VPRN Service Configuration Commands
Generic Commands
description
Syntax
description description-string
no description
Context
config>service>vprn
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>dhcp>local-dhcp-server
config>service>vprn>dhcp>local-dhcp-server>pool
config>service>vprn>interface
config>service>vprn>if>dhcp
config>service>vprn>if>ipv6>dhcp6-relay
config>service>vprn>if>sap
config>service>vprn>ip-transport
config>service>vprn>ip-transport>remote-host
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
config>service>vprn>twamp-light>reflector
config>service>vprn>twamp-light>reflector>prefix
config>service>vprn>zone
config>service>vprn>zone>nat>pool
Description
This command creates a text description that is stored in the configuration file for a configuration context.
The description command associates a text string with a configuration context to help identify the contents in the configuration file.
The no form of this command removes the string from the configuration.
Default
no description
Parameters
- description-string
the description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
shutdown
Syntax
[no] shutdown
Context
config>service>vprn
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>interface
config>service>vprn>if>dhcp
config>service>vprn>if>ipv6>dhcp6-relay
config>service>vprn>if>ipv6>dhcp6-server>prefix-delegation
config>service>vprn>if>spoke-sdp
config>service>vprn>if>sap
config>service>vprn>if>vrrp
config>service>vprn>ip-transport
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
config>service>vprn>ntp
config>service>vprn>ospf
config>service>vprn>ospf>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3
config>service>vprn>ospf3>area>interface
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>pim
config>service>vprn>pim>interface
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>router-advertisement>interface
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>rp-candidate
config>service>vprn>spoke-sdp
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
config>service>vprn>twamp-light>reflector
config>service>vprn>zone
config>service>vprn>zone>interface
Description
This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.
The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they can be deleted.
Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities are described below in Special Cases.
The no form of this command places the entity into an administratively enabled state.
Special Cases
- Service Admin State
bindings to an SDP within the service will be put into the out-of-service state when the service is shut down. While the service is shut down, all customer packets are dropped and counted as discards for billing and debugging purposes.
A service is regarded as operational providing that one IP Interface SAP and one SDP is operational.
- VPRN IP transport subservice
when an IP transport subservice within a VPRN service is shut down, all TCP/UDP packets received from remote hosts are dropped and any serial data received from the serial port is dropped. Any TCP connections that were up are closed and no new TCP connection requests are accepted.
It is not possible to make configuration changes to an IP transport subservice without performing a shutdown first.
The operational state of an IP transport subservice is relative to the operational state of the serial port for which the IP transport subservice is defined. When a serial port is shut down, the IP transport subservice associated with the serial port becomes operationally down.
When the no shutdown command is executed for an IP transport subservice, it becomes operationally up, serial data from the serial port is encapsulated in TCP/UDP packets destined for remote hosts, and TCP/UDP packets can be received by the local host, where raw serial data is then sent out the serial port.
Global Commands
vprn
Syntax
vprn service-id [customer customer-id] [create]
no vprn service-id
Context
config>service
Description
This command creates or edits a Virtual Private Routed Network (VPRN) service instance.
If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.
VPRN services allow the creation of customer-facing IP interfaces in a separate routing instance from the one used for service network core routing connectivity. VPRN services allow the IP addressing scheme used by the subscriber to overlap with other addressing schemes used by other VPRN services or by the provider and, potentially, the entire Internet.
IP interfaces defined within the context of a VPRN service ID must have a SAP created as the access point to the subscriber network.
When a service is created, the customer keyword and customer-id must be specified, which associates the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. To change the association between service and customer, the service must be deleted and recreated with a new customer association.
Once a service is created, the use of customer customer-id is optional to navigate into the service configuration context. Attempting to edit a service with an incorrect customer-id results in an error.
Multiple VPRN services are created in order to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within a VPRN service ID belong to the same customer.
The no form of the command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shut down and deleted.
Default
n/a
Parameters
- service-id
the unique service identification number or name that identifies the service in the service domain. The ID must be unique to this service and cannot be used for any other service of any type (such as Epipe, Cpipe, IES). However, a VPRN instance in the service provider network can include different service-ids on the routers in the network.
- customer-id
an existing customer identification number to be associated with the service. This parameter is required during service creation and is optional for service editing or deleting.
- create
keyword is mandatory when creating a VPRN service
aggregate
Syntax
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [description description-text]
no aggregate ip-prefix/ip-prefix-length
Context
config>service>vprn
Description
This command creates an aggregate route.
Use this command to group a number of routes with common prefixes into a single entry in the routing table. This reduces the number of routes that need to be advertised by this router and reduces the number of routes in the routing tables of downstream routers.
Both the original components and the aggregated route (source protocol aggregate) are offered to the Routing Table Manager (RTM). Subsequent policies can be configured to assign protocol-specific characteristics, such as the OSPF tag, to aggregate routes.
Multiple entries with the same prefix but a different mask can be configured; routes are aggregated to the longest mask. If one aggregate is configured as 10.0/16 and another as 10.0.0/24, then route 10.0.128/17 would be aggregated into 10.0/16 and route 10.0.0.128/25 would be aggregated into 10.0.0/24. If multiple entries are made with the same prefix and the same mask, the previous entry is overwritten.
The no form of the command removes the aggregate.
Default
no aggregate
Parameters
- ip-prefix/ip-prefix-length
the destination address of the aggregate route
- summary-only
suppresses advertisement of more specific component routes for the aggregate. To remove the summary-only option, enter the same aggregate command without the summary-only parameter.
- as-set
creates an aggregate where the path advertised for this route is an AS_SET consisting of all elements contained in all paths that are being summarized. This parameter should be used carefully as it can increase the amount of route churn due to best path changes. The parameter is only applicable to BGP.
- as-number:ip-address
specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet AS number used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.
- description-text
a text description, up to 80 characters long, stored in the configuration file for a configuration context
auto-bind-tunnel
Syntax
auto-bind-tunnel
Context
config>service>vprn
Description
This command enables the context to configure automatic binding of a VPRN service using tunnels to MP-BGP peers.
The auto-bind-tunnel mode is simply a context to configure the binding of VPRN routes to tunnels. The user must configure the resolution option to enable auto-binding resolution to tunnels in TTM.
When an explicit SDP to a BGP next hop is configured in a VPRN service (config>service> vprn>spoke-sdp), it overrides the auto-bind-tunnel selection for that BGP next hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke SDP in the VPRN service context to resume using the auto-bind-tunnel selection for the BGP next hop.
ecmp
Syntax
ecmp max-ecmp-routes
no ecmp
Context
config>service>vprn>auto-bind-tunnel
Description
This command configures the maximum number of routes that can be used for auto-bind tunnel resolution.
The no form of this command removes the configured value.
Parameters
- max-ecmp-routes
the maximum number of routes that can be used for auto-bind tunnel resolution
resolution
Syntax
resolution {any | filter | disabled}
Context
config>service>vprn>auto-bind-tunnel
Description
This command configures the resolution mode in the automatic binding of a VPRN service to tunnels to MP-BGP peers.
If the resolution option is explicitly set to disabled, the auto-binding to tunnels is removed.
If resolution is set to any, any supported tunnel type in the VPRN context will be selected following the TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, only these tunnel types will be selected again following the TTM preference.
The user must set resolution to filter to activate the list of tunnel types configured under resolution-filter.
Parameters
- any
enables the binding to any supported tunnel type in the VPRN context following the TTM preference
- filter
enables the binding to the subset of tunnel types configured under resolution-filter
- disabled
disables the automatic binding of a VPRN service to tunnels to MP-BGP peers
resolution-filter
Syntax
resolution-filter
Context
config>service>vprn>auto-bind-tunnel
Description
This command configures the subset of tunnel types that can be used in the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.
The following tunnel types are supported in a VPRN context (in order of preference): RSVP (rsvp), segment routing TE (sr-te), LDP (ldp), segment routing OSPF (sr-ospf), segment routing IS-IS (sr-isis), and GRE (gre). The segment routing precedences can be configured. The selection of an SR tunnel in SR-ISIS when using multi-instance IS-IS is based on lowest instance ID.
gre
Syntax
[no] gre
Context
config>service>vprn>auto-bind-tunnel>resolution-filter
Description
This command specifies the GRE type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.
The no form of the command removes this type of automatic binding.
Default
no gre
ldp
Syntax
[no] ldp
Context
config>service>vprn>auto-bind-tunnel>resolution-filter
Description
This command specifies the LDP tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.
The ldp value instructs BGP to search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next hop.
The no form of the command removes this type of automatic binding.
Default
no ldp
rsvp
Syntax
[no] rsvp
Context
config>service>vprn>auto-bind-tunnel>resolution-filter
Description
This command specifies the RSVP tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.
The rsvp value instructs BGP to search for the best metric RSVP LSP to the address of the BGP next hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.
The no form of the command removes this type of automatic binding.
Default
no rsvp
sr-isis
Syntax
[no] sr-isis
Context
config>service>vprn>auto-bind-tunnel>resolution-filter
Description
This command specifies the SR-ISIS tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.
When the sr-isis value is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS instance.
The no form of the command removes this type of automatic binding.
Default
no sr-isis
sr-ospf
Syntax
[no] sr-ospf
Context
config>service>vprn>auto-bind-tunnel>resolution-filter
Description
This command specifies the SR-OSPF tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.
When the sr-ospf value is enabled, an SR tunnel to the BGP next hop is selected in the TTM from OSPF instance 0.
The no form of the command removes this type of automatic binding.
Default
no sr-ospf
sr-te
Syntax
[no] sr-te
Context
config>service>vprn>auto-bind-tunnel>resolution-filter
Description
This command specifies the SR-TE tunnel type of automatic binding for the SDP assigned to this service. When auto-bind-tunnel is used, a spoke SDP does not need to be configured for the service.
The sr-te value instructs the 7705 SAR to search for the best metric SR-TE LSP to the address of the BGP next hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple SR-TE LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.
The no form of the command removes this type of automatic binding.
Default
no sr-te
weighted-ecmp
Syntax
[no] weighted-ecmp
Context
config>service>vprn>auto-bind-tunnel
Description
This command enables weighted ECMP for packets using tunnels that a VPRN automatically binds to. This command is applicable if the auto-bind tunnel is configured for RSVP or SR-TE using the config>service>vprn>auto-bind-tunnel>resolution-filter>rsvp/sr-te command. When weighted ECMP is enabled, packets are sprayed across RSVP-TE or SR-TE LSPs in the ECMP set according to the outcome of the hash algorithm and the configured load-balancing-weight of each LSP. See the 7705 SAR MPLS Guide, ‟MPLS Commands”, for more information about the load-balancing-weight command.
The no form of the command disables weighted ECMP for next-hop tunnel selection.
Default
no weighted-ecmp
autonomous-system
Syntax
autonomous-system as-number
no autonomous-system
Context
config>service>vprn
Description
This command defines the autonomous system (AS) to be used by this VPN virtual routing/forwarding table (VRF).
The no form of the command removes the defined AS from the given VPRN context.
Default
no autonomous-system
Parameters
- as-number
specifies the AS number for the VPRN service
ecmp
Syntax
ecmp max-ecmp-routes
no ecmp
Context
config>service>vprn
Description
This command enables ECMP (Equal-Cost Multipath Protocol) in the VPRN service context of a VPRN service and configures the number of routes for path sharing; for example, the value 2 means two equal-cost routes will be used for cost sharing.
ECMP refers to the distribution of packets over two or more outgoing links that share the same routing cost. ECMP provides a fast local reaction to route failures. ECMP is supported on static routes and dynamic (OSPF, IS-IS, and BGP) routes.
ECMP can only be used for routes with the same preference and same protocol. See the preference command for information about preferences.
When more ECMP routes are available at the best preference than configured in max-ecmp-routes, then the lowest next-hop IP address algorithm is used to select the number of routes configured in max-ecmp-routes.
The no form of the command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the route with the lowest next-hop IP address is used.
Default
no ecmp
Parameters
- max-ecmp-routes
specifies the maximum number of equal-cost routes allowed on this VPRN instance, expressed as a decimal integer. Setting ECMP max-ecmp-routes to 1 yields the same result as entering no ecmp.
encryption-keygroup
Syntax
encryption-keygroup keygroup-id direction {inbound | outbound}
no encryption-keygroup direction {inbound | outbound}
Context
config>service>vprn
Description
This command is used to bind a key group to a VPRN service for inbound or outbound packet processing. When configured in the outbound direction, packets egressing the node use the active-outbound-sa associated with the key group configured. When configured in the inbound direction, received packets must be encrypted using one of the valid security associations configured for the key group.
The encryption (enabled or disabled) configured on an SDP used to terminate a Layer 3 spoke SDP of a VPRN always overrides any VPRN-level configuration for encryption.
Encryption is enabled after the outbound direction is configured.
The no form of the command removes the key group from the service in the specified direction (inbound or outbound).
Default
n/a
Parameters
- keygroup-id
the number of the key group being configured
- direction {inbound | outbound}
mandatory keywords when binding a key group to a service for a particular direction
entropy-label
Syntax
[no] entropy-label
Context
config>service>vprn
config>service>vprn>interface>spoke-sdp
Description
This command enables or disables the use of entropy labels for spoke SDPs on a VPRN.
If entropy-label is enabled, the entropy label and entropy label indicator (ELI) are inserted in packets for which at least one LSP in the stack for the far end of the tunnel used by the service has advertised entropy label capability.
If the tunnel type is RSVP-TE, entropy-label can also be controlled by disabling entropy-label-capability under the config>router>rsvp or config>router>mpls>lsp contexts at the far-end LER.
When the entropy-label and entropy-label-capability commands are both enabled, the entropy label value inserted at the iLER is always based on the service ID.
The entropy label and the hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.
Default
no entropy-label
grt-lookup
Syntax
grt-lookup
Context
config>service>vprn
Description
This command enters the context under which all GRT leaking commands are configured.
enable-grt
Syntax
[no] enable-grt
Context
config>service>vprn>grt-lookup
Description
This command enables the functions required for looking up routes in the GRT when the lookup in the local VRF fails. If this command is enabled without the use of the config>service>vprn>static-route-entry>grt command, a lookup in the local VRF is preferred over the GRT. When the local VRF returns no route table lookup matches, the result from the GRT is preferred.
The no form of this command disables the global routing table lookup function when the lookup in the local VRF fails.
Default
no enable-grt
allow-local-management
Syntax
[no] allow-local-management
Context
config>service>vprn>grt-lookup>enable-grt
Description
This command enables management traffic from GRT leaking-enabled VPRN instances to reach local interfaces in the base router instance. The local interfaces can be system IP interfaces or loopback interfaces. Management traffic is traffic generated by Telnet, SNMP, and SSH. For a complete list of supported management protocols, see IPv4 and IPv6 GRT-Supported Management Protocols.
Ping and traceroute responses from the base router interfaces are supported but are not configurable. The allow-local-management command does not control the support for management protocols terminating on VPRN interfaces directly.
Default
no allow-local-management
export-grt
Syntax
export-grt policy-name [policy-name...(up to 5 max)]
no export-grt
Context
config>service>vprn>grt-lookup
Description
This command uses configured route policies to determine which routes are exported from the VRF to the GRT along with all the forwarding information.
On network egress, packets with a source IP address that matches the 7705 SAR system IP address and the destination IP address of the far-end node must perform a GRT lookup in order to be resolved. A route policy can be configured with the IP address prefix or loopback address of the far-end router and with the action to accept. This policy is configured under the config>router>policy-options context, and is installed in the GRT FIB using the export-grt command. The route installed in the GRT FIB will have a next hop of the IPSec tunnel.
Up to five policies can be exported to the GRT FIB.
The no form of the command restores the default of not exporting routes to the GRT FIB.
Default
no export-grt
Parameters
- policy-name
the name of the route policy to be exported to the GRT FIB
export-limit
Syntax
export-limit num-routes
no export-limit
Context
config>service>vprn>grt-lookup
Description
This command limits the number of IPv4 routes that can exported from the VRF to the GRT. Setting the limit to 0 overrides the maximum limit. Setting the value to 0 does not limit the number of routes exported from the VRF to the GRT. Configuring the export-limit between 1 and 256 will limit the number of routes to the specified value.
The no form of the command resets the limit to the default of allowing five routes per route policy to be exported from the VRF to the GRT.
Default
5
Parameters
- num-routes
the number of routes per policy to be exported to the GRT
export-v6-limit
Syntax
export-v6-limit num-routes
no export-v6-limit
Context
config>service>vprn>grt-lookup
Description
This command limits the number of IPv6 routes that can be exported from the VRF to the GRT. Setting the limit to 0 overrides the maximum limit. Setting the value to 0 does not limit the number of routes exported from the VRF to the GRT. Configuring the export-limit between 1 and 256 will limit the number of routes to the specified value.
The no form of the command resets the limit to the default of allowing five routes per route policy to be exported from the VRF to the GRT.
Default
5
Parameters
- num-routes
the number of IPv6 routes per policy to be exported to the GRT
maximum-ipv6-routes
Syntax
maximum-ipv6-routes number [log-only] [threshold percent]
no maximum-ipv6routes
Context
config>service>vprn
Description
This command specifies the maximum number of IPv6 routes that can be held within a VPN virtual routing /forwarding (VRF) context. Local, host, static, and aggregate routes are not counted.
The VPRN service ID must be in a shutdown state before maximum-ipv6-routes command parameters can be modified.
If the log-only parameter is not specified and the maximum-ipv6-routes value is set to a value below the existing number of IPv6 routes in a VRF, then the extra IPv6 routes will not be added to the VRF.
The maximum IPv6 route threshold can dynamically change to increase the number of supported IPv6 routes even when the maximum has already been reached. Protocols will resubmit the IPv6 routes that were initially rejected.
The no form of the command disables any limit on the number of IPv6 routes within a VRF context. Issue the no form of the command only when the VPRN instance is shut down.
Default
no maximum-ipv6routes (0 or disabled)
Parameters
- number
the maximum number of IPv6 routes to be held in a VRF context
- log-only
specifies that if the maximum limit is reached, the event only will be logged. The log-only parameter does not disable the learning of new IPv6 routes.
- percent
the percentage at which a warning log message and SNMP will be used. There are two warning levels: mid-level and high-level. A mid-level warning occurs when the threshold percent value is reached, and a high-level warning occurs at the halfway level between the maximum number of IPv6 routes and the percent value ([max + mid] / 2). For example, if the maximum-ipv6-routes number is 100, and percent is 60, then the mid-level warning occurs at 60 IPv6 routes, and the high-level warning occurs at 80 IPv6 routes.
maximum-routes
Syntax
maximum-routes number [log-only] [threshold percent]
no maximum-routes
Context
config>service>vprn
Description
This command specifies the maximum number of IPv4 routes that can be held within a VPN virtual routing /forwarding (VRF) context. Local, host, static, and aggregate routes are not counted.
The VPRN service ID must be in a shutdown state before maximum-routes command parameters can be modified.
If the log-only parameter is not specified and the maximum-routes value is set to a value below the existing number of IPv4 routes in a VRF, then the extra IPv4 routes will not be added to the VRF.
The maximum IPv4 route threshold can dynamically change to increase the number of supported IPv4 routes even when the maximum has already been reached. Protocols will resubmit the IPv4 routes that were initially rejected.
The no form of the command disables any limit on the number of IPv4 routes within a VRF context. Issue the no form of the command only when the VPRN instance is shut down.
Default
no maximum-routes (0 or disabled)
Parameters
- number
the maximum IPv4 number of routes to be held in a VRF context
- log-only
specifies that if the maximum limit is reached, the event only will be logged. The log-only parameter does not disable the learning of new routes.
- percent
the percentage at which a warning log message and SNMP will be used. There are two warning levels: mid-level and high-level. A mid-level warning occurs when the threshold percent value is reached, and a high-level warning occurs at the halfway level between the maximum number of IPv4 routes and the percent value ([max + mid] / 2). For example, if the maximum-routes number is 100, and percent is 60, then the mid-level warning occurs at 60 IPv4 routes, and the high-level warning occurs at 80 IPv6 routes.
route-distinguisher
Syntax
route-distinguisher [rd]
no route-distinguisher
Context
config>service>vprn
Description
This command sets the identifier that gets attached to routes to which the VPN belongs. Each routing instance must have a unique (within the carrier’s domain) route distinguisher associated with it. A route distinguisher must be defined for a VPRN to be operationally active.
AS numbers can be either 2-byte or 4-byte values.
Default
no route-distinguisher
Parameters
- rd
the route distinguisher value
router-id
Syntax
router-id ip-address
no router-id
Context
config>service>vprn
config>service>vprn>bgp
Description
This command sets the router ID for a specific VPRN context.
If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.
The no form of the command removes the router ID definition from the given VPRN context.
Default
no router-id
Parameters
- ip-address
the IP address, in dotted-decimal notation
service-name
Syntax
service-name service-name
no service-name
Context
config>service>vprn
Description
This command configures a service name that can be used for reference in configuration and show commands.
Parameters
- service-name
up to 64 characters
sgt-qos
Syntax
sgt-qos
Context
config>service>vprn
Description
This command enables the context to configure DSCP/dot1p re-marking for self-generated traffic.
application
Syntax
application dscp-app-name dscp {dscp-value | dscp-name} [fc-queue fc-name profile {in | out}]
application dot1p-app-name dot1p {dot 1p-priority} [fc-queue fc-name profile {in | out}]
no application {dscp-app-name | dot1p-app-name}
Context
config>service>vprn>sgt-qos
Description
This set of commands configures DSCP marking for self-generated IP traffic or dot1p marking for self-generated non-IP traffic (specifically, IS-IS and ARP traffic).
When an IP or Layer 3 application is configured using the dscp-app-name parameter, the specified DSCP name or DSCP value is used for all packets generated by this application within the router instance in which it is configured. The value set in this command sets the DSCP value in the egress IP header. The egress QoS policy will not overwrite this value.
When a Layer 2 application is configured using the dot1p-app-name parameter, the specified dot1p priority value is used for all packets generated by this application within the router instance in which it is configured.
Only one name or value can be configured per application. If multiple entries are configured, a subsequent entry overrides the previously configured entry.
The fc-queue option redirects SGT applications to egress data queues rather than the default control queue by assigning them to a forwarding class. If this option is configured, the profile state must be set. All packets that are assigned to this forwarding class will be considered in-profile or out-of-profile based on the configuration. In case of congestion, the in-profile packets are preferentially queued over the out-of-profile packets.
If the fc-queue option is used with the dscp-app-name application, any configuration done using the sgt-qos>dscp command is ignored for packets generated by this application, as illustrated in the following examples:
sgt-qos>application telnet dscp cp1
sgt-qos>dscp cp1 fc af
sgt-qos>application ftp dscp cp1 fc-queue be profile out
sgt-qos>dscp cp1 fc af
In the first example, all packets generated by the Telnet application use DSCP CP1 and map to FC AF as configured in the dscp command. The dot1p bits of the outgoing packets are marked from the value that FC AF points to in the egress QoS policy.
In the second example, all packets generated by the FTP application use DSCP CP1 and map to FC BE as dictated by the fc-queue redirection. The dot1p bits of the outgoing packets are marked from the value that FC BE points to in the egress QoS policy. Because redirection is configured, the mapping configured with the dscp command is ignored.
If the fc-queue option is used with the dot1p-app-name application, the dot1p bits of the outgoing packets are marked with the value set with the dot1p-priority parameter, regardless of the value in the FC egress queue policy.
The no form of this command resets the DSCP or dot1p value for the application to its default value and resets the application to use the egress control queue.
Default
n/a
Application |
Supported Marking |
Default DSCP/dot1p |
---|---|---|
ARP |
dot1p |
7 |
IS-IS |
dot1p |
7 |
BGP |
DSCP |
NC1 |
DHCP |
DSCP |
NC1 |
DNS |
DSCP |
AF41 |
FTP |
DSCP |
AF41 |
ICMP (ping) |
DSCP |
BE |
IGMP |
DSCP |
NC1 |
LDP (T-LDP) |
DSCP |
NC1 |
MLD |
DSCP |
NC1 |
NDIS |
DSCP |
NC1 |
NTP |
DSCP |
NC1 |
OSPF |
DSCP |
NC1 |
PIM |
DSCP |
NC1 |
1588 PTP |
DSCP |
NC1 |
RADIUS |
DSCP |
AF41 |
RIP |
DSCP |
NC1 |
RSVP |
DSCP |
NC1 |
SNMP (get, set, etc.) |
DSCP |
AF41 |
SNMP trap/log |
DSCP |
AF41 |
SSH (SCP) |
DSCP |
AF41 |
syslog |
DSCP |
AF41 |
TACACS+ |
DSCP |
AF41 |
Telnet |
DSCP |
AF41 |
TFTP |
DSCP |
AF41 |
Traceroute |
DSCP |
BE |
VRRP |
DSCP |
NC1 |
Parameters
- dscp-app-name
the DSCP application name
- dscp-value
the value that maps to the DSCP name (the value none specifies that the default DSCP value for the application be used; see Applications and Support for Configurable DSCP or dot1p Markings)
- dscp-name
the DSCP to be associated with the forwarding class. Valid DSCP Names lists the valid DSCP names.
- dot1p-app-name
the dot1p application name
- dot1p-priority
the dot1p priority (the value none specifies that the default dot1p value for the application be used; see Applications and Support for Configurable DSCP or dot1p Markings)
- fc-name
the forwarding class assigned to SGT applications redirected to data queues
- profile {in | out}
the profile state of packets assigned to the specified forwarding class; this parameter must be specified when the fc-queue parameter is configured
dscp
Syntax
dscp dscp-name fc fc-name
no dscp dscp-name
Context
config>service>vprn>sgt-qos
Description
This command creates a mapping between the DSCP of the self-generated traffic and the forwarding class. The forwarding class dot1p SAP egress QoS policy mapping is used to mark the dot1p bits of the Layer 3 or IP application. For example, configuring the dscp-name parameter as be and the fc-name parameter as l1 results in marking the dot1p bits of the outgoing Ethernet frame, which is transporting self-generated IP traffic with DSCP bits set to BE, to the value that FC L1 points to in the SAP egress QoS policy (as configured in the config>qos>sap-egress>fc context).
Based on this configured FC, the SAP egress QoS policy for the egress forwarding complex sets the IEEE 802.1 dot1p bits.
Multiple commands can be entered to associate some or all of the 64 DSCP values with the forwarding class. For undefined code points, packets are assigned to the default forwarding class for the DSCP value. DSCP-to-Default Forwarding Class Mapping lists the default forwarding class for each DSCP value.
The no form of the command resets the DSCP value to its default forwarding class.
DSCP Value |
Default FC |
---|---|
be |
nc |
cp1 |
be |
cp2 |
be |
cp3 |
be |
cp4 |
be |
cp5 |
be |
cp6 |
be |
cp7 |
be |
cs1 |
be |
cp9 |
be |
af11 |
af |
cp11 |
be |
af12 |
af |
cp13 |
be |
af13 |
af |
cp15 |
be |
cs2 |
be |
cp17 |
be |
af21 |
l1 |
cp19 |
be |
af22 |
l1 |
cp21 |
be |
af23 |
l1 |
cp23 |
be |
cs3 |
be |
cp25 |
be |
af31 |
l1 |
cp27 |
be |
af32 |
l1 |
cp29 |
be |
af33 |
l1 |
cp31 |
be |
cs4 |
be |
cp33 |
be |
af41 |
nc |
cp35 |
be |
af42 |
h2 |
cp37 |
be |
af43 |
h2 |
cp39 |
be |
cs5 |
be |
cp41 |
be |
cp42 |
be |
cp43 |
be |
cp44 |
be |
cp45 |
be |
ef |
ef |
cp47 |
be |
nc1 |
nc |
cp49 |
be |
cp50 |
h2 |
cp51 |
be |
cp52 |
be |
cp53 |
be |
cp54 |
be |
cp55 |
be |
nc2 |
nc |
cp57 |
be |
cp58 |
be |
cp59 |
be |
cp60 |
be |
cp61 |
be |
cp62 |
be |
cp63 |
be |
Default
See DSCP-to-Default Forwarding Class Mapping for the default forwarding class for each DSCP value.
Parameters
- dscp-name
the DSCP name to be associated with the forwarding class. DSCP can only be specified by its name and only an existing value can be specified. The software provides names for the well-known code points.
- fc-name
the forwarding class name. All packets with a DSCP value or MPLS EXP bits that are not defined will be placed in this forwarding class.
snmp-community
Syntax
snmp-community community-name [hash | hash2] [version SNMP-version]
no snmp-community community-name [hash | hash2]
Context
config>service>vprn
Description
This command sets the SNMP community name to be used with the associated VPRN instance. If an SNMP community name is not specified, SNMP access is not allowed.
The no form of the command removes the SNMP community name from the given VPRN context.
Default
n/a
Parameters
- community-name
one or more SNMP community names
- hash, hash2
the hashing scheme for the community name
- SNMP-version
the SNMP version
source-address
Syntax
source-address
Context
config>service>vprn
Description
This command enters the context to specify the source address and application that should be used in all unsolicited packets.
application
Syntax
application app {[ping | ptp | ssh | telnet | traceroute]} | {[ip-int-name | ip-address]}
no application app {[ping | ptp | ssh | telnet | traceroute]}
Context
config>service>vprn>source-address
Description
This command configures the application to use the IPv4 source address.
The no form of the command removes the application name from using the IPv4 source address.
Parameters
- app
the application name
- ip-int-name | ip-address
the name of the IPv4 interface or IPv4 address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
application6
Syntax
application6 app {[ping | telnet | ssh | traceroute]} | ipv6-address
no application6 app {[ping | telnet | ssh | traceroute]}
Context
config>service>vprn>source-address
Description
This command configures the application to use the IPv6 source address.
The no form of the command removes the application name from using the IPv6 source address.
Parameters
- app
the application name
- ipv6-address
the IPv6 address
spoke-sdp
Syntax
[no] spoke-sdp sdp-id
Context
config>service>vprn
Description
This command binds a service to an existing Service Distribution Point (SDP).
The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.
The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPRN service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id exists, a binding between that sdp-id and the service is created.
SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end routers can participate in the service. Alternatively, the auto-bind feature can be used. With auto-bind-tunnel, no vprn>spoke-sdp configuration is required. When both auto-bind-tunnel and spoke-sdp are configured, spoke-sdp takes precedence. The spoke-sdp configuration must be deconfigured for the auto-bind feature to take effect.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service is affected. Once the SDP is removed, no packets are forwarded to the far-end router.
Default
n/a
Special Cases
- VPRN
several SDPs can be bound to a VPRN service. Each SDP must be destined for a different 7705 SAR or 7750 SR router. If two sdp-id bindings terminate on the same 7705 SAR, an error occurs and the second SDP binding is rejected.
Parameters
- sdp-id
the SDP identifier
static-route-entry
Syntax
static-route-entry {ip-prefix/prefix-length}
no static-route-entry {ip-prefix/prefix-length}
Context
config>service>vprn
Description
This command creates a static route entry within the associated router instance. A prefix and prefix length must be specified.
Once the static route context for the specified prefix and length has been created, additional parameters associated with the static routes may be specified.
When configuring a static route, multiple types of static routes (blackhole, grt, indirect, ipsec-tunnel, and next-hop) can be applied to the same IPv4 or IPv6 prefix. If a static route that is forwarding traffic goes down, the default route will be used instead. The preference parameter specifies the order in which the routes are applied. If a blackhole static route has the same preference as another route with the same prefix, the blackhole route takes a lower precedence.
Before the static route entry can be deleted, the next hops associated with the prefix must be shut down and deleted.
The no form of the command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, as many parameters as are necessary to uniquely identify the static route must be entered.
Default
no static-route-entry
Parameters
- ip-prefix/prefix-length
the destination address of the static route
black-hole
Syntax
[no] black-hole
Context
config>service>vprn>static-route-entry
Description
This command specifies that the route is a blackhole route. If the destination address on a packet matches this static route, it will be silently discarded.
If the static route is configured with the same destination address and subnet mask as a previously configured static route, the newly configured route replaces the previous one, and unless specified, the defaults for preference and metric are applied.
Before the static route entry can be deleted, the next hops associated with the prefix must be shut down and deleted.
Default
no black-hole
metric
Syntax
[no] metric metric
Context
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description
This command specifies the cost (metric) for the static route, expressed as a decimal integer. This value is used when importing the static route into other protocols such as OSPF. When modifying the metric of an existing static route, the preference will not change unless specified.
This value is also used to determine which static route to install in the forwarding table.
If there are multiple static routes with the same preference but different metrics, the lower-cost (lower metric) route will be installed.
If there are multiple static routes with equal preference and metrics, the 7705 SAR chooses the route with the lowest next-hop IP address as the best route.
If there are multiple routes with unequal preferences, the lower preference route is installed.
The no form of this command returns the metric to the default value.
Default
no metric
Parameters
- metric
the metric value
preference
Syntax
preference preference
no preference
Context
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description
This command specifies the preference of this static route over routes from different sources such as BGP or OSPF. The preference is expressed as a decimal integer. A route with a lower preference value is preferred over a route with a higher preference value.
When modifying the preference value of an existing static route, the metric will not change unless specified. The preference command is also used to prioritize static routes applied to the same prefix. If a blackhole static route has the same preference as another route with the same prefix, the blackhole route takes a lower precedence.
If multiple routes are learned with an identical preference using the same protocol, the lowest-cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the ecmp command.
Default Route Preference shows the default route preference based on the route source.
Label |
Preference |
Configurable |
---|---|---|
Direct attached |
0 |
No |
Static route |
5 |
Yes |
OSPF internal routes |
10 |
Yes |
IS-IS level 1 internal |
15 |
Yes |
IS-IS level 2 internal |
18 |
Yes |
OSPF external |
150 |
Yes |
IS-IS level 1 external |
160 |
Yes |
IS-IS level 2 external |
165 |
Yes |
BGP |
170 |
Yes |
The no form of this command returns the static route preference to its default value.
Default
5
Parameters
- preference
the route preference value
prefix-list
Syntax
[no] prefix-list prefix-list-name {all | none}
Context
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
Description
This command adds a constraint to the static route such that the static route is only active if none or all of the prefixes in the prefix list are present and active in the route table.
Default
no prefix-list
Parameters
- prefix-list-name
the name of a currently configured prefix list
- all
specifies that the static route condition is met if all prefixes in the prefix list are present in the active route table
- none
specifies that the static condition is met if none of the prefixes in the prefix list are present in the active route table
tag
Syntax
[no] tag tag
Context
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description
This command adds a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols.
Default
1
Parameters
- tag
specifies an integer tag value
grt
Syntax
[no] grt
Context
config>service>vprn>static-route-entry
Description
This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingresses through a VPRN service to be routed out of the global routing context.
The grt type of next hop cannot be used in conjunction with any other next-hop types.
Default
no grt
indirect
Syntax
[no] indirect ip-address
Context
config>service>vprn>static-route-entry
Description
This command specifies that the route is indirect and specifies the next-hop IP address used to reach the destination.
The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only be resolved via a dynamic routing protocol. Another static route cannot be used to resolve the indirect address.
The ip-address can be either on the network side or the access side and is typically at least one hop away from the node.
Default
no indirect
Parameters
- ip-address
the IP address of the IP interface
cpe-check
Syntax
[no] cpe-check cpe-ip-address
Context
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
Description
This command enables CPE connectivity check and specifies the IP address of the target CPE device. ICMP pings will be sent to this target IP address. This parameter must be configured to enable the CPE connectivity feature for the static route. The cpe-ip-address cannot be in the same subnet as the static route subnet to avoid possible circular references. CPE check and BFD support are mutually exclusive on a static route.
If a CPE connectivity check target address is already being used as the target address in a different static route, cpe-check parameters must match. If they do not match, the new configuration command will be rejected.
If a static-route-entry>indirect command or static-route-entry>next-hop command is issued with no cpe-check target but the destination prefix/prefix-length and the next hop match a static route that has an associated cpe-check, the cpe-check test is removed from the static route.
The no form of this command disables the cpe-check option.
Default
no cpe-check
Parameters
- cpe-ip-address
the IP address of the CPE device
drop-count
Syntax
drop-count count
no drop-count
Context
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description
This command specifies the number of consecutive ping replies that must be missed in order to declare the CPE down and to deactivate the static route.
Default
3
Parameters
- count
an integer count value
interval
Syntax
interval seconds
no interval
Context
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description
This command specifies the interval, in seconds, between ICMP pings to the target IP address.
Default
1
Parameters
- seconds
an integer interval value
log
Syntax
[no] log
Context
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description
This command enables the logging of transitions between active and inactive routes based on the CPE connectivity check. Events will be sent to the system log, syslog, and SNMP traps.
Default
no log
ipsec-tunnel
Syntax
[no] ipsec-tunnel ipsec-tunnel-name
Context
config>service>vprn>static-route-entry
Description
This command creates a static route in a VPRN service context that points to an IPSec tunnel.
If a static route is configured with the same destination address, subnet mask, and IPSec tunnel name as a previously configured static route, the newly configured route replaces the previous one, and unless specified, the default values for the preference and metric commands are applied.
Default
no ipsec-tunnel
Parameters
- ipsec-tunnel-name
the IPSec tunnel name; the IPSec tunnel specifies the local and peer gateway addresses for the tunnel
next-hop
Syntax
[no] next-hop {ip-int-name | ip-address | ipv6-address}
Context
config>service>vprn>static-route-entry
Description
This command specifies the directly connected next-hop IP address or interface used to reach the destination. If the next hop is over an unnumbered interface, the interface name of the unnumbered interface can be used.
The configured ip-address can be either on the network side or the access side on the node. The address must be associated with a network that is directly connected to a network configured on the node.
Default
no next-hop
Parameters
- ip-int-name, ip-address, ipv6-address
the IP interface name, IPv4 address, or IPv6-address
bfd-enable
Syntax
[no] bfd-enable
Context
config>service>vprn>static-route-entry>next-hop
Description
This command associates the static route state with a BFD session between the local system and the configured next hop. The remote end of the BFD session must also be configured to originate or accept the BFD session controlling the static route state.
The no form of this command removes the association of the static route state with the BFD session.
Default
no bfd-enable
type
Syntax
type hub
no type
Context
config>service>vprn
Description
This command designates the type of VPRN instance being configured for hub and spoke topologies.
The no form of the command resets to the default of a fully meshed VPRN.
Default
no type
Parameters
- hub
a hub VPRN, which allows all traffic from the hub SAP to be routed directly to the destination, while all traffic from spoke VPRNs or network interfaces can only be routed to a hub SAP
vrf-export
Syntax
vrf-export policy-name [policy-name...(up to 5 max)]
no vrf-export
Context
config>service>vprn
Description
This command specifies the export policies to control routes exported from the local VPN virtual routing/ forwarding table (VRF) to other VRFs on the same or remote PE routers (via MP-BGP). The policy (and policy-name) are defined under the config>router>policy-options>policy-statement command.
Aggregate routes are not advertised via MP-BGP protocols to the other MP-BGP peers.
The no form of the command removes all route policy names from the export list.
Default
n/a
Parameters
- policy-name
the route policy statement name (up to 32 characters)
vrf-import
Syntax
vrf-import policy-name [policy-name...(up to 5 max)]
no vrf-import
Context
config>service>vprn
Description
This command sets the import policies to control routes imported to the local VPN virtual routing/ forwarding table (VRF) from other VRFs on the same or remote PE routers (via MP-BGP). BGP-VPN routes imported with a vrf-import policy will use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs on the same router, unless the preference is changed by the policy.
The no form of the command removes all route policy names from the import list.
Default
n/a
Parameters
- policy-name
the route policy statement name (up to 32 characters)
vrf-target
Syntax
vrf-target {ext-community | {[export ext-community] [import ext-community]}}
no vrf-target
Context
config>service>vprn
Description
This command facilitates a simplified method to configure the route target to be added to advertised routes or compared against received routes from other VRFs on the same or remote PE routers (via MP-BGP).
BGP-VPN routes imported with a vrf-target statement will use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs in the same router.
Specified vrf-import or vrf-export policies override the vrf-target policy.
The no form of the command removes the route target from the VRF.
Default
no vrf-target
Parameters
- ext-community
an extended BGP community in the type:x:y format.
- export ext-community
communities allowed to be sent to remote PE neighbors
- import ext-community
communities allowed to be accepted from remote PE neighbors
weighted-ecmp
Syntax
[no] weighted-ecmp
Context
config>service>vprn
Description
This command enables weighted load-balancing for OSPF ECMP routes for the VPRN instance. Weighted ECMP can be performed when all next hops are configured with non-zero load-balancing weights.
The no form of this command restores regular ECMP spraying of packets to OSPF route destinations.
Default
no weighted-ecmp
BGP Commands
bgp
Syntax
[no] bgp
Context
config>service>vprn
Description
This command enables the BGP protocol on the VPRN service.
The no form of this command disables the BGP protocol on the VPRN service.
Default
no bgp
advertise-inactive
Syntax
[no] advertise-inactive
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables the advertising of inactive BGP routes to other BGP peers. By default, BGP only advertises BGP routes to other BGP peers if a given BGP route is chosen by the route table manager as the most preferred route within the system and is active in the forwarding plane. This command allows system administrators to advertise a BGP route even though it is not the most preferred route within the system for a given destination.
The no form of this command disables the advertising of inactive BGP routes to other BGP peers.
Default
no advertise-inactive
aggregator-id-zero
Syntax
[no] aggregator-id-zero
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command is used to set the router ID in the BGP aggregator path attribute to 0 when BGP aggregates routes. This prevents different routers within an AS from creating aggregate routes that contain different AS paths.
When BGP is aggregating routes, it adds the aggregator path attribute to the BGP Update messages. By default, BGP adds the AS number and router ID to the aggregator path attribute.
When this command is enabled, BGP adds only the router ID (set to 0) to the aggregator path attribute. This command is used at the group level to revert to the value defined under the global level, and this command is used at the neighbor level to revert to the value defined under the group level.
The no form of the command used at the global level reverts to the default, where BGP adds the AS number and router ID to the aggregator path attribute.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no aggregator-id-zero
as-override
Syntax
[no] as-override
Context
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command replaces all instances of the peer's AS number with the local AS number in a BGP route's AS path.
This command breaks the BGP loop detection mechanism. It should be used carefully.
Default
no as-override
auth-keychain
Syntax
auth-keychain name
no auth-keychain
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command associates an authentication keychain with the BGP protocol. The keychain is a collection of keys used to authenticate BGP messages from remote neighbors. The keychain allows the rollover of authentication keys during the lifetime of a session and also supports stronger authentication algorithms than clear text and MD5.
The keychain must already be defined in the config>system>security>keychain context.
Either the authentication-key command or the auth-keychain command can be used by BGP, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.
By default, authentication is not enabled.
Default
no auth-keychain
Parameters
- name
the name of an existing keychain, up to 32 characters
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2]
no authentication-key
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the BGP authentication key.
Authentication is performed between neighboring routers before setting up the BGP session by verifying the password. Authentication is performed using the MD5 message-based digest.
The authentication key can be any combination of ASCII characters up to 255 characters long.
Either the authentication-key command or the auth-keychain command can be used by BGP, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.
The no form of the command removes the authentication password from the configuration and effectively disables authentication.
Default
Authentication is disabled and the authentication password is empty.
Parameters
- authentication-key
the authentication key. The key can be any combination of ASCII characters up to 255 characters in length (unencrypted). If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).
- hash-key
the hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”). This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
- hash2
specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
backup-path
Syntax
[no] backup-path [ipv4] [ipv6]
Context
config>service>vprn>bgp
Description
This command enables BGP Fast Reroute (FRR) with Prefix-Independent Convergence (PIC), allowing for the creation of a backup path for IPv4 or IPv6 BGP learned prefixes belonging to a VPRN. Multiple paths must be received for a prefix in order to take advantage of this feature.
When a prefix has a backup path, and its primary paths fail, the affected traffic is rapidly diverted to the backup path without waiting for control plane reconvergence to occur. The time to reroute the traffic is independent of the number of prefixes sharing the primary or backup paths.
The no form of the command disables BGP FRR with PIC.
Default
no backup-path
Parameters
- ipv4
enables a backup path for IPv4 BGP learned prefixes
- ipv6
enables a backup path for IPv6 BGP learned prefixes
best-path-selection
Syntax
best-path-selection
Context
config>service>vprn>bgp
Description
This command enables path selection configuration.
always-compare-med
Syntax
always-compare-med [zero | infinity]
always-compare-med strict-as [zero | infinity]
no always-compare-med
Context
config>service>vprn>bgp>path-selection
Description
This command specifies how the Multi-Exit Discriminator (MED) path attribute is used in the BGP route selection process.
If this command is used without the strict-as option, the MEDs of two paths are always compared even if the paths have a different neighbor AS.
If the strict-as option is used, the MEDs of two paths are compared only if they come from the same neighboring AS.
The zero and infinity options specify how to treat paths that do not have a MED attribute; for example, always-compare-med zero means that if one path is missing a MED attribute, it is treated as though it had a MED attribute with the value of 0. If neither option is specified, the zero option is implied.
The no form of the command means that only the MEDs of paths that have the same neighbor AS are compared.
Default
no always-compare-med
Parameters
- zero
specifies that for routes learned without a MED attribute, a zero (0) value is used in the MED comparison. The routes with the lowest metric are the most preferred.
- infinity
specifies that for routes learned without a MED attribute, a value of infinity (4294967295) is used in the MED comparison. This, in effect, makes these routes the least desirable.
- strict-as
specifies that the MEDs of two paths are compared only if they come from the same neighboring AS
as-path-ignore
Syntax
as-path-ignore [ipv4] [ipv6]
no as-path-ignore
Context
config>service>vprn>bgp>path-selection
Description
This command determines whether the AS path is used to determine the best BGP route.
If this command is enabled, the AS paths of incoming routes are not used in the route selection process.
When as-path-ignore is used without specifying one or more keywords, then all keywords are configured. When one or more keywords are specified, then only those keywords are configured.
The no form of the command means that the AS paths of incoming routes are used to determine the best BGP route.
Default
no as-path-ignore
Parameters
- ipv4
specifies support for IPv4 routes
- ipv6
specifies support for IPv6 routes
bfd-enable
Syntax
[no] bfd-enable
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables the use of bidirectional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for BFD are set via the BFD command under the IP interface.
The no form of this command removes BFD from the associated BGP protocol peering.
Default
no bfd-enable
connect-retry
Syntax
connect-retry seconds
no connect-retry
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the BGP connect retry timer value in seconds. When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The no form of the command used at the global level reverts to the default value.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
120 s
Parameters
- seconds
the BGP connect retry timer value, in seconds, expressed as a decimal integer
damping
Syntax
[no] damping
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables BGP damping for learned routes that are defined within the VPRN service. Damping parameters are set at the route policy level. See the 7705 SAR Router Configuration Guide, ‟Route Policy Command Reference”.
The no form of the command disables learned route damping.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no damping
disable-communities
Syntax
disable-communities [standard] [extended]
no disable-communities
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures BGP to disable sending communities.
Default
no disable-communities
Parameters
- standard
specifies standard communities that existed before VPRNs or RFC 2547
- extended
specifies BGP communities that were expanded after the concept of RFC 2547 was introduced, to include handling the route target in the VRF
disable-fast-external-failover
Syntax
[no] disable-fast-external-failover
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures BGP fast external failover.
For EBGP neighbors, fast external failover controls whether the router should drop an EBGP session immediately upon an interface-down event, or whether the BGP session is kept up until the hold-time expires.
When fast external failover is disabled, the EBGP session stays up until the hold-time expires or the interface comes back up again. If the BGP routes become unreachable as a result of the interface going down, they are immediately withdrawn from other peers.
Default
no disable-fast-external-failover
dynamic-neighbor
Syntax
dynamic-neighbor
Context
config>service>vprn>bgp>group
Description
This command enables the context to configure dynamic BGP sessions for a peer group.
prefix
Syntax
[no] prefix ip-prefix/ip-prefix-length
Context
config>service>vprn>bgp>group>dynamic-neighbor
Description
This command configures a prefix to accept dynamic BGP sessions, which are sessions from source IP addresses that do not match any configured (static) neighbor addresses. A dynamic session is associated with the group having the longest-match prefix entry for the source IP address of the peer. There is no limit on the number of prefixes that can be configured. The group association determines local parameters that apply to the session, including the local AS, local IP address, MP-BGP families, and import and export policies.
The no form of this command removes a prefix entry.
Default
none
Parameters
- ip-prefix/ip-prefix-length
specifies a prefix from which to accept dynamic BGP sessions
dynamic-neighbor-limit
Syntax
dynamic-neighbor-limit peers
no dynamic-neighbor-limit
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
Description
This command configures the maximum number of dynamic BGP sessions that will be accepted from remote peers associated with the global BGP instance or a specific peer group. If accepting a new dynamic session would cause either the group limit or the global limit to be exceeded, the new session attempt is rejected and a notification message is sent back to the remote peer.
The no form of this command removes the limit on the number of dynamic sessions.
Default
no dynamic-neighbor-limit
Parameters
- peers
specifies the maximum number of dynamic BGP sessions
enable-bgp-vpn-backup
Syntax
[no] enable-bgp-vpn-backup [ipv4] [ipv6]
Context
config>service>vprn>bgp
Description
This command allows BGP-VPN routes imported into the VPRN to be used as backup paths for IPv4 or IPv6 BGP learned prefixes.
Parameters
- ipv4
allow BGP-VPN routes to be used as backup paths for IPv4 prefixes
- ipv6
allow BGP-VPN routes to be used as backup paths for IPv6 prefixes
enable-peer-tracking
Syntax
[no] enable-peer-tracking
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables BGP peer tracking. BGP peer tracking allows a BGP peer to be dropped immediately if the route used to resolve the BGP peer address is removed from the IP routing table and there is no alternative available. The BGP peer will not wait for the hold timer to expire; therefore, the BGP reconvergence process is accelerated.
The no form of the command disables peer tracking.
Default
no enable-peer-tracking
error-handling
Syntax
error-handling
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables the context to configure BGP error handling.
legacy-mode
Syntax
[no] legacy-mode
Context
config>service>vprn>bgp>error-handling
Description
This command configures the legacy fault tolerance mode for BGP error handling. When enabled, configuration for fault tolerance can be enabled or disabled at the BGP global, group, or neighbor level and applied to sessions at that level with the update-fault-tolerance command. When disabled, update-fault-tolerance configurations are ignored and updated fault protection is automatically applied to all BGP sessions.
Default
no legacy-mode
update-fault-tolerance
Syntax
[no]
update-fault-tolerance
Context
config>service>vprn>bgp>error-handling
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables updated fault tolerance for handling a wide range of BGP Update message errors. When enabled, the system uses the 'treat-as-withdraw' and other similarly non-disruptive error handling as described in RFC 7606 as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed. If the legacy-mode command is disabled, the update-fault-tolerance configuration is ignored and updated fault tolerance is automatically applied to all BGP sessions.
Default
no update-fault-tolerance
export
Syntax
export policy-name [policy-name…(up to 5 max)]
no export
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command specifies the export policies used to control routes advertised to BGP neighbors. Route policies are configured in the config>router>policy-options context. See the section on ‟Route Policy” in the 7705 SAR Router Configuration Guide.
When multiple policy names are specified, the policies are evaluated in the order in which they are specified. A maximum of five (5) policy names can be configured. The first policy that matches is applied.
If a non-existent route policy is applied to a VPRN instance, the CLI generates a warning message. This message is only generated during an interactive CLI session. No warning message is generated when a non-existent route policy is applied to a VPRN instance in a configuration file or when SNMP is used.
The no form of this command removes all route policy names from the export list.
Default
no export—BGP routes are advertised and non-BGP routes are not advertised
Parameters
- policy-name
the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
family
Syntax
family [ipv4] [ipv6]
no family
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command specifies the address families to be negotiated with one or more multiprotocol BGP peers of the VPRN.
The no form of this command removes the specified address family from the associated BGP sessions.
Default
ipv4
Parameters
- ipv4
provisions IPv4 support
- ipv6
provisions IPv6 support
graceful-restart
Syntax
[no] graceful-restart
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables graceful restart for BGP in the VPRN context. If the control plane of a GR-capable router fails, the VPRN BGP peers (GR helpers) temporarily preserve neighbor information, so packets continue to be forwarded through the failed GR router using the last known routes. The helper state remains until the peer completes its restart or exits if the GR timer value is exceeded.
The 7705 SAR acts as a GR helper; it does not request graceful restart but agrees to graceful restart requests from a peer.
The no form of the command disables graceful restart and removes all graceful restart configurations in the VPRN BGP instance.
Default
no graceful-restart
stale-routes-time
Syntax
stale-routes-time time
no stale-routes-time
Context
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description
This command configures the maximum amount of time in seconds that stale routes should be maintained after a graceful restart is initiated.
The no form of the command resets the stale routes time back to the default value.
Default
360 s
Parameters
- time
the amount of time that stale routes should be maintained after a graceful restart is initiated
group
Syntax
[no] group name
Context
config>service>vprn>bgp
Description
This command creates a context to configure a BGP peer group.
The no form of the command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.
Default
no group—no peer groups are defined
Parameters
- name
the peer group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
neighbor
Syntax
[no] neighbor ip-address
Context
config>service>vprn>bgp>group
Description
This command creates a BGP peer/neighbor instance within the context of the BGP group.
This command can be issued repeatedly to create multiple peers and their associated configurations.
The no form of the command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shut down before it can be deleted. If the neighbor is not shut down, the command will not result in any action except a warning message on the CLI indicating that the neighbor is still administratively up.
Default
no neighbor—no neighbors are defined
Parameters
- ip-address
the IP address of the BGP peer router
hold-time
Syntax
hold-time seconds [strict]
no hold-time
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the BGP hold time, expressed in seconds.
The BGP hold time specifies the maximum time BGP waits between successive messages (either Keepalive or Update) from its peer, before closing the connection. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The strict option ensures that the negotiated hold time value is not set to a value less than the configured value.
Even though the 7705 SAR implementation allows setting the keepalive time separately, the configured keepalive timer is overridden by the hold-time value under the following circumstances.
If the specified hold-time is less than the configured keepalive time, then the operational keepalive time is set to a third of the hold-time; the configured keepalive time is not changed.
If the hold-time is set to 0, then the operational value of the keepalive time is set to 0; the configured keepalive time is not changed. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.
The no form of the command used at the global level reverts to the default value.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
90 s
Parameters
- seconds
the hold-time, in seconds, expressed as a decimal integer. A value of 0 indicates the connection to the peer is permanently up.
- strict
when used, the advertised BGP hold time from the far-end BGP peer must be greater than or equal to the specified hold-time value
import
Syntax
import policy-name [policy-name…(up to 5 max)]
no import
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command specifies the import route policy to be used to determine which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. See the section on ‟Route Policy” in the 7705 SAR Router Configuration Guide.
When multiple policy names are specified, the policies are evaluated in the order in which they are specified. A maximum of five (5) policy names can be specified. The first policy that matches is applied.
When multiple import commands are issued, the last command entered will override the previous command.
The no form of the command removes all route policy names from the import list.
Default
no import—BGP routes are accepted by default
Parameters
- policy-name
the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
keepalive
Syntax
keepalive seconds
no keepalive
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the BGP keepalive timer. A Keepalive message is sent every time this timer expires.
The keepalive parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used. The keepalive value is generally one-third of the hold-time interval. Even though the 7705 SAR implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value.
If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive value is set to one third of the current hold-time value.
If the specified hold-time interval is less than the configured keepalive value, then the keepalive value is reset to one third of the specified hold-time interval.
If the hold-time interval is set to 0, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.
The no form of the command used at the global level reverts to the default value.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
30 s
Parameters
- seconds
the keepalive timer, in seconds, expressed as a decimal integer
local-address
Syntax
local-address ip-address
no local-address
Context
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the local IP address used by the group or neighbor when communicating with BGP peers.
Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.
When a local address is not specified, the 7705 SAR uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.
The no form of the command removes the configured local address for BGP.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no local-address
Parameters
- ip-address
the local address. The allowed value is a valid routable IP address on the router, either an interface or system IP address.
local-as
Syntax
local-as as-number [private]
no local-as
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures a BGP virtual autonomous system (AS) number.
In addition to the AS number configured for BGP in the config>router>autonomous-system context, a virtual (local) AS number is configured. The virtual AS number is added to the as-path attribute before the router’s AS number makes the virtual AS the second AS in the AS path.
This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). By specifying this parameter at each neighbor level, it is possible to have a separate AS number per EBGP session.
When a command is entered multiple times for the same AS, the last command entered is used in the configuration. The private attribute can be added or removed dynamically by reissuing the command.
Changing the local AS at the global level in an active BGP instance causes the BGP instance to restart with the new local AS number.
Changing the local AS at the group level in an active BGP instance causes BGP to re-establish the peer relationships with all peers in the group with the new local AS number.
Changing the local AS at the neighbor level in an active BGP instance causes BGP to re-establish the peer relationship with the new local AS number.
This is an optional command and can be used in the following example:
Example: Provider router P is moved from AS1 to AS2. The customer router that is connected to P, however, is configured to belong to AS1. To avoid reconfiguring the customer router, the local-as value on router P can be set to AS1. Thus, router P adds AS1 to the as-path message for routes it advertises to the customer router.
The no form of the command used at the global level will remove any virtual AS number configured.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no local-as
Parameters
- as-number
the virtual autonomous system number expressed as a decimal integer
- private
specifies that the local AS is hidden in paths learned from the peering
local-preference
Syntax
local-preference local-preference
no local-preference
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the default value of the BGP local preference attribute if it is not already specified in incoming routes.
This value is used if the BGP route arrives from a BGP peer without the local-preference integer set.
The specified value can be overridden by any value set via a route policy. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The no form of the command at the global level specifies that incoming routes with local preference set are not overridden and routes arriving without local preference set are interpreted as if the route had a local preference value of 100.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no local-preference
Parameters
- local-preference
the local preference value to be used as the override value, expressed as a decimal integer
loop-detect
Syntax
loop-detect {drop-peer | discard-route | ignore-loop | off}
no loop-detect
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures how the BGP peer session handles loop detection in the AS path.
This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
When applied to an ongoing BGP peer session, this command does not take effect until the BGP peer session is re-established.
The no form of the command used at the global level reverts to the default (ignore- loop).
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
ignore-loop
Parameters
- drop-peer
sends a notification to the remote peer and drops the session
- discard-route
discards routes received from a peer with the same AS number as the router itself. This option prevents routes looped back to the router from being added to the routing information base and consuming memory. When this option is changed, the change will not be active for an established peer until the connection is re-established for the peer.
- ignore-loop
ignores routes with loops in the AS path, but maintains peering
- off
disables loop detection
med-out
Syntax
med-out [number | igp-cost]
no med-out
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables advertising the Multi-Exit Discriminator (MED) and assigns the value used for the path attribute for the advertised MED to BGP peers if the MED is not already set.
The specified value can be overridden by any value set via a route policy.
This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The no form of the command used at the global level reverts to the default where the MED is not advertised.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no med-out
Parameters
- number
the MED path attribute value, expressed as a decimal integer
- igp-cost
the MED is set to the IGP cost of the IP prefix that is defined via a route policy
min-route-advertisement
Syntax
min-route-advertisement seconds
no min-route-advertisement
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the minimum interval, in seconds, at which a prefix can be advertised to a peer.
This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The no form of the command used at the global level reverts to the default.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
30 s
Parameters
- seconds
the minimum route advertising interval, in seconds, expressed as a decimal integer
multihop
Syntax
multihop ttl-value
no multihop
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the time to live (TTL) value at an originating EBGP peer. The TTL value is entered in the IP header of packets that are sent to a terminating EBGP peer that is multiple hops away.
The no form of the command used at the global level reverts to the default value.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
1 — EBGP peers are directly connected
Parameters
- ttl-value
the TTL value that will be entered in the IP header of packets that are sent to a terminating EBGP peer that is multiple hops away
multipath
Syntax
multipath max-paths
no multipath
Context
config>service>vprn>bgp
Description
This command enables BGP multipath.
When multipath is enabled, BGP load-shares traffic across multiple links. Multipath can be configured to load-share traffic across a maximum of 16 routes. If the equal-cost routes available are more than the configured value, then routes with the lowest next-hop IP address value are chosen.
This configuration parameter is set at the global level (applies to all peers).
Multipath is disabled if the value is set to 1. When multipath is disabled and multiple equal-cost routes are available, the route with the lowest next-hop IP address will be used.
The no form of the command reverts to the default where multipath is disabled.
Default
no multipath
Parameters
- max-paths
the number of equal-cost routes to use for multipath routing
next-hop-resolution
Syntax
next-hop-resolution
Context
config>service>vprn>bgp
Description
This command enters the context to configure next-hop resolution parameters.
policy
Syntax
policy policy-name
no policy
Context
config>service>vprn>bgp>next-hop-res
Description
This command specifies the name of a policy statement to use with the BGP next-hop resolution process. The policy controls which IP routes in the RTM are eligible to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next hops to MPLS tunnels. If a BGP next hop of an IPv4 or IPv6 route is resolved in the RTM and the longest matching route for the next-hop address is an IP route that is rejected by the policy, the route is unresolved; if the route is accepted by the policy, it becomes the resolving route.
If the no form of the command is used, the default next-hop-resolution policy is to use the longest matching active route in the RTM that is not a BGP route or an aggregate route.
Default
no policy
Parameters
- policy-name
specifies an existing route policy name. Route policies are configured in the config>router>policy-options context.
next-hop-self
Syntax
[no] next-hop-self
Context
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the group or neighbor to always set the next-hop path attribute to its own physical interface when advertising to a peer.
This command is primarily used to avoid third-party route advertisements when connected to a multi-access network.
The no form of the command used at the group level allows third-party route advertisements in a multi-access network.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no next-hop-self
passive
Syntax
[no] passive
Context
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables and disables passive mode for the BGP group or neighbor. When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.
The no form of the command used at the group level disables passive mode, and BGP actively attempts to connect to its peers.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no passive
peer-as
Syntax
peer-as as-number
no peer-as
Context
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.
For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level. This requirement is necessary because the peer will be in a different autonomous system than that of this router.
This command may be configured under the group level for all neighbors in a particular group.
Default
no AS numbers defined
Parameters
- as-number
the autonomous system number, expressed as a decimal integer
peer-tracking-policy
Syntax
peer-tracking-policy policy-name
no peer-tracking-policy
Context
config>service>vprn>bgp
Description
This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where the peer-tracking-policy command is enabled. The policy controls which IP routes in the RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in the RTM for a BGP neighbor address is an IP route that is rejected by the policy or a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.
The no form of the command defaults to using the longest matching active route in the RTM that is not an aggregate route.
Default
no peer-tracking-policy
Parameters
- policy-name
specifies an existing route policy name. Route policies are configured in the config>router>policy-options context.
preference
Syntax
preference preference
no preference
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the route preference for routes learned from the configured peers.
This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.
The lower the preference, the higher the chance of the route being the active route. The 7705 SAR assigns the highest default preference to BGP routes as compared to routes that are direct, static, or learned via MPLS or OSPF.
The no form of the command used at the global level reverts to the default value.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
170
Parameters
- preference
the route preference, expressed as a decimal integer
prefix-limit
Syntax
prefix-limit family limit [threshold percentage] [idle-timeout {minutes | forever} | log-only] [post-import]
no prefix-limit family
Context
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures the maximum number of BGP routes that can be received from a peer before administrative action is taken. The administrative action can be the generation of a log event or the taking down of the session. If a session is taken down, it can be brought back up automatically after an idle-timeout period or it can be configured to stay down (forever) until the operator performs a reset.
The prefix-limit command allows each address family to have its own limit; a set of address family limits can be applied to one neighbor or to all neighbors in a group.
The no form of the command removes the prefix-limit.
Default
No prefix limits for any address family
Parameters
- family
specifies the address family to which the limit applies
- limit
specifies the number of routes that can be learned from a peer, expressed as a decimal integer
- percentage
specifies the threshold value, as a percentage, that triggers a warning message to be sent
- minutes
specifies the length of time, in minutes, before automatically re-establishing a session
- forever
specifies that the session is re-established only after the clear router bgp command is executed
- log-only
enables a warning message to be sent at the specified threshold percentage and also when the limit is reached. However, the BGP session is not taken down.
- post-import
specifies that the limit should be applied only to the number of routes that are accepted by import policies
rapid-withdrawal
Syntax
[no] rapid-withdrawal
Context
config>service>vprn>bgp
Description
This command disables the delay on issuing BGP withdrawals.
By default, BGP withdrawals (messages containing the routes that are no longer valid) are delayed up to the min-route-advertisement to allow for efficient packing of BGP Update messages. However, when the rapid-withdrawal command is enabled, the delay on sending BGP withdrawals is disabled.
The no form of the command returns BGP withdrawal processing to its default behavior.
Default
no rapid-withdrawal
remove-private
Syntax
[no] remove-private [limited]
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command allows all private AS numbers to be removed from the AS path before advertising them to BGP peers. The no form of the command includes private AS numbers in the AS path attribute.
If the limited keyword is included, only the leading private ASNs up to the first public ASN are removed.
When the remove-private parameter is set at the global level, it applies to all peers regardless of group or neighbor configuration. When the parameter is set at the group level, it applies to all peers in the group regardless of the neighbor configuration.
The 7705 SAR recognizes the set of AS numbers that are defined by IANA as private. These are AS numbers in the range 64512 through 65535, inclusive.
The no form of the command used at the global level reverts to the default value.
The no form of the command used at the group level reverts to the value defined at the global level.
The no form of the command used at the neighbor level reverts to the value defined at the group level.
Default
no remove-private
rib-management
Syntax
rib-management
Context
config>service>vprn>bgp
Description
This command enables the context to configure RIB management parameters. Under the RIB management context are options for ipv4 and ipv6.
route-table-import
Syntax
route-table-import policy-name
no route-table-import
Context
config>service>vprn>bgp>rib-management>ipv4
config>service>vprn>bgp>rib-management>ipv6
Description
This command specifies the name of a route policy to control the importation of active routes from the IP route table into one of the BGP RIBs.
If the route-table-import command is not configured, or if the command refers to an empty policy, all non-BGP routes from the IP route table are imported into the applicable RIB.
If the route-table-import command is configured, routes that are dropped or rejected by the configured policy are not installed in the associated RIB. Rejected routes cannot be advertised to BGP peers associated with the RIB, but they can still be used to resolve BGP next hops of routes in that RIB. If the active route for a prefix is rejected by the route-table-import policy, then the best BGP route for that prefix in the BGP RIB can be advertised to peers as though it is used.
Aggregate routes are always imported into the applicable RIB, independent of the route-table-import policy.
Route modifications specified in the actions of a route-table-import policy are ignored and have no effect on the imported routes.
Default
no route-table-import
Parameters
- policy-name
specifies the name of a policy-statement; the policy statement must already have been created
split-horizon
Syntax
[no] split-horizon
Context
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command enables the use of split-horizon. When applied globally, to a group, or to a specific peer, split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer: confed-EBGP, EBGP, or IBGP.
The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.
The no form of the command disables split-horizon, which allows the lower level to inherit the setting from an upper level.
Default
no split-horizon
ttl-security
Syntax
ttl-security min-ttl-value
no ttl-security
Context
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description
This command configures TTL security parameters for incoming packets. When the feature is enabled, BGP accepts incoming IP packets from a peer only if the TTL value in the packet is greater than or equal to the minimum TTL value configured for that peer.
The no form of the command disables TTL security.
Default
no ttl-security
Parameters
- min-ttl-value
the minimum TTL value for an incoming packet
OSPF and OSPFv3 Commands
ospf
Syntax
[no] ospf
Context
config>service>vprn
Description
This command enables access to the context to define OSPF parameters for VPRN.
When an OSPF instance is created, the protocol is enabled. To start or suspend execution of the OSPF protocol without affecting the configuration, use the no shutdown command.
The no form of the command deletes the OSPF protocol instance and removes all associated configuration parameters.
Default
no ospf
ospf3
Syntax
[no] ospf3
Context
config>service>vprn
Description
This command enables access to the context to define OSPFv3 parameters for VPRN.
When an OSPFv3 instance is created, the protocol is enabled. To start or suspend execution of the OSPF protocol without affecting the configuration, use the no shutdown command.
The no form of the command deletes the OSPFv3 protocol instance and removes all associated configuration parameters.
Default
no ospf3
area
Syntax
[no] area area-id
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command enables the context to configure an OSPF or OSPFv3 area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted-decimal notation or as a 32-bit decimal integer.
The no form of the command deletes the specified area from the configuration. Deleting the area also removes the OSPF or OSPFv3 configuration of all the interfaces, virtual links, sham links, address ranges, and so on, that are currently assigned to this area.
The 7705 SAR supports a maximum of four areas.
Default
no area — no OSPF or OSPFv3 areas are defined
Parameters
- area-id
the OSPF or OSPFv3 area ID expressed in dotted-decimal notation or as a 32-bit decimal integer
area-range
Syntax
area-range ip-prefix/mask [advertise | not-advertise]
no area-range ip-prefix/mask
area-range ipv6-prefix/prefix-length [advertise | not-advertise]
no area-range ipv6-prefix/prefix-length
Context
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description
This command creates ranges of addresses on an Area Border Router (ABR) for the purpose of route summarization or suppression. When a range is created, the range is configured to be advertised or not advertised to other areas. Multiple range commands can be used to summarize or hide ranges. In the case of overlapping ranges, the most specific range command applies.
ABRs send summary link advertisements to describe routes to other areas. To minimize the number of advertisements that are flooded, you can summarize a range of IP addresses and send reachability information about these addresses in an LSA.
The ip-prefix/mask parameter applies in the ospf context. The ipv6-prefix/prefix-length parameter applies in the ospf3 context.
The no form of the command deletes the range advertisement or non-advertisement.
Default
no area-range — no range of addresses is defined
Special Cases
- NSSA context
in the NSSA context, the option specifies that the range applies to external routes (via type 7 LSAs) learned within the NSSA when the routes are advertised to other areas as type 5 LSAs
- Area context
if this command is not entered under the NSSA context, the range applies to summary LSAs even if the area is an NSSA
Parameters
- ip-prefix/mask
the IP prefix for the range in dotted-decimal notation and the subnet mask for the range, expressed as a decimal integer
- ipv6-prefix/prefix-length
the IPv6 prefix for the range in hexadecimal notation
- advertise | not-advertise
specifies whether to advertise the summarized range of addresses to other areas
blackhole-aggregate
Syntax
[no] blackhole-aggregate
Context
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description
This command installs a low-priority blackhole route for the entire aggregate. Existing routes that make up the aggregate will have a higher priority and only the components of the range for which no route exists will be blackholed.
When performing area aggregation, addresses may be included in the range for which no actual route exists. This can cause routing loops. To avoid this problem, configure the blackhole aggregate option.
The no form of this command removes this option.
Default
blackhole-aggregate
interface
Syntax
interface ip-int-name [secondary]
no interface ip-int-name
Context
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description
This command creates a context to configure an OSPF or OSPFv3 interface.
By default, interfaces are not activated in any interior gateway protocol, such as OSPF or OSPFv3, unless explicitly configured.
The no form of the command deletes the OSPF or OSPFv3 interface configuration for this interface. The shutdown command in the config>router>ospf>interface context or config>router>ospf3>interface context can be used to disable an interface without removing the configuration.
Default
no interface
Parameters
- ip-int-name
the IP interface name. Interface names must be unique within the group of defined IP interfaces for the config>service>vprn>interface and config>router>interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
If the IP interface exists in a different area, the configuration will be rejected with an error message unless the keyword secondary is specified.
- secondary
enables multiple secondary adjacencies to be established over this IP interface (see the 7705 SAR Routing Protocols Guide, ‟Multi-area Adjacencies”, for information about this feature)
advertise-subnet
Syntax
[no] advertise-subnet
Context
config>service>vprn>ospf>area>interface
Description
This command enables advertising point-to-point interfaces as subnet routes (network number and mask). When disabled, point-to-point interfaces are advertised as host routes.
This command is not supported in the ospf3 context.
The no form of the command disables advertising point-to-point interfaces as subnet routes, meaning they are advertised as host routes.
Default
advertise-subnet
auth-keychain
Syntax
auth-keychain name
no auth-keychain
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
Description
This command associates an authentication keychain with the OSPF interface, virtual link, or sham link. The keychain is a collection of keys used to authenticate OSPF messages from remote peers. The keychain allows the rollover of authentication keys during the lifetime of a session and also supports stronger authentication algorithms than clear text and MD5.
The keychain must already be defined in the config>system>security>keychain context.
Either the authentication-key command or the auth-keychain command can be used by OSPF, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.
This command is not supported in the ospf3 context.
The no form of the command removes the authentication keychain name from the configuration.
Default
no auth-keychain
Parameters
- name
the name of an existing keychain, up to 32 characters
authentication
Syntax
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
no authentication
Context
config>service>vprn>ospf3>area>interface
config>service>vprn>ospf3>area>virtual-link
Description
This command configures an interface with a static security association (SA) used to authenticate OSPFv3 packets.
This command is not supported in the ospf context.
The no form of the command removes the SA name from the configuration.
Parameters
- bidirectional sa-name
specifies the IPSec SA name used for transmitting and receiving OSPFv3 packets
- inbound sa-name
specifies the IPSec SA name used for receiving OSPFv3 packets
- outbound sa-name
specifies the IPSec SA name used for transmitting OSPFv3 packets
authentication-key
Syntax
authentication-key {authentication-key | hash-key} [hash | hash2]
no authentication-key
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
Description
This command configures the password used by the OSPF interface, virtual link, or sham link to send and receive OSPF protocol packets on the interface when simple password authentication is configured.
All neighboring routers must use the same type of authentication and password for correct protocol communication. If the authentication-type is configured as password, the authentication key must be configured.
By default, no authentication key is configured.
Either the authentication-key command or the auth-keychain command can be used by OSPF, but both cannot be supported at the same time. If both commands are configured, the auth-keychain configuration will be applied and the authentication-key command will be ignored.
This command is not supported in the ospf3 context.
The no form of the command removes the authentication key.
Default
no authentication-key
Parameters
- authentication-key
the authentication key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).
- hash-key
the hash key can be any combination of ASCII characters up to 22 characters in length (hash parameter is used) or 121 characters in length (if the hash2 parameter is used). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).
This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
- hash2
specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
authentication-type
Syntax
authentication-type {password | message-digest}
no authentication-type
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
Description
This command enables authentication and specifies the type of authentication to be used on the OSPF interface, virtual link, or sham link.
Both simple password and message-digest authentication are supported.
By default, authentication is not enabled on an interface or link.
This command is not supported in the ospf3 context.
The no form of the command disables authentication on the interface or link.
Default
no authentication-type
Parameters
- password
enables simple password (plaintext) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
- message-digest
enables message digest MD5 authentication in accordance with RFC 1321. If this option is configured, at least one message digest key must be configured.
bfd-enable
Syntax
bfd-enable [remain-down-on-failure]
no bfd-enable
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description
This command enables the use of bidirectional forwarding detection (BFD) to control the state of the associated OSPF or OSPFv3 interface. By enabling BFD on an OSPF or OSPFv3 interface, the state of the interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for BFD are set using the bfd command under the IP interface.
If the BFD session does not come back up within 10 s and the remain-down-on-failure parameter is enabled, OSPF will bring down the adjacency and wait for BFD to come up again. This behavior may cause OSPF neighbors to flap because OSPF will form the adjacency and then bring it down if the BFD session is still down. If this parameter is not configured, the OSPF adjacency will form even if the BFD session does not come back up after a failure.
The no form of this command removes BFD from the associated OSPF or OSPFv3 adjacency.
Default
no bfd-enable
Parameters
- remain-down-on-failure
forces adjacency down on BFD failure
dead-interval
Syntax
dead-interval seconds
no dead-interval
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
Description
This command configures the time, in seconds, that OSPF or OSPFv3 waits before declaring a neighbor router, virtual-link neighbor, or sham-link neighbor down. If no Hello packets are received from a neighbor for the duration of the dead interval, the router or link is assumed to be down. The minimum interval must be two times the hello interval.
The no form of the command resets the configured interval to the default value.
Default
40
Special Cases
- OSPF or OSPFv3 interface
if the dead-interval configured applies to an interface, all nodes on the subnet must have the same dead interval
- Virtual link
if the dead-interval configured applies to a virtual link, the interval on both endpoints of the virtual link must have the same dead interval
- Sham link
if the dead-interval configured applies to a sham link, the interval on both endpoints of the sham link must have the same dead interval
Parameters
- seconds
the dead interval in seconds, expressed as a decimal integer
hello-interval
Syntax
hello-interval seconds
no hello-interval
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
Description
This command configures the interval between OSPF or OSPFv3 hello messages issued on the interface, virtual link, or sham link.
The hello interval, in combination with the dead interval, is used to establish and maintain the adjacency.
Reducing the interval, in combination with an appropriate reduction in the associated dead-interval, allows for faster detection of link and/or router failures but results in higher processing costs.
The no form of this command resets the configured interval to the default value.
Default
10
Special Cases
- OSPF or OSPFv3 interface
if the hello-interval configured applies to an interface, all nodes on the subnet must have the same hello interval
- Virtual link
if the hello-interval configured applies to a virtual link, the interval on both endpoints of the virtual link must have the same hello interval
- Sham link
if the hello-interval configured applies to a sham link, the interval on both endpoints of the sham link must have the same hello interval
Parameters
- seconds
the hello interval in seconds, expressed as a decimal integer
interface-type
Syntax
interface-type {broadcast | point-to-point}
no interface-type
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description
This command configures the interface type to be either broadcast or point-to-point.
Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead of the link, provided that the link is used as a point-to-point link.
If the interface type is not known when the interface is added to OSPF or OSPFv3, and the IP interface is subsequently bound (or moved) to a different interface type, this command must be entered manually.
The no form of the command resets the configured interface type to the default value.
Default
broadcast – if the physical interface is Ethernet or unknown
point-to-point – if the physical interface is T1, E1, or SONET/SDH
Special Cases
- Virtual link
a virtual link is always regarded as a point-to-point interface and is not configurable
Parameters
- broadcast
configures the interface to maintain this link as a broadcast link. To significantly improve adjacency forming and network convergence, a network should be configured as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.
- point-to-point
configures the interface to maintain this link as a point-to-point link
lfa-policy-map
Syntax
lfa-policy-map route-nh-template template-name
no lfa-policy-map
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description
This command applies a route next-hop policy template to an OSPF or OSPFv3 interface.
When a route next hop policy template is applied to an interface, it is applied in all areas. However, this command can only be executed under the area in which the specified interface is primary. When the command is executed, the template is applied in that area and in all other areas where the interface is secondary. If the user attempts to execute the command under an area where the interface is secondary, the command will fail.
If the interface has been excluded from LFA with the loopfree-alternate-exclude command, the LFA policy has no effect on the interface.
If the route next-hop policy template is applied to a loopback interface or to the system interface, the command will not be rejected, but the policy will have no effect on the interface.
The no form of the command deletes the mapping of a route next-hop policy template to an OSPF or OSPFv3 interface.
Default
no lfa-policy-map
Parameters
- template-name
the name of an existing template
load-balancing-weight
Syntax
load-balancing-weight weight
no load-balancing-weight
Context
config>service>vprn>ospf>area>interface
Description
This command configures the load balancing weight for an OSPF PE-CE interface that is used to perform weighted ECMP for a VPRN service.
The no form of the command removes the configured load-balancing weight for the OSPF interface.
Default
no load-balancing-weight
Parameters
- weight
specifies the load-balancing weight
loopfree-alternate-exclude
Syntax
[no] loopfree-alternate-exclude
Context
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description
This command instructs OSPF or OSPFv3 to exclude a specific interface or all interfaces participating in a specific OSPF or OSPFv3 area from the LFA SPF calculation. The LFA SPF calculation can therefore be run only where it is needed.
If an interface is excluded from the LFA SPF calculation, it is excluded in all areas. However, this command can only be executed under the area in which the specified interface is primary. When the command is executed, the interface is excluded in that area and in all other areas where the interface is secondary. If the user attempts to execute the command under an area where the interface is secondary, the command will fail.
Default
no loopfree-alternate-exclude
message-digest-key
Syntax
message-digest-key key-id md5 {key | hash-key | hash2-key} [hash | hash2]
no message-digest-key key-id
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
Description
This command configures a message digest key when MD5 authentication is enabled on the interface, virtual link, or sham link. Multiple message digest keys can be configured.
This command is not supported in the ospf3 context.
The no form of the command removes the message digest key identified by the key-id.
Default
no message-digest-key
Parameters
- key-id
the key-id is expressed as a decimal integer
- key
the MD5 key, any alphanumeric string up to 16 characters in length
- hash-key
the MD5 hash key, any combination of ASCII characters up to 33 characters in length (hash parameter is used). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).
This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash2-key
the MD5 hash key, any combination of ASCII characters up to 132 characters in length (hash2 parameter is used). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).
This is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
- hash2
specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
metric
Syntax
metric metric
no metric
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
config>service>vprn>ospf>area>sham-link
Description
This command configures an explicit route cost metric for the interface or sham link that overrides the metrics calculated based on the speed of the underlying link.
The no form of the command deletes the manually configured metric, so the interface or sham link uses the computed metric based on the reference-bandwidth command setting and the speed of the underlying link.
Default
no metric
Parameters
- metric
the metric to be applied to the interface or sham link, expressed as a decimal integer
mtu
Syntax
mtu bytes
no mtu
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description
This command configures the OSPF or OSPFv3 interface MTU value used when negotiating an OSPF or OSPFv3 adjacency.
The operational OSPF MTU value is calculated as follows.
If this command is not configured:
the OSPF or OSPFv3 interface operational MTU derives the MTU value from the IP interface MTU (which is derived from the port MTU); for example, port MTU minus 14 bytes for a null-encapsulated Ethernet port
for OSPF (not OSPFv3), if the derived MTU value is less than 576 bytes, the OSPF interface operational MTU is set to 576 bytes. If a lower interface MTU is required, you must explicitly configure it using this command.
If this command is configured:
for OSPF (not OSPFv3):
if the OSPF interface MTU is less than 576 bytes, it becomes the operational OSPF MTU, regardless of the port MTU value
if the OSPF interface MTU is equal to or greater than 576 bytes, and the derived interface MTU is less than 576 bytes, the operational OSPF MTU is set to 576 bytes
if the OSPF interface MTU is equal to or greater than 576 bytes, and the derived interface MTU is greater than 576 bytes, the operational OSPF MTU is set to the lesser of the values configured with this command and the derived MTU
The port MTU must be set to 512 bytes or higher, since OSPF cannot support port MTU values lower than 512 bytes.
for OSPFv3:
the operational OSPF MTU is set to the lesser of the values configured with this command and the derived MTU
this applies only when the port MTU is set to 1280 bytes or higher, since OSPFv3 cannot support port MTU values less than 1280 bytes
To determine the actual packet size, add 14 bytes for an Ethernet packet and 18 bytes for a tagged Ethernet packet to the size of the OSPF (IP) packet MTU configured with this command.
If the OSPF mtu command is configured to a value less than the interface or port MTU value, the OSPF MTU value will be used to transmit OSPF packets.
Use the no form of this command to revert to the default.
Default
no mtu — uses the value derived from the port MTU
Parameters
- bytes
the MTU to be used by OSPF or OSPFv3 for this logical interface in bytes
passive
Syntax
[no] passive
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description
This command adds the passive property to an OSPF or OSPFv3 interface.
By default, only interface addresses that are configured for OSPF or OSPFv3 will be advertised as OSPF or OSPFv3 interfaces. The passive parameter allows an interface to be advertised as an OSPF or OSPFv3 interface without running the OSPF or OSPFv3 protocol.
While in passive mode, the interface will ignore ingress OSPF or OSPFv3 protocol packets and will not transmit any OSPF or OSPFv3 protocol packets.
The no form of the command removes the passive property from the OSPF or OSPFv3 interface.
Default
no passive
priority
Syntax
priority number
no priority
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description
This command configures the priority of the OSPF or OSPFv3 interface that is used in an election of the designated router on the subnet.
This parameter is only used if the interface is of type broadcast. The router with the highest-priority interface becomes the designated router. A router with priority 0 is not eligible to be a designated router or backup designated router.
The no form of the command resets the interface priority to the default value.
Default
1
Parameters
- number
the interface priority expressed as a decimal integer
retransmit-interval
Syntax
retransmit-interval seconds
no retransmit-interval
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
Description
This command specifies the length of time, in seconds, that OSPF or OSPFv3 will wait before retransmitting an unacknowledged LSA to an OSPF or OSPFv3 neighbor.
The value should be greater than the expected round-trip delay between any two routers on the attached network. If the retransmit interval expires and no acknowledgment has been received, the LSA will be retransmitted.
The no form of this command resets the configuration to the default interval.
Default
5
Parameters
- seconds
the retransmit interval in seconds, expressed as a decimal integer
transit-delay
Syntax
transit-delay seconds
no transit-delay
Context
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
Description
This command configures the estimated time, in seconds, that it takes to transmit an LSA on the interface, virtual link, or sham link.
The no form of this command resets the configuration to the default delay time.
Default
1
Parameters
- seconds
the transit delay in seconds, expressed as a decimal integer
key-rollover-interval
Syntax
key-rollover-interval key-rollover-interval
no key-rollover-interval
Context
config>service>vprn>ospf3>area
Description
This command configures the key rollover interval. The no form of the command resets the configured interval to the default setting.
Default
10
Parameters
- key-rollover-interval
specifies the time, in seconds, after which a key rollover will start
nssa
Syntax
[no] nssa
Context
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description
This command enables the context to configure an OSPF or OSPFv3 Not So Stubby Area (NSSA) and adds or removes the NSSA designation from the area.
NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF or OSPFv3 areas. The major difference between a stub area and an NSSA is that an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF or OSPFv3 domain.
Existing virtual links of a stub area or NSSA are removed when the designation is changed to NSSA or stub.
An area can be designated as stub or NSSA but never both at the same time.
By default, an area is not configured as an NSSA area.
The no form of the command removes the NSSA designation and configuration context from the area.
Default
no nssa
originate-default-route
Syntax
originate-default-route [type-7] [adjacency-check]
originate-default-route [type-nssa] [adjacency-check]
no originate-default-route
Context
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description
This command enables the generation of a default route and its LSA type into an NSSA by an NSSA ABR or ASBR.
The functionality of the type-7 parameter and the type-nssa parameter is the same. The type-7 parameter is available in the ospf context; the type-nssa parameter is available in the ospf3 context. Include the type-7 or type-nssa parameter to inject a type 7 LSA default route instead of a type 3 LSA into the NSSA configured with no summaries.
To return to a type 3 LSA, enter the originate-default-route command without the type-7 or type-nssa parameter.
When configuring an NSSA with no summaries, the ABR will inject a type 3 LSA default route into the NSSA area. Some older implementations expect a type 7 LSA default route.
The no form of the command disables origination of a default route.
Default
no originate-default-route
Parameters
- type-7 | type-nssa
specifies that a type 7 LSA should be used for the default route
- adjacency-check
specifies whether adjacency checks are performed before originating a default route. If this parameter is configured, an area 0 adjacency is required for the ABR to advertise the default route.
redistribute-external
Syntax
[no] redistribute-external
Context
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description
This command enables the redistribution of external routes into the NSSA on an NSSA ABR that is exporting the routes into non-NSSA areas.
NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF or OSPFv3 areas. The major difference between a stub area and an NSSA is that the NSSA has the capability to flood external routes that it learns (providing it is an ASBR) throughout its area and via an ABR to the entire OSPF or OSPFv3 domain.
The no form of the command disables the default behavior to automatically redistribute external routes into the NSSA area from the NSSA ABR.
Default
redistribute-external
summaries
Syntax
[no] summaries
Context
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
config>service>vprn>ospf>area>stub
config>service>vprn>ospf3>area>stub
Description
This command enables sending summary (type 3) advertisements into a stub area or NSSA on an ABR.
This parameter is particularly useful to reduce the size of the routing and link-state database (LSDB) tables within the stub or NSSA area.
By default, summary route advertisements are sent into the stub area or NSSA.
The no form of the command disables sending summary route advertisements and, for stub areas, only the default route is advertised by the ABR.
Default
summaries
sham-link
Syntax
[no] sham-link [ip-int-name ip-address]
Context
config>service>vprn>ospf>area
Description
This command configures an OSPF area sham link to a far-end PE OSPF router.
The no form of the command removes the sham link.
Default
no sham-link
Parameters
- ip-int-name
specifies the local interface name used for the sham- ink. This is a mandatory parameter. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes. If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.
- ip-address
specifies the IP address of the sham-link remote neighbor in a dotted-decimal notation (a.b.c.d). This is a mandatory parameter. The address must be a valid IP address.
stub
Syntax
[no] stub
Context
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description
This command enables access to the context to configure an OSPF or OSPFv3 stub area and adds or removes the stub designation from the area.
External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command.
Existing virtual links of a stub area or NSSA are removed when its designation is changed to NSSA or stub.
An OSPF or OSPFv3 area cannot be both an NSSA and a stub area at the same time.
By default, an area is not a stub area.
The no form of the command removes the stub designation and configuration context from the area.
Default
no stub
default-metric
Syntax
default-metric metric
no default-metric
Context
config>service>vprn>ospf>area>stub
config>service>vprn>ospf3>area>stub
Description
This command configures the metric used by the ABR for the default route into a stub area.
The default metric should only be configured on an ABR of a stub area.
An ABR generates a default route if the area is a stub area.
The no form of the command resets the configuration to the default value.
Default
default-metric 1
Parameters
- metric
the metric, expressed as a decimal integer, for the default route cost to be advertised to the stub area
virtual-link
Syntax
[no] virtual-link router-id transit-area area-id
Context
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description
This command configures a virtual link to connect ABRs to the backbone.
The backbone area (area 0.0.0.0) must be contiguous and all other areas must be connected to the backbone area. If it is not practical or possible to connect an area to the backbone, the ABRs must be connected via a virtual link. The two ABRs form a point-to-point-like adjacency across the transit area. A virtual link can only be configured while in the area 0.0.0.0 context.
The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or an NSSA.
The no form of the command deletes the virtual link.
Default
no virtual-link
Parameters
- router-id
the router ID of the virtual neighbor in IP address dotted-decimal notation
- area-id
the area ID specified identifies the transit area that links the backbone area to the area that has no physical connection with the backbone, expressed in dotted-decimal notation or as a 32-bit decimal integer
export
Syntax
export policy-name [policy-name…(up to 5 max)]
no export
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command specifies export route policies to determine which routes are exported from the routing table manager to OSPF or OSPFv3. Export policies are only in effect if OSPF or OSPv3 is configured as an ASBR.
If no export policy is specified, routes that are not OSPF or OSPFv3 are not exported from the routing table manager to OSPF or OSPFv3.
If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.
The no form of the command removes all policies from the configuration.
See the 7705 SAR Router Configuration Guide for information about defining route policies.
Default
no export — no export route policies specified
Parameters
- policy-name
the name of an existing route policy
external-db-overflow
Syntax
external-db-overflow limit seconds
no external-db-overflow
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command enables limits on the number of non-default, AS-external LSA entries that can be stored in the link-state database (LSDB) and specifies a wait timer before processing these entries after the limit is exceeded.
The limit value specifies the maximum number of entries that can be stored in the LSDB. Placing a limit on these LSAs in the LSDB protects the router from receiving an excessive number of external routes that consume excessive memory or CPU resources. If the number of routes reaches or exceeds the limit, the table is in an overflow state. When in an overflow state, the router will not originate any new AS-external LSAs and will withdraw all the self-originated non-default external LSAs.
The seconds value specifies the time to wait after an overflow state before regenerating and processing non-default, AS-external LSAs. The waiting period acts like a dampening period, preventing the router from continuously running shortest path first (SPF) calculations caused by the excessive number of non-default, AS-external LSAs.
The external-db-overflow must be set identically on all routers attached to any regular OSPF or OSPFv3 area. OSPF or OSPFv3 stub areas and NSSAs are excluded.
The no form of the command disables limiting the number of non-default, AS-external LSA entries.
Default
no external-db-overflow
Parameters
- limit
the maximum number of non-default, AS-external LSA entries that can be stored in the LSDB before going into an overflow state, expressed as a decimal integer
- seconds
the number of seconds after entering an overflow state before attempting to process non-default, AS-external LSAs, expressed as a decimal integer
external-preference
Syntax
external-preference preference
no external-preference
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command configures the preference for OSPF or OSPFv3 external routes. The preference for internal routes is set with the preference command.
A route can be learned by the router from different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide which route will be used.
Different protocols should not be configured with the same preference. If this occurs, the tiebreaker is based on the default preferences as defined in Route Preference Defaults by Route Type .
Route Type |
Preference |
Configurable |
---|---|---|
Direct attached |
0 |
No |
Static routes |
5 |
Yes |
OSPF/OSPFv3 internal |
10 |
Yes |
IS-IS level 1 internal |
15 |
Yes |
IS-IS level 2 internal |
18 |
Yes |
OSPF/OSPFv3 external |
150 |
Yes |
IS-IS level 1 external |
160 |
Yes |
IS-IS level 2 external |
165 |
Yes |
If multiple routes are learned with the same preference using the same protocol, the lowest-cost route is used. If multiple routes are learned with the same preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the configuration of ECMP in the config>router context. See the 7705 SAR Router Configuration Guide for information about ECMP.
The no form of the command returns the setting to the default value.
Default
external-preference 150 — OSPF or OSPFv3 external routes have a default preference of 150
Parameters
- preference
the preference for external routes, expressed as a decimal integer
ignore-dn-bit
Syntax
[no] ignore-dn-bit
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command specifies whether to ignore the DN (down) bit for OSPF or OSPFv3 LSA packets for this instance of OSPF or OSPFv3 on the router. When enabled, the DN bit for OSPF or OSPFv3 LSA packets will be ignored. When disabled, the DN bit will not be ignored for OSPF or OSPFv3 LSA packets.
Default
no ignore-dn-bit
import
Syntax
import policy-name [policy-name...(up to 5 max)]
no import
Context
config>service>vprn>ospf
Description
This command configures up to five import route policies that determine which routes are imported into the routing table.
When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy, it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.
The flooding of LSAs is not affected by OSPF import policy actions.
The no form of this command removes all import policies from the configuration. The default behavior then applies, that is, if an OSPF route has the lowest preference value among all routes to the destination, it is installed in the routing table.
Default
no import
Parameters
- policy-name
specifies the import route policy name. The route policy names must already be defined.
loopfree-alternates
Syntax
[no] loopfree-alternates
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command enables loop-free alternate (LFA) computation by SPF under the OSPFv2 or OSPFv3 routing protocol context.
When this command is enabled, the OSPF or OSPFv3 SPF attempts to precalculate both a primary next hop and a LFA backup next hop for every learned prefix. When found, the LFA next hop is populated into the routing table along with the primary next hop for the prefix.
The no form of this command disables the LFA SPF calculation.
Default
no loop-free alternates
exclude
Syntax
exclude
Context
config>service>vprn>ospf>loopfree-alternates
config>service>vprn>ospf3>loopfree-alternates
Description
This command enables the context for identifying prefix policies to be excluded from the LFA calculation by OSPF.
prefix-policy
Syntax
prefix-policy prefix-policy [prefix-policy…(up to 5 max)]
no prefix-policy
Context
config>service>vprn>ospf>loopfree-alternates>exclude
config>service>vprn>ospf3>loopfree-alternates>exclude
Description
This command excludes from the LFA SPF calculation any prefixes that match a prefix entry in a prefix policy. If a prefix is excluded, it is not included in the LFA SPF calculation, regardless of its priority.
Prefix policies are created with the config>router>policy-options>prefix-list command. For information about prefix lists, see the 7705 SAR Router Configuration Guide, ‟Route Policies”.
The default action of the loopfree-alternates>exclude>prefix-policy command, when not explicitly specified in the prefix policy, is to ‟reject”. Therefore, even if the default-action reject statement was not explicitly stated for the prefix policy, a prefix that does not match any entry in the policy will be used in the LFA SPF calculation.
The no form of this command removes the excluded prefix policy.
Default
no prefix-policy
Parameters
- prefix-policy
the name of the prefix policy to be excluded from the LFA SPF calculation for OSPF. Up to five prefixes can be specified. The specified prefix policy must already be defined.
overload
Syntax
overload [timeout seconds]
no overload
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command changes the overload state of the local router so that it appears to be overloaded. When overload is enabled, the router can participate in OSPF or OSPFv3 routing, but is not used for transit traffic. Traffic destined for directly attached interfaces continues to reach the router.
To put the IGP in an overload state, enter a timeout value. The IGP will enter the overload state until the timeout timer expires or a no overload command is executed.
If no timeout is specified, the overload state is maintained indefinitely.
If the overload command is encountered during the execution of an overload-on-boot command, the overload command takes precedence. This situation could occur as a result of a saved configuration file where both parameters are saved. When the file is saved by the system, the overload-on-boot command is saved after the overload command.
Use the no form of this command to return to the default. When the no overload command is executed, the overload state is terminated regardless of the reason the protocol entered the overload state.
Default
no overload
Parameters
- seconds
the number of seconds to reset overloading
overload-include-stub
Syntax
[no] overload-include-stub
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command is used to determine if the OSPF or OSPFv3 stub networks should be advertised with a maximum metric value when the system goes into an overload state for any reason. When enabled, the system uses the maximum metric value. When this command is enabled and the router is in overload, all stub interfaces, including loopback and system interfaces, will be advertised at the maximum metric.
Default
no overload-include-stub
overload-on-boot
Syntax
overload-on-boot [timeout seconds]
no overload-on-boot
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
When the router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures OSPF or OSPFv3 upon boot-up in the overload state until one of the following events occurs:
the timeout timer expires (if a timeout has been specified)
a manual override of the current overload state is entered with the no overload command
If no timeout is specified, the overload state is maintained indefinitely.
The no overload command does not affect the overload-on-boot function.
The no form of the command removes the overload-on-boot functionality from the configuration.
Default
no overload-on-boot
Parameters
- seconds
the number of seconds to reset overloading
preference
Syntax
preference preference
no preference
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command configures the preference for OSPF or OSPFv3 internal routes.
A route can be learned by the router from different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide which route will be used.
Different protocols should not be configured with the same preference. If this occurs, the tiebreaker is based on the default preferences as defined in Route Preference Defaults by Route Type . If multiple routes are learned with the same preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the configuration of ECMP in the config>router context. See the 7705 SAR Router Configuration Guide for information about ECMP.
The no form of the command resets the preference configuration to the default value.
Default
preference 10 — OSPF or OSPFv3 internal routes have a preference of 10
Parameters
- preference
the preference for internal routes, expressed as a decimal integer
reference-bandwidth
Syntax
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
no reference-bandwidth
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command configures the reference bandwidth used to calculate the default costs of interfaces based on their underlying link speed.
The default interface cost is calculated as follows:
cost = reference bandwidth/bandwidth
The default reference bandwidth is 100 000 000 kb/s or 100 Gb/s; therefore, the default auto-cost metrics for various link speeds are as follows:
10 Mb/s link: default cost of 10000
100 Mb/s link: default cost of 1000
1 Gb/s link: default cost of 100
The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on an interface, use the metric command in the config>router>ospf>area>interface ip-int-name context or config>router >ospf3>area> interface ip-int-name context.
The no form of the command resets the reference bandwidth to the default value.
Default
reference-bandwidth 100000000
Parameters
- bandwidth-in-kbps
the reference bandwidth in kilobits per second, expressed as a decimal integer
- Tera-bps
the reference bandwidth in terabits per second, expressed as a decimal integer
- Giga-bps
the reference bandwidth in gigabits per second, expressed as a decimal integer
- Mega-bps
the reference bandwidth in megabits per second, expressed as a decimal integer
- Kilo-bps
the reference bandwidth in kilobits per second, expressed as a decimal integer
router-id
Syntax
router-id ip-address
no router-id
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command configures the router ID for a specific VPRN context. If the router ID is not defined under VPRN, the router ID from the base router context is inherited.
When configuring the router ID in the base instance of OSPF or OSPFv3, the value overrides the router ID configured in the config>router context.
The default value for the base instance is inherited from the configuration in the config>router context. If the router ID in the config>router context is not configured, the following applies:
the system uses the system interface address (which is also the loopback address)
if a system interface address is not configured, the last 4 bytes of the chassis MAC address are used
When configuring a new router ID, the instance is not automatically restarted with the new router ID. The next time the instance is initialized, the new router ID is used.
To force the new router ID to be used, issue the shutdown and no shutdown commands for the instance, or reboot the entire router.
The no form of the command to resets the router ID to the default value.
Default
0.0.0.0 (base OSPF)
Parameters
- ip-address
a 32-bit, unsigned integer uniquely identifying the router in the Autonomous System
super-backbone
Syntax
[no] super-backbone
Context
config>service>vprn>ospf
Description
This command specifies whether CE-PE functionality is required. The OSPF super-backbone indicates the type of the LSA generated as a result of routes redistributed into OSPF. When enabled, the redistributed routes are injected as summary, external, or NSSA LSAs. When disabled, the redistributed routes are injected as either external or NSSA LSAs only.
Default
no super-backbone
suppress-dn-bit
Syntax
[no] suppress-dn-bit
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command specifies whether to suppress the setting of the DN (down) bit for OSPF or OSPFv3 LSA packets generated by this instance of OSPF or OSPFv3 on the router. When enabled, the DN bit will not be set. When disabled, this instance of the OSPF or OSPFv3 router will follow the usual procedure to determine whether to set the DN bit.
Default
no suppress-dn-bit
timers
Syntax
timers
Context
config>service>vprn>ospf
config>service>vprn>ospf3
Description
This command enables the context that allows for the configuration of OSPF or OSPFv3 timers. Timers control the delay between receipt of an LSA requiring an SPF calculation and the minimum time between successive SPF calculations.
Changing the timers affects CPU usage and network reconvergence times. Lower values reduce reconvergence time but increase CPU usage. Higher values reduce CPU usage but increase reconvergence time.
Default
n/a
lsa-arrival
Syntax
lsa-arrival lsa-arrival-time
no lsa-arrival
Context
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description
This command defines the minimum delay that must pass between receipt of the same LSAs arriving from neighbors.
It is recommended that the configured lsa-generate lsa-second-wait interval for the neighbors be equal to or greater than the lsa-arrival-time.
Use the no form of this command to return to the default.
Default
no lsa-arrival
Parameters
- lsa-arrival-time
the timer in milliseconds
lsa-generate
Syntax
lsa-generate max-lsa-wait[lsa-initial-wait[lsa-second-wait]]
no lsa-generate
Context
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description
This command customizes the throttling of OSPF or OSPFv3 LSA generation. Timers that determine when to generate the first, second, and subsequent LSAs can be controlled with this command. Subsequent LSAs are generated at increasing intervals of the lsa-second-wait timer until a maximum value is reached.
It is recommended that the lsa-arrival-time be equal to or less than the lsa-second-wait interval.
Use the no form of this command to return to the default.
Default
no lsa-generate
Parameters
- max-lsa-wait
the maximum interval, in milliseconds, between two consecutive occurrences of an LSA being generated
- lsa-initial-wait
the first waiting period between LSAs generated, in milliseconds. When the LSA exceeds the lsa-initial-wait timer value and the topology changes, there is no wait period and the LSA is immediately generated.
When an LSA is generated, the initial wait period commences. If, within the specified lsa-initial-wait period, another topology change occurs, the lsa-initial-wait timer applies.
- lsa-second-wait
the hold time, in milliseconds, between the first and second LSA generation. The next topology change is subject to this second wait period. With each subsequent topology change, the wait time doubles (that is, two times the previous wait time). This assumes that each failure occurs within the relevant wait period.
spf-wait
Syntax
spf-wait max-spf-wait [spf-initial-wait [spf-second-wait]]
no spf-wait
Context
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description
This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs can be controlled with this command.
Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, the next SPF will run after 2000 ms, and the next SPF will run after 4000 ms, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.
The timer must be entered in increments of 100 ms. Values entered that do not match this requirement will be rejected.
Use the no form of this command to return to the default.
Default
no spf-wait
Parameters
- max-spf-wait
the maximum interval, in milliseconds, between two consecutive SPF calculations
- spf-initial-wait
the initial SPF calculation delay, in milliseconds, after a topology change
- spf-second-wait
the hold time, in milliseconds, between the first and second SPF calculation
vpn-domain
Syntax
vpn-domain id {0005 | 0105 | 0205 | 8005}
no vpn-domain
Context
config>service>vprn>ospf
Description
This command specifies the type of extended community attribute exchanged using BGP to carry the OSPF VPN domain ID. The command applies to VPRN instances of OSPF only. An attempt to modify the value of this attribute will result in an inconsistent value error when the instance is not a VPRN instance. The parameters are mandatory and can be entered in any order.
This command is not supported in the ospf3 context.
Default
no vpn-domain
Parameters
- id
specifies the 6-octet OSPF VPN domain identifier in the format ‟xxxx.xxxx.xxxx”. This ID is exchanged using BGP in the extended community attribute associated with a prefix. This parameter applies to VPRN instances of OSPF only.
- 0005 | 0105 | 0205 | 8005
specifies the type of extended community attribute exchanged using BGP to carry the OSPF VPN domain ID
vpn-tag
Syntax
vpn-tag vpn-tag
no vpn-tag
Context
config>service>vprn>ospf
Description
This command specifies the route tag for an OSPF VPN on a PE router and is used mainly to prevent routing loops. This field is set in the tag field of the OSPF external LSAs generated by the PE. The command applies to VPRN instances of OSPF only. An attempt to modify the value of this tag will result in an inconsistent value error when the instance is not a VPRN instance.
This command is not supported in the ospf3 context.
Default
vpn-tag 0
Parameters
- vpn-tag
specifies the route tag for an OSPF VPN
IGMP Commands
igmp
Syntax
[no] igmp
Context
config>service>vprn
Description
This command enables the context to configure IGMP parameters.
The no form of the command disables IGMP.
Default
disabled
interface
Syntax
[no] interface ip-int-name
Context
config>service>vprn>igmp
Description
This command enables the context to configure IGMP interface parameters.
Parameters
- ip-int-name
specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed between double quotes.
disable-router-alert-check
Syntax
[no] disable-router-alert-check
Context
config>service>vprn>igmp>if
Description
This command enables or disables the IGMP router alert check option.
The no form of the command enables the router alert check.
Default
no disable-router-alert-check
import
Syntax
import policy-name
no import
Context
config>service>vprn>igmp>if
Description
This command imports a policy to filter IGMP packets on this interface.
The no form of the command removes the policy association from the IGMP instance.
Default
no import
Parameters
- policy-name
the import route policy name. The specified names must already be defined.
max-groups
Syntax
max-groups value
no max-groups
Context
config>service>vprn>igmp>if
Description
This command specifies the maximum number of groups for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed.
The no form of the command removes the value.
Default
0 — no limit to the number of groups
Parameters
- value
specifies the maximum number of groups for this interface
max-grp-sources
Syntax
max-grp-sources max-grp-sources
no max-grp-sources
Context
config>service>vprn>igmp>if
Description
This command configures the maximum number of group sources for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than the currently accepted number of group sources, the group sources that are already accepted are not deleted. Only new group sources will not be allowed.
The no form of the command reverts to the default.
Default
0
Parameters
- max-grp-sources
specifies the maximum number of group sources
ssm-translate
Syntax
ssm-translate
Context
config>service>vprn>igmp
config>service>vprn>igmp>if
Description
This command enables the context to configure group ranges that are translated to SSM (S,G) entries. If the static entry needs to be created, it must be translated from an IGMPv1 or IGMPv2 request to a Source Specific Multicast (SSM) join request. An SSM translate source can only be added when the starg command is not enabled. An error message is generated when trying to configure the source command while the starg command is enabled.
grp-range
Syntax
[no] grp-range start end
Context
config>service>vprn>igmp>ssm-translate
config>service>vprn>igmp>if>ssm-translate
Description
This command is used to configure group ranges that are translated to SSM (S,G) entries.
Parameters
- start
specifies the start address of the multicast group range, in a.b.c.d format
- end
specifies the end address of the multicast group range, in a.b.c.d format. This value should always be greater than or equal to the start value.
source
Syntax
[no] source ip-address
Context
config>service>vprn>igmp>ssm-translate>grp-range
config>service>vprn>igmp>if>ssm-translate>grp-range
Description
This command specifies the source IP address for the group range. Whenever a (*,G) report is received and is in the range specified by grp-range start and end parameters, it is translated to an (S,G) report where ip-address is the source address.
Parameters
- ip-address
specifies the unicast source address, in a.b.c.d format
static
Syntax
static
Context
config>service>vprn>igmp>if
Description
This command accesses the context to test forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without having received membership reports from host members.
Default
n/a
group
Syntax
[no] group grp-ip-address
Context
config>service>vprn>igmp>if>static
Description
This command adds a static multicast group as either a (*,G) record or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding when there is no receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.
When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.
Default
n/a
Parameters
- grp-ip-address
specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group. The address must be in dotted-decimal notation.
source
Syntax
[no] source ip-address
Context
config>service>vprn>igmp>if>static>group
Description
This command specifies the source address of the multicast group. It is an IPv4 unicast address. By specifying the source address, a multicast receiver host signals to the router that the multicast group will only be receiving multicast traffic from this specific source.
The source command and the specification of individual sources for the same group are mutually exclusive.
The source command, in combination with the group command, is used to create a specific (S,G) static group entry.
The no form of the command removes the source from the configuration.
Default
n/a
Parameters
- ip-address
specifies the IPv4 unicast address
subnet-check
Syntax
[no] subnet-check
Context
config>service>vprn>igmp>if
Description
This command enables or disables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.
The no form of the command disables subnet-check.
Default
enabled
version
Syntax
version version
no version
Context
config>service>vprn>igmp>if
Description
This command specifies the IGMP version. If routers run different versions of IGMP, they negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP.
For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.
Default
3
Parameters
- version
specifies the IGMP version number
query-interval
Syntax
query-interval seconds
no query-interval
Context
config>service>vprn>igmp
Description
This command specifies the frequency at which the querier router transmits general host-query messages. The host-query messages solicit group membership information and are sent to the all-systems multicast group address, 224.0.0.1.
Default
125
Parameters
- seconds
specifies the frequency, in seconds, at which the router transmits general host-query messages
query-last-member-interval
Syntax
query-last-member-interval seconds
no query-last-member-interval
Context
config>service>vprn>igmp
Description
This command configures the frequency at which the querier sends group-specific query messages, including messages sent in response to leave-group messages; the shorter the interval, the faster the detection of the loss of the last member of a group.
Default
1
Parameters
- seconds
specifies the frequency, in seconds, at which query messages are sent
query-response-interval
Syntax
query-response-interval seconds
no query-response-interval
Context
config>service>vprn>igmp
Description
This command specifies how long the querier router waits to receive a response to a host-query message from a host.
Default
10
Parameters
- seconds
specifies the length of time, in seconds, that the router waits to receive a response to the host-query message from the host
robust-count
Syntax
robust-count robust-count
no robust-count
Context
config>service>vprn>igmp
Description
This command configures the robust count. The robust-count allows adjusting for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count can be increased.
Default
2
Parameters
- robust-count
specifies the robust count value
PIM Commands
pim
Syntax
[no] pim
Context
config>service>vprn
Description
This command configures a Protocol Independent Multicast (PIM) instance in the VPRN service. When a PIM instance is created, the protocol is enabled. PIM is used for multicast routing within the network. Devices in the network can receive the requested multicast feed and non-participating routers can be pruned. The router supports PIM sparse mode (PIM-SM).
The no form of the command deletes the PIM protocol instance, removing all associated configuration parameters.
Default
n/a
apply-to
Syntax
apply-to {all | none}
Context
config>service>vprn>pim
Description
This command creates a PIM interface configured with default parameters.
If a manually created interface or a modified interface is deleted, the interface will be recreated when the apply-to command is executed. If PIM is not required on a specific interface, execute a shutdown command on the interface.
The apply-to command is saved first in the PIM configuration structure; all subsequent apply-to commands either create new structures or modify the defaults as created by the apply-to command.
Default
none (keyword)
Parameters
- all
specifies that all VPRN and non-VPRN interfaces are automatically applied in PIM
- none
specifies that no interfaces are automatically applied in PIM; PIM interfaces must be manually configured
import
Syntax
import {join-policy | register-policy} policy-name [policy-name…(up to 5 max)]
no import {join-policy | register-policy}
Context
config>service>vprn>pim
Description
This command specifies up to five import route policies to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.
The no form of the command removes the policy associations from the PIM instance for the specified type.
Default
no import join-policy no import register-policy
Parameters
- join-policy
specifies filtering PIM join messages to prevent unwanted multicast streams from traversing the network
- register-policy
specifies filtering PIM messages to prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.
- policy-name
specifies the route policy name
interface
Syntax
[no] interface ip-int-name
Context
config>service>vprn>pim
Description
This command enables PIM on an interface and enables the context to configure interface-specific parameters. By default, interfaces are activated in PIM based on the apply-to command and do not have to be configured on an individual basis unless the default values must be changed.
The no form of the command deletes the PIM interface configuration for this interface. If the apply-to command parameter is configured, then the no interface form must be saved in the configuration to avoid automatic recreation of the interface after the next apply-to command is executed as part of a reboot.
The shutdown command can be used to disable an interface without removing the configuration for the interface.
Default
Interfaces are activated in PIM based on the apply-to command.
Parameters
- ip-int-name
specifies the interface name up to 32 characters; if the string contains special characters (such as #, $, or spaces), then the entire string must be enclosed between double quotes
assert-period
Syntax
assert-period assert-period
no assert-period
Context
config>service>vprn>pim>if
Description
This command configures the time between refreshes of PIM assert messages on an interface.
The no form of the command reverts to the default.
Default
60
Parameters
- assert-period
specifies the time, in seconds, between refreshes of PIM assert messages on an interface
bsm-check-rtr-alert
Syntax
[no] bsm-check-rtr-alert
Context
config>service>vprn>pim>if
Description
This command enables the checking of the router alert option in the bootstrap messages received on this interface.
Default
no bsm-check-rtr-alert
bfd-enable
Syntax
[no] bfd-enable [ipv4]
Context
config>service>vprn>pim>if
Description
This command enables the use of bidirectional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set via the bfd command under the IP interface.
The no form of this command removes BFD from the associated IGP protocol adjacency.
Default
no bfd-enable
hello-interval
Syntax
hello-interval hello-interval
no hello-interval
Context
config>service>vprn>pim>if
Description
This command configures the interval at which PIM hello messages are transmitted on this interface.
The no form of this command reverts to the default value.
Default
30
Parameters
- hello-interval
specifies the hello interval, in seconds; a 0 value disables the sending of hello messages
hello-multiplier
Syntax
hello-multiplier deci-units
no hello-multiplier
Context
config>service>vprn>pim>if
Description
This command configures the multiplier used to determine the hold time for a PIM neighbor.
The hello-multiplier in conjunction with the hello-interval determines the hold time for a PIM neighbor.
Parameters
- deci-units
specifies the value of the hello-multiplier, in multiples of 0.1, for the formula used to calculate the hello hold-time
hello hold-time = (hello-interval * hello-multiplier) / 10
This allows the PIMv2 default timeout of 3.5 s to be supported. For example, if hello-interval = 1 s, and hello-multiplier = 35 deci-units, then hold-time = (1 * 35) / 10 = 3.5 s.
improved-assert
Syntax
[no] improved-assert
Context
config>service>vprn>pim>if
Description
This command enables improved assert processing on this interface. The PIM assert process establishes a forwarder node for a LAN and requires interaction between the control and forwarding planes.
The assert process is started when data is received on an outgoing interface. There can be an impact on performance if data is continuously received on an outgoing interface.
When enabled, the PIM assert process occurs entirely on the control plane, with no interaction between the control and forwarding planes.
Default
enabled
instant-prune-echo
Syntax
[no] instant-prune-echo
Context
config>service>vprn>pim>if
Description
This command enables or disables instant PruneEcho for a PIM interface.
Default
no instant-prune-echo
ipv4-multicast-disable
Syntax
[no] ipv4-multicast-disable
Context
config>service>vprn>pim
config>service>vprn>pim>if
Description
This command administratively disables or enables PIM operation for IPv4.
Default
no ipv4-multicast-disable
max-groups
Syntax
max-groups value
no max-groups
Context
config>service>vprn>pim>if
Description
This command configures the maximum number of groups for which PIM can have a downstream state based on received PIM join messages on this interface. This number does not include IGMP local receivers on the interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed. When this configuration has a value of 0, there is no limit to the number of groups.
Parameters
- value
specifies the maximum number of groups for this interface
multicast-senders
Syntax
multicast-senders {auto | always | never}
no multicast-senders
Context
config>service>vprn>pim>if
Description
This command configures the way subnet matching is done for incoming data packets on this interface. An IP multicast sender is a user entity to be authenticated in a receiving host.
Parameters
- auto
specifies that subnet matching is automatically performed for incoming data packets on this interface
- always
specifies that subnet matching is always performed for incoming data packets on this interface
- never
specifies that subnet matching is never performed for incoming data packets on this interface
multicast-to-multicast
Syntax
multicast-to-multicast source ip-address group-start ip-address group-end ip-address to-multicast group-address
no multicast-to-multicast
Context
config>service>vprn>pim>interface
Description
This command enables multicast-to-multicast address translation by mapping a range of source IP addresses to a range of multicast group addresses. The PIM interface on the 7705 SAR translator router is the source of the multicast address. Multiple (S,G)s (for example, s1,g1 / s2,g1 / s3,g1) can be mapped to a single PIM interface, using the same source IP address for the translated (S,G) but for a range of groups.
The PIM interface on the translator router must first be enabled for multicast translation with the config>router>interface>multicast-translation command.
Default
no multicast-to-multicast
Parameters
- source ip-address
the source address of the (S,G) being translated
- group-start ip-address
the starting group address of the (S,G) being translated
- group-end ip-address
the ending group address of the (S,G) being translated
- group-address
the multicast group address used for translation
priority
Syntax
priority dr-priority
no priority
Context
config>service>vprn>pim>if
Description
This command sets the priority value for the interface to become the designated router (DR), so that multiple PIM routers do not exist on one Layer 2 network.
The no form of the command resets the priority to the default value.
Default
1 (the router is least likely to become the designated router)
Parameters
- dr-priority
specifies the priority to become the designated router; greater values have higher priority
sticky-dr
Syntax
sticky-dr [priority dr-priority]
no sticky-dr
Context
config>service>vprn>pim>if
Description
This command enables sticky-dr operation on this interface. When enabled, the priority value used in PIM hello messages sent on this interface when elected as the designated router (DR) is changed to the value configured with this command. This is done to avoid forwarding delays caused by DR recovery, which occurs when switching back to the old DR on a LAN when the old DR comes back up.
By enabling sticky-dr on this interface, the interface continues to act as the DR for the LAN even after the old DR comes back up.
When sticky-dr is used without the priority keyword, the sticky-dr priority value is 1024 (default).
The no form of the command disables sticky-dr operation on this interface.
Default
disabled (no sticky-dr)
Parameters
- dr-priority
when sticky-dr operation is enabled, dr-priority sets the DR priority sent in PIM hello messages after the election of that interface as the DR
three-way-hello
Syntax
[no] three-way-hello
Context
config>service>vprn>pim>if
Description
This command configures the compatibility mode to enable three-way hello. By default, three-way hello is disabled on all interfaces and the standard two-way hello is supported.
Default
no three-way-hello
tracking-support
Syntax
[no] tracking-support
Context
config>service>vprn>pim>if
Description
This command sets the T-bit in the LAN prune delay option of the hello message. This indicates the router's capability to disable join-message suppression.
Default
no tracking-support
unicast-to-multicast
Syntax
unicast-to-multicast unicast-start ip-address unicast-end ip-address destination ip-address to-multicast ip-address
no unicast-to-multicast
Context
config>service>vprn>pim>interface
Description
This command enables unicast-to-multicast address translation by mapping a range of unicast source addresses and a unicast destination address to a multicast group address. The unicast destination address is a loopback IP address configured on the 7705 SAR that is performing the translation. This translator router becomes the source of the multicast packets. The multicast source address is a loopback interface IP address configured on the PIM interface of the translator router. The PIM interface on the 7705 SAR translator router must first be enabled for multicast translation with the config>service>vprn>interface> multicast-translation command.
The unicast destination and the multicast source can be the same loopback address or different loopback addresses.
The translation can map a range of unicast source addresses to a range of multicast group addresses. For example, if the unicast source address range is 1.1.1.1 to 1.1.1.4 and the multicast group address is 230.0.0.100, the following multicast destination address range is created:
Unicast Source |
Multicast Group |
---|---|
1.1.1.1 |
230.0.0.100 |
1.1.1.2 |
230.0.0.101 |
1.1.1.3 |
230.0.0.102 |
1.1.1.4 |
230.0.0.103 |
Default
no unicast-to-multicast
Parameters
- unicast-start ip-address
the start of the range of unicast source addresses to be translated
- unicast-end ip-address
the end of the range of unicast source addresses to be translated
- destination ip-address
the destination address of the unicast stream being translated
- multicast ip-address
the group and destination addresses for the multicast stream
non-dr-attract-traffic
Syntax
[no] non-dr-attract-traffic
Context
config>service>vprn>pim
Description
This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.
An operator can configure an interface (router or IES or VPRN interfaces) with IGMP and PIM. The interface IGMP state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM, which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers, a non-dr-attract-traffic flag can be used in the PIM context to have the router ignore the DR state and attract traffic when it is not the DR. While using this flag, the router may not send the stream to the DSLAM when it is not the DR.
The no form of the command disables the DR state. When disabled, the DR state is used.
Default
no non-dr-attract-traffic
rp
Syntax
rp
Context
config>service>vprn>pim
Description
This command enables access to the context to configure the rendezvous point (RP) of a PIM protocol instance.
A PIM router acting as an RP must respond to a PIM register message that specifies an SSM multicast group address by sending stop register messages to the first-hop router. The PIM router does not build an (S, G) shortest path tree toward the first-hop router. An SSM multicast group address can be an address either from the SSM default range of 232/8 or from a multicast group address range that was explicitly configured for SSM.
Default
rp enabled when PIM is enabled
anycast
Syntax
[no] anycast rp-ip-address
Context
config>service>vprn>pim>rp
Description
This command configures a PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.
The no form of the command removes the anycast instance from the configuration.
Default
n/a
Parameters
- rp-ip-address
specifies the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If a subsequent anycast command is entered with an address then the old address will be replaced with the new address. If no ip-address is entered then the command is used to enter the anycast CLI level.
rp-set-peer
Syntax
[no] rp-set-peer ip-address
Context
config>service>vprn>pim>rp>anycast
Description
This command configures a peer in the anycast RP-set. The ip-address identifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.
Although there is no set maximum number of addresses that can be configured in an RP-set, up to 15 multicast addresses is recommended.
The no form of the command removes an entry from the list.
Default
n/a
Parameters
- ip-address
specifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.
auto-rp-discovery
Syntax
[no] auto-rp-discovery
Context
config>service>vprn>pim>rp
Description
This command enables auto-RP protocol in discovery mode. In discovery mode, RP-mapping and RP-candidate messages are received and forwarded to downstream nodes. RP-mapping messages are received locally to learn about availability of RP nodes present in the network.
Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together. The auto-rp-discovery command cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.
The no form of the command disables auto-RP discovery.
Default
no auto-rp-discovery
bootstrap-export
Syntax
bootstrap-export policy-name [policy-name... (up to 5 max)]
no bootstrap-export
Context
config>service>vprn>pim>rp
Description
This command exports policies to control the flow of bootstrap messages from the RP. Up to five policies can be defined.
The no form of this command removes the specified policy names from the configuration.
Default
n/a
Parameters
- policy-name
specifies the policy name, where the policy statement must already be configured in the config>router>policy-options context
bootstrap-import
Syntax
bootstrap-import policy-name [policy-name... (up to 5 max)]
no bootstrap-import
Context
config>service>vprn>pim>rp
Description
This command imports policies to control the flow of bootstrap messages to the RP. Up to five policies can be defined.
The no form of this command removes the specified policy names from the configuration.
Default
n/a
Parameters
- policy-name
specifies the policy name, where the policy statement must already be configured in the config>router>policy-options context
bsr-candidate
Syntax
bsr-candidate
Context
config>service>vprn>pim>rp
Description
This command enables the context to configure candidate bootstrap router (BSR) parameters.
Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together.
Default
bsr-candidate shutdown
address
Syntax
[no] address ip-address
Context
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>rp-candidate
Description
This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.
Use the no form of this command to remove the static RP from the configuration.
Default
no address
Parameters
- ip-address
specifies the IP host address that will be used by the IP interface within the subnet. This address must be a unique unicast address within the subnet and specified in dotted-decimal notation (1.0.0.0 to 223.255.255.255).
hash-mask-len
Syntax
hash-mask-len hash-mask-length
no hash-mask-len
Context
config>service>vprn>pim>rp>bsr-candidate
Description
This command is used to configure the length of the mask that is combined with the group address before the hash function is called. All groups with the same hash result will map to the same RP. For example, if the hash-mask-length value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.
Default
30
Parameters
- hash-mask-length
the hash mask length
priority
Syntax
priority bootstrap-priority
Context
config>service>vprn>pim>rp>bsr-candidate
Description
This command defines the priority used when determining the rendezvous point (RP). The higher the priority value the more likely that this router becomes the RP. If there is a tie, the router with the highest IP address is elected.
Parameters
- bootstrap-priority
the priority value used to become the bootstrap router
rp-candidate
Syntax
rp-candidate
Context
config>service>vprn>pim>rp
Description
This command enables the context to configure the candidate rendezvous point (RP) parameters.
Default
enabled when PIM is enabled
group-range
Syntax
[no] group-range {grp-ip-prefix/mask | grp-ip-prefix netmask}
Context
config>service>vprn>pim>rp>rp-candidate
Description
This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).
Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.
Default
n/a
Parameters
- grp-ip-address
specifies the multicast group IP address expressed in dotted-decimal notation (224.0.0.0 to 239.255.255.255)
- mask
specifies the mask associated with the IP prefix expressed as a mask length or in dotted-decimal notation; for example /16 for a sixteen-bit mask. The mask can also be entered in dotted-decimal notation (255.255.0.0).
- netmask
specifies the subnet mask in dotted-decimal notation (0.0.0.0 to 255.255.255.255)
holdtime
Syntax
holdtime holdtime
no holdtime holdtime
Context
config>service>vprn>pim>rp>rp-candidate
Description
This command defines the length of time a neighboring router considers this router to be up.
The no form of this command reverts to the default value.
Default
150
Parameters
- holdtime
specifies the length of time, in seconds, that neighbor should consider the sending router to be operational
priority
Syntax
priority priority
no priority priority
Context
config>service>vprn>pim>rp>rp-candidate
Description
This command defines the priority used to determine the rendezvous point (RP). The higher the priority value, the more likely that this router will become the RP.
Use the no form of this command to revert to the default value.
Default
192
Parameters
- priority
specifies the priority to become the designated router
static
Syntax
static
Context
config>service>vprn>pim>rp
Description
This command enables access to the context to configure a static rendezvous point (RP) for a PIM-SM protocol instance.
Default
n/a
address
Syntax
[no] address ip-address
Context
config>service>vprn>pim>rp>static
Description
This command configures the static rendezvous point (RP) address.
The no form of this command removes the static RP entry from the configuration.
Default
n/a
Parameters
- ip-address
specifies the IP host address in dotted-decimal notation (1.0.0.0 to 223.255.255.255).
group-prefix
Syntax
[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}
Context
config>service>vprn>pim>rp>static
Description
The command defines a range of multicast IP addresses for which a certain RP is applicable.
The no form of the command removes the criterion.
Default
n/a
Parameters
- grp-ip-address
specifies the multicast IP address
- mask
defines the mask of the multicast-ip-address
- netmask
the subnet mask in dotted-decimal notation
override
Syntax
[no] override
Context
config>service>vprn>pim>rp>static
Description
This command changes the precedence of static RP over dynamically-learned RP.
When enabled, the static group-to-RP mappings take precedence over the dynamically-learned mappings.
Default
no override
spt-switchover-threshold
Syntax
spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold
no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}
Context
config>service>vprn>pim
Description
This command configures a shortest path tree (SPT) switchover threshold for a group prefix.
PIM-SM routers with directly connected routers receive multicast traffic initially on a shared tree rooted at the rendezvous point (RP). Once the traffic arrives on the shared tree and the source of the traffic is known, a switchover to the SPT tree rooted at the source is attempted.
For a group that falls in the range of a prefix configured in the table, the corresponding threshold value determines when the router should switch over from the shared tree to the source specific tree. The switchover is attempted only if the traffic rate on the shared tree for the group exceeds the configured threshold.
In the absence of any matching prefix in the table, the default behavior is to switchover when the first packet is seen. In the presence of multiple prefixes matching a given group, the most specific entry is used.
Parameters
- grp-ip-address
specifies the multicast group address
- mask
defines the mask of the multicast IP address
- netmask
the subnet mask in dotted-decimal notation
- spt-threshold
specifies the configured threshold, in kilobits per second (kb/s), for the group to which this (S,G) belongs. For a group (G) configured with a threshold, switchover to SPT for an (S,G) is attempted only if the (S,G) rate exceeds this configured threshold. When the infinity keyword is specified, no switchover will occur at any time, regardless of the traffic level detected.
ssm-default-range-disable
Syntax
[no] ssm-default-range-disable ipv4
Context
config>service>vprn>pim
Description
This command specifies whether to disable the use of default range (232/8) for SSM so that it can be used by ASM to process (*,G). When enabled, the use of the default range is disabled for SSM and it (the default range) can be used by ASM. When disabled, the SSM default range is enabled.
The no form of the command enables the use of the default range.
Default
no ssm-default-range-disable (enabled)
ssm-groups
Syntax
[no] ssm-groups
Context
config>service>vprn>pim
Description
This command enables access to the context to enable a source-specific multicast (SSM) configuration instance.
Default
n/a
group-range
Syntax
[no] group-range {ip-prefix/mask | ip-prefix netmask}
Context
config>service>vprn>pim>ssm-groups
Description
This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).
Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.
Default
n/a
Parameters
- ip-prefix
specifies the addresses or address ranges for which this router can be an RP
- mask
specifies the address mask used with the address to define a range of addresses
- netmask
specifies the subnet mask in dotted-decimal notation
RIP Commands
rip
Syntax
[no] rip
Context
config>service>vprn
Description
This command enables the RIP protocol on a VPRN interface.
The no form of the command disables the RIP protocol on a VPRN interface.
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command sets the authentication password to be passed between RIP neighbors. The authentication type and authentication key must match exactly in order for the RIP message to be considered authentic.
The authentication key can be any combination of ASCII characters up to 16 characters long. The hash-key can be any combination of ASCII characters up to 33 characters long.
The no form of the command removes the authentication password from the configuration and disables authentication.
Default
no authentication-key
Parameters
- authentication-key
the authentication key. The key can be any combination of ASCII characters up to 16 characters in length (unencrypted). If spaces are used in the string, the entire string must be enclosed in double quotes.
- hash-key
the hash key. The key can be any combination of ASCII characters up to 33 characters in length (encrypted). If spaces are used in the string, the entire string must be enclosed in double quotes.
- hash
specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
- hash2
specifies the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
authentication-type
Syntax
authentication-type {none | password | message-digest-20}
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command sets the type of authentication to be used between RIP neighbors. Authentication type can be specified regardless of the configured send and receive parameters, but will only apply to RIPv2 packets.
The type and password must match exactly for the RIP message to be considered authentic and processed.
The no form of the command removes the authentication type from the configuration and disables authentication.
Default
no authentication-type
Parameters
- none
disables authentication
- password
enables simple password (plaintext) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
- message-digest-20
configures 16-byte message digest for MD5 authentication. If this option is configured, then at least one message-digest key must be configured.
check-zero
Syntax
check-zero {enable | disable}
no check-zero
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.
The check-zero enable command enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting of non-compliant RIP messages.
The check-zero disable command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.
The check-zero command can be enabled at all three RIP levels. The most specific value is used. If no check-zero value is set (no check-zero), the setting from the less-specific level is inherited by the lower level.
The no form of the command disables check-zero on the configuration.
Default
no check-zero
Parameters
- enable
configures the router to reject RIP messages that do not have zero in the mandatory fields
- disable
configures the router to accept RIP messages that do not have zero in the mandatory fields
export
Syntax
export policy-name [policy-name... (up to 5 max)]
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command specifies the export policies to be used to control routes advertised to RIP neighbors.
By default, when no export policies are specified, RIP routes are advertised and non-RIP routes are not advertised.
The no form of the command removes all route policy names from the export list.
Default
no export
Parameters
- policy-name
the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
export-limit
Syntax
export-limit number [log percentage]
no export-limit
Context
config>service>vprn>rip
Description
This command configures the maximum number of routes (prefixes) that can be exported into RIP from the route table.
The no form of the command removes the configured parameter values.
Default
no export-limit
Parameters
- number
specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table
- percentage
specifies the percentage of the export-limit, that when reached, causes a warning log message and SNMP notification to be sent
group
Syntax
[no] group group-name
Context
config>service>vprn>rip
Description
This command creates a context for configuring a RIP group of neighbors.
RIP groups logically associate RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.
The no form of the command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.
Default
no group
Parameters
- group-name
the RIP group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
import
Syntax
import policy-name [policy-name... (up to 5 max)]
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command specifies the import policy to be used to control routes advertised from RIP neighbors.
By default, RIP accepts all routes from RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.
The no form of the command removes all route policy names from the import list.
Default
no import
Parameters
- policy-name
the route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
message-size
Syntax
message-size max-num-of-routes
no message-size
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command configures the maximum number of routes per RIP update message.
By default, each update can contain a maximum of 25 route advertisements. This limit is imposed by RIP specifications. RIP can be configured to send as many as 255 routes per update.
The no form of the command reverts to the default value.
Default
no message-size
Parameters
- max-num-of-routes
an integer value
metric-in
Syntax
metric-in metric
no metric-in
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command configures the metric added to routes received from a RIP neighbor. The specified metric value is added to the hop count and shortens the maximum distance of the route.
When applying an export policy to a RIP configuration, the policy overrides the metric values determined through calculations involving the metric-in and metric-out values.
The no form of the command reverts to the default value.
Default
no metric-in
Parameters
- metric
the value added to the metric of routes received from a RIP neighbor, expressed as a decimal integer
metric-out
Syntax
metric-out metric
no metric-out
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command configures the metric added to routes exported into RIP and advertised to RIP neighbors. The specified metric value is added to the hop count and shortens the maximum distance of the route.
When applying an export policy to a RIP configuration, the policy overrides the metric values determined through calculations involving the metric-in and metric-out values.
The no form of the command removes the command from the configuration and resets the metric-in value to the default.
Default
no metric-out
Parameters
- metric
the value added to the metric of routes exported into RIP and advertised to RIP neighbors, expressed as a decimal integer
neighbor
Syntax
[no] neighbor ip-int-name
Context
config>service>vprn>rip>group
Description
This command creates a context for configuring a RIP neighbor interface.
By default, interfaces are not activated unless explicitly configured.
The no form of the command deletes the RIP interface configuration for this interface. The shutdown command in the config>router>rip>group>neighbor context can be used to disable an interface without removing the configuration for the interface.
Default
no neighbor
Parameters
- ip-int-name
the IP interface name. Interface names must be unique within the group of defined IP interfaces for config>router>interface and config>service>vprn>interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
preference
Syntax
preference preference
no preference
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command configures the route preference assigned to RIP routes. This value can be overridden by route policies.
The no form of the command reverts to the default value.
Default
no preference
Parameters
- preference
the route preference, expressed as an integer value
propagate-metric
Syntax
[no] propagate-metric
Context
config>service>vprn>rip
Description
This command allows the RIP metric to be used to set the MP-BGP MED attribute when RIP is used as the CE-PE routing protocol for VPRNs. This is similar to the way the OSPF metric can be used to set the MP-BGP metric when OSPF is used as the CE-PE protocol.
MP-BGP uses the RIP metric to set the MED attribute, which is flooded throughout the MP-BGP peers and is then used to set the RIP metric at the other end and re-advertise the RIP metric to the far-end RIP neighbors.
receive
Syntax
receive receive-type
no receive
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command configures the types of RIP updates that will be accepted and processed.
If you specify both or version-2, the RIP instance listens for, and accepts, packets sent to the broadcast (255.255.255.255) and multicast (224.0.0.9) addresses.
If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.
The default behavior is to accept and process both RIPv1 and RIPv2 messages.
The no form of the command reverts to the default value.
Default
both
Parameters
- receive-type
configures the type of RIP updates that will be accepted and processed
send
Syntax
send send-type
no send
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command specifies the type of RIP messages sent to RIP neighbors.
If multicast is specified, the router sends RIPv2 messages to the multicast (224.0.0.9) destination address.
If broadcast, or version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.
The no form of this command reverts to the default value.
Default
broadcast
Parameters
- send-type
configures the type of RIP messages that are sent to RIP neighbors
split-horizon
Syntax
split-horizon {enable | disable}
no split-horizon
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command enables the use of split-horizon. RIP uses split-horizon with poison-reverse to protect from such problems as ‟counting to infinity”. Split-horizon with poison reverse means that routes learned from a neighbor through an interface are advertised in updates out of the same interface but with a metric of 16 (infinity).
The split-horizon disable command enables split-horizon without poison-reverse. This allows the routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.
This parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group), or neighbor level (only applies to the specified neighbor interface). The most specific value is used. If no value is set (no split-horizon), the setting from the less-specific level is inherited by the lower level.
The no form of the command disables split-horizon.
Default
enable
Parameters
- enable
enables split-horizon and poison-reverse
- disable
disables poison-reverse but leaves split-horizon enabled
timers
Syntax
timers update timeout flush
Context
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description
This command configures values for the update, timeout, and flush RIP timers.
The RIP update timer determines how often RIP updates are sent.
If the route is not updated by the time the RIP timeout timer expires, the route is declared invalid but is maintained in the RIP database.
The RIP flush timer determines how long a route is maintained in the RIP database after it has been declared invalid. After the flush timer expires, the route is removed from the RIP database.
The no form of the command reverts all timers to their default values.
Default
no timers
Parameters
- update
the RIP update timer value, in seconds, expressed as a decimal integer
- timeout
the RIP timeout value, in seconds, expressed as a decimal integer
- flush
the RIP flush timer value, in seconds, expressed as a decimal integer
VPRN Security Configuration Commands
zone
Syntax
zone {zone-id | zone-name} [create]
no zone zone-id
Context
config>service>vprn
Description
This command creates or specifies a security zone within a VPRN context. Each zone must have a unique ID.
All zones must be explicitly created with the create keyword. If no zones are created within a service or router context, a zone will not exist on that object.
Enter an existing zone without the create keyword to edit zone parameters.
The no form of this command deletes the zone. When a zone is deleted, all configuration parameters for the zone are also deleted.
Parameters
- zone-id
the zone ID number. The zone ID must be unique within the system.
abort
Syntax
abort
Context
config>service>vprn>zone
Description
This command discards changes made to a security feature.
Default
n/a
begin
Syntax
begin
Context
config>service>vprn>zone
Description
This command enters the mode to create or edit security features.
Default
n/a
commit
Syntax
commit
Context
config>service>vprn>zone
Description
This command saves changes made to security features.
Default
n/a
auto-bind
Syntax
auto-bind
no auto-bind
Context
config>service>vprn>zone
Description
This command creates a security zone on automatically bound GRE, MPLE, or LDP transport tunnels configured for this service. Depending on how the security policy is configured, any traffic entering or exiting the zone is firewalled; traffic traveling between auto-bind LSPs in the zone is not firewalled.
Default
n/a
inbound
Syntax
inbound
Context
config>service>vprn>zone
Description
This command enables the context to configure limit parameters on inbound security sessions.
Default
n/a
outbound
Syntax
outbound
Context
config>service>vprn>zone
Description
This command enables the context to configure limit parameters for outbound security sessions on the CSM.
Default
n/a
limit
Syntax
limit
Context
config>service>vprn>zone>inbound
config>service>vprn>zone>outbound
Description
This command enables the context to configure limits on concurrent sessions for inbound or outbound firewall sessions on the CSM.
Default
n/a
concurrent-sessions
Syntax
concurrent-sessions {tcp | udp | icmp | other} sessions
no concurrent-sessions {tcp | udp | icmp | other}
Context
config>service>vprn>zone>inbound>limit
config>service>vprn>zone>outbound>limit
Description
This command configures the maximum number of concurrent firewall sessions that can be established per zone, in either the inbound or outbound direction.
Default
n/a
Parameters
- tcp
specifies that TCP connection traffic is to be firewalled
- udp
specifies that UDP connection traffic is to be firewalled
- icmp
specifies that ICMP connection traffic is to be firewalled
- other
specifies that the traffic to be firewalled is other than TCP, UDP, or ICMP
- sessions
the maximum number of concurrent firewall sessions that can be created in a zone for the configured direction
interface
Syntax
[no] interface ip-int-name
Context
config>service>vprn>zone
Description
This command creates a logical IP routing interface for a zone. Once created, attributes such as an IP address can be associated with the IP interface. Multiple interfaces can be configured on a zone.
The no form of this command removes the IP interface and all the associated configurations.
Parameters
- ip-int-name
the name of the interface to be configured within the zone
log
Syntax
log {log-id | name}
no log
Context
config>service>vprn>zone
Description
This command applies a security log to the specified zone. The security log must already be configured in the config>security>policy context.
The no form of this command removes logging for the zone.
Parameters
- log-id
the identifier for the log
- name
the name of the log
name
Syntax
name zone-name
no name
Context
config>service>vprn>zone
Description
This command configures a zone name. The zone name is unique within the system. It can be used to refer to the zone under configure, show, and clear commands.
Parameters
- zone-name
specifies the name of the zone
nat
Syntax
nat
Context
config>service>vprn>zone
Description
This command enters the context to configure NAT security parameters for a zone.
pool
Syntax
pool pool-id [create]
no pool pool-id
Context
config>service>vprn>zone>nat
Description
This command configures the NAT pool for the security zone within a VPRN service. Each pool must have a unique ID.
All pools must be explicitly created with the create keyword.
Enter an existing pool without the create keyword to edit pool parameters.
The no form of this command deletes the specified NAT pool. When a pool is deleted, all configuration parameters for the pool will also be deleted.
Parameters
- pool-id
the pool ID number
direction
Syntax
direction {zone-outbound | zone-inbound | both}
no direction
Context
config>service>vprn>zone>nat>pool
Description
This command configures the NAT pool direction for the security zone. A specific NAT pool can be configured for different directions while using the same policy. For example, if the security policy entry direction is set to both, separate inbound and outbound pools can be created for that policy.
The no form of this command deletes the direction.
Parameters
- zone-outbound
configures a pool for the policy outbound traffic
- zone-inbound
configures a pool for the policy inbound traffic
- both
configures a pool for policy inbound and outbound traffic
entry
Syntax
entry entry-id [create]
no entry entry-id
Context
config>service>vprn>zone>nat>pool
Description
This command configures a NAT pool entry within a VPRN service.
The no form of this command deletes the entry with the specified ID. When an entry is deleted, all configuration parameters for the entry will also be deleted.
Parameters
- entry-id
the entry ID number
ip-address
Syntax
ip-address ip-address [to ip-address] interface ip-int-name
no ip-address
Context
config>service>vprn>zone>nat>pool>entry
Description
This command configures the source IP address or IP address range to which packets that match NAT policy are routed using NAT. An interface can also be configured, in which case all packets that match NAT policy are routed to the interface IP address. If the interface IP address is changed dynamically, NAT is updated accordingly. Only one IP address can be associated with an IP interface. Source IP addresses and interfaces cannot be used together in a single NAT pool.
The IP address for the interface must be entered in dotted-decimal notation.
The no form of the command removes the IP address assignment. The no form of this command can only be performed when the IP interface is administratively shut down. Shutting down the IP interface brings the interface operationally down.
Parameters
- ip-address
the source IP address to be used by NAT. The ip-address portion of the ip-address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
- ip-int-name
the name of the interface to be used by NAT
port
Syntax
port port [to port]
no port
Context
config>service>vprn>zone>nat>pool>entry
Description
This command configures the UDP/TCP port or port range. Packets that match NAT policy undergo network port address translation (NPAT) and are routed to their source UDP/TCP port. Configuring a UDP/TCP port pool requires an IP-address pool because the 7705 SAR does not support port address translation (PAT) alone.
The no form of this command deletes the port or port range.
Parameters
- port
the UDP/TCP port or range of ports to which NPAT is applied
name
Syntax
name pool-name
no name
Context
config>service>vprn>zone>nat>pool
Description
This command configures a zone pool name. Pool names must be unique within the group of pools defined for a zone. It can be used to refer to the pool under configure, show, and clear commands.
Parameters
- pool-name
specifies the name of the pool. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
policy
Syntax
policy {policy-id | policy-name}
no policy policy-id
Context
config>service>vprn>zone
Description
This command sets the policy to be used by the security zone to build its matching criteria for incoming packets.
The no form of this command deletes the specified policy.
Parameters
- policy-id
the number of the referenced policy
VPRN Raw Socket IP Transport Configuration Commands
ip-transport
Syntax
[no] ip-transport ipt-id [create]
no ip-transport ipt-id
Context
config>service>vprn
Description
This command creates an IP transport subservice within a VPRN service. An IP transport subservice is used to transmit serial raw socket data to and from a local host and remote host.
All IP transport subservices must be explicitly created using the create keyword. An IP transport subservice is owned by the service within which it is created. An IP transport subservice can only be associated with a single service. The create keyword is not needed when editing parameters for an existing IP transport subservice. An IP transport subservice must be first shut down before changes can be made to the configured parameters.
The no form of this command deletes the IP transport subservice with the specified ipt-id. When an IP transport subservice is deleted, all configured parameters for the IP transport subservice are also deleted.
Default
no ip-transport
Parameters
- ipt-id
the IP transport subservice physical port identifier. The ipt-id must reference an RS-232 serial port that has been configured as a socket and has its encapsulation type set to raw. See the 7705 SAR Interface Configuration Guide, ‟Serial Commands”, for more information.
- create
creates this IP transport subservice
dscp
Syntax
dscp dscp-name
Context
config>service>vprn>ip-transport
Description
This command configures the DSCP name used to mark the DSCP field in IP transport packets originating from this node.
Raw socket traffic redirection to a specific queue is enabled by the fc command.
Default
ef
Parameters
- dscp-name
the DSCP name used to mark the DSCP field in IP transport packets. Valid DSCP Names lists the valid DSCP names.
Table 5. Valid DSCP Names dscp-name
be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63
fc
Syntax
fc fc-name profile {in | out}
Context
config>service>vprn>ip-transport
Description
This command configures the forwarding class and profile marking for IP transport packets originating from this node.
Default
ef for fc, in for profile
Parameters
- fc-name
the forwarding class name to use for the IP transport packets
- profile {in| out}
specifies the profile marking for the IP transport packets, either in or out
filter-unknown-host
Syntax
[no] filter-unknown-host
Context
config>service>vprn>ip-transport
Description
This command filters connections from unknown hosts. An unknown host is any host that is not configured as a remote host.
The no form of this command disables the filter.
Default
no filter-unknown-host
local-host
Syntax
local-host ip-addr ip-addr port-num port-num protocol {tcp | udp}
no local-host
Context
config>service>vprn>ip-transport
Description
This command creates the local host within the IP transport subservice.
The local host is required to accept TCP/UDP sessions initiated from far-end remote hosts, and for the node to initiate sessions toward the far-end remote hosts.
The no form of this command deletes the local host.
Default
no local-host
Parameters
- ip-addr
the IP address that is used for this local host. The IP address must be the same as a loopback or local interface IP address that is already configured within this service.
- port-num
the port number that is used by remote hosts to establish TCP/UDP sessions to this local host
- protocol {tcp | udp}
the protocol type that is used for all sessions to and from this local host, either tcp or udp
remote-host
Syntax
remote-host host-id ip-addr ip-addr port-num port-num [create]
no remote-host host-id
Context
config>service>vprn>ip-transport
Description
This command creates a remote host within the IP transport subservice. Multiple remote hosts may be created in order to send serial raw socket IP transport data to multiple destinations. The create keyword must be used for each remote host that is created.
The no form of this command deletes the remote host.
Default
no remote-host
Parameters
- host-id
the remote host identifier
- ip-addr
the IP address that is used to reach the remote host in order to route IP transport packets to that remote host
- port-num
the destination port number that is used to reach the serial port socket on the remote host
- create
creates this remote host
name
Syntax
name host-name
no name
Context
config>service>vprn>ip-transport>remote-host
Description
This command configures a unique name for this remote host.
The no form of this command deletes the remote host name.
Default
n/a
Parameters
- host-name
a unique name for this remote host, up to 64 characters long
tcp
Syntax
tcp
Context
config>service>vprn>ip-transport
Description
This command enables the context to configure TCP parameters within this IP transport subservice.
Default
n/a
inactivity-timeout
Syntax
inactivity-timeout seconds
Context
config>service>vprn>ip-transport>tcp
Description
This command specifies how long to wait before disconnecting a TCP connection due to traffic inactivity over the connection.
Default
30 s
Parameters
- seconds
how long to wait, in seconds, before disconnecting a TCP connection
max-retries
Syntax
max-retries number
Context
config>service>vprn>ip-transport>tcp
Description
This command specifies the number of times that a remote host, acting as a client, tries to establish a TCP connection after the initial attempt fails.
Default
5
Parameters
- number
the number of attempts to establish a TCP connection after the initial attempt fails
retry-interval
Syntax
retry-interval seconds
Context
config>service>vprn>ip-transport>tcp
Description
This command specifies how long to wait before each TCP max-retries attempt.
Default
5 s
Parameters
- seconds
how long to wait, in seconds, before each TCP max-retries attempt
Multicast VPN Commands
mvpn
Syntax
mvpn
Context
config>service>vprn
Description
This command enables the context to configure MVPN-related parameters for the IP VPN.
auto-discovery
Syntax
auto-discovery [default]
Context
config>service>vprn>mvpn
Description
This command enables MVPN membership auto-discovery through BGP. When auto-discovery is enabled, PIM peering on the inclusive provider tunnel is disabled. Changing the auto-discovery configuration requires a shutdown of this VPRN instance.
Default
default
Parameters
- default
enables auto-discovery route exchange based on the format defined in NG-MVPN (RFC 6514)
c-mcast-signaling
Syntax
c-mcast-signaling bgp
Context
config>service>vprn>mvpn
Description
This command specifies BGP for PE-to-PE signaling of CE multicast states.
Default
bgp
Parameters
- bgp
specifies to use BGP for PE-to-PE signaling of CE multicast states. Auto-discovery must be enabled.
mdt-type
Syntax
mdt-type {sender-only | receiver-only | sender-receiver}
no mdt-type
Context
config>service>vprn>mvpn
Description
This command allows the restriction of an MVPN instance per PE node to a specific role. By default, an MVPN instance on a PE node assumes the role of a sender as well as a receiver. This creates a mesh of MDT/PMSI across all PE nodes from this PE.
This command provides an option to configure either a sender-only or receiver-only mode per PE node. Restricting the role of a PE node avoids creating a full mesh of MDT/PMSI across all PE nodes that are participating in the MVPN instance.
The no version of this command restores the default (sender-receiver).
Default
sender-receiver
Parameters
- sender-only
MVPN has only senders connected to the PE node
- receiver-only
MVPN has only receivers connected to the PE node
- sender-receiver
MVPN has both senders and receivers connected to the PE node
provider-tunnel
Syntax
provider-tunnel
Context
config>service>vprn>mvpn
Description
This command enables the context to configure tunnel parameters for the MVPN.
inclusive
Syntax
inclusive
Context
config>service>vprn>mvpn>pt
Description
This command enables the context for specifying inclusive provider tunnels.
mldp
Syntax
[no] mldp
Context
config>service>vprn>mvpn>pt>inclusive
config>service>vprn>mvpn>provider-tunnel>selective
Description
This command enables the use of an mLDP LSP for the provider tunnel.
Default
no mldp
shutdown
Syntax
[no] shutdown
Context
config>service>vprn>mvpn>ptl>inclusive>mldp
config>service>vprn>mvpn>provider-tunnel>selective>mldp
Description
This command administratively disables or enables the use of an mLDP LSP for the provider tunnel.
Default
no shutdown
selective
Syntax
selective
Context
config>service>vprn>mvpn>provider-tunnel
Description
This command enables the context to specify selective provider tunnel parameters.
Default
n/a
data-delay-interval
Syntax
data-delay-interval value
no data-delay-interval
Context
config>service>vprn>mvpn>provider-tunnel>selective
Description
This command specifies the interval, in seconds, before a PE router connected to the source switches traffic from the inclusive provider tunnel to the selective provider tunnel.
The no form of the command resets the value to the default.
Default
3 s
Parameters
- value
specifies the data delay interval, in seconds
data-threshold
Syntax
data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold
no data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask}
Context
config>service>vprn>mvpn>provider-tunnel>selective
Description
This command specifies the data rate threshold that triggers the switch from the inclusive provider tunnel to the selective provider tunnel for (C-S, C-G) within the group range. Optionally, PE thresholds for creating or deleting NG-MVPN S-PMSI may also be specified. Omitting the PE thresholds preserves the currently set value (or defaults, if never set). Multiple statements (one per unique group) are allowed in the configuration.
The no form of the command removes the values from the configuration.
Default
no data-threshold
Parameters
- c-grp-ip-addr/mask | c-grp-ip-addr netmask
specifies an IPv4 multicast group address and netmask length or network mask
- s-pmsi-threshold
specifies the rate, in kb/s. If the rate for a (C-S, C-G) within the specified group range exceeds the threshold, traffic for the (C-S, C-G) will be switched to the selective provider tunnel.
maximum-p2mp-spmsi
Syntax
maximum-p2mp-spmsi range
no maximum-p2mp-spmsi
Context
config>service>vprn>mvpn>provider-tunnel>selective
Description
This command specifies the maximum number of LDP point-to-multipoint S-PMSI tunnels for the MVPN. When the limit is reached, no more LDP point-to-multipoint S-PMSI tunnels are created and traffic over the data threshold will stay on I-PMSI.
Default
10
Parameters
- number
specifies the maximum number of LDP point-to-multipoint S-PMSI tunnels for the MVPN
umh-selection
Syntax
umh-selection {highest-ip | hash-based | unicast-rt-pref}
no umh-selection
Context
config>service>vprn>mvpn
Description
This command specifies which upstream multicast hop (UMH) selection mechanism to use, highest IP address, hash-based, or preferred unicast route.
The no form of the command resets it back to the default.
Default
umh-selection highest-ip
Parameters
- highest-ip
specifies that the highest IP address is selected as the UMH
- hash-based
specifies that the UMH selection is based on the hash based procedures
- unicast-rt-pref
when selected, preferred unicast route will decide which UMH is chosen. All PE routers must prefer the same route to the UMH for the UMH selection criterion (for example, BGP path selection criteria must not influence one PE to choose a different UMH from another PE).
vrf-export
Syntax
vrf-export unicast
vrf-export policy-name [policy-name... (up to 15 max)]
no vrf-export
Context
config>service>vprn>mvpn
Description
This command specifies the export policy (up to 15) to control MVPN routes exported from the local VRF to other VRFs on the same or remote PE routers.
Default
vrf-export unicast
Parameters
- unicast
specifies to use the unicast VRF export policy for the MVPN
- policy-name
the route policy name
vrf-import
Syntax
vrf-import unicast
vrf-import policy-name [policy-name... (up to 15 max)]
no vrf-import
Context
config>service>vprn>mvpn
Description
This command specifies the import policy (up to 15) to control MVPN routes imported to the local VRF from other VRFs on the same or remote PE routers.
Default
vrf-import unicast
Parameters
- unicast
specifies to use a unicast VRF import policy for the MVPN
- policy-name
the route policy name
vrf-target
Syntax
vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}
no vrf-target
Context
config>service>vprn>mvpn
Description
This command specifies the route target to be added to the advertised routes or compared against the received routes from other VRFs on the same or remote PE routers. The VRF import or VRF export policies override the VRF target policy.
The no form of the command removes the VRF target.
Default
no vrf-target
Parameters
- unicast
specifies to use the unicast vrf-target ext-community for the multicast VPN
- ext-community
an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. The x and y values are 16-bit integers.
export
Syntax
export {unicast | ext-community}
Context
config>service>vprn>mvpn>vrf-target
Description
This command specifies communities to be sent to peers.
Parameters
- unicast
specifies to use the unicast vrf-target ext-community for the multicast VPN
- ext-community
an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. The x and y values are 16-bit integers.
import
Syntax
import {unicast | ext-community}
Context
config>service>vprn>mvpn>vrf-target
Description
This command specifies communities to be accepted from peers.
Parameters
- unicast
specifies to use the unicast vrf-target ext-community for the multicast VPN
- ext-community
an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. The x and y values are 16-bit integers.
MSDP Commands
msdp
Syntax
[no] msdp
Context
config>service>vprn
Description
This command enables a Multicast Source Discovery Protocol (MSDP) instance. When an MSDP instance is created, the protocol is enabled. To start or suspend execution of the MSDP protocol without affecting the configuration, use the [no] shutdown command.
For MSDP to function, at least one peer must be configured.
When MSDP is configured and started, an event message is generated.
Before the no form of the command is executed, all sessions are terminated and an event message is generated.
When all peering sessions are terminated, event messages are not generated for each peer.
The no form of the command deletes the MSDP instance, removing all associated configuration parameters.
Default
no msdp
active-source-limit
Syntax
active-source-limit number
no active-source-limit
Context
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
config>service>vprn>msdp>source
Description
This command controls the maximum number of source-active (SA) messages that will be accepted by MSDP, which controls the number of active sources that can be stored on the system.
The no form of this command resets the SA message limit to its default operation.
Default
no active-source-limit
Parameters
- number
defines how many active sources can be maintained by MSDP
data-encapsulation
Syntax
[no] data-encapsulation
Context
config>service>vprn>msdp
Description
This command configures a rendezvous point (RP) that uses MSDP to encapsulate multicast data received in MSDP register messages inside forwarded MSDP SA messages.
Default
data-encapsulation
export
Syntax
export policy-name [policy-name...(up to 5 max)]
no export
Context
config>service>vprn>msdp
config>service>vprn>msdp>peer
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
Description
This command specifies the policies to export the SA state from the SA list into MSDP.
If multiple policy names are specified, the policies are evaluated in the order they are specified. A maximum of five policy names can be specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command.
If you configure an export policy at the global level, each individual peer inherits the global policy. If you configure an export policy at the group level, each individual peer in a group inherits the group’s policy. If you configure an export policy at the peer level, the policy only applies to the peer where it is configured.
The no form of the command removes all policies from the configuration and all SA entries are allowed.
Default
no export
Parameters
- policy-name
specifies the export policy name. Up to five policy names can be specified.
group
Syntax
[no] group group-name
Context
config>service>vprn>msdp
Description
This command enables access to the context to create or modify an MSDP group. To configure multiple MSDP groups, multiple group statements must be included in the configuration.
By default, the group’s parameter settings are inherited from the global MSDP parameter settings. To override the global settings, group-specific settings within the group can be configured.
If the specified group name is already configured, this command enables the context to configure or modify group-specific parameters.
If the specified group name is not already configured, this command creates the group and enables the context to configure the group-specific parameters.
For a group to be functional, at least one peer must be configured.
Default
no group
Parameters
- group-name
specifies a unique name for the MSDP group
import
Syntax
import policy-name [policy-name...(up to 5 max)]
no import
Context
config>service>vprn>msdp
config>service>vprn>msdp>peer
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
Description
This command specifies the policies to import the SA state from MSDP into the SA list.
If multiple policy names are specified, the policies are evaluated in the order they are specified. A maximum of five policy names can be specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command.
If you configure an import policy at the global level, each individual peer inherits the global policy.
If you configure an import policy at the group level, each individual peer in a group inherits the group’s policy.
If you configure an import policy at the peer level, the policy only applies to the peer where it is configured.
The no form of the command removes all policies from the configuration and all SA messages are allowed.
Default
no import
Parameters
- policy-name
specifies the import policy name. Up to five policy names can be specified.
local-address
Syntax
local-address address
no local-address
Context
config>service>vprn>msdp
config>service>vprn>msdp>peer
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
Description
This command configures the local end of an MSDP session. For MSDP to function, at least one peer must be configured. When configuring a peer, you must include this local-address command. This address must be present on the node and is used to validate incoming connections to the peer and to establish connections to the remote peer.
When the address is configured, it is validated and will be used as the local address for MSDP peers from that point. If a subsequent local-address command is entered, it will replace the existing configuration and existing sessions will be terminated.
Similarly, when the no form of this command is entered, the existing local-address will be removed from the configuration and the existing sessions will be terminated.
Whenever a session is terminated, all information pertaining to and learned from that peer will be removed.
Whenever a new peering session is created or a peering session is lost, an event message is generated.
The no form of this command removes the local-address from the configuration.
Default
no local-address
Parameters
- address
specifies an existing address on the node
mode
Syntax
mode {mesh-group | standard}
Context
config>service>vprn>msdp>group
Description
This command configures groups of peers either in non-meshed mode or in a full mesh topology to limit excessive flooding of SA messages to neighboring peers. When the mode is specified as mesh-group, SA messages received from a mesh group member are always accepted but are not flooded to other members of the same mesh group. These SA messages are only flooded to non-mesh-group peers or members of other mesh groups.
In a meshed configuration, all members of the group must have a peer connection with every other mesh group member. If this rule is not adhered to, unpredictable results may occur.
Default
standard
Parameters
- mesh-group
specifies that all members of the group have full mesh MSDP connectivity with each other
- standard
specifies a non-meshed mode
peer
Syntax
[no] peer peer-address
Context
config>service>vprn>msdp
config>service>vprn>msdp>group
Description
This command configures an MSDP peer or MDSP group peer. MSDP must have at least one peer configured. A peer is defined by configuring a local-address that is used by the local node to set up a peering session and by configuring the address of a remote MSDP router. It is the address of this remote peer that is configured with this command.
After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. If multiple peering sessions are required, multiple peer statements should be included in the configuration.
By default, the parameters applied to a peer are inherited from the global or group level. To override these inherited settings, the parameters must be configured at the peer level.
If the specified peer address is already a configured peer, this command enables the context to configure or modify the peer-specific parameters.
If the specified peer address is not already a configured peer, this command creates the peer instance and enables the context to configure the peer-specific parameters.
The peer address is validated and, if valid, will be used as the remote address for an MSDP peering session.
When the no form of this command is entered, the existing peering address is removed from the configuration and the existing session is terminated. Whenever a session is terminated, all SA information pertaining to and learned from that peer is removed. Whenever a new peering session is created or a peering session is lost, an event message is generated.
Default
n/a
Parameters
- peer-address
specifies the peer address that identifies the remote MSDP router with which the peering session will be established
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description
This command configures a Message Digest 5 (MD5) authentication key to be used with a specific MSDP peering session. The authentication key must be configured per peer; therefore, no global or group configuration is possible.
Using the no form of the command accepts all MSDP messages and disables the MD5 signature option authentication key.
Default
no authentication-key
Parameters
- authentication-key
specifies the authentication key. Allowed values are any string up to 256 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed in quotation marks (‟ ”).
- hash-key
specifies the hash key. The key can be any combination of ASCII characters up to 451 characters in length (encrypted). If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).
This parameter is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
default-peer
Syntax
[no] default-peer
Context
config>service>vprn>msdp>peer
config>service>vprn>msdp>group>peer
Description
This command enables the default peer mechanism, where a peer can be selected as the default MSDP peer. As a result, all SA messages from the peer will be accepted without the usual peer reverse path forwarding (RPF) check.
The MSDP peer-RPF check is different from the normal multicast RPF checks. The peer-RPF check is used to stop SA messages from looping. A router validates SA messages originated from other routers in a deterministic fashion.
A set of rules is applied to validate received SA messages, and the first rule that applies determines the peer-RPF neighbor. All SA messages from other routers are rejected. The following rules are applied to SA messages originating at router_S and received at router_R from router_N.
If router_N and router_S are the same, the message is originated by a direct peer-RPF neighbor and is accepted.
If router_N is a configured peer or a member of the router_R mesh group, its SA messages are accepted.
If router_N is the BGP next hop of the active multicast RPF route toward router_S,then router_N is the peer-RPF neighbor and its SA messages are accepted.
If router_N is an external BGP peer of router_R and the last autonomous system (AS) number in the BGP AS-path to router_S is the same as router_N’s AS number, then router_N is the peer-RPF neighbor and its SA messages are accepted.
If router_N uses the same next hop as the next hop to router_S, then router_N is the peer-RPF neighbor and its SA messages are accepted.
If router_N fits none of the above rules, then router_N is not a peer-RPF neighbor and its SA messages are rejected.
When the no form the command is issued, no default peer is established and all SA messages are RPF checked.
Default
no default-peer
receive-msdp-msg-rate
Syntax
receive-msdp-msg-rate number interval seconds [threshold number]
no receive-msdp-msg-rate
Context
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description
This command limits the number of MSDP messages that are read from the TCP session to prevent an MSDP RP router from receiving a large number of MSDP message packets in an SA message.
After the number of MSDP packets (including SA messages) defined by the threshold number have been processed, all other MSDP packets are rate-limited. Messages from the TCP session are no longer accepted until the configured interval seconds has elapsed. Setting the threshold is useful during at system startup and initialization. No limit is placed on the number of MSDP and SA messages that will be accepted.
The no form of this command resets the message limit to its default operation.
Default
n/a
Parameters
- receive-msdp-msg-rate number
specifies the number of MSDP messages (including SA messages) that are read from the TCP session per interval seconds
- seconds
specifies the interval of time in which the number of MSDP messages set by the receive-msdp-msg-rate number parameter are read from the TCP session
- threshold number
specifies the number of MSDP messages that can be processed before the MSDP message rate-limiting function is activated
rpf-table
Syntax
rpf-table {rtable-m | rtable-u | both}
no rpf-table
Context
config>service>vprn>msdp
Description
This command configures the sequence of route tables used to find an RPF interface for a particular multicast route.
By default, only the unicast route table is looked up to calculate an RPF interface toward the source/rendezvous point. However, the operator can specify one of the following options:
use the unicast route table only
use the multicast route table only
use both route tables
Default
rtable-u
Parameters
- rtable-m
specifies that only the multicast route table is used by the multicast protocol (PIM) for IPv4 RPF checks. This route table contains routes submitted by static routes, ISIS, and OSPF.
- rtable-u
specifies that only the unicast route table is used by the multicast protocol (PIM) for IPv4 RPF checks. This route table contains routes submitted by all unicast routing protocols.
- both
specifies that the first lookup is always in the multicast route table, and if there is a route, it will use it. If PIM does not find a route in the first lookup, it tries to find it in the unicast route table.
sa-timeout
Syntax
sa-timeout seconds
no sa-timeout
Context
config>service>vprn>msdp
Description
This command configures the timeout value for the SA entries in the cache. If these entries are not refreshed within the timeout value, they are removed from the cache. Normally, the entries are refreshed at least once a minute. However, under high load with many MSDP peers, the refresh cycle could be incomplete. A higher timeout value (more than 90 seconds) could be useful to prevent instabilities in the MSDP cache.
Default
90
Parameters
- seconds
specifies the time, in seconds, to wait for a response from the peer before declaring the peer unavailable
source
Syntax
[no] source ip-prefix/mask
Context
config>service>vprn>msdp
Description
This command configures an MSDP source.
If the specified prefix and mask is already configured, this command enables the context to configure or modify the source-specific parameters.
If the specified prefix and mask is not already configured, this command creates the source node instance and enables the context to configure the source-specific parameters.
The SA messages are not rate-limited based on the source address range.
The no form of this command removes the sources in the address range.
Default
n/a
Parameters
- ip-prefix
specifies the IP prefix, in dotted-decimal notation, for the MSDP source
- mask
specifies the subnet mask for the range, expressed as a decimal integer mask length or in dotted-decimal notation
Router Advertisement Commands
router-advertisement
Syntax
[no] router-advertisement
Context
config>service>vprn
Description
This command enables the context to configure router advertisement properties for all VPRN IPv6-enabled interfaces. By default, the command is disabled for all IPv6-enabled interfaces.
The no form of the command disables router advertisement on all IPv6 interfaces.
Default
no router-advertisement
interface
Syntax
[no] interface ip-int-name
Context
config>service>vprn>router-advertisement
Description
This command configures router advertisement properties on a specified interface. The interface name must already exist in the config>service>vprn>interface context.
The no form of the command disables router advertisement on the specified router interface.
Default
n/a
Parameters
- ip-int-name
a 1 to 32 character name (must start with a letter) of the IP interface. Interface names must be unique within the group of defined IP interfaces for the config>service>vprn>interface command. An interface name cannot be in the form of an IP address. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
current-hop-limit
Syntax
current-hop-limit number
no current-hop-limit
Context
config>service>vprn>router-advertisement>interface
Description
This command configures the current hop limit in the router advertisement messages. It informs the nodes on the subnet about the hop limit when originating IPv6 packets.
Default
64
Parameters
- number
the hop limit
managed-configuration
Syntax
[no] managed-configuration
Context
config>service>vprn>router-advertisement>interface
Description
This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address autoconfigured using stateless address autoconfiguration.
Default
no managed-configuration
max-advertisement-interval
Syntax
max-advertisement-interval seconds
no max-advertisement-interval
Context
config>service>vprn>router-advertisement>interface
Description
This command configures the maximum interval between sending router advertisement messages.
Default
600
Parameters
- seconds
the maximum interval, in seconds, between sending router advertisement messages
min-advertisement-interval
Syntax
min-advertisement-interval seconds
no min-advertisement-interval
Context
config>service>vprn>router-advertisement>interface
Description
This command configures the minimum interval between sending ICMPv6 router advertisement messages.
Default
200
Parameters
- seconds
the minimum interval, in seconds, between sending ICMPv6 router advertisement messages
mtu
Syntax
mtu mtu-bytes
no mtu
Context
config>service>vprn>router-advertisement>interface
Description
This command configures the MTU for the nodes to use when sending packets on the link.
The no form of the command means that the MTU option is not sent in the router advertisement messages.
Default
no mtu
Parameters
- mtu-bytes
the MTU for the nodes to use when sending packets
other-stateful-configuration
Syntax
[no] other-stateful-configuration
Context
config>router>vprn>router-advertisement>interface
Description
This command sets the ‟Other configuration” flag. This flag indicates that DHCPv6lite is available for autoconfiguration of other (non-address) information such as DNS-related information or information about other servers in the network.
Default
no other-stateful configuration
prefix
Syntax
prefix ipv6-prefix/prefix-length
no prefix
Context
config>service>vprn>router-advertisement>interface
Description
This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until it is explicitly configured using prefix statements.
Default
n/a
Parameters
- ipv6-prefix/prefix-length
the IPv6 prefix
autonomous
Syntax
[no] autonomous
Context
config>service>vprn>router-advertisement>if>prefix
Description
This command specifies whether the prefix can be used for stateless address autoconfiguration.
Default
autonomous
on-link
Syntax
[no] on-link
Context
config>service>vprn>router-advertisement>if>prefix
Description
This command specifies whether the prefix can be used for on-link determination.
Default
on-link
preferred-lifetime
Syntax
preferred-lifetime {seconds | infinite}
no preferred-lifetime
Context
config>service>vprn>router-advertisement>if>prefix
Description
This command configures the time that this prefix will continue to be preferred. The address generated from a prefix that is no longer preferred should not be used as a source address in new communications. However, packets received on such an interface are processed as expected.
Default
604800
Parameters
- seconds
the length of time, in seconds, that this prefix will be preferred
- infinite
the prefix will always be preferred. A value of 4294967295 also represents infinity.
valid-lifetime
Syntax
valid-lifetime {seconds | infinite}
no valid-lifetime
Context
config>service>vprn>router-advertisement>if>prefix
Description
This command specifies the length of time, in seconds, that the prefix is valid for the purpose of onlink determination. The address generated from an invalidated prefix should not appear as the destination or source address of a packet.
Default
2592000
Parameters
- seconds
the remaining length of time, in seconds, that this prefix will be valid
- infinite
the prefix will always be valid. A value of 4294967295 also represents infinity.
reachable-time
Syntax
reachable-time milli-seconds
no reachable-time
Context
config>service>vprn>router-advertisement>interface
Description
This command configures how long the router should be considered reachable by other nodes on the link after receiving a reachability confirmation.
Default
no reachable-time
Parameters
- milli-seconds
the length of time, in milliseconds, that the router should be considered reachable
retransmit-time
Syntax
retransmit-time milli-seconds
no retransmit-time
Context
config>service>vprn>router-advertisement>interface
Description
This command configures the retransmission frequency of neighbor solicitation messages.
Default
no retransmit-time
Parameters
- milli-seconds
the amount of time, in milliseconds, that a host should wait before retransmitting neighbor solicitation messages
router-lifetime
Syntax
router-lifetime seconds
no router-lifetime
Context
config>service>vprn>router-advertisement>interface
Description
This command configures the router lifetime.
Default
no router-lifetime
Parameters
- seconds
the length of time, in seconds, that the prefix is valid for route determination
use-virtual-mac
Syntax
[no] use-virtual-mac
Context
config>service>vprn>router-advertisement>interface
Description
This command enables the sending of router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.
If the virtual router is not the master, no router advertisement messages are sent.
The no form of the command disables the sending of router advertisement messages.
Default
no use-virtual-mac
Local DHCP and DHCPv6 Server Commands
For complete descriptions of all local DHCP and DHCPv6 server commands, see the Router Configuration Guide, ‟Local DHCP and DHCPv6 Server Commands”.
local-dhcp-server
Syntax
local-dhcp-server server-name [create]
no local-dhcp-server server-name
Context
config>service>vprn>dhcp
config>service>vprn>dhcp6
Description
This command creates a local DHCP or DHCPv6 server instance. A local DHCP or DHCPv6 server can serve multiple interfaces but is limited to the routing context in which it was created.
The no form of the command removes the local DHCP or DHCPv6 server instance.
Default
n/a
Parameters
- server-name
the name of the local DHCP or DHCPv6 server
- create
keyword is mandatory when creating a local DHCP or DHCPv6 server
Interface Commands
interface
Syntax
interface ip-int-name
no interface ip-int-name
Context
config>service>vprn
Description
This command creates a logical IP routing interface for a Virtual Private Routed Network (VPRN). Once created, attributes such as an IP address and a service access point (SAP) can be associated with the IP interface.
The interface command, under the context of services, is used to create and maintain IP routing interfaces within VPRN service IDs. The interface command can be executed in the context of a VPRN service ID. The IP interface created is associated with the VPRN service routing instance and VPRN service routing table.
Interface names are case-sensitive and must be unique within the group of defined IP interfaces defined for config router interface and config service vprn interface. Interface names must not be in the dotted-decimal notation of an IP address. For example, the name ‟1.1.1.1” is not allowed, but ‟int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.
When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.
There are no default IP interface names defined within the system. All VPRN IP interfaces must be explicitly defined. Interfaces are created in an enabled state.
The no form of this command removes the interface and all the associated configurations. The interface must be administratively shut down before issuing the no interface command.
Parameters
- ip-int-name
the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters and must start with a letter. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
address
Syntax
address {ip-address/mask | ip-address netmask} [broadcast {all-ones | host-ones}]
no address {ip-address/mask | ip-address netmask}
Context
config>service>vprn>interface
Description
This command assigns an IP address, IP subnet, and broadcast address format to a VPRN IP router interface.
An IP address must be assigned to each VPRN IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7705 SAR.
The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted-decimal notation. The show commands display CIDR notation, which is stored in configuration files.
By default, no IP address or subnet association exists on an IP interface until it is explicitly created.
Use the no form of this command to remove the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down, as shown in VPRN Interface State and IP Address .
Address |
Administrative State |
Operational State |
---|---|---|
No address |
Up |
Down |
No address |
Down |
Down |
1.1.1.1 |
Up |
Up |
1.1.1.1 |
Down |
Down |
The operational state is a read-only variable, and the only controlling variables are the address and administrative states. The address and administrative states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface will be reinitialized.
Parameters
- ip-address
the IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
- mask
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash separates the ip-address from the mask. The mask indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.
- netmask
the subnet mask, in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The netmask parameter indicates the complete mask that will be used in a logical ‟AND” function to derive the local subnet of the IP address.
- broadcast
the optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to a broadcast address of host-ones.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
- all-ones
specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast
- host-ones
specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask, or the mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.
The broadcast parameter within the address command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.
allow-directed-broadcasts
Syntax
allow-directed-broadcasts
no allow-directed-broadcasts
Context
config>service>vprn>interface
Description
This command controls the forwarding of directed broadcasts out of the IP interface.
A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined for the subnet broadcast address of the egress IP interface.
When enabled, a frame destined for the local subnet on this IP interface will be sent as a subnet broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a well-known mechanism used for denial-of-service attacks.
When disabled, directed broadcast packets discarded at this egress IP interface will be counted in the normal discard counters for the egress SAP.
By default, directed broadcasts are not allowed and will be discarded at this egress IP interface.
The no form of this command disables the forwarding of directed broadcasts out of the IP interface.
Default
no allow-directed-broadcasts
arp-retry-timer
Syntax
arp-retry-timer ms-timer
no arp-retry-timer
Context
config>service>vprn>interface
Description
This command specifies the length of time, in 100s of milliseconds, that the system waits before reissuing a failed ARP request.
The no form of the command resets the interval to the default value.
Default
50 (in 100s of ms)
Parameters
- ms-timer
the time interval, in 100s of milliseconds, the system waits before retrying a failed ARP request
arp-timeout
Syntax
arp-timeout seconds
no arp-timeout
Context
config>service>vprn>interface
Description
This command configures the minimum time, in seconds, that an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host; otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of 0 s, ARP aging is disabled.
The no form of this command restores arp-timeout to the default value.
Default
14400 s
Parameters
- seconds
the minimum number of seconds a learned ARP entry will be stored in the ARP table, expressed as a decimal integer. A value of 0 specifies that the timer is inoperative and learned ARP entries will not be aged.
bfd
Syntax
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type np]
no bfd
Context
config>service>vprn>interface
config>service>vprn>if>ipv6
Description
This command specifies the BFD parameters for the associated IP interface. If no parameters are defined, the default values are used.
The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down. In addition, the Route Table Manager (RTM) is notified and the static routes with BFD enabled will go down, based on BFD status.
The no form of the command removes BFD from the associated IGP protocol adjacency.
Default
no bfd
Parameters
- transmit-interval
sets the transmit interval for the BFD session
- receive-interval
sets the receive interval for the BFD session
- multiplier
sets the multiplier for the BFD session
- echo-interval
(does not apply to IPv6 interfaces) sets the minimum echo receive interval for the BFD session
- type np
(does not apply to IPv6 interfaces) controls the value range of the transmit-interval and receive-interval parameters. If the type np option is not specified, the range of the transmit-interval and receive-interval parameter values is from 100 ms to 100000 ms. If the type np option is specified, the range of the transmit-interval and receive-interval parameter values is from 10 ms to 1000 ms, with the restriction that the maximum receiving detection time for the missing BFD packets must be less than or equal to 3000 ms. The maximum receiving detection time is the receive-interval parameter multiplied by the multiplier parameter.
Note: The BFD session must be disabled before the type np parameter can be changed. The type np parameter is only supported on VPRN services for SAPs.
cflowd-parameters
Syntax
cflowd-parameters
Context
config>service>vprn>interface
Description
This command enables the context to configure cflowd parameters for the specified IP interface.
Cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.
Default
n/a
sampling
Syntax
sampling {unicast | multicast} type {interface} [direction {ingress-only | egress-only | both}]
no sampling {unicast | multicast}
Context
config>service>vprn>if>cflowd-parameters
Description
This command configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.
This command can be used to configure the sampling parameters for unicast and multicast traffic separately.
If cflowd sampling is enabled with no direction parameter specified, ingress-only sampling is enabled by default.
The no form of the command disables the specified type of traffic sampling on the interface.
Default
no sampling unicast
no sampling multicast
Parameters
- unicast
cflowd will sample unicast traffic on the interface
- multicast
cflowd will sample multicast traffic on the interface
- interface
specifies that all traffic entering or exiting the interface is subject to sampling. Interface is the only sampling type supported on the 7705 SAR and must be specified with this command.
- direction
specifies the direction in which to collect traffic flow samples: ingress-only, egress-only, or both
hold-time
Syntax
hold-time
Context
config>service>vprn>interface
Description
This command enables the CLI context to configure interface hold-up or hold-down timers.
Default
n/a
down
Syntax
down ip seconds [init-only]
no down ip
down ipv6 seconds [init-only]
no down ipv6
Context
config>service>vprn>if>hold-time
Description
This command enables a delay in the activation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is configured, the delay is only applied when the IP interface is first configured or after a system reboot.
The no form of this command disables the delay in the activation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.
Default
n/a
Parameters
- ip
specifies that the configured down delay is applied to an IPv4 interface
- ipv6
specifies that the configured down delay is applied to an IPv6 interface
- seconds
specifies the time delay, in seconds, before the interface is activated
- init-only
specifies that the configured down delay is applied only when the interface is first configured or after a reboot
up
Syntax
up ip seconds
no up ip
up ipv6 seconds
no up ipv6
Context
config>service>vprn>if>hold-time
Description
This command enables a delay in the deactivation of the IPv4 or IPv6 interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.
The no form of this command disables the delay in the deactivation of the IPv4 or IPv6 interface. Removing the configuration during an active delay period stops the delay period immediately.
Default
n/a
Parameters
- ip
specifies that the configured up delay applies to an IPv4 interface
- ipv6
specifies that the configured up delay applies to an IPv6 interface
- seconds
specifies the time delay, in seconds, before the interface is deactivated
ip-mtu
Syntax
ip-mtu octets
no ip-mtu
Context
config>service>vprn>interface
Description
This command configures the IP maximum transmit unit (packet) for this interface.
The default value is derived from the port MTU.
The no form of the command returns the default value.
Default
no ip-mtu — uses the value derived from the port MTU
Parameters
- octets
specifies the MTU for this interface
ipcp
Syntax
ipcp
Context
config>service>vprn>interface
Description
This command allows access to the Internet Protocol Control Protocol (IPCP) context within the interface configuration. Within this context, IPCP extensions can be configured to define such things as the remote IP address and DNS IP address to be signaled via IPCP on the associated PPP interface.
This command is only applicable if the associated SAP/port is a PPP/MLPPP interface.
Default
n/a
dns
Syntax
dns ip-address [secondary ip-address]
dns secondary ip-address
no dns [ip-address] [secondary ip-address]
Context
config>service>vprn>if>ipcp
Description
This command defines the DNS addresses to be assigned to the far end of the associated PPP/MLPPP link via IPCP extensions.
This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.
The no form of the command deletes the specified primary DNS address, the secondary DNS address, or both addresses from the IPCP extension peer-ip-address configuration.
Default
no dns
Parameters
- ip-address
a unicast IPv4 address for the primary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions
- secondary ip-address
a unicast IPv4 address for the secondary DNS server to be signaled to the far end of the associated PPP/MLPPP link via IPCP extensions
peer-ip-address
Syntax
peer-ip-address ip-address
no peer-ip-address
Context
config>service>vprn>if>ipcp
Description
This command defines the remote IP address to be assigned to the far end of the associated PPP/ MLPPP link via IPCP extensions.
This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.
The interface must be shut down to modify the IPCP configuration.
The no form of the command deletes the IPCP extension peer-ip-address configuration.
Default
no peer-ip-address (0.0.0.0)
Parameters
- ip-address
a unicast IPv4 address to be signaled to the far end of the associated PPP/ MLPPP link by IPCP extensions
load-balancing
Syntax
load-balancing
Context
config>service>vprn>interface
Description
This command enables the context to configure load balancing hashing options on the interface. The options enabled at the interface level overwrite parallel system-level configurations.
Default
n/a
l4-load-balancing
Syntax
l4-load-balancing hashing-algorithm
no l4-load-balancing
Context
config>service>vprn>interface>load-balancing
Description
This command configures Layer 4 load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). When enabled, Layer 4 source and destination port fields of incoming TCP/UDP packets are included in the hashing calculation to randomly determine the distribution of packets.
You can add additional fields to generate more randomness and more equal distribution of packets with the teid-load-balancing command.
The default configuration on the interface is to match the Layer 4 load-balancing configuration in the config>system context. Using this command to modify Layer 4 load-balancing configuration on an interface overrides the system-wide load-balancing settings for that interface.
Parameters
- hashing-algorithm
specifies that Layer 4 source and destination port fields are included in or excluded from the hashing calculation
spi-load-balancing
Syntax
[no] spi-load-balancing
Context
config>service>vprn>interface>load-balancing
Description
This command enables use of the SPI in hashing for ESP/AH encrypted IPv4or IPv6 traffic at the interface level.
The no form of this command disables SPI hashing.
Default
no spi-load-balancing
teid-load-balancing
Syntax
[no] teid-load-balancing
Context
config>service>vprn>interface>load-balancing
Description
This command configures TEID load balancing at the interface level. Configuration must be done on the ingress network interface (that is, the interface on the node that the packet is received on). The TEID attribute is included in the header of GTP (general packet radio system tunneling protocol) packets. When TEID load balancing is enabled, the TEID field of incoming TCP/UDP packets is included in the hashing calculation to randomly determine the distribution of packets.
You can add additional fields to generate more randomness and more equal distribution of packets with the l4-load-balancing command.
Default
no teid-load-balancing
local-dhcp-server
Syntax
[no] local-dhcp-server local-server-name
Context
config>service>vprn>interface
Description
This command associates the interface with a local DHCP server configured on the system. A routed VPLS interface may not be associated with a local DHCP server.
The no form of the command removes the association of the interface with the local DHCP server.
Default
none
Parameters
- local-server-name
the name of the local DHCP server
local-proxy-arp
Syntax
[no] local-proxy-arp
Context
config>service>vprn>interface
Description
This command enables local proxy ARP on the interface.
Local proxy ARP allows the 7705 SAR to respond to ARP requests received on an interface for an IP address that is part of a subnet assigned to the interface. The router responds to all requests for IP addresses within the subnet with its own MAC address and forwards all traffic between the hosts in the subnet.
Local proxy ARP is used on subnets where hosts are prevented from communicating directly.
When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.
Default
no local-proxy-arp
loopback
Syntax
[no] loopback
Context
config>service>vprn>interface
Description
This command specifies that the interface is a loopback interface that has no associated physical interface. If this command is enabled, a SAP cannot be defined on the interface.
Default
no loopback
mac
Syntax
mac ieee-address
no mac [ieee-address]
Context
config>service>vprn>interface
Description
This command assigns a specific MAC address to a VPRN IP interface.
The no form of this command returns the MAC address of the IP interface to the default value.
Default
the physical MAC address associated with the Ethernet interface that the SAP is configured on
Parameters
- ieee-address
a 48-bit MAC address in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers and cannot be all zeros. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.
multicast-translation
Syntax
[no] multicast-translation
Context
config>service>vprn>interface
Description
This command enables multicast address translation on the 7705 SAR that is the translator router for unicast-to-multicast or multicast-to-multicast translation.
When enabled for unicast-to-multicast translation, the 7705 SAR will try to find the source and destination address of the packet in the unicast-to-multicast translation table. If the source and destination address is not found, the packet is processed as a regular IP packet. To disable unicast-to-multicast translation, all entries must be removed from the translation table and then the command must be set to no multicast-translation.
When enabled for multicast-to-multicast translation, the static group configuration is used for multicast PDUs that arrive on the node and are to be translated via the translation table. If the command is enabled and an arriving PDU does not match an entry in the translation table, the multicast PDU is dropped. If the (S,G) arrives from another interface via a dynamic protocol while this command is enabled, the interface that the dynamic (S,G) arrived from will be added as an outgoing interface but it will not forward traffic. Only the outgoing loopback interface on the translation router will forward the translated PDU.
For multicast-to-multicast translation, if this command is not enabled, the node will function as a leaf for the static group configuration. To disable multicast-to-multicast translation, the interface must be shut down before the no version of this command is issued.
Default
no multicast-translation
proxy-arp-policy
Syntax
proxy-arp-policy policy-name [policy-name...(up to 5 max)]
no proxy-arp-policy
Context
config>service>vprn>interface
Description
This command enables proxy ARP on the interface and specifies an existing policy statement that controls the flow of routing information by analyzing match and action criteria. The policy statement is configured in the config>router>policy-options context (see the 7705 SAR Router Configuration Guide, ‟Route Policy Command Reference, Route Policy Options”). When proxy ARP is enabled, the 7705 SAR responds to ARP requests on behalf of another device.
Default
no proxy-arp-policy
Parameters
- policy-name
the route policy statement name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes. The policy statement must already be defined.
remote-proxy-arp
Syntax
[no] remote-proxy-arp
Context
config>service>vprn>interface
Description
This command enables remote proxy ARP on the interface, allowing a router on one network to respond to ARP requests intended for another node that is physically located on another network. The router effectively pretends to be the destination node by sending an ARP response to the originating node that associates the router’s MAC address with the destination node’s IP address (acts as a proxy for the destination node). The router then takes responsibility for routing traffic to the real destination.
Default
no remote-proxy-arp
secondary
Syntax
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
no secondary {ip-address/mask | ip-address netmask}
Context
config>service>vprn>interface
Description
This command assigns an secondary IP address, IP subnet, and broadcast address format to the interface.
Default
no secondary
Parameters
- ip-address
the IP address of the IP interface. The ip-address portion of the secondary command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
- mask
the subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash separates the ip-address from the mask. The mask indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address.
- netmask
the subnet mask, in dotted-decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted-decimal mask. The netmask parameter indicates the complete mask that will be used in a logical ‟AND” function to derive the local subnet of the IP address.
- broadcast
the optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones, which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert to a broadcast address of host-ones.
The broadcast format on an IP interface can be specified when the IP address is assigned or changed.
This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.
- all-ones
specifies that the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast
- host-ones
specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask, or the mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.
The broadcast parameter within the secondary command does not have a negation feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the secondary command must be executed with the broadcast parameter defined.
- igp-inhibit
specifies that this secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the secondary IP interface will not be injected and used as a passive interface and will not be advertised as an internal IP interface into the IGP link state database. For RIP, this means that the secondary IP interface will not source RIP updates.
static-arp
Syntax
static-arp ip-address ieee-address
no static-arp ip-address [ieee-address]
static-arp ieee-address unnumbered
no static-arp [ieee-address] unnumbered
Context
config>service>vprn>interface
Description
This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP will appear in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface. If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.
Static ARP is used when a 7705 SAR needs to know about a device on an interface that cannot or does not respond to ARP requests. Therefore, the 7705 SAR configuration can specify to send a packet with a particular IP address to the corresponding ARP address.
The no form of the command removes a static ARP entry.
Default
n/a
Parameters
- ip-address
the IP address for the static ARP in dotted-decimal notation
- ieee-address
the 48-bit MAC address for the static ARP. Allowed values are any non-broadcast, non-multicast MAC, and non-IEEE reserved MAC addresses.
- unnumbered
specifies the static ARP MAC addresses for an unnumbered interface. Unnumbered interfaces also support dynamic ARP. If this parameter is configured, it overrides any dynamic ARP.
tcp-mss
Syntax
tcp-mss value
no tcp-mss
Context
config>service>vprn>interface
config>service>vprn>if>ipv6
Description
This command configures the maximum segment size (MSS) in a TCP SYN or SYN-ACK packet during the establishment of a TCP connection. A tcp-mss value can be specified on an ingress interface, egress interface, or both. When configured on two interfaces, the smaller of the two values is used. If the TCP SYN packet has no TCP MSS field, the 7705 SAR assigns it the MSS value configured on the interface and recalculates the IP checksum. If the TCP SYN or SYN-ACK packet has an MSS field and the value is greater than the value configured on the interface, the 7705 SAR overwrites the packet MSS value with the lower value. If the MSS value is less than the value configured on the interface, the packet MSS value does not change. See the 7705 Router Configuration Guide, ‟TCP MSS Configuration and Adjustment”, for more information.
This command is supported on interfaces with IPv4 and IPv6 traffic, and a different MSS value can be configured for the IPv4 and IPv6 interfaces. This command is supported on IPSec private interfaces in a VPRN.
Default
no tcp-mss
Parameters
- value
the MSS, in bytes, to be used in a TCP SYN or SYN-ACK packet
unnumbered
Syntax
unnumbered {ip-int-name | ip-address}
no unnumbered
Context
config>service>vprn>interface
Description
This command configures an IP interface as an unnumbered interface and specifies an IP address or interface name to be used for the interface. Unnumbered interfaces are point-to-point interfaces that are not explicitly configured with a dedicated IP address and subnet; instead, they borrow (or link to) an IP address from another interface on the system (the system IP address, another loopback interface, or any other numbered interface) and use it as the source IP address for packets originating from the interface.
By default, no IP address exists on an IP interface until it is explicitly created.
The no form of the command removes the IP address assignment from the IP interface.
Default
no unnumbered
Parameters
- ip-int-name | ip-address
the IP interface name or address to associate with the unnumbered IP interface
IPv6 Interface Commands
ipv6
Syntax
[no] ipv6
Context
config>service>vprn>interface
Description
This command enables the context to configure parameters for a VPRN IPv6 interface.
address
Syntax
address ipv6-address/prefix-length [eui-64] [preferred]
no address ipv6-address/prefix-length
Context
config>service>vprn>if>ipv6
Description
This command assigns an address to the IPv6 interface.
Parameters
- ipv6-address/prefix-length
the address of the IPv6 interface
- eui-64
when the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from the MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the base MAC address of the chassis is used.
- preferred
specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.
dhcp6-relay
Syntax
[no] dhcp6-relay
Context
config>service>vprn>if>ipv6
Description
This command enables the context to configure DHCPv6 relay parameters for the interface.
The no form of the command disables DHCPv6 relay.
option
Syntax
[no] option
Context
config>service>vprn>if>ipv6>dhcp6-relay
Description
This command enables the context to configure DHCPv6 relay information options.
The no form of the command disables DHCPv6 relay information options.
interface-id
Syntax
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
no interface-id
Context
config>service>vprn>if>ipv6>dhcp6-relay>option
Description
This command enables the sending of interface ID options in the DHCPv6 relay packet.
The no form of the command disables the sending of interface ID options in the DHCPv6 relay packet.
Parameters
- ascii-tuple
specifies that the ASCII-encoded concatenated tuple will be used (consists of the access-node-identifier, service-id, and interface-name, separated by ‟|”)
- ifindex
specifies that the interface index will be used. (The If Index of a router interface can be displayed using the command show>router>if>detail.)
- sap-id
specifies that the SAP identifier will be used
- string
a string of up to 32 characters long, composed of printable, 7-bit ASCII characters. If the string contains special characters (such as #, $, or spaces), the entire string must be enclosed within double quotes.
remote-id
Syntax
[no] remote-id
Context
config>service>vprn>if>ipv6>dhcp6-relay>option
Description
This command enables the sending of the remote ID option in the DHCPv6 relay packet.
The client DHCP Unique Identifier (DUID) is used as the remote ID.
The no form of the command disables the sending of remote ID option in the DHCPv6 relay packet.
server
Syntax
[no] server ipv6z-address
Context
config>service>vprn>if>ipv6>dhcp6-relay
Description
This command configures an IPv6 address to the DHCPv6 server.
The no form of the command disables the specified IPv6 address.
Parameters
- ipv6z-address
the IPv6 address of the DHCPv6 server (a maximum of eight addresses can be configured)
source-address
Syntax
[no] source-address ipv6-address
Context
config>service>vprn>if>ipv6>dhcp6-relay
Description
This command assigns the source IPv6 address of the DHCPv6 relay messages.
The no form of the command disables the specified IPv6 address.
Parameters
- ipv6-address
the source IPv6 address of the DHCPv6 relay messages
dhcp6-server
Syntax
[no] dhcp6-server
Context
config>service>vprn>if>ipv6
Description
This command enables the context to configure DHCPv6 server parameters for the VPRN interface.
The no form of the command disables the DHCPv6 server.
max-nbr-of-leases
Syntax
max-nbr-of-leases max-nbr-of-leases
no max-nbr-of-leases
Context
config>service>vprn>if>ipv6>dhcp6-server
Description
This command configures the maximum number of lease states installed by the DHCPv6 server function allowed on this interface.
The no form of the command returns the value to the default.
Default
8000
Parameters
- max-nbr-of-leases
the maximum number of lease states installed by the DHCPv6 server function allowed on this interface
prefix-delegation
Syntax
[no] prefix-delegation
Context
config>service>vprn>if>ipv6>dhcp6-server
Description
This command configures prefix delegation options for delegating a long-lived prefix from a delegating router to a requesting router, where the delegating router does not require knowledge about the topology of the links in the network to which the prefixes will be assigned.
The no form of the command disables prefix delegation.
prefix
Syntax
[no] prefix ipv6-address/prefix-length
Context
config>service>vprn>if>ipv6>dhcp6-server>pfx-delegate
Description
This command specifies the IPv6 prefix that is delegated by the system.
Parameters
- ipv6-address/prefix-length
the address of the IPv6 interface
duid
Syntax
duid duid [iaid iaid]
no duid
Context
config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix
Description
This command configures the DHCP Unique Identifier (DUID) of the DHCPv6 server client.
Parameters
- duid
the ID of the requesting router. If set to a non-zero value, the prefix defined will only be delegated to this router. If set to 0, the prefix will be delegated to any requesting router.
- iaid
the identity association identification (IAID) from the requesting router that needs to match in order to delegate the defined prefix. If set to 0, no match on the received IAID is done.
preferred-lifetime
Syntax
preferred-lifetime seconds
preferred-lifetime infinite
no preferred-lifetime
Context
config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix
Description
This command configures the IPv6 prefix preferred lifetime. The preferred-lifetime value cannot be larger than the valid-lifetime value.
The no form of the command reverts to the default value.
Default
604800 seconds (7 days)
Parameters
- seconds
the time, in seconds, that this prefix remains preferred
- infinite
specifies that this prefix remains preferred infinitely
valid-lifetime
Syntax
valid-lifetime seconds
valid-lifetime infinite
no valid-lifetime
Context
config>service>vprn>if>ipv6>dhcp6>pfx-delegate>prefix
Description
This command configures the time, in seconds, that the prefix is valid.
The no form of the command reverts to the default value.
Default
2592000 seconds (30 days)
Parameters
- seconds
the time, in seconds, that this prefix remains valid
- infinite
specifies that this prefix remains valid infinitely
icmp6
Syntax
icmp6
Context
config>service>vprn>if>ipv6
Description
This command configures ICMPv6 parameters for the interface.
packet-too-big
Syntax
packet-too-big [number seconds]
no packet-too-big
Context
config>service>vprn>if>ipv6>icmp6
Description
This command specifies whether, and how often, ‟packet-too-big” ICMPv6 messages should be sent. When enabled, ICMPv6 ‟packet-too-big” messages are generated by this interface.
The no form of the command disables the sending of ICMPv6 ‟packet-too-big” messages.
Default
100 10
Parameters
- number
the number of ‟packet-too-big” ICMPv6 messages to send in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, that is used to limit the number of ‟packet-too-big” ICMPv6 messages issued
param-problem
Syntax
param-problem [number seconds]
no packet-too-big
Context
config>service>vprn>if>ipv6>icmp6
Description
This command specifies whether, and how often, ‟parameter-problem” ICMPv6 messages should be sent. When enabled, ‟parameter-problem” ICMPv6 messages are generated by this interface.
The no form of the command disables the sending of ‟parameter-problem” ICMPv6 messages.
Default
100 10
Parameters
- number
the number of ‟parameter-problem” ICMPv6 messages to send in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, that is used to limit the number of ‟parameter-problem” ICMPv6 messages issued
time-exceeded
Syntax
time-exceeded [number seconds]
no time-exceeded
Context
config>service>vprn>if>ipv6>icmp6
Description
This command specifies whether, and how often, ‟time-exceeded” ICMPv6 messages should be sent. When enabled, ICMPv6 ‟time-exceeded” messages are generated by this interface.
Default
100 10
Parameters
- number
the number of ‟time-exceeded” ICMPv6 messages are to be issued in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, that is used to limit the number of ‟time-exceeded” ICMPv6 messages to be issued
unreachables
Syntax
unreachables [number seconds]
no unreachables
Context
config>service>vprn>if>ipv6>icmp6
Description
This command specifies whether, and how often, ICMPv6 host and network destination unreachable messages are generated by this interface.
Default
100 10
Parameters
- number
the number of destination unreachable ICMPv6 messages to send issued in the time frame specified by the seconds parameter
- seconds
the time frame, in seconds, that is used to limit the number of destination unreachable ICMPv6 messages to be sent
link-local-address
Syntax
link-local-address ipv6-address [preferred]
no link-local-address
Context
config>service>vprn>if>ipv6
Description
This command configures the IPv6 link-local address.
The no form of the command removes the configured link-local address, and the router automatically generates a default link-local address.
Removing a manually configured link-local address may impact routing protocols that have a dependency on that address.
Default
n/a
Parameters
- ipv6-address
the IPv6 link local address
- preferred
specifies that the IPv6 address is the preferred IPv6 address for this interface. A preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. A preferred address may be used as the source or destination address of packets sent from or to the interface.
neighbor
Syntax
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context
config>service>vprn>if>ipv6
Description
This command configures IPv6-to-MAC address mapping on the interface.
Default
n/a
Parameters
- ipv6-address
the address of the IPv6 interface for which to display information
- mac-address
the 48-bit MAC address for the IPv6-to-MAC address mapping in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any unicast MAC addresses and non-IEEE reserved MAC addresses
reachable-time
Syntax
reachable-time seconds
no reachable-time
Context
config>service>vprn>if>ipv6
Description
This command specifies the time that an IPv6 neighbor remains in a reachable state.
Default
no reachable-time
Parameters
- seconds
the number of seconds that an IPv6 neighbor remains in a reachable state
stale-time
Syntax
stale-time seconds
no stale-time
Context
config>service>vprn>if>ipv6
Description
This command specifies the time that an IPv6 neighbor cache entry remains in a stale state. When the specified time elapses, the system removes the neighbor cache entry.
Default
no stale-time
Parameters
- seconds
the number of seconds that an IPv6 neighbor remains in a stale state
Interface DHCP Commands
dhcp
Syntax
dhcp
Context
config>service>vprn>interface
Description
This command enables the context to configure DHCP parameters.
gi-address
Syntax
gi-address ip-address [src-ip-addr]
no gi-address
Context
config>service>vprn>if>dhcp
Description
This command configures the gateway interface address for the DHCP Relay Agent. By default, the GIADDR used in the relayed DHCP packet is the primary address of an interface. Specifying the GIADDR allows the user to choose a secondary address.
Default
no gi-address
Parameters
- ip-address
the IP address of the gateway interface in dotted-decimal notation
- src-ip-addr
specifies that the GIADDR is to be used as the source IP address for DHCP relay packets
option
Syntax
[no] option
Context
config>service>vprn>if>dhcp
Description
This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 suboptions.
The no form of this command returns the system to the default.
Default
no option
action
Syntax
action {replace | drop | keep}
no action
Context
config>service>vprn>if>dhcp>option
Description
This command configures the processing required when the 7705 SAR receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.
The no form of this command returns the system to the default value.
Default
keep—(as per RFC 3046, DHCP Relay Agent Information Option, section 2.1.1, Reforwarded DHCP requests, the default is to keep the existing information intact. The exception to this occurs if the gi-addr (gateway interface address) of the received packet is the same as the ingress address on the router. In this case, the packet is dropped and an error is logged.)
Parameters
- replace
in the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (toward the user) the Option 82 field is stripped (in accordance with RFC 3046).
- drop
the packet is dropped, and an error is logged
- keep
the existing information is kept in the packet and the router does not add any additional information. In the downstream direction, the Option 82 field is not stripped and is sent on toward the client.
The behavior is slightly different in the case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert its own VSO into the Option 82 field. This will only be done when the incoming message has an Option 82 field already.
If no Option 82 field is present, the router will not create the Option 82 field. In this case, no VSO will be added to the message.
circuit-id
Syntax
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
no circuit-id
Context
config>service>vprn>if>dhcp>option
Description
This command sends either an ASCII tuple or the interface index (If Index) or specified SAP ID in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command show>router>interface>detail. This option specifies data that must be unique to the router that is relaying the circuit.
If disabled, the circuit-id suboption of the DHCP packet is left empty.
The no form of this command returns the system to the default.
Default
ascii-tuple
Parameters
- ascii-tuple
the ASCII-encoded concatenated ‟tuple” will be used, where the ‟tuple” consists of the access-node-identifier, service-id, and interface-name, separated by the syntax symbol ‟|”
- ifindex
the interface index will be used
- sap-id
the SAP ID will be used
- vlan-ascii-tuple
specifies that the format will include the vlan-id and dot1p bits, in addition to the ascii-tuple. The format is supported on dot1q and qinq ports only. When the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.
remote-id
Syntax
remote-id [mac | string string]
no remote-id
Context
config>service>vprn>if>dhcp>option
Description
This command sends the MAC address of the remote end (typically, the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit. If disabled, the remote-id suboption of the DHCP packet will be left empty.
The no form of this command returns the system to the default.
Default
remote-id
Parameters
- mac
the MAC address of the remote end is encoded in the suboption
- string
the remote ID
vendor-specific-option
Syntax
[no] vendor-specific-option
Context
config>service>vprn>if>dhcp>option
Description
This command enables the Nokia vendor-specific suboption of the DHCP relay packet and enters the context for configuring the vendor-specific suboptions.
client-mac-address
Syntax
[no] client-mac-address
Context
config>service>vprn>if>dhcp>option>vendor
Description
This command enables the sending of the MAC address in the Nokia vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the MAC address in the Nokia vendor- specific suboption of the DHCP relay packet.
Default
no client-mac-address
sap-id
Syntax
[no] sap-id
Context
config>service>vprn>if>dhcp>option>vendor
Description
This command enables the sending of the SAP ID in the Nokiat vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the SAP ID in the Nokia vendor-specific suboption of the DHCP relay packet.
Default
no sap-id
service-id
Syntax
[no] service-id
Context
config>service>vprn>if>dhcp>option>vendor
Description
This command enables the sending of the service ID in the Nokia vendor-specific suboption of the DHCP relay packet.
The no form of the command disables the sending of the service ID in the Nokia vendor- specific suboption of the DHCP relay packet.
Default
no service-id
string
Syntax
string text
no string
Context
config>service>vprn>if>dhcp>option>vendor
Description
This command specifies the vendor-specific suboption string of the DHCP relay packet.
The no form of the command returns the default value.
Default
no string
Parameters
- text
any combination of ASCII characters up to 32 characters in length. If spaces are used in the string, the entire string must be enclosed within double quotes.
system-id
Syntax
[no] system-id
Context
config>service>vprn>if>dhcp>option>vendor
Description
This command specifies whether the system ID is encoded in the Nokia vendor-specific suboption of Option 82.
Default
n/a
server
Syntax
server server1 [server2...(up to 8 max)]
no server
Context
config>service>vprn>if>dhcp
Description
This command specifies a list of servers where requests will be forwarded. The list of servers can be entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP Relay to work. If there are multiple servers specified, the request is forwarded to all of the servers in the list. There can be a maximum of 8 DHCP servers configured.
Default
no server
Parameters
- server
the DHCP server IP address
trusted
Syntax
[no] trusted
Context
config>service>vprn>if>dhcp
Description
This command enables or disables trusted mode on an IP interface.
According to RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the gi-addr (gateway interface address) is 0.0.0.0 and which contains an Option 82 field in the packet, should be discarded, unless it arrives on a ‟trusted” circuit.
If trusted mode is enabled on an IP interface, the relay agent (the 7705 SAR) will modify the request gi-addr to be equal to the ingress interface and forward the request.
This behavior only applies when the action in the Relay Agent Information Option is ‟keep”.
In the case where the Option 82 field is being replaced by the relay agent (action = ‟replace”), the original Option 82 information is lost. Thus, in this case, there is no reason for enabling the trusted option.
The no form of this command returns the system to the default.
Default
no trusted
Interface ICMP Commands
icmp
Syntax
icmp
Context
config>service>vprn>interface
Description
This command configures Internet Control Message Protocol (ICMP) parameters on a VPRN service and enters the context for configuring ICMP.
mask-reply
Syntax
[no] mask-reply
Context
config>service>vprn>if>icmp
Description
This command enables responses to ICMP mask requests on the router interface.
If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.
By default, the router instance will reply to mask requests.
The no form of this command disables replies to ICMP mask requests on the router interface.
Default
mask-reply
ttl-expired
Syntax
ttl-expired number seconds
no ttl-expired [number seconds]
Context
config>service>vprn>if>icmp
Description
This command configures the rate at which ICMP TTL-expired messages are issued by the IP interface.
By default, generation of ICMP TTL-expired messages is enabled at a maximum rate of 100 per 10-s time interval.
The no form of this command disables limiting the rate of TTL-expired messages on the router interface.
Default
ttl-expired 100 10
Parameters
- number
the maximum number of ICMP TTL-expired messages to send, expressed as a decimal integer. This parameter must be specified along with the seconds parameter.
- seconds
the time, in seconds, used to limit the number of ICMP TTL-expired messages that can be issued, expressed as a decimal integer
unreachables
Syntax
unreachables number seconds
no unreachables [number seconds]
Context
config>service>vprn>if>icmp
Description
This command enables and configures the rate of ICMP host and network destination unreachable messages issued on the router interface.
The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the number and seconds parameters by indicating the maximum number of destination unreachable messages that can be issued on the interface for a given time interval.
By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 100 per 10-s time interval.
The no form of this command disables the generation of ICMP destination unreachable messages on the router interface.
Default
unreachables 100 10
Parameters
- number
the maximum number of ICMP unreachable messages to send. This parameter must be specified along with the seconds parameter.
- seconds
the time frame, in seconds, used to limit the number of ICMP unreachable messages that can be issued
Interface SAP Commands
sap
Syntax
sap sap-id [create]
no sap sap-id
Context
config>service>vprn>interface
Description
This command creates a Service Access Point (SAP) within a service when used with the create keyword. The create keyword is not needed when entering an existing SAP to edit SAP parameters.
A SAP is a combination of port and encapsulation parameters that identify the service access point on the interface and within the 7705 SAR. Each SAP must be unique.
All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object.
The SAP is owned by the service in which it was created.
A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the config interface port-type port-id mode access command. Channelized TDM ports are always access ports.
If a port is shut down with the shutdown command, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.
To configure a VPRN interface SAP that is used for a private IPSec tunnel interface, see sap in Service Interface Tunnel Commands.
If the VPRN interface has been configured as a loopback interface with the loopback command, a SAP cannot be defined on the interface.
The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted.
Default
no SAPs are defined
Parameters
- sap-id
the physical port identifier portion of the SAP definition. See SAP ID Configurations for a full list of SAP IDs.
- create
keyword used to create a SAP instance
accounting-policy
Syntax
accounting-policy acct-policy-id
no accounting-policy [acct-policy-id]
Context
config>service>vprn>if>sap
Description
This command creates the accounting policy context that can be applied to an interface SAP.
An accounting policy must be defined before it can be associated with a SAP. Accounting policies are configured in the config log context. A maximum of one accounting policy can be associated with a SAP at one time.
If the acct-policy-id does not exist, an error message is generated.
The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.
Default
no accounting policy
Parameters
- acct-policy-id
the accounting policy ID as configured in the config log accounting-policy context
collect-stats
Syntax
[no] collect-stats
Context
config>service>vprn>if>sap
Description
This command enables accounting and statistical data collection for either an interface SAP or network port. When applying accounting policies, the data, by default, is collected in the appropriate records and written to the designated billing file.
When the no collect-stats command is issued, the statistics are still accumulated. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued, then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.
Default
collect-stats
egress
Syntax
egress
Context
config>service>vprn>if>sap
Description
This command enables the context to configure egress SAP QoS policies and filter policies.
If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter policy is defined, no filtering is performed.
ingress
Syntax
ingress
Context
config>service>vprn>if>sap
Description
This command enables the context to configure ingress SAP QoS policies and filter policies.
If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter policy is defined, no filtering is performed.
agg-rate-limit
Syntax
agg-rate-limit agg-rate [cir cir-rate]
no agg-rate-limit
Context
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description
This command sets the aggregate rate limits (PIR and CIR) for the SAP. The agg-rate sets the PIR value. The cir-rate sets the CIR value. When aggregate rate limits are configured on a second-generation (Gen-2) Ethernet adapter card, the scheduler mode must be set to 16-priority. On a third-generation (Gen-3) Ethernet adapter card, the scheduler mode is always 4-priority. For information about adapter card generations, see the ‟Evolution of Ethernet Adapter Cards, Modules, and Platforms” section in the 7705 SAR Interface Configuration Guide.
Configuring the cir-rate is optional. If a cir-rate is not entered, then the cir-rate is set to its default value (0 kb/s). If a cir-rate has been set and the agg-rate is changed without re-entering the cir-rate, the cir-rate automatically resets to 0 kb/s. For example, to change the agg-rate from 2000 to 1500 while maintaining a cir-rate of 500, use the command agg-rate-limit 1500 cir 500.
If the specified SAP is a LAG SAP, agg-rate and cir-rate can be configured regardless of the scheduler mode setting on Gen-2 or Gen-3 hardware. If the active port is on a Gen-3 card or platform, agg-rate and cir-rate are applicable. If the active port is on a Gen-2 card or platform, agg-rate and cir-rate apply when the scheduler mode is set to 16-priority. For details on the behavior of a mix-and-match LAG SAP, see the ‟LAG Support on Third-Generation Ethernet Adapter Cards, Ports, and Platforms” and ‟Network LAG Traffic Management” sections in the 7705 SAR Interface Configuration Guide.
The no form of the command sets the agg-rate to the maximum and the cir-rate to 0 kb/s.
Default
no agg-rate-limit
Parameters
- agg-rate
sets the PIR for the aggregate of all the queues on the SAP. The max keyword applies the maximum physical port rate possible.
- cir-rate
sets the CIR for the aggregate of all the queues on the SAP
filter
Syntax
filter ip ip-filter-id
no filter ip [ip-filter-id]
filter ipv6 ipv6-filter-id
no filter ipv6 [ipv6-filter-id]
filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
no filter [[ip [ip-filter-id]] [[ipv6 [ipv6-filter-id]]
Context
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description
This command associates an IPv4 or IPv6 filter policy with an ingress or egress SAP or IP interface. Filter policies control the forwarding and dropping of packets based on IP matching criteria.
The filter command is used to associate a filter policy with a specified ip-filter-id or ipv6-filter-id with an ingress or egress SAP. The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be returned.
Only one filter ID can be assigned to an interface unless the interface is dual-stack (supports both IPv4 and IPv6). A dual-stack interface can have one IPv4 and one IPv6 filter ID assigned to it.
In general, filters applied to SAPs apply to all packets on the SAP. One exception is that IP match criteria are not applied to non-IP packets, in which case the default action in the filter policy applies to these packets.
The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use the scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.
Parameters
- ip-filter-id
the IPv4 filter policy. The filter ID or filter name must already exist within the created IPv4 filters.
- ipv6-filter-id
the IPv6 filter policy. The filter ID or filter name must already exist within the created IPv6 filters.
match-qinq-dot1p
Syntax
match-qinq-dot1p {top | bottom}
no match-qinq-dot1p
Context
config>service>vprn>if>sap>ingress
Description
This command specifies which dot1q tag position (top or bottom) in a qinq-encapsulated packet should be used when QoS evaluates dot1p classification.
The no form of the command restores the default dot1p evaluation behavior for the SAP, which means that the inner (bottom) tag (second tag) dot1p bits are used for classification.
By default, the dot1p bits from the inner tag service-delineating dot1q tag are used.
Match-QinQ-Dot1p Matching Behavior shows which set of dot1p bits are used for QoS purposes when match-qinq-dot1p is configured. To use the table, find the row that represents the settings for Port/SAP Type and Match-QinQ-Dot1q Setting. Use the Existing Packet Tags column to identify which dot1q tags are available in the packet. Then use the P-bits Used for Match column to identify which dot1q tag contains the dot1p bits that are used for QoS dot1p classification.
Default
no match-qinq-dot1p
Parameters
- top
the top parameter and bottom parameter are mutually exclusive. When the top parameter is specified, the outer tag's dot1p bits (topmost P-bits) are used (if existing) to match any dot1p dot1p-value entries
- bottom
the bottom parameter and top parameter are mutually exclusive. When the bottom parameter is specified, the bottommost P-bits (second tag’s P-bits) are used (if existing) to match any dot1p dot1p-value entries.
Table 7. Match-QinQ-Dot1p Matching Behavior Port/ SAP Type
Match-QinQ-Dot1p Setting 1
Existing Packet Tags
P-bits Used for Match
Null
n/a
None
None
Null
n/a
Dot1p (VLAN ID 0)
None 2
Null
n/a
Dot1q
None 2
Null
n/a
TopQ BottomQ
None 2
Dot1q
n/a
None
None
Dot1q
n/a
Dot1p (default SAP VLAN ID 0)
Dot1p P-bits
Dot1q
n/a
Dot1q
Dot1q P-bits
QinQ/ X.Y
Top
TopQ BottomQ
TopQ P-bits
QinQ/ X.Y
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ X.0
Top
TopQ
TopQ P-bits
QinQ/ X.0
Default or Bottom
TopQ
TopQ P-bits
QinQ/ X.0
Top
TopQ BottomQ
TopQ P-bits
QinQ/ X.0
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ X.*
Top
TopQ
TopQ P-bits
QinQ/ X.*
Default or Bottom
TopQ
TopQ P-bits
QinQ/ X.*
Top
TopQ BottomQ
TopQ P-bits
QinQ/ X.*
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ 0.*
Top
None
None
QinQ/ 0.*
Default or Bottom
None
None
QinQ/ 0.*
Top
TopQ
TopQ P-bits
QinQ/ 0.*
Default or Bottom
TopQ
TopQ P-bits
QinQ/ 0.*
Top
TopQ BottomQ
TopQ P-bits
QinQ/ 0.*
Default or Bottom
TopQ BottomQ
BottomQ P-bits
QinQ/ *.*
Top
None
None
QinQ/ *.*
Default or Bottom
None
None
QinQ/ *.*
Top
TopQ
TopQ P-bits
QinQ/ *.*
Default or Bottom
TopQ
TopQ P-bits
QinQ/ *.*
Top
TopQ BottomQ
TopQ P-bits
QinQ/ *.*
Default or Bottom
TopQ BottomQ
BottomQ P-bits
Notes:
‟Default” in this column refers to the no form of the match-qinq-dot1p command.
For null encapsulation, the 7705 SAR does not process dot1p bits.
qinq-mark-top-only
Syntax
[no] qinq-mark-top-only
Context
config>service>vprn>if>sap>egress
Description
When enabled, the qinq-mark-top-only command specifies which P-bits to mark during packet egress. When disabled, both sets of P-bits are marked. When enabled, only the P-bits in the top Q-tag are marked. The no form of the command is the default state (disabled).
Dot1P Re-marking Behavior for the QinQ-mark-top-only Command shows the dot1p remarking behavior for different egress port type/SAP type combinations and qinq-mark-top-only state, where ‟False” represents the default (disabled) state.
If a new tag is pushed, the dot1p bits of the new tag will be zero (unless the new tag is re-marked by the egress policy. The dot1p bits are configured using the dot1p parameter under the config>qos context.
Egress Port Type/SAP Type |
QinQ-mark-top-only State |
Egress P-Bits Marked or Re-marked |
---|---|---|
Null 1 |
n/a |
None |
Dot1q/ X 1 |
n/a |
Outer tag |
Dot1q/ * 2 |
n/a |
None |
Dot1q/ 0 2 |
n/a |
Outer tag |
QinQ/ X.Y 1 |
False |
Two outer tags 3 |
True |
Outer tag 3 |
|
QinQ/ X.* 1 |
True or False |
Outer tag |
QinQ/ X.0 1 |
True or False |
Outer tag |
QinQ/ 0.* 1 |
True or False |
None |
QinQ/ *.* 2 |
True or False |
None |
Notes:
This port type/SAP type is supported by the following services: Epipe, Ipipe, VPLS, IES, and VPRN.
This port type/SAP type is supported by the following services: Epipe and VPLS.
Normally, when a new tag is pushed, the dot1p bits of the new tag will be zero, unless the P-bits are remarked by the egress policy. However, an exception to this occurs when the egress SAP type is X.Y and only one new outer tag must be pushed. In this case, the new outer tag will have its dot1p bits set to the inner tag's dot1p bits.
Default
no qinq-mark-top-only
qos
Syntax
qos policy-id
no qos [policy-id]
Context
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description
This command associates a QoS policy with an ingress or egress SAP. QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.
The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error; for example, trying to associate an egress policy on SAP ingress.
Only one ingress and one egress QoS policy can be associated with a SAP at one time. Attempts to associate a second QoS policy of a given type returns an error.
By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.
The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.
Parameters
- policy-id
the ingress or egress policy ID to associate with the SAP on ingress or egress. The policy ID or name must already exist.
scheduler-mode
Syntax
scheduler-mode {4-priority | 16-priority}
Context
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description
This command sets the scheduler mode for the SAP and is part of the hierarchical QoS (H-QoS) feature on the 7705 SAR.
If the mode is 4-priority, then the SAP is considered an unshaped 4-priority SAP and the agg-rate-limit cannot be changed from its default values.
If the mode is 16-priority and the agg-rate limit parameters are configured to be non-default values, then the SAP is considered a shaped SAP. If the agg-rate limit parameters are left in their default settings, the SAP is considered an unshaped, 16-priority SAP.
This command is blocked on third-generation (Gen-3) Ethernet adapter cards and platforms, such as the 6-port Ethernet 10Gbps Adapter card and the 7705 SAR-X, which only support 4-priority scheduling mode.
If the specified SAP is a LAG SAP, scheduler-mode can be configured but is not applied to Gen-3 adapter cards and platforms.
Default
4-priority
Parameters
- 4-priority
sets the scheduler mode for the SAP to be 4-priority mode
- 16-priority
sets the scheduler mode for the SAP to be 16-priority mode
shaper-group
Syntax
[no] shaper-group shaper-group-name
Context
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description
This command applies a shaper group to a SAP. The shaper group must already be created and must be within the shaper policy assigned to the Ethernet MDA (for ingress) or port (for egress). A shaper group is a dual-rate aggregate shaper used to shape aggregate access ingress or egress SAPs at a shaper group rate. Multiple aggregate shaper groups ensure fair sharing of available bandwidth among different aggregate shapers.
The default shaper group cannot be deleted.
The no form of this command removes the configured shaper-group.
Default
shaper-group ‟default”
Parameters
- shaper-group-name
the name of the shaper group. To access the default shaper group, enter ‟default”.
- create
keyword used to create a shaper group
Interface Spoke SDP Commands
spoke-sdp
Syntax
spoke-sdp sdp-id:vc-id [create]
no spoke-sdp sdp-id:vc-id
Context
config>service>vprn>interface
Description
This command binds a service to an existing Service Distribution Point (SDP).
A spoke SDP is treated like the equivalent of a traditional bridge ‟port”, where flooded traffic received on the spoke SDP is replicated on all other ‟ports” (other spoke SDPs or SAPs) and not transmitted on the port it was received on.
The SDP has an operational state that determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service is down.
The SDP must already be defined in the config>service>sdp context in order to associate it with a service. If the sdp sdp-id is not already configured, an error message is generated. If the sdp-id does exist, a binding between that sdp-id and the service is created.
SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.
Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN service. All packets are forwarded over the default LSP.
The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to the service. Once the binding is removed, no packets are forwarded to the far-end router. The spoke SDP must be shut down first before it can be deleted from the configuration.
Default
n/a
Special Cases
- VPRN
several SDPs can be bound to a VPRN service. Each SDP must be destined for a different 7705 SAR router. If two sdp-id bindings terminate on the same 7705 SAR, an error occurs and the second SDP is binding is rejected.
Parameters
- sdp-id
the SDP identifier
- vc-id
the virtual circuit identifier
egress
Syntax
egress
Context
config>service>vprn>if>spoke-sdp
Description
This command enables the context to configure egress SDP parameters.
vc-label
Syntax
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context
config>service>vprn>if>spoke-sdp>egress
Description
This command configures the static MPLS VC label used by the 7705 SAR to send packets to the far-end device in this service via this SDP.
Parameters
- egress-vc-label
a VC egress value that indicates a specific connection
ingress
Syntax
ingress
Context
config>service>vprn>if>spoke-sdp
Description
This command enables the context to configure ingress SDP parameters.
filter
Syntax
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id] [ipv6 ipv6-filter-id ]
Context
config>service>vprn>if>spoke-sdp>ingress
Description
This command associates an IPv4 or IPv6 filter policy with a spoke SDP. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.
The ip-filter-id or ipv6-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message will be returned.
Only one filter ID can be assigned to an interface unless the interface is dual-stack (supports both IPv4 and IPv6). A dual-stack interface can have one IPv4 and one IPv6 filter ID assigned to it.
In general, filters applied to ingress spoke SDPs will apply to all packets on the spoke SDP. One exception is that non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.
The no form of this command removes any configured filter ID association with the spoke SDP.
Parameters
- ip-filter-id
the IP filter policy. The filter ID or filter name must already exist within the created IP filters.
- ipv6-filter-id
specifies the IPv6 filter policy. The filter ID or filter name must already exist within the created IPv6 filters.
vc-label
Syntax
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context
config>service>vprn>if>spoke-sdp>ingress
Description
This command configures the static MPLS VC label used by the far-end device to send packets to the 7705 SAR in this service via this SDP.
Parameters
- ingress-vc-label
a VC ingress value that indicates a specific connection
Routed VPLS Commands
vpls
Syntax
vpls service-name
no vpls
Context
config>service>vprn>interface
Description
This command within the IP interface context binds the IP interface to the specified VPLS service name.
The system does not attempt to resolve the service name until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system scans the available VPLS services that have the allow-ip-int-binding flag set for a VPLS service associated with the service name. If the IP interface is already in the administratively up state, the system immediately attempts to resolve the given service name.
Parameters
- service-name
specifies the service name that the system attempts to resolve to an allow-ip-int-binding enabled VPLS service associated with the service name. The specified service name is an ASCII string of up to 32 characters.
ingress
Syntax
ingress
Context
config>service>vprn>if>vpls
Description
This command within the VPLS binding context defines the routed IPv4 optional filter override.
v4-routed-override-filter
Syntax
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context
config>service>vprn>if>vpls>ingress
Description
This command specifies an IPv4 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv4 routed packets use the existing ingress IPv4 filter on the VPLS virtual ports.
The no form of the command removes the IPv4 routed override filter from the ingress IP interface.
Default
n/a
Parameters
- ip-filter-id
specifies the IPv4 filter policy. The filter ID or filter name must already exist within the created IP filters.
v6-routed-override-filter
Syntax
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context
config>service>vprn>if>vpls>ingress
Description
This command specifies an IPv6 filter ID applied to all ingress packets entering the VPLS service. The filter overrides the existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional, and if not defined or removed, the IPv6 routed packets use the existing ingress IPv6 filter on the VPLS virtual ports.
The no form of the command removes the IPv6 routed override filter from the ingress IP interface.
Default
n/a
Parameters
- ipv6-filter-id
the IPv6 filter policy. The filter ID or filter name must already exist within the created IP filters.
Interface VRRP Commands
vrrp
Syntax
vrrp virtual-router-id [owner] [passive]
no vrrp virtual-router-id
Context
config>service>vprn>interface
config>service>vprn>if>ipv6
Description
This command creates or edits a virtual router ID (VRID) on the service IP interface. A virtual router ID is internally represented in conjunction with the IP interface name. This allows the virtual router ID to be used on multiple IP interfaces while representing different virtual router instances.
Two VRIDs can be defined on an IP interface. One, both, or none may be defined as owner.
The no form of this command removes the specified virtual router ID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the virtual router ID. The virtual router ID does not need to be shut down in order to remove the virtual router instance.
Default
n/a
Parameters
- virtual-router-id
specifies a new virtual router ID or one that can be modified on the IP interface
- owner
keyword used to identify this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of VRID creation, the vrrp backup command must be used to define the virtual router IP addresses. The owner keyword is not required when entering the VRID for editing purposes. When created as owner, a VRID on an IP interface cannot have the owner parameter removed. The VRID must be deleted, and then recreated without the owner keyword, to remove ownership.
- passive
-
keyword used to identify this virtual router instance as passive, owning the virtual router IP addresses. A passive VRID does not send or receive VRRP advertisement messages and is always in either the master state (if the interface is operationally up), or the initialize state (if the interface is operationally down). The passive keyword is not required when entering the VRID for editing purposes. When a VRID on an IP interface is created as passive, the parameter cannot be removed from the VRID. The VRID must be deleted, and then recreated without the passive keyword, to remove the parameter.
authentication-key
Syntax
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context
config>service>vprn>if>vrrp
Description
This command assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command can be executed at any time.
To change the current in-use password key on multiple virtual router instances:
identify the current master
shut down the virtual router instance on all backups
execute the authentication-key command on the master to change the password key
execute the authentication-key command and no shutdown command on each backup
The no form of this command restores the default value of the key.
Default
The authentication data field contains the value 0 in all 16 octets.
Parameters
- authentication-key
identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
The authentication-key parameter is expressed as a string consisting up to eight alphanumeric characters. Spaces must be contained in quotation marks ( ‟ ” ). The quotation marks are not considered part of the string.
The string is case-sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.
- hash-key
can be any combination of ASCII characters up to 22 characters in length (encrypted) for a hash key or up to 121 characters for a hash2 key. If spaces are used in the string, the entire string must be enclosed in quotation marks (‟ ”).
This option is useful when a user must configure the parameter, but for security purposes, the actual unencrypted key value is not provided.
- hash
specifies that the key is entered in an encrypted form. If the hash keyword is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash keyword specified.
- hash2
specifies that the key is entered in a more complex encrypted form. If the hash2 keyword is not used, the less-encrypted hash form is assumed.
backup
Syntax
[no] backup ip-address
[no] backup ipv6-address
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command configures virtual router IP addresses for backup.
Default
n/a
Parameters
- ip-address
specifies the destination IPv4 address for the backup interface
- ipv6-address
specifies the destination IPv6 address for the backup interface
bfd-enable
Syntax
[no] bfd-enable interface interface-name dst-ip ip-address
[no] bfd-enable service-id interface interface-name dst-ip ip-address
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command assigns a BFD session that provides a heartbeat mechanism for a VRRP instance. Only one BFD session can be assigned to a VRRP instance, but multiple VRRP instances can use the same BFD session.
BFD controls the state of the associated interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are set with the bfd-enable command under the IP interface specified in this command.
The no form of this command removes BFD from the configuration.
Default
n/a
Parameters
- service-id
specifies the service ID or name of the interface running BFD
- interface-name
specifies the name of the interface running BFD
- ip-address
specifies the destination address to be used for the BFD session
init-delay
Syntax
init-delay seconds
no init-delay
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command configures a VRRP initialization delay timer.
Default
no init-delay
Parameters
- seconds
specifies the length of time in seconds for the initialization delay timer for VRRP
mac
Syntax
mac mac-address
no mac
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command assigns a specific MAC address to a VPRN IP interface.
The no form of the command returns the MAC address of the IP interface to the default value.
Default
the physical MAC address associated with the Ethernet interface that the SAP is configured on (the default MAC address assigned to the interface, assigned by the system)
Parameters
- mac-address
specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff, where aa, bb, cc, dd, ee, and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
master-int-inherit
Syntax
[no] master-int-inherit
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command allows the master instance to dictate the master down timer (non-owner context only).
The master down interval is the time that the master router can be down before the backup router takes over. The master down interval is used to specify the master down timer. If the master down timer expires, the backup virtual router enters the master state. See "Master Down Interval" in the "VRRP" chapter of the 7705 SAR Router Configuration Guide for details.
Default
no master-int-inherit
message-interval
Syntax
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers with the same VRID. Any VRRP advertisement message received with an advertisement interval field different from the virtual router instance configured message-interval value will be silently discarded.
Configuring the message interval value can be done in three ways: using only the milliseconds value, using only the seconds value, or using a combination of the two values. Message Interval Configuration Ranges shows the ranges for each way of configuring the message interval.
Configuration |
IPv4 |
IPv6 |
---|---|---|
Using milliseconds value only |
100 to 900 ms |
10 to 990 ms |
Using seconds value only |
1 to 255 s |
1 to 40 s |
Using combination milliseconds and seconds values |
1 s 100 ms to 255 s 900 ms (1.1 s to 255.9 s) |
1 s 10 ms to 40s 990 ms (1.01 s to 40.99 s) |
Default setting |
1 s |
1 s |
The message-interval command is available for both non-owner and owner virtual routers. If the message-interval command is not executed, the default message interval is 1 s.
The no form of this command restores the default message-interval value of 1 s to the virtual router instance.
Default
1 s
Parameters
- seconds
the time interval, in seconds, between sending advertisement messages
- milliseconds
specifies the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on non-redundant chassis.
ntp-reply
Syntax
[no] ntp-reply
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command enables the reception of and response to Network Time Protocol (NTP) requests directed at the VRRP virtual IP address. This behavior only applies to the router currently acting as the master VRRP.
The no form of this command disables NTP requests from being processed.
Default
no ntp-reply
ping-reply
Syntax
[no] ping-reply
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command enables the non-owner master to reply to ICMP echo requests directed to the virtual router instance IP addresses. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parent IP interface or based on the ping source host address). When ping reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of the ping reply configuration.
The ping-reply command is only available for non-owner virtual routers.
The no form of this command restores the default operation of discarding all ICMP echo request messages destined for the non-owner virtual router instance IP addresses.
Default
no ping-reply
policy
Syntax
policy vrrp-policy-id
no policy
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command associates a VRRP priority control policy with the virtual router instance (non-owner context only). VRRP policies are defined under the config>vrrp>policy context. For details, see the ‟VRRP” chapter in the 7705 SAR Router Configuration Guide.
Default
n/a
Parameters
- vrrp-policy-id
specifies a VRRP priority control policy. The VRRP policy ID must already exist in the system for the policy command to be successful.
preempt
Syntax
preempt
no preempt
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command provides the ability to override an existing non-owner master with a virtual router backup that has a higher priority. Enabling preempt mode enhances the operation of the base priority and VRRP policy ID definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the effect of the dynamic changing of the in-use priority is greatly diminished.
The preempt command is only available for non-owner VRRP virtual routers. The owner cannot be preempted because the priority of non-owners can never be higher than the owner. The owner will always preempt all other virtual routers when it is available.
Non-owner backup virtual router instances will only preempt when preempt is set and the current master has an in-use message priority value less than the backup virtual router instance in-use priority.
A master non-owner virtual router will only allow itself to be preempted when the incoming VRRP advertisement message priority field value is one of the following:
greater than its in-use priority value
equal to the in-use priority value, and the source IP address (primary IP address) is greater than its primary IP address
The no form of this command prevents a non-owner virtual router instance from preempting another, less-desirable, virtual router.
Default
preempt
priority
Syntax
priority priority
no priority
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command configures a specific priority value for the virtual router instance. In conjunction with the optional policy command, the base priority derives the in-use priority of the virtual router instance.
The priority command is only available for non-owner VRRP virtual routers. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base priority is set to 100.
The no form of this command restores the default value of 100.
Parameters
- priority
specifies the base priority used by the virtual router instance. If a VRRP priority control policy is not defined, the base priority will be the in-use priority for the virtual router instance.
ssh-reply
Syntax
[no] ssh-reply
Context
config>service>vprn>if>vrrp
Description
This command enables the non-owner master to reply to SSH requests directed at the IP addresses of the virtual router instances. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parent IP interface or based on the SSH source host address). Proper login and CLI command authentication are enforced.
When the ssh-reply command is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to SSH requests regardless of the SSH reply configuration.
The ssh-reply command is only available for non-owner VRRP virtual routers.
The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.
Default
no ssh-reply
standby-forwarding
Syntax
[no] standby-forwarding
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command allows the forwarding of packets by a standby router when sent to the virtual router MAC address.
The no form of the command specifies that a standby router should not forward traffic sent to the virtual router MAC address. The standby router should forward traffic sent to the real MAC address of the standby router.
Default
no standby-forwarding
telnet-reply
Syntax
[no] telnet-reply
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command enables the non-owner master to reply to TCP port 23 Telnet requests directed at the IP addresses of the virtual router instance. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parent IP interface or based on the Telnet source host address). Proper login and CLI command authentication are enforced.
If the telnet-reply command is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to Telnet requests regardless of the Telnet reply configuration.
The telnet-reply command is only available for non-owner VRRP virtual routers.
The no form of this command restores the default operation of discarding all Telnet packets destined for the non-owner virtual router instance IP addresses.
Default
no telnet-reply
traceroute-reply
Syntax
[no] traceroute-reply
Context
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description
This command enables a non-owner master to reply to traceroute requests directed to the virtual router instance IP addresses. The command is valid only if the VRRP virtual router instance associated with this entry is a non-owner. A non-owner backup virtual router never responds to traceroute requests regardless of the traceroute reply status.
Default
no traceroute-reply
VPRN Static One-to-One NAT Configuration Commands
static-nat-inside
Syntax
[no] static-nat-inside
Context
config>service>vprn>interface
Description
This command configures an interface as an inside (private) interface.
By default, all interfaces are outside (public) interfaces. The no form of this command returns the interface to the default setting.
Default
no static-nat-inside
static-nat
Syntax
[no] static-nat
Context
config>service>vprn
Description
This command enables the context to configure static one-to-one NAT.
The no form of this command disables static one-to-one NAT.
Default
no static-nat
drop-packets-without-nat-entry
Syntax
[no] drop-packets-without-nat-entry
Context
config>service>vprn>static-nat
Description
This command configures the router to drop packets that are traveling from either an inside network to an outside network or an outside network to an inside network that do not have a NAT mapping entry.
By default, packets traveling from either an inside network to an outside network or an outside network to an inside network are forwarded whether or not there is a NAT mapping entry.
The no form of this command returns the router to the default behavior.
Default
no drop-packets-without-nat-entry
inside
Syntax
inside
Context
config>service>vprn>static-nat
Description
This command creates a static one-to-one NAT mapping from an inside network to an outside network. When configured, a packet traveling from an inside network to an outside network that matches a NAT mapping entry will have NAT applied to its source IP address. Similarly, a packet traveling from an outside network to an inside network that matches a NAT mapping entry will have NAT applied to its destination IP address.
Default
n/a
map
Syntax
map start ip-address end ip-address to ip-address
no map start ip-address end ip-address
Context
config>service>vprn>static-nat>inside
Description
This command maps a range of inside source IP addresses that will undergo NAT to a specified outside IP address range.
For example, to map the entire range of inside addresses within 192.168.0.0/16 to the outside address 10.10.0.0/16, the configuration would be:
map start 192.168.0.0 end 192.168.255.255 to 10.10.0.0
The 7705 SAR will then map each inside source IP address to its corresponding outside IP address sequentially; for example:
inside address 192.168.0.1 maps to 10.10.0.1
inside address 192.168.10.10 maps to 10.10.10.10
inside address 192.168.254.100 maps to 10.10.254.100
The no form of this command removes the NAT mapping.
Default
no map start ip-address end ip-address
Parameters
- start ip-address
identifies the start of the range of inside IPv4 addresses that will undergo NAT to an outside address, in the format a.b.c.d
- end ip-address
identifies the end of the range of inside IPv4 addresses that will undergo NAT to an outside address, in the format a.b.c.d
- to ip-address
identifies the outside IPv4 address that the range of inside addresses maps to, in the format a.b.c.d
shutdown
Syntax
[no] shutdown
Context
config>service>vprn>static-nat>inside>map
Description
This command administratively disables the static NAT map entry.
The no form of this command administratively enables the static NAT map entry.
Default
no shutdown
TWAMP Light Commands
twamp-light
Syntax
twamp-light
Context
config>service>vprn
Description
This command enables the context for configuring TWAMP Light functionality.
Default
disabled
reflector
Syntax
reflector [udp-port udp-port-number] [create]
no reflector
Context
config>service>vprn>twamp-light
Description
This command configures the TWAMP Light reflector function. The UDP port number is mandatory when creating a TWAMP Light reflector. The reflector functionality is enabled using the no shutdown command.
Default
disabled
Parameters
- udp-port-number
-
the UDP port that the session reflector listens to for TWAMP Light packets. The session controller launching the TWAMP Light packets must have the same UDP port configured as on the session reflector.
- create
-
mandatory keyword when creating a TWAMP Light reflector
prefix
Syntax
[no] prefix ip-prefix/prefix-length [create]
Context
config>service>vprn>twamp-light>reflector
Description
This command configures an IP address prefix containing one or more TWAMP Light session controllers. It is used to define which TWAMP Light packet prefixes the reflector will process. Once the prefix is configured, the TWAMP Light session reflector only responds to TWAMP Light packets from source addresses that are part of the prefix list.
Default
no prefix
Parameters
- ip-prefix/ip-prefix-length
the IPv4 or IPv6 address prefix
VPRN NTP Commands
ntp
Syntax
[no] ntp
Context
config>service>vprn
Description
This command enables the context to configure Network Time Protocol (NTP) and its operation. It also enables NTP server mode within the VPRN routing instance so that the router will respond to NTP requests received from external clients in the VPRN.
The no form of this command stops the execution of NTP and removes its configuration.
Default
n/a
authenticate
Syntax
[no] authenticate
Context
config>service>vprn>ntp
Description
This command enables authentication for the NTP server.
Default
n/a
authentication-check
Syntax
[no] authentication-check
Context
config>service>vprn>ntp
Description
This command provides the option to skip the rejection of NTP PDUs that do not match the authentication key ID, type, or key values.
When authentication is configured, NTP PDUs received on an interface or the management port are authenticated on receipt and rejected if there is a mismatch in the authentication key ID, type, or key value.
When authentication-check is enabled, NTP PDUs are authenticated on receipt and rejected if there is a mismatch in the authentication key ID, type, or key value. Any mismatches cause a counter to be incremented: one counter for type, one for key ID, and one for key value mismatches. These counters are visible in the show>system>ntp command output.
The no form of this command allows mismatched packets to be accepted (overriding authentication); however, the counters are maintained.
Default
authentication-check
authentication-key
Syntax
authentication-key key-id key key [hash | hash2] type {des | message-digest}
no authentication-key key-id
Context
config>service>vprn>ntp
Description
This command sets the authentication key ID, type, and key value used to authenticate NTP PDUs that are either sent by the broadcast server function toward external clients or received from external unicast clients within the VPRN routing instance. For authentication to work, the configured authentication key ID, type, and key values must match those of the NTP PDUs.
Configuring the authentication-key with a key-id value that matches an existing key will override the existing entry.
Recipients of the NTP packets must have the same authentication key ID, type, and key values in order to use the data transmitted by this node.
The no form of this command removes the authentication key.
Default
n/a
Parameters
- key-id
the authentication key identifier used by the node when transmitting or receiving NTP packets
- key
the authentication key associated with the configured key ID. The configured value is the actual value used by other network elements to authenticate the NTP packet.
- hash
specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- hash2
specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone. This means that the hash2 encrypted key cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
- des
specifies that DES authentication is used for this key. The des value is not supported in FIPS-140-2 mode.
- message-digest
-
specifies that MD5 authentication in accordance with RFC 2104 is used for this key.
broadcast
Syntax
broadcast {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]
no broadcast {interface ip-int-name}
Context
config>service>vprn>ntp
Description
This command configures the node to transmit NTP broadcast packets on the specified interface. Because broadcast messages can easily be spoofed, authentication is strongly recommended.
The no form of this command removes the interface from the configuration.
Default
n/a
Parameters
- ip-int-name
the local interface on which to transmit NTP broadcast packets. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
- key-id
identifies the configured authentication key and authentication type used by this node to receive and transmit NTP packets from and to an NTP server and peers. If an NTP packet is received by this node, both the authentication key and authentication type must be valid; otherwise, the packet will be rejected and an event or trap will be generated.
- version
the NTP version number that is generated by this node. This parameter does not need to be configured when the node is in NTP client mode because all versions will be accepted.
- ttl ttl
the IP Time To Live (TTL) value