[no] evpn-proxy-arp-nd
config>service>system
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables proxy-ARP and proxy-ND capability per node.
When this command is enabled, the proxy-arp and proxy-nd commands are enabled for all services and cannot be disabled for individual services. Using the per-service CLI context and commands under the proxy-arp or proxy-nd command, users can configure the service-specific proxy-arp or proxy-nd command parameters. Only when the evpn-proxy-arp-nd command is enabled can the per-service CLI commands be used to configure proxy-arp or proxy-nd parameters.
When this command is disabled, it is not possible to enable the proxy-arp or proxy-nd command per service, and proxy-arp and proxy-nd is disabled for all EVPN services on the node.
The no form of this command disables proxy-ARP and proxy-ND capability per node.
The no form of this command reverts all configured proxy-arp and proxy-nd command parameters to the default values and shuts down proxy-ARP and proxy-ND for all services.
no evpn-proxy-arp-nd
vpls service-id [customer customer-id] [vpn vpn-id] [m-vpls] [name name] [create]
no vpls service-id
config>service
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command creates or edits a Virtual Private LAN Service (VPLS) instance. If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.
A VPLS connects multiple customer sites together acting like a zero-hop, Layer 2 switched domain. A VPLS is always a logical full mesh.
If the create command is enabled in the environment context, the create keyword must be specified when the service is created. Specify the customer keyword and customer-id to associate the service with a customer. The customer-id must already exist (created using the customer command in the service context). After a service has been created with a customer association, it is not possible to edit the customer association. To edit the customer association, the service must be deleted and recreated with a new customer association.
After a service is created, the use of the customer customer-id is optional for navigating into the service configuration context. Attempting to edit a service with the incorrect customer-id specified will result in an error.
More than one VPLS may be created for a single customer ID.
By default, no VPLS instances exist until they are explicitly created.
The no form of this command deletes the VPLS service instance with the specified service-id. The service cannot be deleted until all SAPs and SDPs defined within the service ID have been shutdown and deleted, and the service has been shutdown.
Specifies the unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every router on which this service is defined.
Specifies the customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
Specifies the VPN ID number which allows you to identify VPNs by a VPN identification number.
Specifies a management VPLS.
bgp-evpn
no bgp-evpn
config>service>vpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables BGP-EVPN in the base instance.
The no form of this command disables BGP-EVPN.
evi value
no evi
config>service>vpls>bgp-evpn
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command specifies a 2-byte EVPN instance that is unique in the system. It is used by the service-carving algorithm for multihoming and auto-deriving route target and route distinguishers.
If not specified, the value is zero and no route distinguisher or route targets are auto-derived from it. If the evi value is specified and no other route distinguisher or route target is configured in the service, the following rules apply:
the route distinguisher is derived from <system_ip>:evi
the route-target is derived from <autonomous-system>:evi
If VSI import and export policies are configured, the route target must be configured in the policies, and those values take precedence over the auto-derived route targets. The operational route target for a service is shown in the show service id bgp command.
The no form of this command reverts the evi value to zero.
no evi
Specifies the EVPN instance.
mpls
config>service>vpls>bgp-evpn
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context configure the BGP EVPN MPLS parameters.
auto-bind-tunnel
config>service>vpls>bgp-evpn>mpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context configure automatic binding of a BGP-EVPN service using tunnels to MP-BGP peers.
The resolution mode must be configured to enable auto-bind resolution to tunnels in TTM. The following configurations are available.
If resolution is explicitly set to disabled, the auto-binding to the tunnel is removed.
If resolution is set to any, any supported tunnel type in the EVPN context is selected, following TTM preference.
The resolution-filter option is used to specify one or more explicit tunnel types; only the specified tunnel types are selected again following the TTM preference.
The following tunnel types are supported in a BGP-EVPN MPLS context, in order of preference: RSVP, LDP, SR-ISIS, SR-OSPF, and BGP.
The rsvp value specifies that BGP searches for the best metric RSVP LSP to the address of the BGP next hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel ID.
The ldp value specifies that BGP searches for an LDP LSP with a FEC prefix corresponding to the address of the BGP next hop.
The sr-isis (sr-ospf) value specifies that an SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered ISIS (OSPF) instance.
The bgp value specifies BGP EVPN to search for a BGP LSP to the address of the BGP next hop. If the user does not enable the BGP tunnel type, the inter-area or inter-as prefixes is not resolved.
To activate the list of tunnel-types configured under resolution-filter, the resolution must be set to filter.
resolution {disabled | any | filter}
config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the resolution mode in the automatic binding of a BGP-EVPN MPLS service to tunnels to MP-BGP peers.
resolution disabled
Specifies to disable the automatic binding of a BGP-EVPN MPLS service to tunnels to MP-BGP peers.
Specifies to enable the binding to any supported tunnel type in a BGP-EVPN MPLS context following TTM preference.
Specifies to enable the binding to the subset of tunnel types configured under resolution-filter.
resolution-filter
config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context configure the subset of tunnel types that can be used in the resolution of BGP-EVPN routes within the automatic binding of BGP-EVPN MPLS service to tunnels to MP-BGP peers.
The following tunnel types are supported in a BGP-EVPN MPLS context, in order of preference: RSVP, LDP, Segment Routing (SR), BGP, and UDP.
[no] bgp
config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command specifies the BGP tunnel type.
BGP EVPN will search for a BGP LSP to the address of the BGP next hop. If the user does not enable the BGP tunnel type, the inter-area or inter-as prefixes will not be resolved.
The no form of this command disables BGP as a tunnel type to consider.
no bgp
[no] ldp
config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command specifies the LDP tunnel type.
BGP will search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next-hop.
The no form of this command disables LDP as a tunnel type to consider.
no ldp
[no] rsvp
config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command specifies the RSVP-TE tunnel type.
BGP will search for the best metric RSVP LSP to the address of the BGP next hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.
The no form of this command disables RSVP as a tunnel type to consider.
no rsvp
[no] sr-isis
config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command specifies the Segment Routing (SR) tunnel type programmed by an ISIS instance in TTM.
The no form of this command disables SR-ISIS as a tunnel type to consider.
no sr-isis
[no] sr-ospf
config>service>vpls>bgp-evpn>mpls>auto-bind-tunnel>resolution-filter
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command specifies the SR tunnel type programmed by an OSPF instance in TTM.
The SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered ISI-S (OSPF) instance.
The no form of this command disables SR-OSPF as a tunnel type to consider.
no sr-ospf
shutdown
no shutdown
config>service>vpls>bgp-evpn>mpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.
The no form of this command places the entity into an administratively enabled state.
shutdown
[no] mac-advertisement
config>service>vpls>bgp-evpn
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables the advertisement in BGP of the learned MACs on SAPs and SDP bindings. When the mac-advertisement command is disabled, the local MACs will be withdrawn in BGP.
The no form of this command disables mac-advertisement.
mac-advertisement
mac-duplication
config>service>vpls>bgp-evpn
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context configure the BGP EVPN MAC duplication parameters.
detect num-moves num-moves window minutes
config>service>vpls>bgp-evpn>mac-duplication
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command modifies the default behavior of the mac-duplication feature, which is always enabled by default. The command specifies the number of moves (num-moves) to monitor within a period of time (window).
detect num-moves 5 window 3
Specifies the number of MAC moves in a VPLS. The counter is incremented when a specified MAC is locally relearned in the FDB or flushed from the FDB due to the reception of a better remote EVPN route for that MAC.
Specifies the length of the window, in minutes.
retry minutes
no retry
config>service>vpls>bgp-evpn>mac-duplication
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the timer after which the MAC in hold-down state is automatically flushed and the mac-duplication process starts again. This value is expected to be equal to two times or more than that of window.
If the no form of this command is configured and mac-duplication is detected, MAC updates for that MAC will be held down until the user intervenes or a network event (that flushes the MAC) occurs.
retry 9
Specifies the BGP EVPN MAC duplication retry, in minutes.
[no] control-word
config>service>vpls>bgp-evpn>mpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables the transmission and reception of the control word, as defined in RFC 7432, which helps avoid frame disordering.
This command is enabled or disabled for all EVPN-MPLS destinations at the same time.
The no form of this command reverts to the default value.
no control-word
no force-vlan-vc-forwarding
config>service>vpls>bgp-evpn>mpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command allows the system to preserve the VLAN ID and 802.1p bits of the service-delimiting qtag in a new tag added in the customer frame before sending it to the EVPN-MPLS destinations.
When the force-vlan-vc-forwarding command is enabled, the VC VLAN ID is always set to 0.
This command is disabled on the 7210 SAS. It is set to the no form by default and cannot be enabled. If the ingress SAP/SDP binding is null-encapsulated, the output VLAN ID and pbits are zero.
no force-vlan-vc-forwarding
[no] ingress-replication-bum-label
config>service>vpls>bgp-evpn>mpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the system to send a separate label for Broadcast, Unknown unicast and Multicast (BUM) traffic in a specified service. By default (no ingress-replication-bum-label), the same label is used for unicast and flooded BUM packets when forwarding traffic to remote PEs.
Saving labels may cause transient traffic duplication for all-active multihoming. If ingress-replication-bum-label is enabled, the system will advertise two labels per EVPN VPLS instance, one for unicast and one for BUM traffic. The ingress PE will use the BUM label for flooded traffic to the advertising egress PE, which allows the egress PE to determine whether unicast traffic has been flooded by the ingress PE. Depending on the scale required in the network, the user may choose between saving label space or avoiding transient packet duplication sent to an all-active multi-homed CE for certain MACs.
The no form of this command uses the same label for unicast and flooded BUM packets.
no ingress-replication-bum-label
split-horizon-group name
no split-horizon-group
config>service>vpls>bgp-evpn>mpls
7210 SAS-Mxp
This command configures an explicit split-horizon group for all BGP-EVPN MPLS destinations that can be shared by other SAPs and spoke-SDPs. The use of explicit split-horizon groups for EVPN-MPLS and spoke-SDPs allows the integration of VPLS and EVPN-MPLS networks.
If the bgp-evpn mpls split-horizon-group command is not used, the default split-horizon group (that contains all the EVPN destinations) is still used, but it is not possible to refer to it on SAPs/spoke-SDPs.
User-configured split-horizon groups can be configured within the service context. The same group name can be associated to SAPs, spoke-SDPs, pw-templates, pw-template-bindings, and EVPN-MPLS destinations.
The configuration of the bgp-evpn mpls split-horizon-group command is only allowed if bgp-evpn>mpls is shut down; no changes are allowed when bgp-evpn>mpls is no shutdown.
If the SAPs or spoke-SDPs (manual) are configured within the same split-horizon group as the EVPN-MPLS endpoints, MAC addresses will still be learned but not advertised in BGP-EVPN. If an EVPN-MPLS provider tunnel is enabled in the service, the SAPs and SDP-bindings that share the same split-horizon group of the EVPN-MPLS provider-tunnel will be brought operationally down if the point-to-multipoint tunnel is operationally up.
The no form of this command configures the EVPN-MPLS destinations to use the default split-horizon group.
no split-horizon-group
Specifies the split-horizon group name.
[no] proxy-arp
config>service>vpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables proxy-ARP in an VPLS service.
On the 7210 SAS, users can enable or disable proxy-ARP commands for all EVPN services configured on the node; however, the option to enable or disable proxy-ARP per service is not available.
To enable or disable proxy-ARP capability, use the config>service>system>evpn-proxy-arp-nd command.
The no form of this command removes the proxy-ARP context.
If the config>service>system>evpn-proxy-arp-nd command is configured, it must be disabled to run the no proxy-arp command. See Configuration guidelines for proxy-ARP and proxy-ND for more information.
no proxy-arp
[no] proxy-nd
config>service>vpls
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables proxy-ND in a VPLS service.
On the 7210 SAS, users can enable or disable proxy-ND commands for all EVPN services configured on the node; however, the option to enable or disable proxy-ND per service is not available.
To enable or disable proxy-ND capability, use the config>service>system>evpn-proxy-arp-nd command.
The no form of this command removes the proxy-ND context.
If the config>service>system>evpn-proxy-arp-nd command is configured, the no proxy-nd command cannot be run. See Configuration guidelines for proxy-ARP and proxy-ND for more information.
no proxy-nd
age-time seconds
no age-time
config>service>vpls>proxy-arp
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command specifies the aging timer per proxy-ARP and proxy-ND entry for dynamic entries. When the aging expires, the entry is flushed. The age is reset when a new ARP, GARP, or NA for the same MAC-IP is received.
If the corresponding FDB MAC entry is flushed, the proxy-ARP or proxy-ND entry becomes inactive and subsequent ARP or NS lookups are treated as "missed". EVPN withdraws the IP-to-MAC if the entry becomes inactive. The age-time should be set at the send-refresh seconds value * 3 to ensure that no active entries are unnecessarily removed.
The no form of this command disables the aging timer.
no age-time
Specifies the aging time, in seconds.
dup-detect [anti-spoof-mac mac-address] window minutes num-moves count hold-down [minutes | max]
config>service>vpls>proxy-arp
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables the mechanism that detects duplicate IPs and ARP/ND spoofing attacks. Attempts (relevant to dynamic and EVPN entry types) to add the same IP (different MAC) are monitored for window minutes. When count is reached within that window, the proxy-ARP or proxy-ND entry for the suspected IP is marked as duplicate. An alarm is also triggered. This condition is cleared when hold-down time expires (max does not expire) or a clear command is issued.
If the anti-spoof-mac keyword is configured, the proxy-ARP or proxy-ND MAC address of the offending entry is replaced with the configured anti-spoof mac-address and advertised in an unsolicited GARP/NA for local SAPs/SDP-bindings, and in EVPN to remote PEs. This mechanism assumes that the same anti-spoof-mac is configured in all the PEs for the same service, and that traffic with destination anti-spoof-mac received on SAPs/SDP-bindings will be dropped. An ingress mac-filter may be configured to drop traffic to the anti-spoof-mac.
dup-detect window 3 num-moves 5 hold-down 9
Specifies the window size, in minutes.
Specifies the number of moves required so that an entry is declared duplicate.
Specifies the hold-down time, in minutes, for a duplicate entry.
Specifies the MAC address to use as the optional anti-spoof-mac.
[no] dynamic-arp-populate
config>service>vpls>proxy-arp
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables the addition of dynamic entries to the proxy-ARP table.
When enabled, the system populates proxy-ARP entries from snooped GARP or ARP messages on SAPs/SDP-bindings. These entries are shown as dynamic.
When disabled, dynamic ARP entries are flushed from the proxy-ARP table. Enabling dynamic-arp-populate is only recommended in networks where this command is consistently configured in all PEs.
The no form of this command disables the addition of dynamic entries to the proxy-ARP table.
no dynamic-arp-populate
[no] dynamic-nd-populate
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables the addition of dynamic entries to the proxy-ND table.
When enabled, the system populates proxy-ND entries from snooped Neighbor Advertisement (NA) messages on SAPs or SDP-bindings, in addition to the entries coming from EVPN (if the EVPN is enabled). These entries are shown as dynamic, and not as EVPN or static entries.
When disabled, dynamic ND entries are flushed from the proxy-ND table. Enabling dynamic-nd-populate is only recommended in networks where this command is consistently configured in all PEs.
The no form of this command disables the addition of dynamic entries to the proxy-ND table.
no dynamic-nd-populate
evpn-nd-advertise {host | router}
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables the advertisement of static or dynamic entries that are learned as a host or router. Only one option (host or router) is possible in a specified service. This command also determines the R flag (host or router) when sending NA messages for existing EVPN entries in the proxy-ND table.
This command can only be modified if proxy-nd is shut down.
evpn-nd-advertise router
Keyword to enable the advertisement of static or dynamic entries that are learned as host.
Keyword to enable the advertisement of static or dynamic entries that are learned as routers.
[no] garp-flood-evpn
config>service>vpls>proxy-arp
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command controls whether the system floods GARP-requests and GARP-replies to the EVPN. The GARPs impacted by this command are messages in which the sender IP is equal to the target IP and the MAC DA is broadcast.
The no form of this command only floods to local SAPs/SDP-bindings but not to EVPN destinations. The use of the no form is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood GARP messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.
garp-flood-evpn
[no] host-unsolicited-na-flood-evpn
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command controls whether the system floods host unsolicited Neighbor Advertisement (NA) messages to the EVPN. The NA messages with the following flags are impacted by this command:
S=0
R=0
The no form of this command only floods to local SAPs/SDP-bindings but not to the EVPN destinations. The use of the no form is only recommended in networks where CEs are routers that are directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood unsolicited NA messages in the EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.
host-unsolicited-na-flood-evpn
[no] router-unsolicited-na-flood-evpn
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command controls whether the system floods router unsolicited NAs to EVPN. The NA messages impacted by this command are NA messages with the following flags:
S=0
R=1
The no form of this command only floods to local SAPs/SDP-bindings but not to EVPN destinations. This is only recommended in networks where CEs are routers directly connected to the PEs. Networks using aggregation switches between the host/routers and the PEs should flood unsolicited NA messages in EVPN to ensure that the remote caches are updated and the BGP does not miss the advertisement of these entries.
router-unsolicited-na-flood-evpn
send-refresh seconds
no send-refresh
config>service>vpls>proxy-arp
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables the system to send a refresh message at the configured time. A refresh message is an ARP-request message that uses 0s as the sender IP for the case of a proxy-ARP entry. For proxy-ND entries, a refresh is a regular NS message that uses the chassis MAC address as the MAC source address.
The no form of this command suppresses the refresh messages.
no send-refresh
Specifies the time to send a refresh message, in seconds.
static ip-address ieee-address
no static ip-address
config>service>vpls>proxy-arp
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures static entries to be added to the table. A static MAC-IP entry requires the addition of the MAC address to the FDB as either learned or CStatic (conditional static MAC) to become active.
The no form of this command removes the specified static entry.
Specifies the IPv4 address for the static entry.
Specifies a 48-bit MAC address in the form xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx, where xx represents a hexadecimal number.
static ipv6-address ieee-address {host | router}
no static ipv6-address
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures static entries to be added to the table. A static MAC-IP entry requires the addition of the MAC address to the FDB as either dynamic or CStatic (Conditional Static MAC) to become active. Along with the IPv6 and MAC address, the entry must also be configured as either host or router. This determines whether the received NS for the entry is replied with the R flag set to 1 (router) or 0 (host).
The no form of this command removes the specified static entry.
Specifies the IPv6 address for the static entry.
Specifies a 48-bit MAC address in the form xx:xx:xx:xx:xx:xx or xx-xx-xx-xx-xx-xx, where xx represents a hexadecimal number.
Specifies that the entry is type ‟host”.
Specifies that the entry is type ‟router”.
table-size table-size
config>service>vpls>proxy-arp
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command adds a table-size limit per service. By default, the limit is 250; it can be set up to 16k entries per service. A non-configurable implicit high watermark of 95% and low watermark of 90% exists, per service and per system.
When those watermarks are reached, a syslog or trap is triggered. When the system or service limit is reached, entries for a specified IP can be replaced (a different MAC can be learned and added) but no new IP entries are added, regardless of the type (Static, evpn, dynamic). If the user attempts to change the table-size value to a value that cannot accommodate the number of existing entries, the attempt fails.
table-size 250
Specifies the table-size as the number of entries for the service.
[no] unknown-arp-request-flood-evpn
config>service>vpls>proxy-arp
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command controls whether unknown ARP requests are flooded into the EVPN network. By default, the system floods ARP requests, including EVPN (with source squelching), if there is no active proxy-ARP entry for the requested IP.
The no form of this command only floods to local SAPs/SDP-bindings and not to EVPN destinations.
unknown-arp-request-flood-evpn
[no] unknown-ns-flood-evpn
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables unknown Neighbor Solicitation (NS) messages to be flooded into the EVPN network. By default, the system floods NS (with source squelching) to SAPs/SDP-bindings including EVPN, if there is no active proxy-ND entry for the requested IPv6.
The no form of this command only floods to local SAPs/SDP-bindings but not to EVPN destinations.
unknown-ns-flood-evpn
[no] shutdown
config>service>vpls>proxy-arp
config>service>vpls>proxy-nd
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command enables and disables the proxy-ARP and proxy-ND functionalities. ARP, GARP, and ND messages are snooped and redirected to the CPM for lookup in the proxy-ARP or proxy-ND table. The proxy-ARP or proxy-ND table is populated with IP-to-MAC pairs received from different sources (EVPN, static, dynamic). When the shutdown command is issued, the system stops snooping ARP or ND frames and the dynamic/EVPN dup proxy-ARP or proxy-ND table entries are flushed. All the static entries are kept in the table as ‟inactive”, regardless of their previous ‟Status”.
The proxy-arp shutdown and no shutdown, and proxy-nd shutdown and no shutdown commands cannot be executed if the config>service>system>evpn-proxy-arp-nd command is configured.
The no form of this command enables the proxy-ARP and proxy-ND functionalities.
shutdown
ethernet-segment name [create]
no ethernet-segment name
config>service>system>bgp-evpn
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures an ES instance and its corresponding name.
The no form of this command deletes the specified ES.
Specifies the ES name, up to 28 characters.
Keyword to create an ES.
es-activation-timer seconds
no es-activation-timer
config>service>system>bgp-evpn>ethernet-segment
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the ES activation timer for the specified ethernet-segment. The es-activation-timer delays the activation of a specified ethernet-segment on a specified PE that has been elected as DF (Designated Forwarder). Only when the es-activation-timer has expired, the SAP associated to an ethernet-segment can be activated (in case of single-active multihoming).
The no form of this command specifies that the system uses the value in the config>redundancy>bgp-evpn-multi-homing>es-activation-timer context, if configured. Otherwise the system uses the default value of 3 seconds.
no es-activation-timer
Specifies the number of seconds for the es-activation-timer.
esi esi
no esi
config>service>system>bgp-evpn>ethernet-segment
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the 10-byte Ethernet segment identifier (ESI) associated to the ethernet-segment that will be signaled in the BGP-EVPN routes. The ESI value cannot be changed unless the ethernet-segment is shutdown. Reserved ESI values, 0 and MAX-ESI, are not allowed.
The no form of this command deletes the ESI from the Ethernet segment.
no esi
Specifies the 10-byte ESI in the form 00-11-22-33-44-55-66-77-88-99, using ‟-”, ‟:”, or ‟ ” as separators.
lag lag-id
no lag
config>service>system>bgp-evpn>ethernet-segment
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures a lag ID associated to the ES When the ethernet-segment is configured as all-active, only a LAG can be associated to the ES. When the ethernet-segment is configured as single-active, a LAG or port can be associated to the ES. In either case, only one of the two objects can be configured in the ES. A specified LAG can be part of only one ES
The no form of this command removes the association of the Ethernet segment to LAG ports.
no lag
Specifies the lag ID associated with the ES.
multi-homing single-active no-esi-label
no multi-homing
config>service>system>bgp-evpn>ethernet-segment
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the multi-homing mode for the specified ethernet-segment as single-active multi-homing, as defined in RFC7432.
The esi-label option cannot be enabled for single-active.
When single-active no-esi-label is specified, the system does not allocate an ESI label and advertise ESI label 0 to peers. The 7210 SAS does not use the ESI label received from a peer to send traffic to that peer.
The multi-homing command must be configured for the Ethernet segment to be enabled.
The no form of this command disables multi-homing on the Ethernet segment.
no multi-homing
Specifies single-active mode for the ES.
Specifies that the system does not send an ESI label for single-active mode.
port port-id
no port
config>service>system>bgp-evpn>ethernet-segment
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures a port ID associated with the ES. If the ethernet-segment is configured as single-active, a LAG or port can be associated to the ES. In any case, only one of the two objects can be configured in the ES. A specified port can be part of only one ethernet-segment. Only Ethernet ports can be added to an ethernet-segment.
The no form of this command removes the ES association to all ports.
no port
Specifies the port ID associated to the ES.
service-carving
config>service>system>bgp-evpn>ethernet-segment
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context configure service-carving in the Ethernet segment. The service-carving algorithm determines the PE that is the Designated Forwarder (DF) in a specified ES and for a specific service.
manual
config>service>system>bgp-evpn>eth-seg>service-carving
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context manually configure the service-carving algorithm; that is, configure the EVIs for which the PE is DF.
evi start [to to] primary
no evi start
config>service>system>bgp-evpn>eth-seg>service-carving>manual
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the EVI ranges for which the PE is DF.
Multiple individual EVI values and ranges are allowed. The PE will be non-DF for the evi values not defined as primary.
The no form of this command removes the specified EVI range.
Specifies the initial EVI value of the range for which the PE is DF.
Specifies the end EVI value of the range for which the PD is DF. If not configured, only the individual start value is considered.
Specifies that the PE is DF for the configured EVI range.
mode {manual | auto | off}
config>service>system>bgp-evpn>eth-seg>service-carving
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the service-carving mode. This determines how the DF is elected for a specified ES and service.
mode auto
Specifies the service-carving algorithm defined in RFC 7432. The DF for the service is calculated based on the modulo function of the service (identified by either the EVI or the ISID) and the number of PEs.
Specifies that the DF is elected based on the manual configuration added in the service-carving>manual context.
Specifies that all the services elect the same DF PE (assuming the same PEs are active for all the configured services). The PE with the lowest IP is elected as DF for the ES.
[no] shutdown
config>service>system>bgp-evpn>ethernet-segment
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command changes the administrative status of the ethernet-segment.
The user can only configure no shutdown when esi, multi-homing, and lag/port are configured. If the ES or the corresponding lag/port are shutdown, the ES route and the AD per-ES routes will be withdrawn. No changes are allowed when the ethernet-segment is no shutdown.
shutdown
route-distinguisher rd
no route-distinguisher
config>service>system>bgp-evpn
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the route distinguisher (RD) that will be signaled in EVPN Type 4 routes (Ethernet segment routes).
The no form of this command reverts to the default value.
no route-distinguisher
Specifies the RD in the following format.
ip-addr:comm-val
redundancy
config
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context configure the global redundancy parameters.
bgp-evpn-multi-homing
config>redundancy
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
Commands in this context configure the BGP-EVPN global timers.
boot-timer seconds
config>redundancy>bgp-evpn-multi-homing
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
When the PE boots up, the boot-timer allows the necessary time for the control plane protocols to come up before bringing up the Ethernet segments and running the DF algorithm.
The following considerations apply to the functionality:
The boot-timer is configured at the system level. The configured value must provide enough time to allow the node and the cards (if available) to come up and BGP sessions to come up before exchanging ES routes and running the DF election for each EVI.
The boot-timer is synchronized across CPMs and is relative to the System UP-time; therefore the boot-timer is not subject to change or reset upon CPM switchover.
The boot-timer is never interrupted (however, the es-activation-timer can be interrupted if there is a new event triggering the DF election).
The boot-timer runs per EVI on the ES's in the system. While system-up-time>boot-timer is true, the system does not run the DF election for any EVI. When the boot-timer expires, the DF election for the EVI is run and if the system is elected DF for the EVI, the es-activation-timer kicks in.
The system does not advertise ES routes until the boot timer has expired. This guarantees that the peer ES PEs do not run the DF election until the PE is ready to become the DF, if required.
boot-timer 10
Specifies the number of seconds for the boot-timer.
es-activation-timer seconds
config>redundancy>bgp-evpn-multi-homing
7210 SAS-Mxp and 7210 SAS-Sx/S 1/10GE (standalone)
This command configures the global Ethernet segment activation timer. The es-activation-timer delays the activation of a specified Ethernet segment on a specified PE that has been elected as the DF (Designated Forwarder). Only when the es-activation-timer has expired, can the SAP/SDP-binding associated to an Ethernet segment be activated (in case of single-active multi-homing) or added to the default-multicast-list (in case of all-active multi-homing).
The es-activation-timer configured at the Ethernet-segment level supersedes this global es-activation-timer.
es-activation-timer 3
Specifies the number of seconds for the es-activation-timer.