime

Syntax

router-lifetime seconds

no router-lifetime

Context

config>service>vprn>router-advertisement>interface

Description

This command configures the router lifetime.

Default

no router-lifetime

Parameters

seconds

the length of time, in seconds, that the prefix is valid for route determination

Values

0, 4 to 9000 (a value of 0 means that the router is not a default router on this link)

use-virtual-mac

Syntax

[no] use-virtual-mac

Context

config>service>vprn>router-advertisement>interface

Description

This command enables the sending of router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.

If the virtual router is not the master, no router advertisement messages are sent.

The no form of the command disables the sending of router advertisement messages.

Default

no use-virtual-mac

Local DHCP and DHCPv6 Server Commands

For complete descriptions of all local DHCP and DHCPv6 server commands, see the Router Configuration Guide, ‟Local DHCP and DHCPv6 Server Commands”.

local-dhcp-server

Syntax

local-dhcp-server server-name [create]

no local-dhcp-server server-name

Context

config>service>vprn>dhcp

config>service>vprn>dhcp6

Description

This command creates a local DHCP or DHCPv6 server instance. A local DHCP or DHCPv6 server can serve multiple interfaces but is limited to the routing context in which it was created.

The no form of the command removes the local DHCP or DHCPv6 server instance.

Default

n/a

Parameters

server-name

the name of the local DHCP or DHCPv6 server

Values

up to 32 alphanumeric characters

create

keyword is mandatory when creating a local DHCP or DHCPv6 server

Interface Commands

interface

Syntax

interface ip-int-name

no interface ip-int-name

Context

config>service>vprn

Description

This command creates a logical IP routing interface for a Virtual Private Routed Network (VPRN). Once created, attributes such as an IP address and a service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within VPRN service IDs. The interface command can be executed in the context of a VPRN service ID. The IP interface created is associated with the VPRN service routing instance and VPRN service routing table.

Interface names are case-sensitive and must be unique within the group of defined IP interfaces defined for config router interface and config service vprn interface. Interface names must not be in the dotted-decimal notation of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

There are no default IP interface names defined within the system. All VPRN IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes the interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command.

Parameters

ip-int-name

the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters and must start with a letter. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

address

Syntax

address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]

no address {ip-address/mask | ip-address netmask}

Context

config>service>vprn>interface

Description

This command assigns an IP address, IP subnet, and broadcast address format to a VPRN IP router interface.

An IP address must be assigned to each VPRN IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted-decimal notation. The show commands display CIDR notation, which is stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

Use the no form of this command to remove the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down, as shown in VPRN Interface State and IP Address .

Table 6. VPRN Interface State and IP Address

Address

Administrative State

Operational State

No address

Up

Down

No address

Down

Down

1.1.1.1

Up

Up

1.1.1.1

Down

Down

The operational state is a read-only variable, and the only controlling variables are the address and administrative states. The address and administrative states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface will be reinitialized.

Parameters

ip-address

the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.

Values

a.b.c.d (no multicast/broadcast address)

(1.0.0.0 to 223.255.255.255 (with support of /31 subnets)

The ‟/” (forward slash) is a parameter delimiter that separates the ip-address portion of the IP address from the mask, which defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/”, and the mask. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.

mask

the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash separates the ip-address from the mask. The mask indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.

Values

0 to 32 (a mask length of 32 is reserved for loopback addresses, including system IP addresses)

netmask

the subnet mask, in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The netmask parameter indicates the complete mask that will be used in a logical ‟AND” function to derive the local subnet of the IP address.

Values

128.0.0.0 to 255.255.255.254

(network bits all 1 and host bits all 0)

(255.255.255.255 is reserved for system IP addresses)

broadcast

the optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

Default

host-ones

all-ones

specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast

host-ones

specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask, or the mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the address command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

allow-directed-broadcasts

Syntax

allow-directed-broadcasts

no allow-directed-broadcasts

Context

config>service>vprn>interface

Description

This command controls the forwarding of directed broadcasts out of the IP interface.

A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined for the subnet broadcast address of the egress IP interface.

When enabled, a frame destined for the local subnet on this IP interface will be sent as a subnet broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a well-known mechanism used for denial-of-service attacks.

When disabled, directed broadcast packets discarded at this egress IP interface will be counted in the normal discard counters for the egress SAP.

By default, directed broadcasts are not allowed and will be discarded at this egress IP interface.

The no form of this command disables the forwarding of directed broadcasts out of the IP interface.

Default

no allow-directed-broadcasts

arp-retry-timer

Syntax

arp-retry-timer ms-timer

no arp-retry-timer

Context

config>service>vprn>interface

Description

This command specifies the length of time, in 100s of milliseconds, that the system waits before reissuing a failed ARP request.

The no form of the command resets the interval to the default value.

Note: The ARP retry default value of 5000 ms is intended to protect CPU cycles on the 7705 SAR, especially when it has a large number of interfaces. Configuring the ARP retry timer to a value shorter than the default should be done only on mission-critical links, such as uplinks or aggregate spoke SDPs transporting mobile traffic; otherwise, the retry interval should be left at the default value.

Default

50 (in 100s of ms)

Parameters

ms-timer

the time interval, in 100s of milliseconds, the system waits before retrying a failed ARP request

Values

1 to 300

arp-timeout

Syntax

arp-timeout seconds

no arp-timeout

Context

config>service>vprn>interface

Description

This command configures the minimum time, in seconds, that an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host; otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of 0 s, ARP aging is disabled.

The no form of this command restores arp-timeout to the default value.

Default

14400 s

Parameters

seconds

the minimum number of seconds a learned ARP entry will be stored in the ARP table, expressed as a decimal integer. A value of 0 specifies that the timer is inoperative and learned ARP entries will not be aged.

Values

0 to 65535

bfd

Syntax

bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type np]

no bfd

Context

config>service>vprn>interface

config>service>vprn>if>ipv6

Description

This command specifies the BFD parameters for the associated IP interface. If no parameters are defined, the default values are used.

The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down. In addition, the Route Table Manager (RTM) is notified and the static routes with BFD enabled will go down, based on BFD status.

The no form of the command removes BFD from the associated IGP protocol adjacency.

Default

no bfd

Parameters

transmit-interval

sets the transmit interval for the BFD session

Values

10 to 100000 in milliseconds

Default

100

receive-interval

sets the receive interval for the BFD session

Values

10 to 100000 milliseconds

Default

100

multiplier

sets the multiplier for the BFD session

Values

3 to 20

Default

3

echo-interval

(does not apply to IPv6 interfaces) sets the minimum echo receive interval for the BFD session

Values

100 to 100000 milliseconds

Default

100

type np

(does not apply to IPv6 interfaces) controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.

Note: The BFD session must be disabled before the type np parameter can be changed. The type np parameter is only supported on VPRN services for SAPs.

cflowd-parameters

Syntax

cflowd-parameters

Context

config>service>vprn>interface

Description

This command enables the context to configure cflowd parameters for the specified IP interface.

Cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

Default

n/a

sampling

Syntax

sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]

no sampling {unicast | multicast}

Context

config>service>vprn>if>cflowd-parameters

Description

This command configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.

This command can be used to configure the sampling parameters for unicast and multicast traffic separately.

If cflowd sampling is enabled with no direction parameter specified, ingress-only sampling is enabled by default.

The no form of the command disables the specified type of traffic sampling on the interface.

Default

no sampling unicast

no sampling multicast

Parameters

unicast

cflowd will sample unicast traffic on the interface

multicast

cflowd will sample multicast traffic on the interface

interface

specifies that all traffic entering or exiting the interface is subject to sampling. Interface is the only sampling type supported on the 7705 SAR and must be specified with this command.

direction

specifies the direction in which to collect traffic flow samples: ingress-only, egress-only, or both

hold-time

Syntax

hold-time

Context

config>service>vprn>interface

Description

This command enables the CLI context to configure interface hold-up or hold-down timers.

Default

n/a

down

Syntax

down ip seconds [init-only]

no down ip

down ipv6 seconds [init-only]

no down ipv6

Context

config>service>vprn>if>hold-time

Description

This command enables a delay in the activation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is configured, the delay is only applied when the IP interface is first configured or after a system reboot.

The no form of this command disables the delay in the activation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.

Default

n/a

Parameters

ip

specifies that the configured down delay is applied to an IPv4 interface

ipv6

specifies that the configured down delay is applied to an IPv6 interface

seconds

specifies the time delay, in seconds, before the interface is activated

Values

1 to 1200

init-only

specifies that the configured down delay is applied only when the interface is first configured or after a reboot

up

Syntax

up ip seconds

no up ip

up ipv6 seconds

no up ipv6

Context

config>service>vprn>if>hold-time

Description

This command enables a delay in the deactivation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of this command disables the delay in the deactivation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.

Default

n/a

Parameters

ip

specifies that the configured up delay applies to an IPv4 interface

ipv6

specifies that the configured up delay applies to an IPv6 interface

seconds

specifies the time delay, in seconds, before the interface is deactivated

Values

1 to 1200

ip-mtu

Syntax

ip-mtu octets

no ip-mtu

Context

config>service>vprn>interface

Description

This command configures the IP maximum transmit unit (packet) for this interface.

The default value is derived from the port MTU.

The no form of the command returns the default value.

Default

no ip-mtu — uses the value derived from the port MTU

Parameters

octets

specifies the MTU for this interface

Values

128 to 9732

ipcp

Syntax

ipcp

Context

config>service>vprn>interface

Description

This command allows access to the Internet Protocol Control Protocol (IPCP) context within the interface configuration. Within this context, IPCP extensions can be configured to define such things as the remote IP address and DNS IP address to be signaled via IPCP on the associated PPP interface.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface.

Default

n/a

dns

Syntax

dns ip-address [secondary ip-address]

dns secondary ip-address

no dns [ip-address] [secondary ip-address]

Context

config>service>vprn>if>ipcp

Description

This command defines the DNS addresses to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The no form of the command deletes the specified primary DNS address, the secondary DNS address, or both addresses from the IPCP extension peer-ip-address configuration.

Default

no dns

Parameters

ip-address

a unicast IPv4 address for the primary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions

Values

a.b.c.d (unicast only)

secondary ip-address

a unicast IPv4 address for the secondary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions

Values

a.b.c.d (unicast only)

peer-ip-address

Syntax

peer-ip-address ip-address

no peer-ip-address

Context

config>service>vprn>if>ipcp

Description

This command defines the remote IP address to be assigned to the far end of the associated PPP/ MLPPP link via IPCP extensions.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The interface must be shut down to modify the IPCP configuration.

The no form of the command deletes the IPCP extension peer-ip-address configuration.

Default

no peer-ip-address (0.0.0.0)

Parameters

ip-address

a unicast IPv4 address to be signaled to the far end of the associated PPP/ MLPPP link by IPCP extensions

Values

a.b.c.d (unicast only)

load-balancing

Syntax

load-balancing

Context

config>service>vprn>interface

Description

This command enables the context to configure load balancing hashing options on the interface. The options enabled at the interface level overwrite parallel system-level configurations.

Default

n/a

l4-load-balancing

Syntax

l4-load-balancing hashing-algorithm

no l4-load-balancing

Context

config>service>vprn>interface>load-balancing

Description

This command configures Layer 4 load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). When enabled, Layer 4 source and destination port fields of incoming TCP/UDP packets are included in the hashing calculation to randomly determine the distribution of packets.

You can add additional fields to generate more randomness and more equal distribution of packets with the teid-load-balancing command.

The default configuration on the interface is to match the Layer 4 load-balancing configuration in the config>system context. Using this command to modify Layer 4 load-balancing configuration on an interface overrides the system-wide load-balancing settings for that interface.

Parameters

hashing-algorithm

specifies that Layer 4 source and destination port fields are included in or excluded from the hashing calculation

Values

includeL4: include Layer 4 source and destination port fields in the hashing calculation for TCP/UDP packets

excludeL4: exclude Layer 4 source and destination port fields in the hashing calculation for TCP/UDP packets

Default

the system configuration setting (under the config>system context)

spi-load-balancing

Syntax

[no] spi-load-balancing

Context

config>service>vprn>interface>load-balancing

Description

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4or IPv6 traffic at the interface level.

The no form of this command disables SPI hashing.

Default

no spi-load-balancing

teid-load-balancing

Syntax

[no] teid-load-balancing

Context

config>service>vprn>interface>load-balancing

Description

This command configures TEID load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). The TEID attribute is included in the header of GTP (general packet radio system tunneling protocol) packets. When TEID load balancing is enabled, the TEID field of incoming TCP/UDP packets is included in the hashing calculation to randomly determine the distribution of packets.

You can add additional fields to generate more randomness and more equal distribution of packets with the l4-load-balancing command.

Default

no teid-load-balancing

local-dhcp-server

Syntax

[no] local-dhcp-server local-server-name

Context

config>service>vprn>interface

Description

This command associates the interface with a local DHCP server configured on the system. A routed VPLS interface may not be associated with a local DHCP server.

The no form of the command removes the association of the interface with the local DHCP server.

Default

none

Parameters

local-server-name

the name of the local DHCP server

Values

up to 32 alphanumeric characters

local-proxy-arp

Syntax

[no] local-proxy-arp

Context

config>service>vprn>interface

Description

This command enables local proxy ARP on the interface.

Local proxy ARP allows the 7705 SAR to respond to ARP requests received on an interface for an IP address that is part of a subnet assigned to the interface. The router responds to all requests for IP addresses within the subnet with its own MAC address and forwards all traffic between the hosts in the subnet.

Local proxy ARP is used on subnets where hosts are prevented from communicating directly.

When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

Default

no local-proxy-arp

loopback

Syntax

[no] loopback

Context

config>service>vprn>interface

Description

This command specifies that the interface is a loopback interface that has no associated physical interface. If this command is enabled, a SAP cannot be defined on the interface.

Default

no loopback

mac

Syntax

mac ieee-address

no mac [ieee-address]

Context

config>service>vprn>interface

Description

This command assigns a specific MAC address to a VPRN IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

Default

the physical MAC address associated with the Ethernet interface that the SAP is configured on

Parameters

ieee-address

a 48-bit MAC address in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers and cannot be all zeros. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.

multicast-translation

Syntax

[no] multicast-translation

Context

config>service>vprn>interface

Description

This command enables multicast address translation on the 7705 SAR that is the translator router for unicast-to-multicast or multicast-to-multicast translation.

When enabled for unicast-to-multicast translation, the 7705 SAR will try to find the source and destination address of the packet in the unicast-to-multicast translation table. If the source and destination address is not found, the packet is processed as a regular IP packet. To disable unicast-to-multicast translation, all entries must be removed from the translation table and then the command must be set to no multicast-translation.

When enabled for multicast-to-multicast translation, the static group configuration is used for multicast PDUs that arrive on the node and are to be translated via the translation table. If the command is enabled and an arriving PDU does not match an entry in the translation table, the multicast PDU is dropped. If the (S,G) arrives from another interface via a dynamic protocol while this command is enabled, the interface that the dynamic (S,G) arrived from will be added as an outgoing interface but it will not forward traffic. Only the outgoing loopback interface on the translation router will forward the translated PDU.

For multicast-to-multicast translation, if this command is not enabled, the node will function as a leaf for the static group configuration. To disable multicast-to-multicast translation, the interface must be shut down before the no version of this command is issued.

Default

no multicast-translation

proxy-arp-policy

Syntax

proxy-arp-policy policy-name [policy-name...(up to 5 max)]

no proxy-arp-policy

Context

config>service>vprn>interface

Description

This command enables proxy ARP on the interface and specifies an existing policy statement that controls the flow of routing information by analyzing match and action criteria. The policy statement is configured in the config>router>policy-options context (see the 7705 SAR Router Configuration Guide, ‟Route Policy Command Reference, Route Policy Options”). When proxy ARP is enabled, the 7705 SAR responds to ARP requests on behalf of another device.

Default

no proxy-arp-policy

Parameters

policy-name

the route policy statement name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes. The policy statement must already be defined.

remote-proxy-arp

Syntax

[no] remote-proxy-arp

Context

config>service>vprn>interface

Description

This command enables remote proxy ARP on the interface, allowing a router on one network to respond to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.

Default

no remote-proxy-arp

secondary

Syntax

secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]

no secondary {ip-address/mask | ip-address netmask}

Context

config>service>vprn>interface

Description

This command assigns an secondary IP address, IP subnet, and broadcast address format to the interface.

Default

no secondary

Parameters

ip-address

the IP address of the IP interface. The ip-address portion of the secondary command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.

Values

a.b.c.d

(1.0.0.0 to 223.255.255.255 (with support of /31 subnets)

The ‟/” (forward slash) is a parameter delimiter that separates the ip-address portion of the IP address from the mask, which defines the scope of the local subnet. No spaces are allowed between the ip-address, the ‟/”, and the mask. If a forward slash does not immediately follow the ip-address, a dotted-decimal mask must follow the prefix.

mask

the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash separates the ip-address from the mask. The mask indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.

Values

0 to 32 (a mask length of 32 is reserved for loopback addresses, including system IP addresses)

netmask

the subnet mask, in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The netmask parameter indicates the complete mask that will be used in a logical ‟AND” function to derive the local subnet of the IP address.

Values

128.0.0.0 to 255.255.255.254

(network bits all 1 and host bits all 0)

(255.255.255.255 is reserved for system IP addresses)

broadcast

the optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

Default

host-ones

all-ones

specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast

host-ones

specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask, or the mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the secondary command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the secondary command must be executed with the broadcast parameter defined.

igp-inhibit

specifies that this secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the secondary IP interface will not be injected and used as a passive interface and will not be advertised as an internal IP interface into the IGP link state database. For RIP, this means that the secondary IP interface will not source RIP updates.

static-arp

Syntax

static-arp ip-address ieee-address

no static-arp ip-address [ieee-address]

static-arp ieee-address unnumbered

no static-arp [ieee-address] unnumbered

Context

config>service>vprn>interface

Description

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP will appear in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface. If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

Static ARP is used when a 7705 SAR needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the 7705 SAR configuration can specify to send a packet with a particular IP address to the corresponding ARP address.

The no form of the command removes a static ARP entry.

Default

n/a

Parameters

ip-address

the IP address for the static ARP in dotted-decimal notation

Values

a.b.c.d

ieee-address

the 48-bit MAC address for the static ARP. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.

Values

aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff

(where aa, bb, cc, dd, ee, and ff are hexadecimal numbers and cannot be all zeros)

unnumbered

specifies the static ARP MAC addresses for an unnumbered interface. Unnumbered interfaces also support dynamic ARP. If this parameter is configured, it overrides any dynamic ARP.

tcp-mss

Syntax

tcp-mss value

no tcp-mss

Context

config>service>vprn>interface

config>service>vprn>if>ipv6

Description

This command configures the maximum segment size (MSS) in a TCP SYN or SYN-ACK packet during the establishment of a TCP connection. A tcp-mss value can be specified on an ingress interface, egress interface, or both. When configured on two interfaces, the smaller of the two values is used. If the TCP SYN packet has no TCP MSS field, the 7705 SAR assigns it the MSS value configured on the interface and recalculates the IP checksum. If the TCP SYN or SYN-ACK packet has an MSS field and the value is greater than the value configured on the interface, the 7705 SAR overwrites the packet MSS value with the lower value. If the MSS value is less than the value configured on the interface, the packet MSS value does not change. See the 7705 Router Configuration Guide, ‟TCP MSS Configuration and Adjustment”, for more information.

This command is supported on interfaces with IPv4 and IPv6 traffic, and a different MSS value can be configured for the IPv4 and IPv6 interfaces. This command is supported on IPSec private interfaces in a VPRN.

Default

no tcp-mss

Parameters

value

the MSS, in bytes, to be used in a TCP SYN or SYN-ACK packet

Values

384 to 9732

unnumbered

Syntax

unnumbered {ip-int-name | ip-address}

no unnumbered

Context

config>service>vprn>interface

Description

This command configures an IP interface as an unnumbered interface and specifies an IP address or interface name to be used for the interface. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.

By default, no IP address exists on an IP interface until it is explicitly created.

The no form of the command removes the IP address assignment from the IP interface.

Default

no unnumbered

Parameters

ip-int-name | ip-address

the IP interface name or address to associate with the unnumbered IP interface

Values

ip-int-name: 1 to 32 characters (must start with a letter)

ip-address: a.b.c.d

IPv6 Interface Commands

ipv6

Syntax

[no] ipv6

Context

config>service>vprn>interface

Description

This command enables the context to configure parameters for a VPRN IPv6 interface.

address

Syntax

address ipv6-address/prefix-length [eui-64] [preferred]

no address ipv6-address/prefix-length

Context

config>service>vprn>if>ipv6

Description

This command assigns an address to the IPv6 interface.

Parameters

ipv6-address/prefix-length

the address of the IPv6 interface

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length 0 to 128
eui-64

when the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from the MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the base MAC address of the chassis is used.

preferred

specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.

dhcp6-relay

Syntax

[no] dhcp6-relay

Context

config>service>vprn>if>ipv6

Description

This command enables the context to configure DHCPv6 relay parameters for the interface.

The no form of the command disables DHCPv6 relay.

option

Syntax

[no] option

Context

config>service>vprn>if>ipv6>dhcp6-relay

Description

This command enables the context to configure DHCPv6 relay information options.

The no form of the command disables DHCPv6 relay information options.

interface-id

Syntax

interface-id

interface-id ascii-tuple

interface-id ifindex

interface-id sap-id

interface-id string

no interface-id

Context

config>service>vprn>if>ipv6>dhcp6-relay>option

Description

This command enables the sending of interface ID options in the DHCPv6 relay packet.

The no form of the command disables the sending of interface ID options in the DHCPv6 relay packet.

Parameters

ascii-tuple

specifies that the ASCII-encoded concatenated tuple will be used (consists of the access-node-identifier, service-id, and interface-name, separated by ‟|”)

ifindex

specifies that the interface index will be used. (The If Index of a router interface can be displayed using the command show>router>if>detail.)

sap-id

specifies that the SAP identifier will be used

string

a string of up to 32 characters long, composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.

remote-id

Syntax

[no] remote-id

Context

config>service>vprn>if>ipv6>dhcp6-relay>option

Description

This command enables the sending of the remote ID option in the DHCPv6 relay packet.

The client DHCP Unique Identifier (DUID) is used as the remote ID.

The no form of the command disables the sending of remote ID option in the DHCPv6 relay packet.

server

Syntax

[no] server ipv6z-address

Context

config>service>vprn>if>ipv6>dhcp6-relay

Description

This command configures an IPv6 address to the DHCPv6 server.

The no form of the command disables the specified IPv6 address.

Parameters

ipv6z-address

the IPv6 address of the DHCPv6 server (a maximum of eight addresses can be configured)

Values

x:x:x:x:x:x:x:x [-interface]

x:x:x:x:x:x:d.d.d.d [-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum,

mandatory for link local addresses

source-address

Syntax

[no] source-address ipv6-address

Context

config>service>vprn>if>ipv6>dhcp6-relay

Description

This command assigns the source IPv6 address of the DHCPv6 relay messages.

The no form of the command disables the specified IPv6 address.

Parameters

ipv6-address

the source IPv6 address of the DHCPv6 relay messages

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

dhcp6-server

Syntax

[no] dhcp6-server

Context

config>service>vprn>if>ipv6

Description

This command enables the context to configure DHCPv6 server parameters for the VPRN interface.

The no form of the command disables the DHCPv6 server.

max-nbr-of-leases

Syntax

max-nbr-of-leases max-nbr-of-leases

no max-nbr-of-leases

Context

config>service>vprn>if>ipv6>dhcp6-server

Description

This command configures the maximum number of lease states installed by the DHCPv6 server function allowed on this interface.

The no form of the command returns the value to the default.

Default

8000

Parameters

max-nbr-of-leases

the maximum number of lease states installed by the DHCPv6 server function allowed on this interface

Values

0 to 8000

prefix-delegation

Syntax

[no] prefix-delegation

Context

config>service>vprn>if>ipv6>dhcp6-server

Description

This command configures prefix delegation options for delegating a long-lived prefix from a delegating router to a requesting router, where the delegating router does not require knowledge about the topology of the links in the network to which the prefixes will be assigned.

The no form of the command disables prefix delegation.

prefix

Syntax

[no] prefix ipv6-address/prefix-length

Context

config>service>vprn>if>ipv6>dhcp6-server>pfx-delegate

Description

This command specifies the IPv6 prefix that is delegated by the system.

Parameters

ipv6-address/prefix-length

the address of the IPv6 interface

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length 0 to 128

duid

Syntax

duid duid [iaid iaid]

no duid

Context

config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix

Description

This command configures the DHCP Unique Identifier (DUID) of the DHCPv6 server client.

Parameters

duid

the ID of the requesting router. If set to a non-zero value, the prefix defined will only be delegated to this router. If set to 0, the prefix will be delegated to any requesting router.

iaid

the identity association identification (IAID) from the requesting router that needs to match in order to delegate the defined prefix. If set to 0, no match on the received IAID is done.

preferred-lifetime

Syntax

preferred-lifetime seconds

preferred-lifetime infinite

no preferred-lifetime

Context

config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix

Description

This command configures the IPv6 prefix preferred lifetime. The preferred-lifetime value cannot be larger than the valid-lifetime value.

The no form of the command reverts to the default value.

Default

604800 seconds (7 days)

Parameters

seconds

the time, in seconds, that this prefix remains preferred

Values

1 to 4294967294

infinite

specifies that this prefix remains preferred infinitely

valid-lifetime

Syntax

valid-lifetime seconds

valid-lifetime infinite

no valid-lifetime

Context

config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix

Description

This command configures the time, in seconds, that the prefix is valid.

The no form of the command reverts to the default value.

Default

2592000 seconds (30 days)

Parameters

seconds

the time, in seconds, that this prefix remains valid

Values

1 to 4294967295

infinite

specifies that this prefix remains valid infinitely

icmp6

Syntax

icmp6

Context

config>service>vprn>if>ipv6

Description

This command configures ICMPv6 parameters for the interface.

packet-too-big

Syntax

packet-too-big [number seconds]

no packet-too-big

Context

config>service>vprn>if>ipv6>icmp6

Description

This command specifies whether, and how often, ‟packet-too-big” ICMPv6 messages should be sent. When enabled, ICMPv6 ‟packet-too-big” messages are generated by this interface.

The no form of the command disables the sending of ICMPv6 ‟packet-too-big” messages.

Default

100 10

Parameters

number

the number of ‟packet-too-big” ICMPv6 messages to send in the time frame specified by the seconds parameter

Values

10 to 1000

Default

100

seconds

the time frame, in seconds, that is used to limit the number of ‟packet-too-big” ICMPv6 messages issued

Values

1 to 60

Default

10

param-problem

Syntax

param-problem [number seconds]

no packet-too-big

Context

config>service>vprn>if>ipv6>icmp6

Description

This command specifies whether, and how often, ‟parameter-problem” ICMPv6 messages should be sent. When enabled, ‟parameter-problem” ICMPv6 messages are generated by this interface.

The no form of the command disables the sending of ‟parameter-problem” ICMPv6 messages.

Default

100 10

Parameters

number

the number of ‟parameter-problem” ICMPv6 messages to send in the time frame specified by the seconds parameter

Values

10 to 1000

Default

100

seconds

the time frame, in seconds, that is used to limit the number of ‟parameter-problem” ICMPv6 messages issued

Values

1 to 60

Default

10

time-exceeded

Syntax

time-exceeded [number seconds]

no time-exceeded

Context

config>service>vprn>if>ipv6>icmp6

Description

This command specifies whether, and how often, ‟time-exceeded” ICMPv6 messages should be sent. When enabled, ICMPv6 ‟time-exceeded” messages are generated by this interface.

Default

100 10

Parameters

number

the number of ‟time-exceeded” ICMPv6 messages are to be issued in the time frame specified by the seconds parameter

Values

10 to 1000

Default

100

seconds

the time frame, in seconds, that is used to limit the number of ‟time-exceeded” ICMPv6 messages to be issued

Values

1 to 60

Default

10

unreachables

Syntax

unreachables [number seconds]

no unreachables

Context

config>service>vprn>if>ipv6>icmp6

Description

This command specifies whether, and how often, ICMPv6 host and network destination unreachable messages are generated by this interface.

Default

100 10

Parameters

number

the number of destination unreachable ICMPv6 messages to send issued in the time frame specified by the seconds parameter

Values

10 to 1000

Default

100

seconds

the time frame, in seconds, that is used to limit the number of destination unreachable ICMPv6 messages to be sent

Values

1 to 60

Default

10

link-local-address

Syntax

link-local-address ipv6-address [preferred]

no link-local-address

Context

config>service>vprn>if>ipv6

Description

This command configures the IPv6 link-local address.

The no form of the command removes the configured link-local address, and the router automatically generates a default link-local address.

Removing a manually configured link-local address may impact routing protocols that have a dependency on that address.

Default

n/a

Parameters

ipv6-address

the IPv6 link local address

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

preferred

specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.

neighbor

Syntax

neighbor ipv6-address mac-address

no neighbor ipv6-address

Context

config>service>vprn>if>ipv6

Description

This command configures IPv6-to-MAC address mapping on the interface.

Default

n/a

Parameters

ipv6-address

the address of the IPv6 interface for which to display information

Values

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

prefix-length 0 to 128
mac-address

the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any unicast MAC addresses and non-IEEE reserved MAC addresses

reachable-time

Syntax

reachable-time seconds

no reachable-time

Context

config>service>vprn>if>ipv6

Description

This command specifies the time that an IPv6 neighbor remains in a reachable state.

Default

no reachable-time

Parameters

seconds

the number of seconds that an IPv6 neighbor remains in a reachable state

Values

30 to 3600

Default

30

stale-time

Syntax

stale-time seconds

no stale-time

Context

config>service>vprn>if>ipv6

Description

This command specifies the time that an IPv6 neighbor cache entry remains in a stale state. When the specified time elapses, the system removes the neighbor cache entry.

Default

no stale-time

Parameters

seconds

the number of seconds that an IPv6 neighbor remains in a stale state

Values

60 to 65535

Default

14400

Interface DHCP Commands

dhcp

Syntax

dhcp

Context

config>service>vprn>interface

Description

This command enables the context to configure DHCP parameters.

gi-address

Syntax

gi-address ip-address [src-ip-addr]

no gi-address

Context

config>service>vprn>if>dhcp

Description

This command configures the gateway interface address for the DHCP Relay Agent. By default, the GIADDR used in the relayed DHCP packet is the primary address of an interface. Specifying the GIADDR allows the user to choose a secondary address.

Default

no gi-address

Parameters

ip-address

the IP address of the gateway interface in dotted-decimal notation

Values

a.b.c.d (host bits must be 0)

src-ip-addr

specifies that the GIADDR is to be used as the source IP address for DHCP relay packets

option

Syntax

[no] option

Context

config>service>vprn>if>dhcp

Description

This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 suboptions.

The no form of this command returns the system to the default.

Default

no option

action

Syntax

action {replace | drop | keep}

no action

Context

config>service>vprn>if>dhcp>option

Description

This command configures the processing required when the 7705 SAR receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.

The no form of this command returns the system to the default value.

Default

keep—(as per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests, the default is to keep the existing information intact. The exception to this occurs if the gi-addr (gateway interface address) of the received packet is the same as the ingress address on the router. In this case, the packet is dropped and an error is logged.)

Parameters

replace

in the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046).

drop

the packet is dropped, and an error is logged

keep

the existing information is kept in the packet and the router does not add any additional information. In the downstream direction, the Option 82 field is not stripped and is sent on toward the client.

The behavior is slightly different in the case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert its own VSO into the Option 82 field. This will only be done when the incoming message has an Option 82 field already.

If no Option 82 field is present, the router will not create the Option 82 field. In this case, no VSO will be added to the message.

circuit-id

Syntax

circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]

no circuit-id

Context

config>service>vprn>if>dhcp>option

Description

This command sends either an ASCII tuple or the interface index (If Index) or specified SAP ID in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command show>router>interface>detail. This option specifies data that must be unique to the router that is relaying the circuit.

If disabled, the circuit-id suboption of the DHCP packet is left empty.

The no form of this command returns the system to the default.

Default

ascii-tuple

Parameters

ascii-tuple

the ASCII-encoded concatenated ‟tuple” will be used, where the ‟tuple” consists of the access-node-identifier, service-id, and interface-name, separated by the syntax symbol ‟|”

ifindex

the interface index will be used

sap-id

the SAP ID will be used

vlan-ascii-tuple

specifies that the format will include the vlan-id and dot1p bits, in addition to the ascii-tuple. The format is supported on dot1q and qinq ports only. When the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

remote-id

Syntax

remote-id [mac | string string]

no remote-id

Context

config>service>vprn>if>dhcp>option

Description

This command sends the MAC address of the remote end (typically, the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit. If disabled, the remote-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default

remote-id

Parameters

mac

the MAC address of the remote end is encoded in the suboption

string

the remote ID

Values

up to 32 alphanumeric characters

vendor-specific-option

Syntax

[no] vendor-specific-option

Context

config>service>vprn>if>dhcp>option

Description

This command enables the Nokia vendor-specific suboption of the DHCP relay packet and enters the context for configuring the vendor-specific suboptions.

client-mac-address

Syntax

[no] client-mac-address

Context

config>service>vprn>if>dhcp>option>vendor

Description

This command enables the sending of the MAC address in the Nokia vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the MAC address in the Nokia vendor- specific suboption of the DHCP relay packet.

Default

no client-mac-address

sap-id

Syntax

[no] sap-id

Context

config>service>vprn>if>dhcp>option>vendor

Description

This command enables the sending of the SAP ID in the Nokiat vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the SAP ID in the Nokia vendor-specific suboption of the DHCP relay packet.

Default

no sap-id

service-id

Syntax

[no] service-id

Context

config>service>vprn>if>dhcp>option>vendor

Description

This command enables the sending of the service ID in the Nokia vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the service ID in the Nokia vendor- specific suboption of the DHCP relay packet.

Default

no service-id

string

Syntax

string text

no string

Context

config>service>vprn>if>dhcp>option>vendor

Description

This command specifies the vendor-specific suboption string of the DHCP relay packet.

The no form of the command returns the default value.

Default

no string

Parameters

text

any combination of ASCII characters up to 32 characters in length. If spaces are used in the string, the entire string must be enclosed within double quotes.

system-id

Syntax

[no] system-id

Context

config>service>vprn>if>dhcp>option>vendor

Description

This command specifies whether the system ID is encoded in the Nokia vendor-specific suboption of Option 82.

Default

n/a

server

Syntax

server server1 [server2...(up to 8 max)]

no server

Context

config>service>vprn>if>dhcp

Description

This command specifies a list of servers where requests will be forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP Relay to work. If there are multiple servers specified, the request is forwarded to all of the servers in the list. There can be a maximum of 8 DHCP servers configured.

Default

no server

Parameters

server

the DHCP server IP address

trusted

Syntax

[no] trusted

Context

config>service>vprn>if>dhcp

Description

This command enables or disables trusted mode on an IP interface.

According to RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the gi-addr (gateway interface address) is 0.0.0.0 and which contains an Option 82 field in the packet, should be discarded, unless it arrives on a ‟trusted” circuit.

If trusted mode is enabled on an IP interface, the relay agent (the 7705 SAR) will modify the request gi-addr to be equal to the ingress interface and forward the request.

This behavior only applies when the action in the Relay Agent Information Option is ‟keep”.

In the case where the Option 82 field is being replaced by the relay agent (action = ‟replace”), the original Option 82 information is lost. Thus, in this case, there is no reason for enabling the trusted option.

The no form of this command returns the system to the default.

Default

no trusted

Interface ICMP Commands

icmp

Syntax

icmp

Context

config>service>vprn>interface

Description

This command configures Internet Control Message Protocol (ICMP) parameters on a VPRN service and enters the context for configuring ICMP.

mask-reply

Syntax

[no] mask-reply

Context

config>service>vprn>if>icmp

Description

This command enables responses to ICMP mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

By default, the router instance will reply to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

Default

mask-reply

ttl-expired

Syntax

ttl-expired number seconds

no ttl-expired [number seconds]

Context

config>service>vprn>if>icmp

Description

This command configures the rate at which ICMP TTL-expired messages are issued by the IP interface.

By default, generation of ICMP TTL-expired messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of this command disables limiting the rate of TTL-expired messages on the router interface.

Default

ttl-expired 100 10

Parameters

number

the maximum number of ICMP TTL-expired messages to send, expressed as a decimal integer. This parameter must be specified along with the seconds parameter.

Values

10 to 100

seconds

the time, in seconds, used to limit the number of ICMP TTL-expired messages that can be issued, expressed as a decimal integer

Values

1 to 60

unreachables

Syntax

unreachables number seconds

no unreachables [number seconds]

Context

config>service>vprn>if>icmp

Description

This command enables and configures the rate of ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 100 per 10-s time interval.

The no form of this command disables the generation of ICMP destination unreachable messages on the router interface.

Default

unreachables 100 10

Parameters

number

the maximum number of ICMP unreachable messages to send. This parameter must be specified along with the seconds parameter.

Values

10 to 100

seconds

the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued

Values

1 to 60

Interface SAP Commands

sap

Syntax

sap sap-id [create]

no sap sap-id

Context

config>service>vprn>interface

Description

This command creates a Service Access Point (SAP) within a service when used with the create keyword. The create keyword is not needed when entering an existing SAP to edit SAP parameters.

A SAP is a combination of port and encapsulation parameters that identify the service access point on the interface and within the 7705 SAR. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.

The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the config interface port-type port-id mode access command. Channelized TDM ports are always access ports.

If a port is shut down with the shutdown command, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

To configure a VPRN interface SAP that is used for a private IPSec tunnel interface, see sap in Service Interface Tunnel Commands.

If the VPRN interface has been configured as a loopback interface with the loopback command, a SAP cannot be defined on the interface.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.

Default

no SAPs are defined

Parameters

sap-id

the physical port identifier portion of the SAP definition. See SAP ID Configurations for a full list of SAP IDs.

create

keyword used to create a SAP instance

accounting-policy

Syntax

accounting-policy acct-policy-id

no accounting-policy [acct-policy-id]

Context

config>service>vprn>if>sap

Description

This command creates the accounting policy context that can be applied to an interface SAP.

An accounting policy must be defined before it can be associated with a SAP. Accounting policies are configured in the config log context. A maximum of one accounting policy can be associated with a SAP at one time.

If the acct-policy-id does not exist, an error message is generated.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default

no accounting policy

Parameters

acct-policy-id

the accounting policy ID as configured in the config log accounting-policy context

Values

1 to 99

collect-stats

Syntax

[no] collect-stats

Context

config>service>vprn>if>sap

Description

This command enables accounting and statistical data collection for either an interface SAP or network port. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued, the statistics are still accumulated. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default

collect-stats

egress

Syntax

egress

Context

config>service>vprn>if>sap

Description

This command enables the context to configure egress SAP QoS policies and filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter policy is defined, no filtering is performed.

ingress

Syntax

ingress

Context

config>service>vprn>if>sap

Description

This command enables the context to configure ingress SAP QoS policies and filter policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter policy is defined, no filtering is performed.

agg-rate-limit

Syntax

agg-rate-limit agg-rate [cir cir-rate]

no agg-rate-limit

Context

config>service>vprn>if>sap>egress

config>service>vprn>if>sap>ingress

Description

This command sets the aggregate rate limits (PIR and CIR) for the SAP. The agg-rate sets the PIR value. The cir-rate sets the CIR value. When aggregate rate limits are configured on a second-generation (Gen-2) Ethernet adapter card, the scheduler mode must be set to 16-priority. On a third-generation (Gen-3) Ethernet adapter card, the scheduler mode is always 4-priority. For information about adapter card generations, see the ‟Evolution of Ethernet Adapter Cards, Modules, and Platforms” section in the 7705 SAR Interface Configuration Guide.

Configuring the cir-rate is optional. If a cir-rate is not entered, then the cir-rate is set to its default value (0 kb/s). If a cir-rate has been set and the agg-rate is changed without re-entering the cir-rate, the cir-rate automatically resets to 0 kb/s. For example, to change the agg-rate from 2000 to 1500 while maintaining a cir-rate of 500, use the command agg-rate-limit 1500 cir 500.

If the specified SAP is a LAG SAP, agg-rate and cir-rate can be configured regardless of the scheduler mode setting on Gen-2 or Gen-3 hardware. If the active port is on a Gen-3 card or platform, agg-rate and cir-rate are applicable. If the active port is on a Gen-2 card or platform, agg-rate and cir-rate apply when the scheduler mode is set to 16-priority. For details on the behavior of a mix-and-match LAG SAP, see the ‟LAG Support on Third-Generation Ethernet Adapter Cards, Ports, and Platforms” and ‟Network LAG Traffic Management” sections in the 7705 SAR Interface Configuration Guide.

The no form of the command sets the agg-rate to the maximum and the cir-rate to 0 kb/s.

Default

no agg-rate-limit

Parameters

agg-rate

sets the PIR for the aggregate of all the queues on the SAP. The max keyword applies the maximum physical port rate possible.

Values

1 to 10000000 kb/s, or max

Default

max

cir-rate

sets the CIR for the aggregate of all the queues on the SAP

Values

0 to 10000000 kb/s, or max

Default

0 kb/s

filter

Syntax

filter ip ip-filter-id

no filter ip [ip-filter-id]

filter ipv6 ipv6-filter-id

no filter ipv6 [ipv6-filter-id]

filter [ip ip-filter-id] [ipv6 ipv6-filter-id]

no filter [[ip [ip-filter-id]] [[ipv6 [ipv6-filter-id]]

Context

config>service>vprn>if>sap>egress

config>service>vprn>if>sap>ingress

Description

This command associates an IPv4 or IPv6 filter policy with an ingress or egress SAP or IP interface. Filter policies control the forwarding and dropping of packets based on IP matching criteria.

The filter command is used to associate a filter policy with a specified ip-filter-id or ipv6-filter-id with an ingress or egress SAP. The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be returned.

Only one filter ID can be assigned to an interface unless the interface is dual-stack (supports both IPv4 and IPv6). A dual-stack interface can have one IPv4 and one IPv6 filter ID assigned to it.

In general, filters applied to SAPs apply to all packets on the SAP. One exception is that IP match criteria are not applied to non-IP packets, in which case the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use the scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters

ip-filter-id

the IPv4 filter policy. The filter ID or filter name must already exist within the created IPv4 filters.

Values

1 to 65535 or filter-name (up to 64 characters)

ipv6-filter-id

the IPv6 filter policy. The filter ID or filter name must already exist within the created IPv6 filters.

Values

1 to 65535 or ipv6-filter-name (up to 64 characters)

match-qinq-dot1p

Syntax

match-qinq-dot1p {top | bottom}

no match-qinq-dot1p

Context

config>service>vprn>if>sap>ingress

Description

This command specifies which dot1q tag position (top or bottom) in a qinq-encapsulated packet should be used when QoS evaluates dot1p classification.

The no form of the command restores the default dot1p evaluation behavior for the SAP, which means that the inner (bottom) tag (second tag) dot1p bits are used for classification.

By default, the dot1p bits from the inner tag service-delineating dot1q tag are used.

Match-QinQ-Dot1p Matching Behavior shows which set of dot1p bits are used for QoS purposes when match-qinq-dot1p is configured. To use the table, find the row that represents the settings for Port/SAP Type and Match-QinQ-Dot1q Setting. Use the Existing Packet Tags column to identify which dot1q tags are available in the packet. Then use the P-bits Used for Match column to identify which dot1q tag contains the dot1p bits that are used for QoS dot1p classification.

Default

no match-qinq-dot1p

Parameters

top

the top parameter and bottom parameter are mutually exclusive. When the top parameter is specified, the outer tag's dot1p bits (topmost P-bits) are used (if existing) to match any dot1p dot1p-value entries

bottom

the bottom parameter and top parameter are mutually exclusive. When the bottom parameter is specified, the bottommost P-bits (second tag’s P-bits) are used (if existing) to match any dot1p dot1p-value entries.

Table 7. Match-QinQ-Dot1p Matching Behavior

Port/ SAP Type

Match-QinQ-Dot1p Setting 1

Existing Packet Tags

P-bits Used for Match

Null

n/a

None

None

Null

n/a

Dot1p (VLAN ID 0)

None 2

Null

n/a

Dot1q

None 2

Null

n/a

TopQ BottomQ

None 2

Dot1q

n/a

None

None

Dot1q

n/a

Dot1p (default SAP VLAN ID 0)

Dot1p P-bits

Dot1q

n/a

Dot1q

Dot1q P-bits

QinQ/ X.Y

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.Y

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ X.0

Top

TopQ

TopQ P-bits

QinQ/ X.0

Default or Bottom

TopQ

TopQ P-bits

QinQ/ X.0

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.0

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ X.*

Top

TopQ

TopQ P-bits

QinQ/ X.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ X.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ X.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ 0.*

Top

None

None

QinQ/ 0.*

Default or Bottom

None

None

QinQ/ 0.*

Top

TopQ

TopQ P-bits

QinQ/ 0.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ 0.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ 0.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

QinQ/ *.*

Top

None

None

QinQ/ *.*

Default or Bottom

None

None

QinQ/ *.*

Top

TopQ

TopQ P-bits

QinQ/ *.*

Default or Bottom

TopQ

TopQ P-bits

QinQ/ *.*

Top

TopQ BottomQ

TopQ P-bits

QinQ/ *.*

Default or Bottom

TopQ BottomQ

BottomQ P-bits

Notes:

  1. ‟Default” in this column refers to the no form of the match-qinq-dot1p command.

  2. For null encapsulation, the 7705 SAR does not process dot1p bits.

qinq-mark-top-only

Syntax

[no] qinq-mark-top-only

Context

config>service>vprn>if>sap>egress

Description

When enabled, the qinq-mark-top-only command specifies which P-bits to mark during packet egress. When disabled, both sets of P-bits are marked. When enabled, only the P-bits in the top Q-tag are marked. The no form of the command is the default state (disabled).

Dot1P Re-marking Behavior for the QinQ-mark-top-only Command shows the dot1p remarking behavior for different egress port type/SAP type combinations and qinq-mark-top-only state, where ‟False” represents the default (disabled) state.

If a new tag is pushed, the dot1p bits of the new tag will be zero (unless the new tag is re-marked by the egress policy. The dot1p bits are configured using the dot1p parameter under the config>qos context.

Table 8. Dot1P Re-marking Behavior for the QinQ-mark-top-only Command

Egress Port Type/SAP Type

QinQ-mark-top-only State

Egress P-Bits Marked or Re-marked

Null 1

n/a

None

Dot1q/ X 1

n/a

Outer tag

Dot1q/ * 2

n/a

None

Dot1q/ 0 2

n/a

Outer tag

QinQ/ X.Y 1

False

Two outer tags 3

True

Outer tag 3

QinQ/ X.* 1

True or False

Outer tag

QinQ/ X.0 1

True or False

Outer tag

QinQ/ 0.* 1

True or False

None

QinQ/ *.* 2

True or False

None

Notes:

  1. This port type/SAP type is supported by the following services: Epipe, Ipipe, VPLS, IES, and VPRN.

  2. This port type/SAP type is supported by the following services: Epipe and VPLS.

  3. Normally, when a new tag is pushed, the dot1p bits of the new tag will be zero, unless the P-bits are remarked by the egress policy. However, an exception to this occurs when the egress SAP type is X.Y and only one new outer tag must be pushed. In this case, the new outer tag will have its dot1p bits set to the inner tag's dot1p bits.

Default

no qinq-mark-top-only

qos

Syntax

qos policy-id

no qos [policy-id]

Context

config>service>vprn>if>sap>egress

config>service>vprn>if>sap>ingress

Description

This command associates a QoS policy with an ingress or egress SAP. QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.

The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error; for example, trying to associate an egress policy on SAP ingress.

Only one ingress and one egress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a given type returns an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Parameters

policy-id

the ingress or egress policy ID to associate with the SAP on ingress or egress. The policy ID or name must already exist.

Values

1 to 65535, or policy-name (up to 64 characters)

scheduler-mode

Syntax

scheduler-mode {4-priority | 16-priority}

Context

config>service>vprn>if>sap>egress

config>service>vprn>if>sap>ingress

Description

This command sets the scheduler mode for the SAP and is part of the hierarchical QoS (H-QoS) feature on the 7705 SAR.

If the mode is 4-priority, then the SAP is considered an unshaped 4-priority SAP and the agg-rate-limit cannot be changed from its default values.

If the mode is 16-priority and the agg-rate limit parameters are configured to be non-default values, then the SAP is considered a shaped SAP. If the agg-rate limit parameters are left in their default settings, the SAP is considered an unshaped, 16-priority SAP.

This command is blocked on third-generation (Gen-3) Ethernet adapter cards and platforms, such as the 6-port Ethernet 10Gbps Adapter card and the 7705 SAR-X, which only support 4-priority scheduling mode.

If the specified SAP is a LAG SAP, scheduler-mode can be configured but is not applied to Gen-3 adapter cards and platforms.

Default

4-priority

Parameters

4-priority

sets the scheduler mode for the SAP to be 4-priority mode

16-priority

sets the scheduler mode for the SAP to be 16-priority mode

shaper-group

Syntax

[no] shaper-group shaper-group-name

Context

config>service>vprn>if>sap>egress

config>service>vprn>if>sap>ingress

Description

This command applies a shaper group to a SAP. The shaper group must already be created and must be within the shaper policy assigned to the Ethernet MDA (for ingress) or port (for egress). A shaper group is a dual-rate aggregate shaper used to shape aggregate access ingress or egress SAPs at a shaper group rate. Multiple aggregate shaper groups ensure fair sharing of available bandwidth among different aggregate shapers.

The default shaper group cannot be deleted.

The no form of this command removes the configured shaper-group.

Default

shaper-group ‟default”

Parameters

shaper-group-name

the name of the shaper group. To access the default shaper group, enter ‟default”.

create

keyword used to create a shaper group

Interface Spoke SDP Commands

spoke-sdp

Syntax

spoke-sdp sdp-id:vc-id [create]

no spoke-sdp sdp-id:vc-id

Context

config>service>vprn>interface

Description

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge ‟port”, where flooded traffic received on the spoke SDP is replicated on all other ‟ports” (other spoke SDPs or SAPs) and not transmitted on the port it was received on.

The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.

The SDP must already be defined in the config>service>sdp context in order to associate it with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to the service. Once the binding is removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.

Default

n/a

Special Cases

VPRN

several SDPs can be bound to a VPRN service. Each SDP must be destined for a different 7705 SAR router. If two sdp-id bindings terminate on the same 7705 SAR, an error occurs and the second SDP is binding is rejected.

Parameters

sdp-id

the SDP identifier

Values

1 to 17407

vc-id

the virtual circuit identifier

Values

1 to 4294967295

egress

Syntax

egress

Context

config>service>vprn>if>spoke-sdp

Description

This command enables the context to configure egress SDP parameters.

vc-label

Syntax

vc-label egress-vc-label

no vc-label [egress-vc-label]

Context

config>service>vprn>if>spoke-sdp>egress

Description

This command configures the static MPLS VC label used by the 7705 SAR to send packets to the far-end device in this service via this SDP.

Parameters

egress-vc-label

a VC egress value that indicates a specific connection

Values

16 to 1048575

ingress

Syntax

ingress

Context

config>service>vprn>if>spoke-sdp

Description

This command enables the context to configure ingress SDP parameters.

filter

Syntax

filter ip ip-filter-id

filter ipv6 ipv6-filter-id

no filter [ip ip-filter-id] [ipv6 ipv6-filter-id ]

Context

config>service>vprn>if>spoke-sdp>ingress

Description

This command associates an IPv4 or IPv6 filter policy with a spoke SDP. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.

The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be returned.

Only one filter ID can be assigned to an interface unless the interface is dual-stack (supports both IPv4 and IPv6). A dual-stack interface can have one IPv4 and one IPv6 filter ID assigned to it.

In general, filters applied to ingress spoke SDPs will apply to all packets on the spoke SDP. One exception is that non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the spoke SDP.

Parameters

ip-filter-id

the IP filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or IPv4 filter-name (up to 64 characters)

ipv6-filter-id

specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IPv6 filters.

Values

1 to 65535 or ipv6-filter-name (up to 64 characters)

vc-label

Syntax

vc-label ingress-vc-label

no vc-label [ingress-vc-label]

Context

config>service>vprn>if>spoke-sdp>ingress

Description

This command configures the static MPLS VC label used by the far-end device to send packets to the 7705 SAR in this service via this SDP.

Parameters

ingress-vc-label

a VC ingress value that indicates a specific connection

Values

2048 to 18431

Routed VPLS Commands

vpls

Syntax

vpls service-name

no vpls

Context

config>service>vprn>interface

Description

This command within the IP interface context binds the IP interface to the specified VPLS service name.

The system does not attempt to resolve the service name until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the service name. If the IP interface is already in the administratively up state, the system immediately attempts to resolve the given service name.

Parameters

service-name

specifies the service name that the system attempts to resolve to an allow-ip-int-binding enabled VPLS service associated with the service name. The specified service name is an ASCII string of up to 32 characters.

ingress

Syntax

ingress

Context

config>service>vprn>if>vpls

Description

This command within the VPLS binding context defines the routed IPv4 optional filter override.

v4-routed-override-filter

Syntax

v4-routed-override-filter ip-filter-id

no v4-routed-override-filter

Context

config>service>vprn>if>vpls>ingress

Description

This command specifies an IPv4 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv4 routed packets use the existing ingress IPv4 filter on the VPLS virtual ports.

The no form of the command removes the IPv4 routed override filter from the ingress IP interface.

Default

n/a

Parameters

ip-filter-id

specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or filter-name (up to 64 characters)

v6-routed-override-filter

Syntax

v6-routed-override-filter ipv6-filter-id

no v6-routed-override-filter

Context

config>service>vprn>if>vpls>ingress

Description

This command specifies an IPv6 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv6 routed packets use the existing ingress IPv6 filter on the VPLS virtual ports.

The no form of the command removes the IPv6 routed override filter from the ingress IP interface.

Default

n/a

Parameters

ipv6-filter-id

the IPv6 filter policy. The filter ID or filter name must already exist within the created IP filters.

Values

1 to 65535 or ipv6-filter-name (up to 64 characters)

Interface VRRP Commands

vrrp

Syntax

vrrp virtual-router-id [owner] [passive]

no vrrp virtual-router-id

Context

config>service>vprn>interface

config>service>vprn>if>ipv6

Description

This command creates or edits a virtual router ID (VRID) on the service IP interface. A virtual router ID is internally represented in conjunction with the IP interface name. This allows the virtual router ID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRIDs can be defined on an IP interface. One, both, or none may be defined as owner.

The no form of this command removes the specified virtual router ID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the virtual router ID. The virtual router ID does not need to be shut down in order to remove the virtual router instance.

Default

n/a

Parameters

virtual-router-id

specifies a new virtual router ID or one that can be modified on the IP interface

Values

1 to 255

owner

keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of VRID creation, the vrrp backup command must be used to define the virtual router IP addresses. The owner keyword is not required when entering the VRID for editing purposes. When created as owner, a VRID on an IP interface cannot have the owner parameter removed. The VRID must be deleted, and then recreated without the owner keyword, to remove ownership.

passive

keyword used to identify this virtual router instance as passive, owning the virtual router IP addresses. A passive VRID does not send or receive VRRP advertisement messages and is always in either the master state (if the interface is operationally up), or the initialize state (if the interface is operationally down). The passive keyword is not required when entering the VRID for editing purposes. When a VRID on an IP interface is created as passive, the parameter cannot be removed from the VRID. The VRID must be deleted, and then recreated without the passive keyword, to remove the parameter.

authentication-key

Syntax

authentication-key [authentication-key | hash-key] [hash | hash2]

no authentication-key

Context

config>service>vprn>if>vrrp

Description

This command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.

If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command can be executed at any time.

To change the current in-use password key on multiple virtual router instances:

  • identify the current master

  • shut down the virtual router instance on all backups

  • execute the authentication-key command on the master to change the password key

  • execute the authentication-key command and no shutdown command on each backup

The no form of this command restores the default value of the key.

Default

The authentication data field contains the value 0 in all 16 octets.

Parameters

authentication-key

identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.

The authentication-key parameter is expressed as a string consisting up to eight alphanumeric characters. Spaces must be contained in quotation marks ( ‟ ” ). The quotation marks are not considered part of the string.

The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.

Values

any 7-bit printable ASCII character

exceptions: double quote ASCII 34

carriage return ASCII 13

line feed ASCII 10

tab ASCII 9

backspace ASCII 8

hash-key

can be any combination of ASCII characters up to 22 characters in length (encrypted) for a hash key or up to 121 characters for a hash2 key. If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).

This option is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.

hash

specifies that the key is entered in an encrypted form. If the hash keyword is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash keyword specified.

hash2

specifies that the key is entered in a more complex encrypted form. If the hash2 keyword is not used, the less-encrypted hash form is assumed.

backup

Syntax

[no] backup ip-address

[no] backup ipv6-address

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command configures virtual router IP addresses for backup.

Default

n/a

Parameters

ip-address

specifies the destination IPv4 address for the backup interface

Values

a.b.c.d

ipv6-address

specifies the destination IPv6 address for the backup interface

Values

x:x:x:x:x:x:x:x (eight 16-bit pieces)

bfd-enable

Syntax

[no] bfd-enable interface interface-name dst-ip ip-address

[no] bfd-enable service-id interface interface-name dst-ip ip-address

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command assigns a BFD session that provides a heartbeat mechanism for a VRRP instance. Only one BFD session can be assigned to a VRRP instance, but multiple VRRP instances can use the same BFD session.

BFD controls the state of the associated interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set with the bfd-enable command under the IP interface specified in this command.

The no form of this command removes BFD from the configuration.

Default

n/a

Parameters

service-id

specifies the service ID or name of the interface running BFD

Values

1 to 214748690 or service-name

interface-name

specifies the name of the interface running BFD

ip-address

specifies the destination address to be used for the BFD session

Values

ipv4-address: a.b.c.d

ipv6-address: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

init-delay

Syntax

init-delay seconds

no init-delay

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command configures a VRRP initialization delay timer.

Default

no init-delay

Parameters

seconds

specifies the length of time in seconds for the initialization delay timer for VRRP

Values

1 to 65535

mac

Syntax

mac mac-address

no mac

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command assigns a specific MAC address to a VPRN IP interface.

The no form of the command returns the MAC address of the IP interface to the default value.

Default

the physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system)

Parameters

mac-address

specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

master-int-inherit

Syntax

[no] master-int-inherit

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command allows the master instance to dictate the master down timer (non-owner context only).

The master down interval is the time that the master router can be down before the backup router takes over. The master down interval is used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state. See "Master Down Interval" in the "VRRP" chapter of the 7705 SAR Router Configuration Guide for details.

Default

no master-int-inherit

message-interval

Syntax

message-interval {[seconds] [milliseconds milliseconds]}

no message-interval

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers with the same VRID. Any VRRP advertisement message received with an advertisement interval field different from the virtual router instance configured message-interval value will be silently discarded.

Configuring the message interval value can be done in three ways: using only the milliseconds value, using only the seconds value, or using a combination of the two values. Message Interval Configuration Ranges shows the ranges for each way of configuring the message interval.

Table 9. Message Interval Configuration Ranges

Configuration

IPv4

IPv6

Using milliseconds value only

100 to 900 ms

10 to 990 ms

Using seconds value only

1 to 255 s

1 to 40 s

Using combination milliseconds and seconds values

1 s 100 ms to 255 s 900 ms

(1.1 s to 255.9 s)

1 s 10 ms to 40s 990 ms

(1.01 s to 40.99 s)

Default setting

1 s

1 s

The message-interval command is available for both non-owner and owner virtual routers. If the message-interval command is not executed, the default message interval is 1 s.

The no form of this command restores the default message-interval value of 1 s to the virtual router instance.

Default

1 s

Parameters

seconds

the time interval, in seconds, between sending advertisement messages

Values

IPv4: 1 to 255

IPv6: 1 to 40

milliseconds

specifies the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on non-redundant chassis.

Values

IPv4: 100 to 900

IPv6: 10 to 990

ntp-reply

Syntax

[no] ntp-reply

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command enables the reception of and response to Network Time Protocol (NTP) requests directed at the VRRP virtual IP address. This behavior only applies to the router currently acting as the master VRRP.

The no form of this command disables NTP requests from being processed.

Default

no ntp-reply

ping-reply

Syntax

[no] ping-reply

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command enables the non-owner master to reply to ICMP echo requests directed to the virtual router instance IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parent IP interface or based on the ping source host address). When ping reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of the ping reply configuration.

The ping-reply command is only available for non-owner virtual routers.

The no form of this command restores the default operation of discarding all ICMP echo request messages destined for the non-owner virtual router instance IP addresses.

Default

no ping-reply

policy

Syntax

policy vrrp-policy-id

no policy

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command associates a VRRP priority control policy with the virtual router instance (non-owner context only). VRRP policies are defined under the config>vrrp>policy context. For details, see the ‟VRRP” chapter in the 7705 SAR Router Configuration Guide.

Default

n/a

Parameters

vrrp-policy-id

specifies a VRRP priority control policy. The VRRP policy ID must already exist in the system for the policy command to be successful.

Values

1 to 9999

preempt

Syntax

preempt

no preempt

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command provides the ability to override an existing non-owner master with a virtual router backup that has a higher priority. Enabling preempt mode enhances the operation of the base priority and VRRP policy ID definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.

The preempt command is only available for non-owner VRRP virtual routers. The owner cannot be preempted because the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.

Non-owner backup virtual router instances will only preempt when preempt is set and the current master has an in-use message priority value less than the backup virtual router instance in-use priority.

A master non-owner virtual router will only allow itself to be preempted when the incoming VRRP advertisement message priority field value is one of the following:

  • greater than its in-use priority value

  • equal to the in-use priority value, and the source IP address (primary IP address) is greater than its primary IP address

The no form of this command prevents a non-owner virtual router instance from preempting another, less-desirable, virtual router.

Default

preempt

priority

Syntax

priority priority

no priority

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command configures a specific priority value for the virtual router instance. In conjunction with the optional policy command, the base priority derives the in-use priority of the virtual router instance.

The priority command is only available for non-owner VRRP virtual routers. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base priority is set to 100.

The no form of this command restores the default value of 100.

Parameters

priority

specifies the base priority used by the virtual router instance. If a VRRP priority control policy is not defined, the base priority will be the in-use priority for the virtual router instance.

Values

1 to 254

Default

100

ssh-reply

Syntax

[no] ssh-reply

Context

config>service>vprn>if>vrrp

Description

This command enables the non-owner master to reply to SSH requests directed at the IP addresses of the virtual router instances. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parent IP interface or based on the SSH source host address). Proper login and CLI command authentication are enforced.

When the ssh-reply command is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to SSH requests regardless of the SSH reply configuration.

The ssh-reply command is only available for non-owner VRRP virtual routers.

The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default

no ssh-reply

standby-forwarding

Syntax

[no] standby-forwarding

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command allows the forwarding of packets by a standby router when sent to the virtual router MAC address.

The no form of the command specifies that a standby router should not forward traffic sent to the virtual router MAC address. The standby router should forward traffic sent to the real MAC address of the standby router.

Default

no standby-forwarding

telnet-reply

Syntax

[no] telnet-reply

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the IP addresses of the virtual router instance. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parent IP interface or based on the Telnet source host address). Proper login and CLI command authentication are enforced.

If the telnet-reply command is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet requests regardless of the Telnet reply configuration.

The telnet-reply command is only available for non-owner VRRP virtual routers.

The no form of this command restores the default operation of discarding all Telnet packets destined for the non-owner virtual router instance IP addresses.

Default

no telnet-reply

traceroute-reply

Syntax

[no] traceroute-reply

Context

config>service>vprn>if>vrrp

config>service>vprn>if>ipv6>vrrp

Description

This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP addresses. The command is valid only if the VRRP virtual router instance associated with this entry is a non-owner. A non-owner backup virtual router never responds to traceroute requests regardless of the traceroute reply status.

Default

no traceroute-reply

VPRN Static One-to-One NAT Configuration Commands

static-nat-inside

Syntax

[no] static-nat-inside

Context

config>service>vprn>interface

Description

This command configures an interface as an inside (private) interface.

By default, all interfaces are outside (public) interfaces. The no form of this command returns the interface to the default setting.

Default

no static-nat-inside

static-nat

Syntax

[no] static-nat

Context

config>service>vprn

Description

This command enables the context to configure static one-to-one NAT.

The no form of this command disables static one-to-one NAT.

Default

no static-nat

drop-packets-without-nat-entry

Syntax

[no] drop-packets-without-nat-entry

Context

config>service>vprn>static-nat

Description

This command configures the router to drop packets that are traveling from either an inside network to an outside network or an outside network to an inside network that do not have a NAT mapping entry.

By default, packets traveling from either an inside network to an outside network or an outside network to an inside network are forwarded whether or not there is a NAT mapping entry.

The no form of this command returns the router to the default behavior.

Default

no drop-packets-without-nat-entry

inside

Syntax

inside

Context

config>service>vprn>static-nat

Description

This command creates a static one-to-one NAT mapping from an inside network to an outside network. When configured, a packet traveling from an inside network to an outside network that matches a NAT mapping entry will have NAT applied to its source IP address. Similarly, a packet traveling from an outside network to an inside network that matches a NAT mapping entry will have NAT applied to its destination IP address.

Default

n/a

map

Syntax

map start ip-address end ip-address to ip-address

no map start ip-address end ip-address

Context

config>service>vprn>static-nat>inside

Description

This command maps a range of inside source IP addresses that will undergo NAT to a specified outside IP address range.

For example, to map the entire range of inside addresses within 192.168.0.0/16 to the outside address 10.10.0.0/16, the configuration would be:

map start 192.168.0.0 end 192.168.255.255 to 10.10.0.0

The 7705 SAR will then map each inside source IP address to its corresponding outside IP address sequentially; for example:

  • inside address 192.168.0.1 maps to 10.10.0.1

  • inside address 192.168.10.10 maps to 10.10.10.10

  • inside address 192.168.254.100 maps to 10.10.254.100

The no form of this command removes the NAT mapping.

Default

no map start ip-address end ip-address

Parameters

start ip-address

identifies the start of the range of inside IPv4 addresses that will undergo NAT to an outside address, in the format a.b.c.d

end ip-address

identifies the end of the range of inside IPv4 addresses that will undergo NAT to an outside address, in the format a.b.c.d

to ip-address

identifies the outside IPv4 address that the range of inside addresses maps to, in the format a.b.c.d

shutdown

Syntax

[no] shutdown

Context

config>service>vprn>static-nat>inside>map

Description

This command administratively disables the static NAT map entry.

The no form of this command administratively enables the static NAT map entry.

Default

no shutdown

TWAMP Light Commands

twamp-light

Syntax

twamp-light

Context

config>service>vprn

Description

This command enables the context for configuring TWAMP Light functionality.

Default

disabled

reflector

Syntax

reflector [udp-port udp-port-number] [create]

no reflector

Context

config>service>vprn>twamp-light

Description

This command configures the TWAMP Light reflector function. The UDP port number is mandatory when creating a TWAMP Light reflector. The reflector functionality is enabled using the no shutdown command.

Default

disabled

Parameters

udp-port-number

the UDP port that the session reflector listens to for TWAMP Light packets. The session controller launching the TWAMP Light packets must have the same UDP port configured as on the session reflector.

Values

862, 64364 to 64373

create

mandatory keyword when creating a TWAMP Light reflector

prefix

Syntax

[no] prefix ip-prefix/prefix-length [create]

Context

config>service>vprn>twamp-light>reflector

Description

This command configures an IP address prefix containing one or more TWAMP Light session controllers. It is used to define which TWAMP Light packet prefixes the reflector will process. Once the prefix is configured, the TWAMP Light session reflector only responds to TWAMP Light packets from source addresses that are part of the prefix list.

Default

no prefix

Parameters

ip-prefix/ip-prefix-length

the IPv4 or IPv6 address prefix

Values

ipv4-prefix a.b.c.d (host bits must be 0)

ipv4-prefix-length 0 to 32

ipv6-prefix x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length {0 to 128} | {0 to 64 | 128}

VPRN NTP Commands

ntp

Syntax

[no] ntp

Context

config>service>vprn

Description

This command enables the context to configure Network Time Protocol (NTP) and its operation. It also enables NTP server mode within the VPRN routing instance so that the router will respond to NTP requests received from external clients in the VPRN.

The no form of this command stops the execution of NTP and removes its configuration.

Default

n/a

authenticate

Syntax

[no] authenticate

Context

config>service>vprn>ntp

Description

This command enables authentication for the NTP server.

Default

n/a

authentication-check

Syntax

[no] authentication-check

Context

config>service>vprn>ntp

Description

This command provides the option to skip the rejection of NTP PDUs that do not match the authentication key ID, type, or key values.

When authentication is configured, NTP PDUs received on an interface or the management port are authenticated on receipt and rejected if there is a mismatch in the authentication key ID, type, or key value.

When authentication-check is enabled, NTP PDUs are authenticated on receipt and rejected if there is a mismatch in the authentication key ID, type, or key value. Any mismatches cause a counter to be incremented: one counter for type, one for key ID, and one for key value mismatches. These counters are visible in the show>system>ntp command output.

The no form of this command allows mismatched packets to be accepted (overriding authentication); however, the counters are maintained.

Default

authentication-check

authentication-key

Syntax

authentication-key key-id key key [hash | hash2] type {des | message-digest}

no authentication-key key-id

Context

config>service>vprn>ntp

Description

This command sets the authentication key ID, type, and key value used to authenticate NTP PDUs that are either sent by the broadcast server function toward external clients or received from external unicast clients within the VPRN routing instance. For authentication to work, the configured authentication key ID, type, and key values must match those of the NTP PDUs.

Configuring the authentication-key with a key-id value that matches an existing key will override the existing entry.

Recipients of the NTP packets must have the same authentication key ID, type, and key values in order to use the data transmitted by this node.

The no form of this command removes the authentication key.

Default

n/a

Parameters

key-id

the authentication key identifier used by the node when transmitting or receiving NTP packets

Values

1 to 255

key

the authentication key associated with the configured key ID. The configured value is the actual value used by other network elements to authenticate the NTP packet.

Values

any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).

hash

specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone. This means that the hash2 encrypted key cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

des

specifies that DES authentication is used for this key. The des value is not supported in FIPS-140-2 mode.

message-digest

specifies that MD5 authentication in accordance with RFC 2104 is used for this key.

broadcast

Syntax

broadcast {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]

no broadcast {interface ip-int-name}

Context

config>service>vprn>ntp

Description

This command configures the node to transmit NTP broadcast packets on the specified interface. Because broadcast messages can easily be spoofed, authentication is strongly recommended.

The no form of this command removes the interface from the configuration.

Default

n/a

Parameters

ip-int-name

the local interface on which to transmit NTP broadcast packets. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

Values

32 character maximum

key-id

identifies the configured authentication key and authentication type used by this node to receive and transmit NTP packets from and to an NTP server and peers. If an NTP packet is received by this node, both the authentication key and authentication type must be valid; otherwise, the packet will be rejected and an event or trap will be generated.

Values

1 to 255

version

the NTP version number that is generated by this node. This parameter does not need to be configured when the node is in NTP client mode because all versions will be accepted.

Values

2 to 4

Default

4

ttl ttl

the IP Time To Live (TTL) value

Values

1 to 255