vprn service-id [customer customer-id] [create]
no vprn service-id
config>service
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command creates or edits a Virtual Private Routed Network (VPRN) service instance.
If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.
VPRN services allow the creation of customer-facing IP interfaces in the same routing instance used for service network core routing connectivity. VPRN services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.
IP interfaces defined within the context of an VPRN service ID must have a SAP created as the access point to the subscriber network.
When a service is created, the customer keyword and customer-id must be specified to associate the service with a customer. The customer-id must already exist having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.
When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. Attempting to edit a service with the incorrect customer-id results in an error.
Multiple VPRN services are created to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within an VPRN service ID belongs to the same customer.
By default, no VPRN services instances exist until they are explicitly created.
The no form of this command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shut down and deleted.
Specifies the service number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7210 SAS on which this service is defined.
vprn customer
Specifies an existing customer identification number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address]
aggregate ip-prefix/ip-prefix-length
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures an aggregate route.
This command automatically installs an aggregate in the routing table when there are one or more component routes. A component route is any route used for forwarding that is a more specific match to the aggregate.
The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers, leading to smaller routing table sizes.
Overlapping aggregate routes may be configured; in this case a route becomes a component of only the one aggregate route with the longest prefix match; for example, if one aggregate is configured as 10.0.0.0/16 and another as 10.0.0.0/24, route 10.0.128/17 would be aggregated into 10.0.0.0/16, and route 10.0.0.128/25 would be aggregated into 10.0.0.0/24. If multiple entries are made with the same prefix and the same mask the previous entry is overwritten.
A standard 4-byte BGP community may be associated with an aggregate route to facilitate route policy matching.
The no form of this command removes the aggregate.
no aggregate
Specifies the destination address of the aggregate route in dotted decimal notation.
Keyword that suppresses the advertisement of more specific component routes for the aggregate.
To remove the summary-only option, enter the same aggregate command without the summary-only keyword.
Optional keyword that is only applicable to BGP and creates an aggregate where the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Use this option carefully, because it can increase the amount of route churn because of best path changes.
Optional keyword that specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet ASN used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.
[no] allow-ip-int-bind
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command enables IP interface binding.
The no form of this command disables IP interface binding.
no allow-ip-int-bind
auto-bind-tunnel
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
Commands in this context configure automatic binding of a VPRN service using tunnels to MP-BGP peers.
The auto-bind-tunnel context configures the binding of VPRN routes to tunnels. The user must configure the resolution option to enable auto-bind resolution to tunnels in the TTM. If the resolution option is explicitly set to disabled, auto-binding to tunnels is removed.
If the resolution command is set to any, any supported tunnel type in the VPRN context is selected following the TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, only these tunnel types will be selected again following the TTM preference.
The user must set the resolution command to filter to activate the list of tunnel types configured under resolution-filter.
When an explicit SDP to a BGP next hop is configured in a VPRN service (in the configure>service>vprn>spoke-sdp context), it overrides the auto-bind-tunnel selection for that BGP next hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke-SDP in the VPRN service context to resume using the auto-bind-tunnel selection for the BGP next hop.
resolution {any | filter | disabled}
config>service>vprn>auto-bind-tunnel
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the resolution mode in the automatic binding of a VPRN service to tunnels to MP-BGP peers.
Keyword that enables the binding to any supported tunnel type in the VPRN context following the TTM preference.
Keyword that enables the binding to the subset of tunnel types configured under resolution-filter.
Keyword that disables the automatic binding of a VPRN service to tunnels to MP-BGP peers.
resolution-filter
config>service>vprn>auto-bind-tunnel
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
Commands in this context configure the subset of tunnel types that can be used in the resolution of VPRN prefixes within the automatic binding of VPRN services to tunnels to MP-BGP peers.
The following tunnel types are supported in a VPRN context: RSVP, LDP, and segment routing (SR). The BGP tunnel type is not explicitly configured and is therefore implicit. It is always preferred over any other tunnel type enabled in the auto-bind-tunnel context.
[no] ldp
config>service>vprn>auto-bind-tunnel>res-filter
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command specifies the use of LDP tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN services to tunnels to MP-BGP peers.
When the ldp command is specified, BGP searches for an LDP LSP with a FEC prefix corresponding to the address of the BGP next-hop.
The no form of this command disables the use of LDP tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN services to tunnels to MP-BGP peers.
no ldp
[no] rsvp
config>service>vprn>auto-bind-tunnel>res-filter
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command specifies the use of RSVP tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN services to tunnels to MP-BGP peers.
When rsvp is specified, BGP searches for the best metric RSVP LSP to the address of the BGP next hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.
The no form of this command disables the use of RSVP tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.
no rsvp
[no] sr-isis
config>service>vprn>auto-bind-tunnel>res-filter
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the use of SR-ISIS tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.
When sr-isis is specified, an SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered IS-IS instance.
The no form of this command disables the use of SR-ISIS tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.
no sr-isis
[no] sr-ospf
config>service>vprn>auto-bind-tunnel>res-filter
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the use of SR-OSPF tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.
When sr-ospf is specified, an SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered OSPF instance.
The no form of this command disables the use of SR-OSPF tunnel types for the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.
no sr-ospf
autonomous-system as-number
no autonomous-system
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command defines the autonomous system (AS) to be used by this VPN routing/forwarding (VRF). This command defines the autonomous system to be used by this VPN routing.
The no form of this command removes the defined AS from this VPRN context.
no autonomous-system
Specifies the AS number for the VPRN service.
maximum-ipv6-routes number [log-only] [threshold percent]
no maximum-ipv6-routes
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the maximum number of remote IPv6 routes that are allowed to be learned within a VPN VRF context. Local, host, static, and aggregate routes are not counted.
The VPRN service ID must be in a shutdown state to modify the maximum-ipv6-routes command parameters.
If the log-only keyword is not specified and the maximum-ipv6-routes value is set below the existing number of routes in a VRF, the offending RIP peer (if applicable) is brought down, but the VPRN instance remains up. BGP peering remains up but the exceeding BGP routes are not added to the VRF.
The maximum route threshold can dynamically change to increase the number of supported routes, even when the maximum has already been reached. Protocols resubmit the routes that were initially rejected.
This command only applies to PE-CE protocols (on the 7210 SAS, BGP and OSPF are supported for PE-CE dynamic routing protocols). There are two limits to consider: one is the value configured as part of the maximum-ipv6-routes command and the second is the maximum IP FIB limit supported on the node. When a route is received, the following comparison is completed:
A log is generated to indicate that the limit has been exceeded.
The no form of this command disables any limit on the number of routes within a VRF context. Issue the no form of this command only when the VPRN instance is shutdown.
0 or disabled
Specifies the maximum number of routes allowed to be learned in a VRF context.
Keyword to specify that if the maximum limit is reached, only log the event. This keyword does not disable learning new routes.
Specifies the percentage at which a warning log message and SNMP trap should be set. There are two warnings; the first is a mid-level warning at the threshold value set, and the second is a high-level warning at level between the maximum number of routes and the mid-level rate ( [mid+max] / 2 ).
maximum-routes number [log-only] [threshold percent]
no maximum-routes
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the maximum number of remote routes that are allowed to be learned within a VPN VRF context. Local, host, static, and aggregate routes are not counted.
The VPRN service ID must be in a shutdown state to modify the maximum-routes command parameters.
If the log-only keyword is not specified and the maximum-routes value is set below the existing number of routes in a VRF, the offending RIP peer (if applicable) is brought down, but the VPRN instance remains up. BGP peering remains up but the exceeding BGP routes are not added to the VRF.
The maximum route threshold can dynamically change to increase the number of supported routes, even when the maximum has already been reached. Protocols resubmit the routes that were initially rejected.
This command only applies to PE-CE protocols (on the 7210 SAS, BGP and OSPF are supported for PE-CE dynamic routing protocols). There are two limits to consider: one is the value configured as part of the maximum-routes command and the second is the maximum IP FIB limit supported on the node. When a route is received, the following comparison is completed:
A log is generated to indicate that the limit has been exceeded.
The no form of this command disables any limit on the number of routes within a VRF context. Issue the no form of this command only when the VPRN instance is shutdown.
0 or disabled
Specifies the maximum number of routes allowed to be learned in a VRF context.
Keyword to specify that if the maximum limit is reached, only log the event. This keyword does not disable learning new routes.
Specifies the percentage at which a warning log message and SNMP trap should be set. There are two warnings; the first is a mid-level warning at the threshold value set, and the second is a high-level warning at level between the maximum number of routes and the mid-level rate ( [mid+max] / 2 ).
route-distinguisher [ip-address:number | asn:number]
no route-distinguisher
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command sets the identifier attached to routes the VPN belongs to. Each routing instance must have a unique (within the carrier domain) route distinguisher associated with it. A route distinguisher must be defined for a VPRN to be operationally active.
no route-distinguisher
The route distinguisher is a 6-byte value that can be specified in one of the following formats:
Specifies the IP address in dotted decimal notation. The assigned number must not be greater than 65535.
Specifies the AS number as a 2-byte value less than or equal to 65535. The assigned number can be any 32-bit unsigned integer value.
router-id ip-address
no router-id
config>service>vprn
config>service>vprn>bgp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command sets the router ID for a specific VPRN context.
If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.
The no form of this command removes the router ID definition from the specific VPRN context.
no router-id
Specifies the IP address, in dotted decimal notation.
service-name service-name
no service-name
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures an optional service name that adds a name identifier to a specific service to then use that service name in configuration references as well as display and use service names in show commands throughout the system. This helps the service provider or administrator to identify and manage services within the 7210 SAS platforms.
All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a specific service when it is initially created.
Specifies a unique service name to identify the service, up to 64 characters. Service names may not begin with an integer (0 to 9).
snmp
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
Commands in this context configure SNMP parameters for this VPRN.
community community-name [hash | hash2] [access-permissions] [version SNMP-version]
no community [community-name]
config>service>vprn>snmp
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command configures the SNMP community names to be used with the associated VPRN instance. These VPRN community names associate SNMP v1/v2c requests with a particular VPRN context and to return a reply that contains VPRN-specific data or limit SNMP access to data in a specific VPRN instance.
VPRN SNMP communities configured with an access permission of ‟r” are automatically associated with the default access group "snmp-vprn-ro” and the ‟vprn-view” view (read only). VPRN SNMP communities configured with an access permission of ‟rw” are automatically associated with the default access group "snmp-vprn” and the ‟vprn-view” view (read/write).
The community in an SNMP v1/v2 request determines the SNMP context (the VPRN number for accessing SNMP tables) and not the VPRN of the incoming interface on which the request is received. When an SNMP request arrives on VPRN 5 interface ‟ringo” with a destination IP address equal to the ‟ringo” interface, but the community in the SNMP request is the community configured against VPRN 101, the SNMP request will be processed using the VPRN 101 context (the response will contain information about VPRN 101). Nokia recommends to avoid using a simple series of vprn snmp-community values that are similar to each other (for example, avoid my-vprncomm-1, my-vprn-comm-2, and so on).
By default, the SNMP community must be explicitly specified.
The no form of this command removes the SNMP community name from the specific VPRN context.
Specifies the SNMP v1/v2c community name. This is a secret/confidential key used to access SNMP and specify a context (base vs vprn1 vs vprn2).
Keyword that specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
Keyword that specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
Specifies the SNMP version.
Specifies the access rights to MIB objects.
source-address
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
Commands in this context specify the source address and application that should be used in all unsolicited packets.
application app [ip-int-name|ip-address]
no application app
config>service>vprn>source-address
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command specifies the source address and application.
Specifies the application name.
Specifies the name of the IP interface or IP address. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] {next-hop ip-int-name | ip-address | ipsec-tunnel ipsec-tunnel-name} [bfd-enable | {cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]}]
[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address [cpe-check cpe-ip-address [interval seconds][drop-count count] [log]]
[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command creates static route entries within the associated router instance. When configuring a static route, either next-hop, indirect, or black-hole must be configured.
If a CPE connectivity check target address is already being used as the target address in a different static route, cpe-check parameters must match. If they do not, the new configuration command is rejected.
If a static-route command is issued with no cpe-check target, but the destination prefix/netmask and next hop matches a static route that did have an associated cpe-check, the cpe-check test will be removed from the associated static route.
The no form of this command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, as many parameters as are required to uniquely identify the static route must be entered.
Specifies the destination address of the aggregate route in dotted decimal notation.
Specifies the subnet mask in dotted decimal notation.
Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed with double quotes.
Specifies the IP address of the IP interface. The ip-addr portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Keyword that specifies static routes can be administratively enabled or disabled. Use the enable parameter to reenable a disabled static route. To enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.
The administrative state is maintained in the configuration file.
Keyword that specifies static routes can be administratively enabled or disabled. Use the disable parameter to disable a static route while maintaining the static route in the configuration. To enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.
The administrative state is maintained in the configuration file.
Specifies the interval between ICMP pings to the target IP address.
Specifies the number of consecutive ping-replies that must be missed to declare the CPE down and to deactivate the associated static route.
Optional keyword that enables the ability to log transitions between active and in-active based on the CPE connectivity check. Events should be sent to the system log, syslog, and SNMP traps.
Specifies the directly connected next-hop IP address used to reach the destination. If the next hop is over an unnumbered interface, the ip-int-name of the unnumbered interface (on this node) can be configured.
The next-hop keyword and the indirect or black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the indirect or black-hole parameters), this static route is replaced with the newly entered command, and unless specified, the respective defaults for preference and metric will be applied.
The ip-address configured here can be either on the network side or the access side on this node. This address must be associated with a network directly connected to a network configured on this node.
Specifies that the route is indirect and specifies the next-hop IP address used to reach the destination.
The configured ip-address is not directly connected to a network configured on this node. The destination can be reachable via multiple paths. The static route remains valid as long as the address configured as the indirect address remains a valid entry in the routing table. Indirect static routes cannot use an ip-prefix/mask to another indirect static route.
The indirect keyword and the next-hop or black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the next-hop or black-hole parameters), this static route is replaced with the newly entered command and unless specified the respective defaults for preference and metric are applied.
The ip-address configured can be either on the network or the access side and is at least one hop away from this node.
Keyword that specifies a blackhole route, meaning that if the destination address on a packet matches this static route it is silently discarded.
The black-hole keyword is mutually exclusive with the next-hop or indirect keywords. If an identical command is entered, with exception of the next-hop or indirect parameters, the static route is replaced with the new command, and unless specified, the respective defaults for preference and metric are applied.
Specifies the preference of this static route (as opposed to the routes from different sources such as BGP or OSPF), expressed as a decimal integer. When modifying the preference value of an existing static route, unless specified, the metric does not change.
If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the configuration of the ECMP command.
Specifies the cost metric for the static route, expressed as a decimal integer. This value is used when importing this static route into other protocols such as OSPF. This value is also used to determine the static route to install in the forwarding table. When modifying the metrices of an existing static route, unless specified, the preference does not change.
If there are multiple static routes with the same preference but unequal metrices, the lower cost (metric) route is installed. If there are multiple static routes with equal preference and metrics, ECMP rules apply. If there are multiple routes with unequal preferences, the lower preference route is installed.
Keyword that adds a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols.
Keyword that associates the state of the static route to a BFD session between the local system and the configured next hop. This keyword cannot be configured if the next hop has indirect or a blackhole keywords specified.
Specifies the IP address of the target CPE device. ICMP pings are sent to this target IP address. This parameter must be configured to enable the CPE connectivity feature for the associated static route. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a specific static route.
vrf-export policy [policy...]
no vrf-export
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command specifies the export policies to control routes exported from the local VPN VRF to other VRFs on the same or remote PE routers (via MP-BGP).
By default, no routes are exported from the VRF.
The no form of this command removes all route policy names from the export list.
Specifies the route policy statement name.
vrf-import policy [policy...]
no vrf-import
config>service>vprn
7210 SAS-K 2F6C4T and 7210 SAS-K 3SFP+ 8C
This command sets the import policies to control routes imported to the local VPN VRF from other VRFs on the same or remote PE routers (via MP-BGP). BGP-VPN routes imported with a VRF-import policy use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs on the same router, unless the preference is changed by the policy.
By default, no routes are accepted into the VRF.
The no form of this command removes all route policy names from the import list.
Specifies the route policy statement name.