ipv6
config>service>vprn>if
7210 SAS-Mxp
Commands in this context configure VPRN IPv6 parameters.
vrrp virtual-router-id [owner]
no vrrp virtual-router-id
config>service>vprn>if
config>service>vprn>if>ipv6 (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.
Two VRRP nodes can be defined on an IP interface. One, both, or none may be defined as owner. The nodal context of vrrp virtual-router-id is used to define the configuration parameters for the VRID.
The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown to remove the virtual router instance.
Specifies a new virtual router ID or one that can be modified on the IP interface.
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
config>service>vprn>if>vrrp
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command, within the vrrp virtual-router-id context, assigns a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.
The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, this command is not required. If the command is re-executed with a different password key defined, the new key is used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time, altering the simple text password used when authentication-type password authentication method is used by the virtual router instance. The authentication-type password command does not need to be executed before defining the authentication-key command.
To change the current in-use password key on multiple virtual router instances:
Identify the current master
Shutdown the virtual router instance on all backups
Execute the authentication-key command on the master to change the password key
Execute the authentication-key command and no shutdown command on each backup key
The no form of this command restores the default null string to the value of key.
No default. The authentication data field contains the value 0 in all 16 octets.
Specifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.
The key parameter is expressed as a string consisting of up to eight alpha-numeric characters. Spaces must be contained in quotation marks ( ‟ ” ). The quotation marks are not considered part of the string.
The string is case sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.
The hash key. The key can be any combination of ASCII characters up to 22 characters (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (‟ ”).
This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.
Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
Specifies the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
best-path-selection
config>service>vprn>bgp
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
Commands in this context configure path selection.
always-compare-med {zero | infinity}
no always-compare-med strict-as {zero | infinity}
no always-compare-med
config>service>vprn>bgp>best-path-selection
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures the comparison of BGP routes based on the MED attribute. The default behavior of 7210 SAS (equivalent to the no form of this command) is to only compare two routes on the basis of MED if they have the same neighbor AS (the first non-confed AS in the received AS_PATH attribute). Also by default, a route without a MED attribute is handled the same as though it had a MED attribute with the value 0. The always-compare-med command without the strict-as keyword allows MED to be compared even if the paths have a different neighbor AS; in this case, if neither zero or infinity is specified, the zero option is inferred, meaning a route without a MED is handled the same as though it had a MED attribute with the value 0. When the strict-as keyword is present, MED is only compared between paths from the same neighbor AS, and in this case, zero or infinity is mandatory and tells BGP how to interpret paths without a MED attribute.
no always-compare-med
Specifies that for routes learned without a MED attribute that a zero (0) value is used in the MED comparison. The routes with the lowest metric are the most preferred.
Specifies for routes learned without a MED attribute that a value of infinity (2^32-1) is used in the MED comparison. This in effect makes these routes the least desirable.
Specifies BGP paths to be compared even with different neighbor AS.
as-path-ignore [ipv4] [ipv6]
no as-path-ignore
config>service>vprn>bgp>best-path-selection
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command determines whether the AS path is used to determine the best BGP route.
If this option is present, the AS paths of incoming routes are not used in the route selection process.
The no form of this command removes the parameter from the configuration.
no as-path-ignore
Specifies that the AS-path length is ignored for all IPv4 routes.
Specifies that the length AS-path is ignored for all IPv6 VPRN routes.
ignore-nh-metric
no ignore-nh-metric
config>service>vprn>bgp>best-path-selection
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command instructs BGP to disregard the resolved distance to the BGP next-hop in its decision process for selecting the best route to a destination. When configured in the config>router>bgp>best-path-selection context, this command applies to the comparison of two BGP routes with the same NLRI learned from base router BGP peers. When configured in the config>service>vprn context, this command applies to the comparison of two BGP-VPN routes for the same IP prefix imported into the VPRN from the base router BGP instance. When configured in the config>service>vprn>bgp>best-path-selection context, this command applies to the comparison of two BGP routes for the same IP prefix learned from VPRN BGP peers.
The no form of this command restores the default behavior whereby BGP factors distance to the next-hop into its decision process.
no ignore-nh-metric
ignore-router-id
no ignore-router-id
config>service>vprn>bgp>best-path-selection
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command ensures that when the current best path to a destination is learned from eBGP peer X with BGP identifier x, and a new path is received from eBGP peer Y with BGP identifier y, the best path remains unchanged if the new path is equivalent to the current best path up to the BGP identifier comparison – even if y is less than x.
The no form of this command restores the default behavior of selecting the route with the lowest BGP identifier (y) as best.
no ignore-router-id
[no] backup ip-address
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures virtual router IP addresses for the interface.
[no] bfd-enable [service-id] interface interface-name dst-ip ip-address
config>service>vprn>if>vrrp
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command assigns a bi-directional forwarding (BFD) session, providing a heart-beat mechanism for the VRRP instance. There can only be one BFD session assigned to a specified VRRP instance, but multiple VRRP instances can use the same BFD session. If the specified interface is configured with centralized BFD, the BFD transmit and receive intervals must be 300 ms or longer.
BFD controls the state of the associated interface. By enabling BFD on a protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD session are configured using the BFD command under the IP interface. The virtual router initiates the BFD session after the specified interface is configured with BFD.
Specifies the service ID of the interface that is running BFD.
Specifies the name of the interface that is running BFD.
Specifies the destination address to be used for the BFD session.
init-delay seconds
no init-delay
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command configures a VRRP initialization delay timer.
no init-delay
Specifies the initialization delay timer, in seconds, for VRRP.
[no] master-int-inherit
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command allows the master instance to dictate the master down timer (non-owner context only).
no master-int-inherit
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
config>service>vprn>if
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document
This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers participating as a virtual router. Any VRRP advertisement message received with an Advertisement Interval field different from the virtual router instance configured message-interval value is silently discarded.
The message-interval command is available in both non-owner and owner vrrp virtual-router-id nodal contexts. If the message-interval command is not executed, the default message interval of 1 second is used.
The no form of this command restores the default message interval value of 1 second to the virtual router instance.
Specifies the number of seconds that transpire before the advertisement timer expires.
Specifies the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on single-slot chassis.
[no] ping-reply
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command enables the non-owner master to reply to ICMP echo requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.
Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP echo requests to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to ICMP echo requests regardless of the setting of ping-reply configuration.
The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP echo requests to the virtual router instance IP addresses are silently discarded.
The no form of this command restores the default operation of discarding all ICMP echo request messages destined to the non-owner virtual router instance IP addresses.
no ping-reply
policy vrrp-policy-id
no policy
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).
Specifies a VRRP priority control policy.
preempt
no preempt
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command overrides an existing non-owner master to the virtual router instance. Enabling preempt mode is recommended for correct operation of the base-priority and vrrp-policy-id definitions on the virtual router instance. If the virtual router cannot preempt an existing non-owner master, the affect of the dynamic changing of the in-use priority is greatly diminished.
The preempt command is only available in the non-owner vrrp virtual-router-id nodal context. The owner may not be preempted due to the fact that the priority of non-owners can never be higher than the owner. The owner always preempts all other virtual routers when it is available.
Non-owner virtual router instances only preempt when preempt is set and the current master has an in-use message priority value less than the virtual router instances in-use priority.
A master non-owner virtual router only allows itself to be preempted when the incoming VRRP Advertisement message Priority field value is one of the following:
Greater than the virtual router in-use priority value
Equal to the in-use priority value and the source IP address (primary IP address) is greater than the virtual router instance primary IP address
The no form of this command prevents a non-owner virtual router instance from preempting another, less desirable virtual router. Use the preempt command to restore the default mode.
preempt
priority priority
no priority
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command provides configures a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.
The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority is set to 100.
The no form of this command restores the default value of 100 to base-priority.
Specifies the base priority used by the virtual router instance. If a VRRP priority control policy is not also defined, the base-priority is the in-use priority for the virtual router instance.
[no] ssh-reply
config>service>vprn>if>vrrp
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command enables the non-owner master to reply to SSH Requests directed at the virtual router instance IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Correct login and CLI command authentication is still enforced.
When ssh-reply is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded. Non-owner backup virtual routers never respond to SSH regardless of the ssh-reply configuration.
The ssh-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses are silently discarded.
The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.
no ssh-reply
[no] standby-forwarding
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command allows the forwarding of packets by a standby router.
The no form of this command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router real MAC address.
no standby-forwarding
[no] telnet-reply
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command enables the non-owner master to reply to TCP port 23 Telnet Requests directed at the virtual router instance IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Correct login and CLI command authentication is still enforced.
When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.
Non-owner backup virtual routers never respond to Telnet Requests regardless of the telnet-reply configuration.
The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses are silently discarded.
The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.
no telnet-reply
[no] traceroute-reply
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp (7210 SAS-Mxp only)
Supported on all 7210 SAS platforms as described in this document, except those operating in access-uplink mode
This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.
When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.
A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.
no traceroute-reply