vprn service-id [customer customer-id] [create]
no vprn service-id
config>service
Supported on all 7210 SAS platforms as described in this document
This command creates or edits a Virtual Private Routed Network (VPRN) service instance.
If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.
VPRN services allow the creation of customer-facing IP interfaces in the same routing instance used for service network core routing connectivity. VPRN services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.
IP interfaces defined within the context of an VPRN service ID must have a SAP created as the access point to the subscriber network.
When a service is created, the customer keyword and customer-id must be specified and associate the service with a customer. The customer-id must already exist, having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and recreated with a new customer association.
When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. If attempting to edit a service with the incorrect customer-id results in an error.
Multiple VPRN services are created to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within an VPRN service ID belongs to the same customer.
The no form of this command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shutdown and deleted.
Specifies the service ID number identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7210 SAS on which this service is defined.
Specifies an existing customer ID number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
Mandatory keyword for creating a VPRN service.
[no] allow-export-bgp-vpn
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command causes the vrf-export and vrf-target commands to include BGP-VPN routes installed in the VPRN route table. These routes are usually not readvertisable as VPN-IP routes because of split-horizon.
When a BGP-VPN route is reexported, the route distinguisher and label values are rewritten according to the configuration of the reexporting VPRN.
This command requires the vrpn context to be shut down and restarted for changes to take effect.
This command can only be configured with VPRN loopback interfaces.
The no form of this command reverts to the default value.
no allow-export-bgp-vpn
auto-bind-tunnel
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure automatic binding of a VPRN service using tunnels to MP-BGP peers.
Users must configure the resolution option to enable auto-bind resolution to tunnels in TTM. If the resolution option is explicitly set to disabled, the auto-binding to tunnel is removed.
If the resolution is set to any, any supported tunnel type within the VPRN context is selected following the TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, only these tunnel types are selected again following the TTM preference.
The following tunnel types are supported in a VPRN context in order of preference: RSVP and LDP. The BGP tunnel type is not explicitly configured and is therefore implicit. It is always preferred over any other tunnel type enabled in the auto-bind-tunnel context.
The ldp value instructs BGP to search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next hop.
The rsvp value instructs BGP to search for the best metric RSVP LSP to the address of the BGP next hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel ID.
Users must set the resolution to filter to activate the list of tunnel-types configured under the resolution-filter.
When an explicit SDP to a BGP next-hop is configured in a VPRN service ( using the configure>service>vprn>spoke-sdp command), it overrides the auto-bind-tunnel selection for that BGP next hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke-SDP in the VPRN service context to resume using theauto-bind-tunnel selection for the BGP next hop.
resolution {any | filter | disabled}
config>service>vprn>auto-bind-tunnel
Supported on all 7210 SAS platforms as described in this document
This command configures the resolution mode in the automatic binding of a VPRN service to tunnels to MP-BGP peers.
Keyword that enables the binding to any supported tunnel type within the VPRN context following TTM preference.
Keyword that enables the binding to the subset of tunnel types configured under resolution-filter.
Keyword that disables the automatic binding of a VPRN service to tunnels to MP-BGP peers.
resolution-filter
config>service>vprn>auto-bind-tunnel
Supported on all 7210 SAS platforms as described in this document
This command configures the subset of tunnel types that can be used in the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.
The following tunnel types are supported in a VPRN context in order of preference: RSVP and LDP. The BGP tunnel type is not explicitly configured and is therefore implicit. It is always preferred over any other tunnel type enabled in the auto-bind-tunnel context.
Keyword that selects the LDP tunnel type.
Keyword that selects the RSVP-TE tunnel type.
autonomous-system as-number
no autonomous-system
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command defines the autonomous system (AS) to be used by this VPN routing or forwarding (VRF).
The no form of this command removes the defined AS from this VPRN context.
no autonomous-system
Specifies the ASN for the VPRN service.
enable-bgp-vpn-backup [ipv4] [ipv6]
no enable-bgp-vpn-backup
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command enables only imported BGP-VPN routes from the remote PE to be considered when selecting the primary and backup paths. This command is required to support fast failover of ingress traffic from one remote PE to another remote PE.
no enable-bgp-vpn-backup
Keyword that allows BGP-VPN routes to be used as backup paths for IPv4 prefixes.
Keyword that allows BGP-VPN routes to be used as backup paths for IPv6 prefixes.
grt-lookup
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure GRT leaking commands. If all the supporting commands in the context are removed, this command is also removed.
[no] source ip-address
config>service>vprn>igmp>ssm-translate
Supported on all 7210 SAS platforms as described in this document
This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.
Specifies the IP address for sending data.
maximum-ipv6-routes number [log-only] [threshold percent]
no maximum-ipv6-routes
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command specifies the maximum number of remote IPv6 routes that can be held within a VPN routing/forwarding (VRF) context. Local, host, static, and aggregate routes are not counted.
The VPRN service ID must be in a shutdown state before maximum-ipv6-routes command parameters can be modified.
If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering remains up, but the exceeding BGP routes are not added to the VRF.
The maximum route threshold can dynamically change to increase the number of supported routes even when the maximum has already been reached. Protocols resubmit the routes that were initially rejected.
The no form of this command disables any limit on the number of routes within a VRF context. Issue the no form of this command only when the VPRN instance is shut down.
0 or disabled
Specifies the maximum number of routes to be held in a VRF context.
Keyword to specify that if the maximum limit is reached, only log the event. This keyword does not disable the learning of new routes.
Specifies the percentage at which a warning log message and SNMP trap should be set. There are two warnings, the first is a mid-level warning at the threshold value set, and the second is a high-level warning at a level between the maximum number of routes and the mid-level rate ([mid+max] / 2).
maximum-routes number [log-only] [threshold percent]
no maximum-routes
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command specifies the maximum number of remote routes that can be held within a VPN routing/forwarding (VRF) context. Local, host, static, and aggregate routes are not counted.
The VPRN service ID must be in a shutdown state before maximum-routes command parameters can be modified.
If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering will remain up but the exceeding BGP routes will not be added to the VRF.
The maximum route threshold can dynamically change to increase the number of supported routes even when the maximum has already been reached. Protocols resubmit the routes that were initially rejected.
The no form of this command disables any limit on the number of routes within a VRF context. Issue the no form of this command only when the VPRN instance is shut down.
0 or disabled
Specifies the maximum number of routes to be held in a VRF context.
Keyword to specify that if the maximum limit is reached, only log the event. This keyword does not disable the learning of new routes.
Specifies the percentage at which a warning log message and SNMP trap should be set. There are two warnings, the first is a mid-level warning at the threshold value set and the second is a high-level warning at level between the maximum number of routes and the mid-level rate ([mid+max] / 2).
route-distinguisher [rd]
no route-distinguisher
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command sets the identifier attached to routes to which the VPN belongs. Each routing instance must have a unique (within the carrier domain) route distinguisher associated with it. A route distinguisher must be defined for a VPRN to be operationally active.
no route-distinguisher
Specifies the IP address in dotted-decimal notation. The assigned number must not be greater than 65535.
Specifies the ASN as a 2-byte value less than or equal to 65535. The assigned number can be any 32-bit unsigned integer value.
Specifies the route distinguisher value.
router-id ip-address
no router-id
config>service>vprn
config>service>vprn>ospf
config>service>vprn>bgp
Supported on all 7210 SAS platforms as described in this document
This command sets the router ID for a specific VPRN context.
If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.
The no form of this command removes the router ID definition from the specified VPRN context.
no router-id
Specifies the IP address in dotted-decimal notation.
service-name service-name
no service-name
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command configures an optional service name, up to 64 characters, which adds a name identifier to a specified service. The service name can be used for reference in configuration and show commands. This helps the service provider or administrator to identify and manage services within the 7210 SAS platforms.
All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a specified service when it is initially created.
Specifies a unique service name to identify the service. Service names may not begin with an integer (0 to 9).
sgt-qos
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure DSCP or dot1p re-marking for select self-generated traffic.
application dscp-app-name dscp {dscp-value | dscp-name}
application dot1p-app-name dot1p dot1p-priority
no application {dscp-app-name | dot1p-app-name}
config>service>vprn>sgt-qos
Supported on all 7210 SAS platforms as described in this document
This command configures DSCP or dot1p re-marking for self-generated application traffic. When an application is configured using this command, the specified DSCP name/value is used for all packets generated by this application within the router instance in which it is configured. The instances can be base router, VPRN service, or management.
The values configured in this command do the following:
set the DSCP bits in the IP packet
map to the FC
based on this FC, the egress QoS policy sets the Ethernet 802.1p and MPLS EXP bits. This includes ARP and IS-IS packets that, because of their nature, do not carry DSCP bits.
DSCP value in the egress IP header is as configured in this command
Only one DSCP name/value can be configured per application. If multiple entries are configured, the subsequent entry overrides the previously configured entry.
The no form of this command reverts to the default value.
Specifies the DSCP application name.
Specifies a value when this packet egresses. The respective egress policy should provide the mapping for the DSCP value to either LSP-EXP bits or IEEE 802.1p (dot1p) bits, otherwise the default mapping applies.
Specifies the DSCP name.
Specifies the dot1p priority.
Specifies the dot1p application name.
dscp dscp-name fc fc-name
no dscp dscp-name
config>service>vprn>sgt-qos
Supported on all 7210 SAS platforms as described in this document
This command creates a mapping between the DSCP of the self-generated traffic and the forwarding class.
Self-generated traffic for configured applications that matches the specified DSCP are assigned to the corresponding forwarding class. Multiple commands can be entered to define the association of some or all 64 DSCPs to a forwarding class.
All DSCP names that define a DSCP value must be explicitly defined.
The no form of this command removes the DSCP-to-forwarding class association.
Specifies the name of the DSCP to be associated with the forwarding class. A DSCP can only be specified by its name and only an existing DSCP can be specified. The software provides names for the well known code points.
Specifies the forwarding class name. Applications and protocols that are configured using the dscp command use the configured IP DSCP value.
snmp-community community-name [version SNMP-version]
no snmp-community [community-name]
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command sets the SNMP community name to be used with the associated VPRN instance.
If an SNMP community name is not specified, SNMP access is not allowed.
The no form of this command removes the SNMP community name from the specified VPRN context.
Specifies one or more SNMP community names.
Specifies the SNMP version.
source-address
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
Commands in this context specify the source address and application that should be used in all unsolicited packets.
application app [ip-int-name | ip-address]
no application app
config>service>vprn>source-address
Supported on all 7210 SAS platforms as described in this document
This command specifies the source address and application.
Specifies the application name.
Specifies the name of the IP interface or IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] {next-hop ip-int-name | ip-address | ipsec-tunnel ipsec-tunnel-name} [bfd-enable | {cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]}]
[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] indirect ip-address [cpe-check cpe-ip-address [interval seconds] [drop-count count] [log]]
[no] static-route {ip-prefix/prefix-length | ip-prefix netmask} [preference preference] [metric metric] [tag tag] [enable | disable] black-hole
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command creates static route entries within the associated router instance. When configuring a static route, the next-hop, indirect, or black-hole parameters must be configured.
The no form of this command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, as many parameters as are required to uniquely identify the static route must be entered.
If a CPE connectivity check target address is already being used as the target address in a different static route, the cpe-check parameters must match. If they do not, the new configuration command are rejected.
If a static-route command is issued with no cpe-check target but the destination prefix/netmask and next-hop matches a static route that did have an associated cpe-check, the cpe-check test is removed from the associated static route.
Specifies the destination address of the aggregate route in dotted-decimal notation.
Specifies the subnet mask in dotted-decimal notation.
Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Specifies the IP address of the IP interface. The ip-addr portion of the address command specifies the IP host address that is used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted-decimal notation.
Keyword to re-enable a disabled static route. Static routes can be administratively enabled or disabled. To enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.
The administrative state is maintained in the configuration file.
Keyword to disable a static route while maintaining the static route in the configuration. Static routes can be administratively enabled or disabled. To enable a static route, it must be uniquely identified by the IP address, mask, and any other parameter that is required to identify the exact static route.
The administrative state is maintained in the configuration file.
Optionally specifies the interval between ICMP pings to the target IP address.
Optionally specifies the number of consecutive ping-replies that must be missed to declare the CPE down and to de-active the associated static route.
Optional keyword to enable the ability to log transitions between active and in-active based on the CPE connectivity check. Events should be sent to the system log, syslog, and SNMP traps.
Specifies the directly connected next-hop IP address used to reach the destination. If the next hop is over an unnumbered interface, the ip-int-name of the unnumbered interface (on this node) can be configured.
The next-hop keyword and the indirect or black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the indirect or black-hole parameters), this static route is replaced with the newly entered command, and unless specified, the respective defaults for preference and metric are applied.
The ip-addr configured here can be either on the network side or the access side on this node. This address must be associated with a network directly connected to a network configured on this node.
Specifies an IPSec tunnel name, up to 32 characters.
Specifies that the route is indirect and specifies the next-hop IP address used to reach the destination.
The configured ip-addr is not directly connected to a network configured on this node. The destination can be reachable via multiple paths. The static route remains valid as long as the address configured as the indirect address remains a valid entry in the routing table. Indirect static routes cannot use an ip-prefix/mask to another indirect static route.
The indirect keyword and the next-hop or black-hole keywords are mutually exclusive. If an identical command is entered (with the exception of either the next-hop or black-hole parameters), this static route is replaced with the newly entered command and unless specified the respective defaults for preference and metric are be applied.
The ip-addr can be either on the network or the access side and is at least one hop away from this node.
Keyword to specify a blackhole route, meaning that if the destination address on a packet matches this static route it is silently discarded.
The black-hole keyword is mutually exclusive with either the next-hop or indirect keywords. If an identical command is entered, with exception of either the next-hop or indirect parameters, the static route is replaced with the new command, and unless specified, the respective defaults for preference and metric are applied.
Specifies the preference of this static route (as opposed to the routes from different sources such as BGP or OSPF), expressed as a decimal integer. When modifying the preference value of an existing static route, the metric does not change unless specified.
If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, the decision of which route to use is determined by the configuration of the ecmp command.
Specifies the cost metric for the static route, expressed as a decimal integer. This value is used when importing this static route into other protocols, such as OSPF. This value is also used to determine the static route to install in the forwarding table. When modifying the metric values of an existing static route, the preference does not change unless specified.
If there are multiple static routes with the same preference but unequal metrics, the lower cost (metric) route is installed. If there are multiple static routes with equal preference and metrics, ECMP rules apply. If there are multiple routes with unequal preferences, the lower preference route is installed.
Keyword to add a 32-bit integer tag to the static route. The tag is used in route policies to control distribution of the route into other protocols.
Keyword to associate the state of the static route to a BFD session between the local system and the configured next hop. This keyword cannot be configured if the next hop is indirect or a black-hole keyword is specified. See the 7210 SAS-Mxp, R6, R12, S, Sx, T Router Configuration Guide for more information about the protocols and platforms that support BFD.
Specifies the IP address of the target CPE device. ICMP pings are sent to this target IP address. This parameter must be configured to enable the CPE connectivity feature for the associated static route. The target-ip-address cannot be in the same subnet as the static route subnet to avoid possible circular references. This option and BFD support on a specified static route are mutually exclusive.
vrf-export policy-name [policy-name...(up to 15 max)]
no vrf-export
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command specifies the export policies to control routes exported from the local VPN routing/forwarding (VRF) to other VRFs on the same or remote PE routers (via MP-BGP).
The no form of this command removes all route policy names from the export list.
Specifies the route policy statement name, up to 32 characters.
vrf-import policy-name [policy-name...(up to 15 max)]
no vrf-import
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command configures the import policies to control routes imported to the local VPN routing/forwarding (VRF) from other VRFs on the same or remote PE routers (via MP-BGP). BGP-VPN routes imported using a vrf-import policy use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs on the same router, unless the preference is changed by the policy.
The no form of this command removes all route policy names from the import list.
Specifies the route policy statement name.
vrf-target {ext-community | export ext-community | import ext-community}
no vrf-target
config>service>vprn
Supported on all 7210 SAS platforms as described in this document
This command facilitates a simplified method to configure the route target to be added to advertised routes or compared against received routes from other VRFs on the same or remote PE routers (via MP-BGP).
BGP-VPN routes imported with a vrf-target statement use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs in the same router.
Specified vrf-import or vrf-export policies override the vrf-target policy.
The no form of this command removes the vrf-target
no vrf-target
Specifies an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Specifies communities allowed to be accepted from remote PE neighbors.
Specifies communities allowed to be sent to remote PE neighbors.