VPRN Service Configuration Commands

Command Hierarchies

  1. VPRN Service Configuration Commands
  2. L2TP Commands
  3. DHCP Commands
  4. GSMP Commands
  5. IGMP Commands
  6. IPSec Configuration Commands
  7. Log Commands
  8. Multicast VPN Commands
  9. Redundant Interface Commands
  10. Router Advertisement Commands
  11. NTP Commands
  12. NAT Commands
  13. Subscriber Interface Commands
  14. Interface Commands
  15. Network Interface Commands
  16. Interface Spoke SDP Commands
  17. Interface VRRP Commands
  18. Interface SAP Commands
  19. Interface SAP Tunnel Commands
  20. Routed VPLS Commands
  21. Oper Group Commands
  22. Network Ingress Commands
  23. BGP Configuration Commands
  24. IS-IS Configuration Commands
  25. OSPF Configuration Commands
  26. PIM Configuration Commands
  27. MSDP Configuration Commands
  28. MLD Configuration Commands
  29. RIP Configuration Commands
  30. Threat Management Service Interface Commands
  31. RADIUS Commands
  32. Web Portal Protocol Configuration Commands

VPRN Service Configuration Commands

config
— service
vprn service-id [customer customer-id] [inter-as-mvpn] create
— no vprn service-id
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [black-hole] [community comm-id] [description description]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [community comm-id] [indirect ip-address] [description description]
— no aggregate ip-prefix/ip-prefix-length
allow-export-bgp-vprn
— no allow-export-bgp-vprn
auto-bind-tunnel
resolution {any | filter | disabled}
[no] resolution-filter gre
[no] resolution-filter ldp
[no] resolution-filter rsvp
[no] resolution-filter sr-isis
[no] resolution-filter sr-ospf
[no] resolution-filter sr-te
autonomous-system as-number
— no autonomous-system
backup-path [ipv4] [ipv6] [label-ipv4]
[no] carrier-carrier-vpn
confederation confed-as-num members as-number [as-number…(up to 15 max)]
— no confederation confed-as-num members as-number [as-number…(up to 15 max)]
— no confederation
description description-string
— no description
[no] dns
ipv4-source-address ipv4-address
— no ipv4-source-address
ipv6-source-address ipv6-address
— no ipv6-source-address
primary-dns ip-address
— no primary-dns
secondary-dns ip-address
— no secondary-dns
[no] shutdown
tertiary-dns ip-address
— no tertiary-dns
ecmp max-ecmp-routes
— no ecmp
[no] entropy-label
eth-cfm
tunnel-fault [accept | ignore]
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 4 max)]]
— no export-grt
— no export-inactive-bgp
fib-priority {high | standard}
flowspec
ip-filter-max-size {value | default}
ipv6-filter-max-size {value | default}
grt-lookup
[no] enable-grt
[no] allow-local-management
export-grt plcy-or-long-expr> [<plcy-or-expr> [<plcy-or-expr>...(up to 4 max)]]
export-limit num-routes
— no export-limit
export-v6-limit
— no export-v6-limit
[no] hash-label
igmp-host-tracking
expiry-time expiry-time
— no expiry-time
[no] shutdown
label-mode {vrf | next-hop}
— no label-mode
maximum-ipv6-routes number [log-only] [threshold percent]
— no maximum-ipv6-routes
maximum-routes number [log-only] [threshold percent]
— no maximum-routes
mc-maximum-routes number [log-only] [threshold percent]
— no mc-maximum-routes
multicast-info-policy policy-name
— no multicast-info-policy
mvpn
[no] nat
network
ingress
filter {ip ip-filter-id | ipv6 ipv6-filter-id}
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
[no] ptp
peer a.b.c.d [create]
— no peer a.b.c.d
[no] log-sync-interval log-interval
local-priority local-priority
[no] shutdown
peer-limit limit
— no peer-limit
[no] shutdown
reassembly-group nat-group-id
route-distinguisher [ip-address:number1 | asn:number2 | auto-rd]
— no route-distinguisher
router-id ip-address
— no router-id
service-name service-name
— no service-name
sgt-qos
application dscp-app-name dscp {dscp-value | dscp-name}
application dot1p-app-name dot1p dot1p-priority
— no application {dscp-app-name | dot1p-app-name}
dscp dscp-name fc fc-name
— no dscp dscp-name
single-sfm-overload [holdoff-time holdoff-time]
— no single-sfm-overload
[no] shutdown
snmp
[no] access
community community-name [hash | hash2] [access-permissions] [version SNMP-version] [src-access-list list-name]
— no community community-name [hash | hash2]
source-address
application app [ip-int-name | ip-address]
— no application app
application6 app ipv6-address
[no] spoke-sdp sdp-id
[no] control-channel-status
[no] acknowledgment
refresh-timer value
— no refresh-timer
request-timer timer1 retry-timer timer2 [timeout-multiplier multiplier]
— no request-timer
[no] control-word
[no] pw-path-id
agi agi
— no agi
saii-type2 global-id:node-id:ac-id
— no saii-type2
taii-type2 global-id:node-id:ac-id
— no taii-type2
[no] shutdown
[no] static-route-entry {ip-prefix/prefix-length | ip-prefix netmask} [mcast]
[no] black-hole
[no] community comm-id
[no] description description-string
[no] generate-icmp
[no] metric metric-value
[no] preference preference-value
[no] prefix-list name {all | none | any}
[no] shutdown
[no] tag tag-value
[no] grt
[no] description description-string
[no] metric metric-value
[no] preference preference-value
[no] shutdown
[no] indirect ip-address
[no] community comm-id
[no] cpe-check cpe-ip-address
[no] drop-count count
[no] interval seconds
[no] log
[no] padding-size padding-size
[no] description description-string
[no] destination-class dest-index
[no] forwarding-class
[no] priority {low | high}
[no] metric metric-value
[no] preference preference-value
[no] prefix-list name {all | none | any}
[no] shutdown
[no] source-class source-index
[no] tag tag-value
[no] ipsec-tunnel
[no] community comm-id
[no] description description-string
[no] destination-class dest-index
[no] forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc}
[no] priority {low | high}
[no] metric metric-value
[no] preference preference-value
[no] shutdown
[no] source-class source-index
[no] tag tag-value
[no] next-hop {ip-address | ip-int-name | ipv6 address}
[no] bfd-enable
[no] community comm-id
[no] cpe-check cpe-ip-address
[no] drop-count count
[no] interval seconds
[no] log
[no] padding-size padding-size
[no] description description-string
[no] destination-class dest-index
[no] forwarding-class
[no] priority {low | high}
[no] metric metric-value
[no] preference preference-value
[no] prefix-list name {all | none | any}
[no] source-class source-index
[no] shutdown
[no] tag tag-value
[no] validate-next-hop
ttl-propagate
local [inherit | none | vc-only | all]
transit [inherit | none | vc-only | all]
type {hub | spoke | subscriber-split-horizon}
— no type
vrf-export plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
— no vrf-export
vrf-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
— no vrf-import
vrf-target {ext-comm | {[export ext-comm][import ext-comm]}}
— no vrf-target
[no] weighted-ecmp

L2TP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
l2tp
— no l2tp
avp-hiding {sensitive | always}
— no avp-hiding
calling-number-format ascii-spec
— no calling-number-format
challenge {always}
— no challenge
destruct-timeout destruct-timeout
— no destruct-timeout
exclude-avps calling-number
— no exclude-avps
group tunnel-group-name [create]
— no group tunnel-group-name
avp-hiding {sensitive | always | never}
— no avp-hiding
challenge {always | never}
— no challenge
description description-string
— no description
destruct-timeout destruct-timeout
— no destruct-timeout
hello-interval hello-interval
— no hello-interval
idle-timeout idle-timeout
— no ipcp-subnet-negotiation
— no idle-timeout
l2tpv3
cookie-length {4 | 8 | none}
— no cookie-length
digest-type {md5 | sha1 | none}
— no digest-type
nonce-length {length | none}
— no nonce-length
pw-cap-list {ethernet | ethernet-vlan}
— no pw-cap-list
rem-router-id ip-addr
— no rem-router-id
[no] track-password-change
transport-type ip
— no transport-type
lns-group lns-group-id
— no lns-group
local-address ip-address
— no local-address
local-name host-name
— no local-name
max-retries-estab max-retries
— no max-retries-estab
max-retries-not-estab max-retries
— no max-retries-not-estab
password password [hash | hash2]
— no password
ppp
authentication {chap | pap | pref-chap | pref-pap}
authentication-policy auth-policy-name
— no authentication-policy
default-group-interface ip-int-name service-id service-id
— no default-group-interface
[no] ipcp-subnet-negotiation
keepalive seconds [hold-up-multiplier multiplier]
— no keepalive
mtu mtu-bytes
— no mtu
[no] proxy-authentication
[no] proxy-lcp
user-db local-user-db-name
— no user-db
session-assign-method {existing-first | weighted | weighted-random}
— no session-assign-method
session-limit session-limit
— no session-limit
tunnel tunnel-name [create]
— no tunnel tunnel-name
[no] auto-establish
avp-hiding {never | sensitive | always}
— no avp-hiding
challenge {always | never}
— no challenge
description description-string
— no description
destruct-timeout destruct-timeout
— no destruct-timeout
hello-interval hello-interval
hello-interval infinite
— no hello-interval
idle-timeout idle-timeout
idle-timeout infinite
— no idle-timeout
local-address ip-address
— no local-address
local-name host-name
— no local-name
max-retries-estab max-retries
— no max-retries-estab
max-retries-not-estab max-retries
— no max-retries-not-estab
password password [hash | hash2]
— no password
peer ip-address
— no peer
ppp
[no] ipcp-subnet-negotiation
preference preference
— no preference
remote-name host-name
— no remote-name
session-limit session-limit
— no session-limit
[no] shutdown
l2tpv3
cookie-length {4 | 8 | none}
— no cookie-length
digest-type {md5 | sha1 | none}
— no digest-type
nonce-length {length | none}
— no nonce-length
transport-type ip
— no transport-type
peer-address-change-policy {accept | ignore | reject}
receive-window-size window-size
— no receive-window-size
[no] shutdown

DHCP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
dhcp
local-dhcp-server server-name [create]
— no local-dhcp-server server-name
description description-string
— no description
failover
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
— no maximum-client-lead-time
partner-down-delay [hrs hours] [min minutes] [sec seconds]
— no partner-down-delay
peer ip-address tag sync-tag-name
— no peer ip-address
[no] shutdown
[no] startup-wait-time [min minutes] [sec seconds]
[no] force-renews
pool pool-name [create]
— no pool pool-name
description description-string
— no description
failover
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
— no maximum-client-lead-time
partner-down-delay [hrs hours] [min minutes] [sec seconds]
— no partner-down-delay
peer ip-address tag sync-tag-name
— no peer ip-address
[no] shutdown
[no] startup-wait-time [min minutes] [sec seconds]
max-lease-time [days days] [hrs hours] [min minutes] [sec seconds]
— no max-lease-time
min-lease-time [days days] [hrs hours] [min minutes] [sec seconds]
— no min-lease-time
minimum-free minimum-free [percent] [event-when-depleted]
— no minimum-free
offer-time [min minutes] [sec seconds]
— no offer-time
options
custom-option option-number address [ip-address...(up to 4 max)]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
dns-server [ip-address...(up to 4 max)]
domain-name domain-name
— no domain-name
lease-rebind-time [days days] [hrs hours] [min minutes] [sec seconds]
— no lease-rebind-time
lease-renew-time [days days] [hrs hours] [min minutes] [sec seconds]
— no lease-renew-time
lease-time [days days] [hrs hours] [min minutes] [sec seconds]
— no lease-time
netbios-name-server ip-address [ip-address...(up to 4 max)]
— no netbios-name-server
netbios-node-type netbios-node-type
— no netbios-node-type
subnet {ip-address/mask | ip-address netmask} [create]
— no subnet {ip-address/mask | ip-address netmask}
[no] address-range start-ip-address end-ip-address
[no] drain
[no] exclude-addresses start-ip-address [end-ip-address]
maximum-declined maximum-declined
— no maximum-declined
minimum-free minimum-free [percent] [event-when-depleted]
— no minimum-free
options
custom-option option-number address [ip-address...(up to 4 max)]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
default-router ip-address [ip-address...(up to 4 max)]
— no default-router
subnet-mask ip-address
— no subnet-mask
[no] shutdown
[no] use-gi-address
[no] use-pool-from-client
user-db local-user-db-name
— no user-db
dhcp6
local-dhcp-server server-name [create]
— no local-dhcp-server server-name
description description-string
— no description
failover
ignore-mclt-on-takeover
— no ignore-mclt-on-takeover
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
— no maximum-client-lead-time
partner-down-delay [hrs hours] [min minutes] [sec seconds]
— no partner-down-delay
peer ip-address tag sync-tag-name
— no peer ip-address
[no] shutdown
[no] startup-wait-time [min minutes] [sec seconds]
[no] ignore-rapid-commit
lease-hold-time [days days][hrs hours] [min minutes] [sec seconds]
— no lease-hold-time
pool pool-name [create]
— no pool pool-name
description description-string
— no description
options
custom-option option-number address [ipv6-address...(up to 4 max)]
custom-option option-number hex hex-string
custom-option option-number string ascii-string
— no custom-option option-number
delegated-prefix-length prefix-length
dns-server ipv6-address [ipv6-address...(up to 4 max)]
domain-name domain-name
— no domain-name
prefix ipv6-address/prefix-length [failover {local | remote}] [pd] [wan-host] [create]
— no prefix ipv6-address/prefix-length
preferred-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
— no preferred-lifetime
rebind-timer [days days] [hrs hours] [min minutes] [sec seconds]
— no rebind-timer
renew-timer [days days] [hrs hours] [min minutes] [sec seconds]
— no renew-timer
valid-lifetime [days days] [hrs hours] [min minutes] [sec seconds]
— no valid-lifetime
use-link-address [scope scope]
— no use-link-address
[no] use-pool-from-client
user-ident user-ident
— no user-ident

GSMP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
gsmp
[no] group name
ancp
[no] dynamic-topology-discover
[no] oam
description description-string
— no description
hold-multiplier multiplier
— no hold-multiplier
keepalive seconds
— no keepalive
[no] neighbor ip-address
description description-string
— no description
local-address ip-address
— no local-address
priority-marking dscp dscp-name
priority-marking prec ip-prec-value
— no priority-marking
[no] shutdown
idle-filter
[no] idle-filter
persistency-database
[no] persistency-database
[no] shutdown
[no] shutdown

IGMP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] igmp
[no] group-interface ip-int-name
[no] group-interface fwd-service service-id ip-int-name
[no] disable-router-alert-check
import policy-name
— no import
max-groups value
— no max-groups
max-grp-sources max-group-sources
— no max-grp-sources
max-sources max-sources
— no max-sources
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
query-src-ip ip-address
— no query-src-ip
[no] shutdown
[no] sub-hosts-only
[no] subnet-check
version version
— no version
grp-if-query-src-ip ip-address
— no grp-if-query-src-ip
[no] interface ip-int-name
[no] disable-router-alert-check
import policy-name
— no import
max-groups value
— no max-groups
max-sources max-sources
— no max-sources
max-grp-sources max-grp-sources
— no max-grp-sources
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
level level-id bw bandwidth
— no level level-id
number-down number-lag-port-down level level-id
— no number-down number-lag-port-down
[no] shutdown
[no] use-lag-port-weight
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
[no] shutdown
ssm-translate
[no] grp-range start end
[no] source ip-address
static
[no] group
[no] source ip-address
[no] starg
[no] group grp-ip-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
[no subnet-check
version version
— no version
[no] query-interval
query-interval seconds
[no] query-last-member-interval
query-last-member-interval seconds
[no] query-response-interval
query-response-interval seconds
[no] robust-count
robust-count robust-count
[no] shutdown
ssm-translate
[no] grp-range start end
[no] source ip-address

IPSec Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
ipsec
security-policy security-policy-id [create]
— no security-policy security-policy-id
entry entry-id [create]
— no entry entry-id
local-ip {ip-prefix/prefix-length | ip-prefix netmask | any}
remote-ip {ip-prefix/prefix-length | ip-prefix netmask | any}
interface ip-int-name [create]
— no interface ip-int-name
[no] address {ip-address/mask | ip-address netmask}
description description-string
— no description
ip-mtu octets
— no ip-mtu
sap sap-id [create]
— no sap sap-id
description description-string
— no description
egress
[no] agg-rate
[no] limit-unused-bandwidth
[no] queue-frame-based-accounting
rate {max | rate}
— no rate
filter ip ip-filter-id
— no filter [ip ip-filter-id]
[no] qinq-mark-top-only
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue-override
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
— no adaptation-rule
avg-frame-overhead percentage
— no avg-frame-overhead
cbs size-in-kbytes
— no cbs
high-prio-only percent
— no high-prio-only
mbs {size-in-kbytes | default}
— no mbs
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
— no percent-rate
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler-override
[no] scheduler scheduler-name
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
— no scheduler-policy
ingress
filter ip ip-filter-id
— no filter [ip ip-filter-id]
match-qinq-dot1p {top | bottom}
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue-override
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
— no adaptation-rule
cbs size-in-kbytes
— no cbs
high-prio-only percent
— no high-prio-only
mbs {size-in-kbytes | default}
— no mbs
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler-override
[no] scheduler scheduler-name
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
— no scheduler-policy
[no] shutdown
ipsec-tunnel ipsec-tunnel-name [create]
— no ipsec-tunnel ipsec-tunnel-name
[no] bfd-designate
[no] bfd-enable service service-id interface interface-name dst-ip ip-address
[no] clear-df-bit
description description-string
— no description
[no] dynamic-keying
[no] auto-establish
ike-policy ike-policy-id
— no ike-policy
local-id type {ipv4 v4address | fqdn fqdn-value}
— no local-id
pre-shared-key key
— no pre-shared-key
transform transform-id [transform-id...(up to 4)]
— no transform
local-gateway-address ip-address peer ip-address delivery-service service-id
— no local-gateway-address
[no] manual-keying
security-association security-entry-id authentication-key authentication-key encryption-key encryption-key spi spi transform transform-id direction {inbound | outbound}
— no security-association security-entry-id direction {inbound | outbound}
replay-window {32 | 64 | 128 | 256 | 512}
— no replay-window
security-policy security-policy-id
— no security-policy
[no] shutdown
[no] sap sap-id
ipsec-gw name
— no ipsec-gw
cert
cert filename
— no cert
cert-profile name
— no cert-profile
key filename
— no key
trust-anchor ca-profile-name
— no trust-anchor
default-secure-service service-id interface ip-int-name
— no default-secure-service
default-tunnel-template ipsec template identifier
— no default-tunnel-template
ike-policy ike-policy-id
— no ike-policy
local-gateway-address ip-address
— no local-gateway-address
local-id type {ipv4 | fqdn} [value [value]]
— no local-id
pre-shared-key key
— no pre-shared-key
radius-accounting-policy policy-name
— no radius-accounting-policy
radius-authentication-policy name
— no radius-authentication-policy
[no] shutdown

Log Commands

Refer to the 7450 ESS, 7750 SR, and 7950 XRS System Management Guide for information about configuring event and accounting logs.

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
log
[no] filter filter-id
default-action {drop | forward}
— no default-action
description description-string
— no description
[no] entry entry-id
action {drop | forward}
— no action
description description-string
— no description
[no] match
application {eq | neq} application-id
— no application
message {eq | neq} pattern pattern [regexp]
— no message
number {eq | neq | lt | lte | gt | gte} event-id
— no number
severity {eq | neq | lt | lte | gt | gte} severity-level
— no severity
subject {eq | neq} subject [regexp]
— no subject
[no] log-id log-id
description description-string
— no description
filter filter-id
— no filter
from {[main] [change] }
— no from
[no] shutdown
time-format {local | utc}
to snmp [size]
to syslog syslog-id
[no] snmp-trap-group log-id
description description-string
— no description
trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify-community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] [replay]
— no trap-target name
[no] syslog syslog-id
address ip-address
— no address
description description-string
— no description
facility syslog-facility
— no facility
level {emergency | alert | critical | error | warning | notice | info | debug}
— no level
log-prefix log-prefix-string
— no log-prefix
port port
— no port

Multicast VPN Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
mvpn
[no] auto-discovery [default | mdt-safi] [source-address ip-address]
c-mcast-signaling {bgp | pim}
— no c-mcast-signaling
intersite-shared [persistent-type5-adv][kat-type5-adv-withdraw]
— no intersite-shared
mdt-type {sender-receiver | sender-only | receiver-only}
red-source-list
src-prefix ip-address/mask [ip-address/mask> …up to 8 maximum]
— no src-prefix ip-address/mask
ipv6
src-prefix ipv6-ip-address/prefix-length [ipv6-ip-address/prefix-length > …up to 8 maximum]
— no src-prefix ipv6-ip-address/prefix-length
rpf-select
[no] core-mvpn service-id
group-prefix ip-address/mask [ip-address/mask...(up to 8 max)] [starg]
— no group-prefix ip-address/mask
provider-tunnel
inclusive
bsr {unicast | spmsi}
— no bsr
mldp
[no] shutdown
pim {asm | ssm} grp-ip-address
— no pim
hello-interval hello-interval
— no hello-interval
hello-multiplier deci-units
— no hello-multiplier
[no] improved-assert
[no] shutdown
[no] three-way-hello
[no] tracking-support
rsvp
[no] enable-bfd-leaf
enable-bfd-root [transmit-interval] [multiplier multiplier]
— no enable-bfd-root
lsp-template lsp-template
— no lsp-template
[no] shutdown
[no] wildcard-spmsi
selective
[no] auto-discovery-disable
data-delay-interval value
— no data-delay-interval
data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
data-threshold c-grp-ipv6-addr/prefix-length s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
— no data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask}
— no data-threshold c-grp-ipv6-addr/prefix-length}
[no] enable-asm-mdt
[no] join-tlv-packing-disable
[no] multistream-spmsi index [create]
[no] group ip-address [/mask]
[no] source ip-address [/mask]
[no] source any
[no] lsp-template name
[no] shutdown
[no] maximum-p2mp-spmsi
[no] pim-asm {grp-ip-address/mask | grp-ip-address netmask}
pim-ssm {grp-ip-address/mask | grp-ip-address netmask}
— no rsvp
— no lsp-template
— no shutdown
— no mldp
— no shutdown
— no pim-asm
umh-pe-backup
umh-pe ip-address standby ip-address
— no umh-pe ip-address
umh-selection {highest-ip| hash-based | tunnel-status | unicast-rt-pref}
— no umh-selection
vrf-export {unicast | policy-name [policy-name...(up to 5 max)]}
— no vrf-export
vrf-import {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]}
— no vrf-import
vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}
— no vrf-target
export {unicast | ext-community}
import {unicast | ext-community}

Redundant Interface Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] redundant-interface ip-int-name
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
— no address
[no] description description-string
hold-time
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
[no] shutdown
[no] spoke-sdp sdp-id:vc-id
egress
filter [ip ip-filter-id]
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
ingress
filter [ip ip-filter-id]
— no filter
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] shutdown

Router Advertisement Commands

config
service
— vprn
[no] router-advertisement
[no] dns-options
server ipv6-address
— no server
rdnss-lifetime {seconds | infinite}
— no rdnss-lifetime
[no] interface ip-int-name
current-hop-limit number
no current-hop-limit
[no] dns-options
server ipv6-address
— no server
rdnss-lifetime seconds
— no rdnss-lifetime
[no] include-dns
[no] managed-configuration
max-advertisement-interval seconds
no max-advertisement-interval
min-advertisement-interval seconds
no min-advertisement-interval
mtu mtu-bytes
no mtu
[no] other-stateful-configuration
prefix [ipv6-prefix/prefix-length]
no prefix
[no] autonomous
[no] on-link
preferred-lifetime {seconds | infinite}
no preferred-lifetime
valid-lifetime {seconds | infinite}
no valid-lifetime
reachable-time milli-seconds
no reachable-time
retransmit-time milli-seconds
no retransmit-time
router-lifetime seconds
no router-lifetime
[no] shutdown
[no] use-virtual-mac

NTP Commands

The ntp-server command is not supported in the vprn ntp context. Then NTP is configured in a VPRN service, the NTP server mode is assumed and is not optional.

config
— service
— vprn
[no] ntp
[no] authenticate
[no] authentication-check
authentication-key key-id key key [hash | hash2] type {des | message-digest}
— no authentication-key key-id
[no] broadcast [router router-name] {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]

NAT Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] nat
inside
[no] destination-prefix ip-prefix/length
dual-stack-lite
[no] address ipv6-address
tunnel-mtu mtu-bytes
— no tunnel-mtu
[no] shutdown
subscriber-prefix-length prefix-length
— no subscriber-prefix-length
l2-aware
[no] address ip-address/mask
nat-policy nat-policy-name
— no nat-policy
redundancy
peer ip-address
— no peer
steering-route ip-prefix/length
— no steering-route
outside
pool nat-pool-name [nat-group nat-group-id type pool-type [no-allocate] [create]
— no pool nat-pool-name
address-range start-ip-addr end-ip-addr [create]
— no address-range start-ip-address end-ip-address
description description-string
— no description
[no] drain
description description-string
— no description
mode {auto | n apt}
— no mode
port-forwarding-range range-end
— no port-forwarding-range
port-reservation blocks num-blocks
port-reservation ports num-ports
— no port-reservation
redundancy
export ip-prefix/length
— no export
follow router router-instance pool name
— no follow
monitor ip-prefix/length
— no monitor
[no] shutdown
subscriber-limit limit
— no subscriber-limit
watermarks high percentage-high low percentage-low
— no watermarks

Subscriber Interface Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
subscriber-interface ip-int-name [fwd-service service-id fwd-subscriber-interface ip-int-name] [create]
— no subscriber-interface ip-int-name
[no] address {ip-address/mask | ip-address netmask} [gw-ip-address ip-address] [populate-host-routes] [track-srrp srrp-instance [holdup-time msecs]]
[no] allow-unmatching-subnets
authentication-policy name
— no authentication-policy
description description-string
— no description
dhcp
client-applications dhcp
client-applications ppp
client-applications dhcp ppp
— no client-applications
description description-string
— no description
filter filter-id
— no filter
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate nbr-of-leases
— no lease-populate
[no] option
[no] vendor-specific-option
[no] client-mac-address
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
proxy-server
emulated-server ip-address
— no emulated-server
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [radius-override]
— no lease-time
[no] shutdown
relay-unicast-msg [release-update-src-ip]
— no relay-unicast-msg
server server1 [server2...(up to 8 max)]
— no server
[no] shutdown
[no] group-interface ip-int-name
arp-host
host-limit max-num-hosts
— no host-limit
min-auth-interval min-auth-interval
— no min-auth-interval
sap-host-limit max-num-hosts-sap
— no sap-host-limit
[no] shutdown
[no] arp-populate
arp-timeout seconds
— no arp-timeout
authentication-policy name
— no authentication-policy
description description-string
— no description
dhcp
description description-string
— no description
filter filter-id
— no filter
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate nbr-of-leases
— no lease-populate
[no] match-circuit-id
[no] option
action {replace | drop | keep}
— no action
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tupl]
— no circuit-id
remote-id [mac | string string]
— no remote-id
[no] vendor-specific-option
[no] client-mac-address
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
proxy-server
emulated-server ip-address
— no emulated-server
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [radius-override]
— no lease-time
[no] shutdown
relay-unicast-msg release-update-src-ip
— no relay-unicast-msg
server server1 [server2...(up to 8 max)]
— no server
[no] shutdown
[no] trusted
user-db local-user-db-name
— no user-db
[no] enable-ingress-stats
host-connectivity-verify [interval interval] [action {remove | alarm}]
hold-time
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
icmp
[no] mask-reply
redirects [number seconds]
— no redirects
ttl-expired [number seconds]
— no ttl-expired
unreachables [number seconds]
— no unreachables
[no] ipv6
[no] allow-unmatching-prefixes
delegated-prefix-length bits
delegated-prefix-length variable
— no delegated-prefix-length
[no] dhcp6
[no] option
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
— no interface-id
[no] remote-id
— no current-hop-limit
[no] managed-configuration
max-advertisement-interval seconds
— no max-advertisement-interval
min-advertisment-interval seconds
— no min-advertisment-interval
mtu bytes
— no mtu
[no] other-stateful-configuration
[no] prefix-options
[no] autonomous
preferred-lifetime [seconds | infinite]
— no preferred-lifetime
valid-lifetime [seconds | infinite]
— no valid-lifetime
reachable-time milliseconds
— no reachable-time
retransmit-time milliseconds
— no retransmit-time
router-lifetime seconds
— router-lifetime no-default-router
— no router-lifetime
[no] proxy-server
renew-timer seconds
— no renew-timer
rebind-timer seconds
— no rebind-timer
preferred-lifetime [seconds | infinite]
— no preferred-lifetime
valid-lifetime [seconds | infinite]
— no valid-lifetime
client-applications [dhcp] [ppp]
— no client-applications
[no] vprn
[no] router-advertisements
current-hop-limit hop-count
[no] local-proxy-arp
[no] mac ieee-address
[no] pppoe
description description-string
— no description
dhcp-client
[no] ccag-use-origin-sap
pap-chap-user-db local-user-db-name
— no pap-chap-user-db
pppoe-policy pppoe-policy-name
— no pppoe-policy
sap-session-limit sap-session-limit
— no sap-session-limit
session-limit session-limit
— no session-limit
user-db local-user-db-name
— no user-db
[no] shutdown
[no] proxy-arp-policy policy-name [policy-name...(up to 5 max)]
broadcast red-ip-int-name
— no redundant-interface
[no] remote-proxy-arp
[no] sap sap-id
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | ip-mac | nh-mac}
— no anti-spoof
app-profile app-profile-name
— no app-profile
atm
egress
traffic-desc traffic-desc-profile-id
— no traffic-desc
encapsulation atm-encap-type
ingress
traffic-desc traffic-desc-profile-id
— no traffic-desc
oam
[no] alarm-cells
[no] periodic-loopback
calling-station-id calling-station-id
— no calling-station-id
[no] bfd-enable
cpu-protection [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]]
— no cpu-protection
default-host ip-address/mask next-hop next-hop-ip
— no default-host ip-address/mask
description description-string
— no description
dist-cpu-protection policy-name
— no dist-cpu-protection
egress
[no] agg-rate
[no] limit-unused-bandwidth
[no] queue-frame-based-accounting
rate {max | rate}
— no rate
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
— no filter
policer-control-policy policy-name
— no policer-control-policy
[no] qinq-mark-top-only
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
scheduler-policy scheduler-policy-name
— no scheduler-policy
eth-cfm
[no] collect-lmm-stats
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] ccm-enable
ccm-ltm-priority priority
— no ccm-ltm-priority
[no] description
[no] eth-test-enable
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
— no fault-propagation-enable
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
one-way-delay-threshold seconds
[no] shutdown
squelch-ingress-levels [md-level [md-level]]
— no squelch-ingress-levels
tunnel-fault [accept | ignore]
igmp-host-tracking
expiry-time expiry-time
— no expiry-time
import policy-name
— no import
max-num-groups max-num-groups
— no max-num-groups
max-num-grp-sources [number]
— no max-num-grp-sources
max-num-sources max-num-sources
— no max-num-sources
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
— no filter
match-qinq-dot1p {top | bottom}
— no match-qinq-dot1p
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos
scheduler-policy scheduler-policy-name
— no scheduler-policy
lag-link-map-profile link-map-profile-id
— no lag-link-map-profile
multi-service-site customer-site-name
— no multi-service-site
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
— no ancp-string
app-profile app-profile-name
— no app-profile
inter-dest-id intermediate-destination-id
— no inter-dest-id
managed-routes
route {ip-prefix/length | ip-prefix netmask} [create]
— no route {ip-prefix/length | ip-prefix netmask}
[no] shutdown
sla-profile sla-profile-name
— no sla-profile
sub-profile sub-profile-name
— no sub-profile
subscriber sub-ident
— no subscriber
[no] subscriber-sap-id
[no] shutdown
[no] sub-sla-mgmt
def-sla-profile default-sla-profile-name
— no def-sla-profile
def-sub-profile default-subscriber-profile-name
— no def-sub-profile
multi-sub-sap subscriber-limit
— no multi-sub-sap
[no] shutdown
single-sub-parameters
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]
— no non-sub-traffic
[no] profiled-traffic-only
sub-ident-policy sub-ident-policy-name
— no sub-ident-policy
[no] shutdown
[no] srrp srrp-id
[no] bfd-enable [service-id] interface interface-name dst-ip ip-address
description description-string
— no description
generate-garp-on-outer-vlan
— no generate-garp-on-outer-vlan
gw-mac mac-address
— no gw-mac
keep-alive-interval interval
— no keep-alive-interval
message-path sap-id
— no message-path
[no] policy vrrp-policy-id
priority priority
— no priority
generate-garp-on-outer-vlan
— no generate-garp-on-outer-vlan
[no] shutdown
[no] wpp
initial-app-profile profile-name
— no initial-app-profile
initial-sla-profile profile-name
— no initial-sla-profile
initial-sub-profile profile-name
— no initial-sub-profile
portal router router-instance name wpp-portal-name
— no portal
[no] restore-disconnected
[no] shutdown
[no] urpf-check
mode {strict | loose | strict-no-ecmp}
[no] ipv6
[no] delegated-prefix-length prefix-length
[no] subscriber-prefixes
prefix ipv6-address/prefix-length [pd] [wan-host]
— no prefix ipv6-address/prefix-length
[no] private-retail-subnets
[no] shutdown

Interface Commands

config
— service
— vprn
[no] interface ip-int-name
[no] active-cpm-protocols
address {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [track-srrp srrp-instance]
— no address [ip-address/mask | ip-address netmask]
[no] allow-directed-broadcasts
arp-limit limit [log-only] [threshold percent]
— no arp-limit
[no] arp-populate
arp-retry-timer timer-multiple
— no arp-retry-timer
arp-timeout [seconds]
— no arp-timeout
authentication-policy name
— no authentication-policy
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
cflowd-parameters
— no cflowd-parameters
sampling {unicast | mulitcast} type {acl | interface} [direction {ingress-only | egress-only | both}]
— no sampling {unicast | mulitcast}
cpu-protection policy-id
— no cpu-protection
delayed-enable seconds
— no delayed-enable
description description-string
— no description
dhcp
description description-string
— no description
gi-address ip-address [src-ip-addr]
— no gi-address
lease-populate [nbr-of-leases]
— no lease-populate
[no] option
action {replace | drop | keep}
— no action
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
— no circuit-id
remote-id [mac | string string]
[no] vendor-specific-option
[no] client-mac-address
[no] pool-name
[no] sap-id
[no] service-id
string text
— no string
[no] system-id
proxy-server
emulated-server ip-address
— no emulated-server
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [radius-override]
— no lease-time
[no] shutdown
[no] relay-plain-bootp
relay-unicast-msg release-update-src-ip
— no relay-unicast-msg
python-policy policy-name
— no python-policy
— sap sap-id
server server1 [server2...(up to 8 max)]
— no server
[no] shutdown
[no] trusted
[no] use-arp
dynamic-tunnel-redundant-next-hop ip-address
— no dynamic-tunnel-redundant-next-hop
[no] enable-ingress-stats
[no] enable-mac-accounting
host-connectivity-verify [source {vrrp | interface}] [interval interval] [action {remove | alarm}]
hold-time
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
icmp
[no] mask-reply
redirects number seconds
— no redirects [number seconds]
ttl-expired number seconds
— no ttl-expired [number seconds]
unreachables number seconds
— no unreachables [number seconds]
if-attribute
[no] admin-group group-name [group-name...(up to 5 max)]
srlg-group group-name [group-name...(up to 5 max)]
— no srlg-group
ingress
policy-accounting <template-name>
— no policy-accounting
ip-mtu octets
— no ip-mtu
ipcp
dns ip-address [secondary ip-address]
dns secondary ip-address
— no dns [ip-address] [secondary ip-address]
peer-ip-address ip-address
— no peer-ip-address
[no] ipv6
address ipv6-address/prefix-length [eui-64] [preferred]
— no address ipv6-address/prefix-length
bfd transmit-interval [receive receive-interval] [multiplier multiplier][echo-receive echo-interval] [type cpm-np]
— no bfd
[no] dad-disable
[no] dhcp6-relay
lease-populate [nbr-of-leases]
— no lease-populate
[no] neighbor-resolution
[no] dhcp6-server
icmp6
link-local-address ipv6-address [preferred]
— no link-local-address
[no] local-proxy-nd
neighbor ipv6-address mac-address
— no neighbor ipv6-address
neighbor-limit limit [log-only] [threshold percent]
— no neighbor-limit
proxy-nd-policy policy-name [policy-name...(up to 5 max)]
— no proxy-nd-policy
python-policy policy-name
— no python-policy
[no] qos-route-lookup
stale-time seconds
— no stale-time
[no] secure-nd
[no] allow-unsecured-msgs
link-local-modifier modifier
— no link-local-modifier
public-key-min-bits bits
— no public-key-min-bits
security-parameter sec
— no security-parameter
[no] shutdown
tcp-mss mss-value
[no] tcp-mss
[no] urpf-check
mode {strict | loose | strict-no-ecmp}}
— no mode
load-balancing
egr-ip-load-balancing {source | destination | inner-ip}
— no egr-ip-load-balancing
[no] spi-load-balancing
[no] teid-load-balancing
local-dhcp-server local-server-name
— no local-dhcp-server
[no] local-proxy-arp
[no] loopback
mac ieee-address
— no mac [ieee-address]
monitor-oper-group name
— no monitor-oper-group
[no] proxy-arp-policy
[no] ptp-hw-assist
qos-route-lookup [source | destination]
— no qos-route-lookup
[no] remote-proxy-arp
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
— no secondary {ip-address/mask | ip-address netmask}
[no] shutdown
static-arp ip-address ieee-address
— no static-arp ip-address [ieee-address]
static-tunnel-redundant-next-hop ip-address
— no static-tunnel-redundant-next-hop
tcp-mss mss-value
[no] tcp-mss
tos-marking-state {trusted | untrusted}
— no tos-marking-state
unnumbered [ip-int-name | ip-address]
— no unnumbered
[no] urpf-check
mode {strict | loose | strict-no-ecmp}}
— no mode
vas-if-type {to-from-access | to-from-network | to-from-both}
— no vas-if-type
vpls {service-id | service-name}
— no vpls
egress
reclassify-using-qos
ingress
v4-routed-override-filter ipv6-filter-id
— no v4-routed-override-filter
v6-routed-override-filter ipv6-filter-id
— no v6-routed-override-filter

Network Interface Commands

config
— service
— vprn
network-interface interface-name [create]
— no network-interface interface-name
address ip-address[/mask] [netmask] [broadcast {all-ones | host-ones}]
— no address
[no] allow-directed-broadcasts
[no] arp-populate
arp-retry-timer timer-multiple
— no arp-retry-timer
arp-timeout [seconds]
— no arp-timeout
bfd transmit-interval [receive receive-interval] [multiplier multiplier][echo-receive echo-interval] [type cpm-np]
— no bfd
cflowd-parameters
— no cflowd-parameters
sampling {unicast | mulitcast} type {acl | interface} [direction {ingress-only | egress-only | both}]
— no sampling {unicast | mulitcast}
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]]
— no cpu-protection
description description-string
— no description
dist-cpu-protection policy-name
— no dist-cpu-protection
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
hold-time
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
icmp
[no] mask-reply
redirects number seconds
— no redirects [number seconds]
ttl-expired number seconds
— no ttl-expired [number seconds]
unreachables number seconds
— no unreachables [number seconds]
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
ip-mtu octets
— no ip-mtu
lag lag-id[:encap-val]
— no lag
lag-per-link-hash class {1 | 2 | 3} weight weight
— no lag-per-link-hash
[no] loopback
— no load-balancing
egr-ip-load-balancing {source | destination | inner-ip}
— no egr-ip-load-balancing
lsr-load-balancing hashing-algorithm
— no lsr-load-balancing
[no] spi-load-balancing
[no] teid-load-balancing
mac ieee-address
— no mac
[no] ntp-broadcast
qos network-policy-id port-redirect-group queue-group-name egress-instance instance-id fp-redirect-group queue-group-name ingress-instance instance-id
— no qos
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
— no secondary {ip-address/mask | ip-address netmask}
static-arp ieee-mac-address unnumbered
— no static-arp unnumbered
tos-marking-state {trusted | untrusted}
— no tos-marking-state
[no] urpf-check
mode {strict | loose | strict-no-ecmp}

Interface Spoke SDP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] interface ip-int-name
spoke-sdp sdp-id [:vc-id] vc-type {ether | ipipe} [create]
— no spoke-sdp sdp-id [:vc-id] vc-type {ether | ipipe} [create]
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy
app-profile app-profile-name
— no app-profile
bfd-template name
— no bfd-template
[no] bfd-enable
[no] control-channel-status
[no] acknowledgment
refresh-timer value
— no refresh-timer
request-timer timer1 retry-timer timer2 [timeout-multiplier multiplier]
— no request-timer
[no] control-word
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id}
— no filter
qos network-policy-id port-redirect-group queue-group-name [instance instance-id]
— no qos
vc-label egress-vc-label
— no vc-label [egress-vc-label]
[no] entropy-label
eth-cfm
[no] collect-lmm-stats
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] interface-support-enable
[no] ccm-enable
ccm-ltm-priority priority
— no ccm-ltm-priority
ccm-padding-size ccm-padding
— no ccm-padding-size ccm-padding
[no] csf-enable
multiplier multiplier-value
— no multiplier
description description-string
— no description
[no] eth-test-enable
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
— no fault-propagation-enable
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
one-way-delay-threshold seconds
[no] squelch-ingress-levels [md-level [md-level…]]
[no] hash-label
qos
filter ip ip-filter-id
filter ipv6 ipv6-filter-id}
— no filter
ingress network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] shutdown
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}
— no transit-policy
[no] pw-path-id
agi agi
— no agi
saii-type2 global-id:node-id:ac-id
— no saii-type2
taii-type2 global-id:node-id:ac-id
— no taii-type2

Interface VRRP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
interface ip-int-name
vrrp
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
[no] backup ip-address
bfd-enable interface interface-name dst-ip ip-address
bfd-enable service-id interface interface-name dst-ip ip-address
— no bfd-enable interface interface-name dst-ip ip-address
— no bfd-enable service-id interface interface-name dst-ip ip-address
init-delay seconds
— no init-delay
mac ieee-address
— no mac
[no] master-int-inherit
message-interval {[seconds] [milliseconds milliseconds]}
— no message-interval
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] ssh-reply
[no] standby-forwarding
[no] telnet-reply
[no] traceroute-reply
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
authentication-key {authentication-key | hash-key} [hash | hash2]
— no authentication-key
[no] backup ip-address
[no] bfd-enable [service-id] interface interface-name dst-ip ip-address
init-delay seconds
— no init-delay
mac ieee-address
— no mac
[no] master-int-inherit
message-interval {[seconds] [milliseconds milliseconds]}
— no message-interval
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] ssh-reply
[no] standby-forwarding
[no] telnet-reply
[no] traceroute-reply

Interface SAP Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] interface ip-int-name [create] [tunnel]
[no] sap sap-id
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | mac | ip-mac}
— no anti-spoof
app-profile app-profile-name
— no app-profile
atm
egress
traffic-desc traffic-desc-profile-id
— no traffic-desc
encapsulation atm-encap-type
ingress
traffic-desc traffic-desc-profile-id
— no traffic-desc
oam
[no] alarm-cells
[no] periodic-loopback
calling-station-id calling-station-id
— no calling-station-id
[no] bfd-enable
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]]
— no cpu-protection
description description-string
— no description [description-string]
dist-cpu-protection policy-name
— no dist-cpu-protection
egress
[no] agg-rate
[no] limit-unused-bandwidth
[no] queue-frame-based-accounting
rate {max | rate}
— no rate
filter ip ip-filter-id
— no filter [ip ip-filter-id]
[no] hsmda-queue-override
secondary-shaper secondary-shaper-name
— no secondary-shaper
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
packet-byte-offset {add add-bytes | subtract sub-bytes}
— no packet-byte-offset
queue queue-id
— no queue queue-id
wrr-weight weight
— no wrr-weight
mbs size {[bytes | kilobytes] | default}
— no mbs
[no] monitor-depth
rate pir-rate
— no rate
slope-policy hsmda-slope-policy-name allowable
— no slope-policy
[no] policer-override
policer policer-id [create]
— no policer policer-id
source ip-address
remote-ip ip-address
backup-remote-ip ip-address
[no] qinq-mark-top-only
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue-override
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
— no adaptation-rule
avg-frame-overhead percentage
— no avg-frame-overhead
cbs size-in-kbytes
— no cbs
high-prio-only percent
— no high-prio-only
mbs {size-in-kbytes | default}
— no mbs
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
— no percent-rate
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler-override
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
— no scheduler-policy
eth-cfm
[no] collect-lmm-stats
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] interface-support-enable
[no] ccm-enable
ccm-ltm-priority priority
— no ccm-ltm-priority
[no] ccm-padding-size ccm-padding
[no] csf-enable
multiplier multiplier-value
— no multiplier
description description-string
— no description
[no] eth-test-enable
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
— no fault-propagation-enable
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
one-way-delay-threshold seconds
squelch-ingress-levels [md-level [md-level]]
— no squelch-ingress-levels
tunnel-fault [accept | ignore]
frame-relay
[no] frf-12
ete-fragment-threshold threshold
— no ete-fragment-threshold
[no] interleave
scheduling-class class-id
— no scheduling-class
[no] scheduling-class
host-lockout-policy policy-name
— no host-lockout-policy
[no] host-shutdown
ingress
filter ip ip-filter-id
— no filter [ip ip-filter-id]
match-qinq-dot1p {top | bottom}
[no] policer-override
policer policer-id [create]
— no policer policer-id
qos policy-id [shared-queuing | multipoint-shared][fp-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue-override
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
— no adaptation-rule
avg-frame-overhead percentage
— no avg-frame-overhead
cbs size-in-kbytes
— no cbs
high-prio-only percent
— no high-prio-only
mbs {size-in-kbytes | default}
— no mbs
monitor-depth
[no] monitor-depth
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler-override
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
— no scheduler-policy
ip-tunnel name [create]
— no ip-tunnel name
backup-remote-ip ip-address
— no backup-remote-ip
[no] clear-df-bit
delivery-serviceservice-id
— no delivery-service
description description-string
— no description
dscp dscp-name
— no dscp
remote-ip ip-address
— no remote-ip
source ip-address
— no source
lag-link-map-profile lag-link-map-profile-id
— no lag-link-map-profile
multi-service-site customer-site-name
— no multi-service-site
[no] shutdown
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
— no ancp-string
app-profile app-profile-name
— no app-profile
inter-dest-id intermediate-destination-id
— no inter-dest-id
[no] shutdown
sla-profile sla-profile-name
— no sla-profile
sub-profile sub-profile-name
— no sub-profile
subscriber sub-ident
— no subscriber
[no] subscriber-sap-id
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}
— no transit-policy

Interface SAP Tunnel Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] interface ip-int-name [create] [tunnel]
[no] sap sap-id
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | mac | ip-mac}
— no anti-spoof
app-profile app-profile-name
— no app-profile
atm
atm
ingress traffic-desc-profile-id
— no ingress
encapsulation atm-encap-type
ingress
ingress traffic-desc-profile-id
— no ingress
oam
[no] alarm-cells
[no] alarm-cells
calling-station-id calling-station-id
— no calling-station-id
[no] app-profile
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]]
— no cpu-protection
description description-string
— no description [description-string]
cpu-protection policy-name
— no cpu-protection
egress
[no] agg-rate
[no] rate
[no] queue-frame-based-accounting
rate {max | rate}
— no rate
[no] hsmda-queue-override
secondary-shaper secondary-shaper-name
— no secondary-shaper
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
packet-byte-offset {add add-bytes | subtract sub-bytes}
— no packet-byte-offset
hsmda-queue-override queue-id
— no hsmda-queue-override queue-id
slope-policy weight
— no slope-policy
high-prio-only size {[bytes | kilobytes] | default}
— no high-prio-only
[no] monitor-depth
rate pir-rate
— no rate
slope-policy hsmda-slope-policy-name allowable
— no slope-policy
source ip-address
source ip-address
backup-remote-ip ip-address
[no] qinq-mark-top-only
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos
[no] queue-override
[no] queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
— no adaptation-rule
adaptation-rule percentage
— no adaptation-rule
cbs size-in-kbytes
— no cbs
high-prio-only percent
— no high-prio-only
high-prio-only {size-in-kbytes | default}
— no high-prio-only
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
— no percent-rate
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler-override
[no] scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
parent pir-rate [cir cir-rate]
— no parent
qos scheduler-policy-name
— no qos
eth-cfm
[no] collect-lmm-stats
collect-lmm-stats mep-id domain md-index association ma-index [direction {up | down}]
— no collect-lmm-stats mep-id domain md-index association ma-index
[no] ais-enable
[no] interface-support-enable
[no] interface-support-enable
ccm-ltm-priority priority
— no ccm-ltm-priority
[no] ccm-padding-size ccm-padding
[no] ccm-padding-size
multiplier multiplier-value
— no multiplier
description description-string
— no description
[no] eth-test-enable
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
— no fault-propagation-enable
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
one-way-delay-threshold seconds
squelch-ingress-levels [md-level [md-level]]
— no squelch-ingress-levels
squelch-ingress-levels [accept | ignore]
frame-relay
[no] frf-12
frf-12 threshold
— no frf-12
[no] interleave
scheduling-class class-id
— no scheduling-class
[no] scheduling-class
host-lockout-policy policy-name
— no host-lockout-policy
[no] host-shutdown
host-shutdown name [create]
— no host-shutdown name
backup-remote-ip ip-address
— no backup-remote-ip
[no] bfd-enable
delivery-serviceservice-id
— no delivery-service
description description-string
— no description
delivery-service dscp-name
— no delivery-service
remote-ip ip-address
— no remote-ip
source ip-address
— no source
lag-link-map-profile lag-link-map-profile-id
— no lag-link-map-profile
lag-link-map-profile customer-site-name
— no lag-link-map-profile
[no] shutdown
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
— no ancp-string
app-profile app-profile-name
— no app-profile
app-profile intermediate-destination-id
— no app-profile
[no] shutdown
route sla-profile-name
— no route
sub-profile sub-profile-name
— no sub-profile
subscriber sub-ident
— no subscriber
[no] subscriber
aarp aarpid type type
— no aarp
transit-policy ip-aasub-policy-id
transit-policy prefix prefix-aasub-policy-id
— no transit-policy

Routed VPLS Commands

Refer to the Layer 2 Services Guide for more information.

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
interface ip-interface-name [create]
— no interface ip-interface-name
vpls service-name
— no vpls
ingress
v4-routed-override-filter ipv4-filter-id
— no v4-routed-override-filter
v6-routed-override-filter ipv6-filter-id
— no v6-routed-override-filter
egress
reclassify-using-qos sap-egress-qos-id
— no reclassify-using-qos

Oper Group Commands

config
— service
— vprn service-id
— site name [create]
monitor-oper-group name
— no monitor-oper-group name

Network Ingress Commands

config
— service
— vprn [inter-as-mvpn] [customer customer-id] [create]
— no vprn service-id
network
ingress
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos

BGP Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] bgp-shared-queue
[no] bgp
[no] advertise-inactive
[no] aggregator-id-zero
[no] always-compare-med
auth-keychain name
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
[no] backup-path [ipv4] [label-ipv4] [ipv6]
best-path-selection
always-compare-med [zero | infinity]
always-compare-med strict-as {zero | infinity}
— no always-compare-med
as-path-ignore [ipv4] [label-ipv4] [ipv6]
— no as-path-ignore
[no] deterministic-med
ebgp-ibgp-equal [ipv4] [label-ipv4] [ipv6]
— no ebgp-ibgp-equal
[no] ignore-nh-metric
[no] ignore-router-id
[no] bfd-enable
cluster cluster-id
— no cluster
[no] connect-retry seconds
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
description description-string
— no description
[no] disable-4byte-asn
[no] disable-client-reflect
disable-communities [standard] [extended]
— no disable-communities
[no] disable-fast-external-failover
dynamic-neighbor-limit peers
— no dynamic-neighbor-limit
[no] eibgp-loadbalance
enable-bgp-vpn-backup [ipv4] [ipv6]
— no enable-bgp-vpn-backup
[no] enable-peer-tracking
error-handling
[no] update-fault-tolerance
export plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
— no export
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv4]
— no family
flowspec-validate
[no] flowspec-validate
family
[no] graceful-restart
enable-notification
restart-time seconds
[no] stale-routes-time time
hold-time seconds [min seconds2]
— no hold-time
[no] ibgp-multipath
import plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
— no import
keepalive seconds
— no keepalive
label-preference value
— no label-preference
local-as as-number [private]
— no local-as
local-preference local-preference
— no local-preference
loop-detect {drop-peer | discard-route | ignore-loop| off}
— no loop-detect
med-out {number | igp-cost}
— no med-out
min-route-advertisement seconds
— no min-route-advertisement
multihop ttl-value
— no multihop
multipath max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}]
— no multipath
next-hop-resolution
policy policy-name
peer-tracking-policy policy-name
— no peer-tracking-policy
preference preference
— no preference
[no] rapid-withdrawal
remove-private [limited] [skip-peer-as]
— no remove-private
rib-management
— ipv4
leak-import plcy-or-long-expr [plcy-or-expr [ plcy-or-expr ... (up to 14 max)]]
— no leak-import
route-table-import policy-name
— no route-table-import
— ipv6
leak-import plcy-or-long-expr [plcy-or-expr [ plcy-or-expr... (up to 14 max)]]
— no leak-import
route-table-import policy-name
— no route-table-import
— label-ipv4
leak-import plcy-or-long-expr [plcy-or-expr ... (up to 14 max)]
— no leak-import
route-table-import policy-name
— no route-table-import
router-id ip-address
— no router-id
[no] third-party-nexthop
[no] shutdown
[no] split-horizon
[no] group name [esm-dynamic-peer]
[no] advertise-inactive
[no] aggregator-id-zero
[no] as-override
auth-keychain name
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
[no] bfd-enable
cluster cluster-id
— no cluster
connect-retry seconds
— no connect-retry
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
description description-string
— no description
[no] disable-4byte-asn
[no] disable-capability-negotiation
[no] disable-client-reflect
disable-communities [standard] [extended]
— no disable-communities
[no] disable-fast-external-failover 
dynamic-neighbor
[no] prefix ip-prefix/prefix-length
dynamic-neighbor-limit peers
— no dynamic-neighbor-limit
ebgp-link-bandwidth [ipv4] [label-ipv4] [ipv6]
[no] enable-peer-tracking
error-handling
[no] update-fault-tolerance
export policy-name [policy-name...(up to 5 max)]
— no export
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv6] [flow-ipv4]
— no family
flowspec-validate
[no] flowspec-validate
[no] graceful-restart
enable-notification
restart-time seconds
[no] stale-routes-time time
hold-time seconds [min seconds2]
— no hold-time
import policy-name [policy-name...(up to 5 max)]
— no import
keepalive seconds
— no keepalive
label-preference value
— no label-preference
local-address ip-address
— no local-address
local-as as-number [private] [no-prepend-global-as]
— no local-as
local-preference local-preference
— no local-preference
loop-detect {drop-peer | discard-route | ignore-loop | off}
— no loop-detect
med-out {number | igp-cost}
— no med-out
min-route-advertisement seconds
— no min-route-advertisement
multihop ttl-value
— no multihop
[no] next-hop-self
[no] passive
peer-as as-number
— no peer-as
preference preference
— no preference
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
— no prefix-limit family
[no] remove-private
[no] shutdown
[no] third-party-nexthop
ttl-security min-ttl-value
— no ttl-security
third-party-nexthop {internal | external}
— no third-party-nexthop
[no] updated-error-handling
[no] neighbor ip-address
[no] advertise-inactive
[no] aggregator-id-zero
[no] as-override
auth-keychain name
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
[no] bfd-enable
cluster cluster-id
— no cluster
connect-retry seconds
— no connect-retry
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
description description-string
— no description
[no] disable-4byte-asn
[no] disable-capability-negotiation
[no] disable-client-reflect
disable-communities [standard] [extended]
— no disable-communities
[no] disable-fast-external-failover
ebgp-link-bandwidth [ipv4] [label-ipv4] [ipv6]
[no] enable-peer-tracking
error-handling
[no] update-fault-tolerance
export policy-name [policy-name...(up to 5 max)]
— no export
[no] graceful-restart
enable-notification
restart-time seconds
[no] stale-routes-time time
[no] stale-routes-time time
family [ipv4][ipv6] [mcast-ipv4] [flow-ipv6] [flow-ipv4]
— no family
flowspec-validate
[no] flowspec-validate
hold-time seconds [min seconds2]
— no hold-time
import policy-name [policy-name...(up to 5max)]
— no import
family [ipv4] [label-ipv4] [ipv6]
keepalive seconds
— no keepalive
label-preference value
— no label-preference
local-address ip-address
— no local-address
local-as as-number [private] [no-prepend-global-as]
— no local-as
local-preference local-preference
— no local-preference
loop-detect {drop-peer | discard-route | ignore-loop | off}
— no loop-detect
med-out {number | igp-cost}
— no med-out
min-route-advertisement seconds
— no min-route-advertisement
multihop ttl-value
— no multihop
[no] next-hop-self
[no] passive
peer-as as-number
— no peer-as
preference preference
— no preference
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
— no prefix-limit family
[no] remove-private
[no] shutdown
[no] third-party-nexthop
ttl-security min-ttl-value
— no ttl-security
third-party-nexthop {internal | external}
— no third-party-nexthop
[no] updated-error-handling

IS-IS Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] isis [isis-instance]
[no] advertise-passive-only
[no] advertise-router-capability {area | as}
all-l1isis ieee-address
— no all-l1isis
all-l2isis ieee-address
— no all-l2isis
[no] area-id area-address
auth-keychain name
[no] authentication-check
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
[no] csnp-authentication
[no] default-route-tag tag
export policy-name [policy-name...(up to 5 max)]
— no export
export-limit number [log percentage]
— no export-limit
[no] graceful-restart
[no] helper-disable
[no] hello-authentication
hello-padding {adaptive | loose | strict}
— no hello-padding
ignore-attached-bit
— no ignore-attached-bit
[no] ignore-lsp-errors
[no] iid-tlv-enable
[no] interface ip-int-name
bfd-enable {ipv4 | ipv6} [include-bfd-tlv]
— no bfd-enable
csnp-interval seconds
— no csnp-interval
[no] default-instance
hello-auth-keychain name
— no hello-auth-keychain
[no] hello-authentication
hello-authentication-key authentication-key | hash-key [hash | hash2]
— no hello-authentication-key
hello-authentication-type {password | message-digest}
— no hello-authentication-type
hello-padding {adaptive | loose | strict}
— no hello-padding
interface-type {broadcast | point-to-point}
— no interface-type
[no] ipv4-multicast-disable
[no] ipv6-unicast-disable
level
hello-auth-keychain name
— no hello-auth-keychain
hello-authentication-key authentication-key | hash-key [hash | hash2]
— no hello-authentication-key
hello-authentication-type {password | message-digest}
— no hello-authentication-type
hello-interval seconds
— no hello-interval
hello-multiplier multiplier
— no hello-multiplier
hello-padding {adaptive | loose | strict}
— no hello-padding
ipv6-unicast-metric ipv6-metric
— no ipv6-unicast-metric
ipv4-multicast-metric IPv4 multicast metric
— no ipv4-multicast-metric
metric ipv4-metric
— no metric
[no] passive
priority number
— no priority
sd-offset sd-offset
— no sd-offset
sf-offset sf-offset
— no sf-offset
level-capability {level-1 | level-2 | level-1/2}
— no level-capability
lfa-policy-map route-nh-template template-name
— no lfa-policy-map
[no] loopfree-alternate-exclude
load-balancing-weight weight
— no load-balancing-weight
lsp-pacing-interval milli-seconds
— no lsp-pacing-interval
mesh-group [value | blocked]
— no mesh-group
[no] passive
retransmit-interval seconds
— no retransmit-interval
[no] shutdown
tag tag
— no tag
[no] ipv4-routing
[no] ipv6-routing
level level
[no] advertise-router-capability
[no]auth-keychain name
authentication-key authentication-key | hash-key [hash | hash2]
authentication-type {password | message-digest}
— no authentication-type
[no] csnp-authentication
default-ipv4-multicast-metric ipv4 multicast metric
— no default-ipv4-multicast-metric
default-ipv6-multicast-metric
— no default-ipv6-multicast-metric
default-ipv6-unicast-metric ipv6 metric
— no default-ipv6-unicast-metric
default-metric ipv4 metric
— no default-metric
[no] external-preference external-preference
[no] hello-authentication
hello-padding {adaptive | loose | strict}
— no hello-padding
[no] loopfree-alternate-exclude
lsp-mtu-size size
— no lsp-mtu-size
preference preference
— no preference
[no] wide-metrics-only
level-capability {level-1 | level-2 | level-1/2}
[no] link-group link-group name
description [256 chars max]
— no description
level {1 | 2}
ipv4-multicast-metric-offset offset-value
— no ipv4-multicast-metric-offset
ipv4-unicast-metric-offset offset-value
— no ipv4-unicast-metric-offset
ipv6-unicast-metric-offset offset-value
— no ipv6-unicast-metric-offset
[no] member interface-name
oper-members oper-members
— no oper-members
revert-members revert-members
— no revert-members
[no] loopfree-alternate
loopfree-alternate-exclude prefix-policy prefix-policy
— no loopfree-alternate-exclude
lsp-lifetime seconds
— no lsp-lifetime
lsp-mtu-size size
— no lsp-mtu-size
lsp-refresh-interval seconds
— no lsp-refresh-interval
[no]multi-topology
[no] ipv4-multicast
[no] ipv6-unicast
[no] multicast-import [ipv4]
overload [timeout seconds] [max-metric]
— no overload
overload-on-boot [timeout seconds] [max-metric]
— no overload-on-boot
[no] poi-tlv-enable
prefix-limit limit [log-only] [threshold percent[ [overload-timeout {seconds | forever}]
— no prefix-limit
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
— no reference-bandwidth
rib-priority {high} prefix-list-name | tag tag-value
— no rib-priority
[no] router-id router-id
[no] rsvp-shortcut
[no] shutdown
[no] strict-adjacency-check
[no] standard-multi-instance
[no] timers
lsp-wait lsp-wait [lsp-initial-wait initial-wait] [lsp-second-wait second wait]
— no lsp-wait
spf-wait spf-wait [spf-initial-wait initial-wait] [spf-second-wait second wait]
— no spf-wait
summary-address {ip-prefix/mask | ip-prefix [netmask]} level [tag tag]
— no summary-address {ip-prefix/mask | ip-prefix [netmask]}
system-id isis-system-id
— no system-id
suppress-attached-bit
— no suppress-attached-bit
import policy-name [policy-name ...(up to 5 max)]
— no import
[no] unicast-import-disable

OSPF Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] ospf
ospf3 [instance-id] [router-id]
[no] ospf3 instance-id
advertise-router-capability { link | area | as }
— no advertise-router-capability
[no] area area-id
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
[no] blackhole-aggregate
[no] interface ip-int-name [secondary]
[no] advertise-subnet
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
— no authentication
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
bfd-enable [remain-down-on-failure]
— no bfd-enable
dead-interval seconds
— no dead-interval
[no] graceful-restart
[no] helper-disable
[no] strict-lsa-checking
hello-interval seconds
— no hello-interval
interface-type {broadcast | point-to-point}
— no interface-type
lfa-policy-map route-nh-template template-name
— no lfa-policy-map
[no] loopfree-alternate-exclude
lsa-filter-out [all | except-own-rtrlsa | except-own-rtrlsa-and-defaults]
— no lsa-filter-out
message-digest-key key-id md5 [key | hash-key] [hash | hash2]
— no message-digest-key key-id
metric metric
— no metric
mtu bytes
— no mtu
[no] passive
priority number
— no priority
retransmit-interval seconds
— no retransmit-interval
rib-priority prefix-list-name
— no rib-priority
[no] shutdown
transit-delay seconds
— no transit-delay
key-rollover-interval key-rollover-interval
[no] key-rollover-interval
[no] nssa
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
originate-default-route [type-7] [no-adjacency-check]
— no originate-default-route
[no] redistribute-external
[no] summaries
[no] sham-link ip-int-name ip-address
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
dead-interval seconds
— no dead-interval
hello-interval seconds
— no hello-interval
message-digest-key key-id md5 [key | hash-key] [hash | hash2]
— no message-digest-key key-id
metric metric
— no metric
retransmit-interval seconds
— no retransmit-interval
[no] shutdown
transit-delay seconds
— no transit-delay
[no] stub
default-metric metric
— no default-metric
[no] summaries
[no] virtual-link router-id transit-area area-id
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
dead-interval seconds
— no dead-interval
hello-interval seconds
— no hello-interval
message-digest-key key-id md5 [key | hash-key] [hash | hash2]
— no message-digest-key key-id
retransmit-interval seconds
— no retransmit-interval
[no] shutdown
transit-delay seconds
— no transit-delay
[no] compatible-rfc1583
export policy-name [ policy-name...(up to 5 max)]
— no export
export-limit number [log percentage]
— no export-limit
external-db-overflow limit seconds
— no external-db-overflow
external-preference preference
— no external-preference
[no] graceful-restart
[no] helper-disable
[no] ignore-dn-bit
import policy-name [ policy-name...(up to 5 max)]
— no import
[no] ignore-dn-bit
[no] loopfree-alternate
loopfree-alternate-exclude prefix-policy prefix-policy [prefix-policy... up to 5 max]
— no loopfree-alternate-exclude
[no] multicast-import
overload [timeout seconds]
no overload
[no] overload-include-ext-2
[no] overload-include-stub
overload-on-boot [timeout seconds]
no overload-on-boot
preference preference
— no preference
reference-bandwidth bandwidth-in-kbps
— no reference-bandwidth
rib-priority prefix-list-name
— no rib-priority
router-id ip-address
— no router-id
[no] shutdown
[no] super-backbone
[no] suppress-dn-bit
timers
[no] incremental-spf-wait inc-spf-wait
[no] lsa-accumulate lsa-accum-time
[no] lsa-arrival lsa-arrival-time
[no] lsa-generate max-lsa-wait [lsa-initial-wait lsa-initial-wait [lsa-second-wait lsa-second-wait]]
[no] redistribute-delay redist-wait
[no] spf-wait max-spf-wait [spf-initial-wait [spf-second-wait]]
[no] unicast-import-disable
vpn-domain id {0005 | 0105 | 0205 | 8005}
— no vpn-domain
vpn-tag vpn-tag
— no vpn-tag

PIM Configuration Commands

config
— service
— vprn
[no] pim
apply-to {all | none}
[no] grt-extranet
group-prefix ip-address/mask [ip-address/mask...(up to 8 max)] [starg]
group-prefix any
— no group-prefix ip-address/mask
— no group-prefix any
import {join-policy | register-policy} [policy-name [.. policy-name]
— no import {join-policy | register-policy}
[no] interface ip-int-name
assert-period assert-period
— no assert-period
[no] bfd-enable [ipv4 | ipv6]
[no] bsm-check-rtr-alert
hello-interval hello-interval
— no hello-interval
hello-multiplier deci-units
— no hello-multiplier
[no] improved-assert
[no] instant-prune-echo
[no] ipv4-multicast-disable
[no] ipv6-multicast-disable
max-groups value
— no max-groups
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
level level-id bw bandwidth
— no level
number-down number-lag-port-down level level-id
— no number-down number-lag-port-down
[no] shutdown
[no] use-lag-port-weight
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
multicast-senders {auto | always | never}
— no multicast-senders
[no] p2mp-ldp-tree-join [ipv4] [ipv6]
priority dr-priority
— no priority
[no] shutdown
sticky-dr [priority dr-priority]
— no sticky-dr
three-way-hello [compatibility-mode]
— no three-way-hello
[no] tracking-support
[no] ipv4-multicast-disable
[no] ipv6-multicast-disable
[no] ipv6-multicast-disable
[no] mc-ecmp-balance-hold
[no] mc-ecmp-hashing-enabled [rebalance]
[no] non-dr-attract-traffic
rp
auto-rp-discovery
[no] anycast rp-ip-address
[no] rp-set-peer ip-address
[no] auto-rp-discovery
bootstrap-export policy-name [.. policy-name...up to five]
— no bootstrap-export
bootstrap-import policy-name [.. policy-name...up to five]
— no bootstrap-import
bsr-candidate
address ip-address
— no address
hash-mask-len hash-mask-length
— no hash-mask-len
priority bootstrap-priority
— no priority
[no] shutdown
ipv6
anycast ipv6-address
[no] rp-set-peer ipv6-address
bsr-candidate ipv6-address
address ipv6-address
[no] address
hash-mask-length hash-mask-length
[no] hash-mask-length
priority bootstrap-priority
— no priority
[no] shutdown
[no] embedded-rp
group-range grp-ipv6-address/prefix-length
[no] shutdown
rp-candidate
address ipv6-address
— no address
[no] group-range grp-ipv6-address/prefix-length
holdtime holdtime
— no holdtime 
priority priority
— no priority
[no] shutdown
static
[no] address ipv6-address
[no] group-prefix grp-ipv6-address/prefix-length
[no] override
rp-candidate
address ip-address
— no address
[no] rp-candidate {grp-ip-address/mask | grp-ip-address [netmask]}
holdtime holdtime
— no holdtime 
priority priority
— no priority
[no] shutdown
[no] static ip-address
[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}
[no] override
rpf-table {rtable-m | rtable-u | both}
— no rpf-table
[no] shutdown
spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold
— no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}
ssm-assert-compatible-mode [enable | disable]
ssm-default-range-disable ipv4
[no] ssm-groups
[no] group-range {grp-ip-address/mask | grp-ip-address netmask}

MSDP Configuration Commands

config
— service
— vprn
[no] msdp
[no] active-source-limit number
[no] data-encapsulation
export policy-name [policy-name...(up to 5 max)]
— no export
[no] group group-name
active-source-limit number
— no active-source-limit
export policy-name [policy-name...(up to 5 max)]
— no export
import policy-name [policy-name...(up to 5 max)]
— no import
local-address address
— no local-address
mode {mesh-group | standard}
[no] peer peer-address
active-source-limit number
— no active-source-limit
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
[no] default-peer
export policy-name [policy-name...(up to 5 max)]
— no export
import policy-name [policy-name...(up to 5 max)]
— no import
local-address address
— no local-address
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
[no] shutdown
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
[no] shutdown
import policy-name [policy-name...(up to 5 max)]
— no import
local-address address
— no local-address
[no] peer peer-address
active-source-limit number
— no active-source-limit
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
[no] default-peer
export policy-name [policy-name...(up to 5 max)]
— no export
import policy-name [policy-name...(up to 5 max)]
— no import
local-address address
— no local-address
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
[no] shutdown
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
rpf-table {rtable-m | rtable-u | both}
— no rpf-table
sa-timeout seconds
— no sa-timeout
[no] shutdown
[no] source prefix/mask
active-source-limit number
— no active-source-limit number

MLD Configuration Commands

config
— service
[no] vprn
[no] mld
[no] group-interface ip-int-name
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
[no] interface ip-int-name
[no] disable-router-alert-check
import policy-name
— no import
max-groups value
— no max-groups
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
level level-id bw bandwidth
— no level
number-down number-lag-port-down level level-id
— no number-down
[no] shutdown
[no] use-lag-port-weight
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
query-interval seconds
— no query-interval
query-last-member-interval seconds
— no query-last-member-interval
query-response-interval seconds
— no query-response-interval
[no] shutdown
static
[no] group
[no] source src-ipv6-address
[no] starg
[no] group grp-ipv6-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
version version
— no version
query-interval seconds
— no query-interval
query-last-member-interval seconds
— no query-last-member-interval
query-response-interval seconds
— no query-response-interval
robust-count robust-count
— no robust-count
[no] shutdown
ssm-translate
[no] grp-range start end
[no] source src-ipv6-address

RIP Configuration Commands

config
— service
— vprn
[no] rip
[no] ripng
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
authentication-type {none | password | message-digest}
— no authentication-type
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name...(up to 5 max)]
— no export
import policy-name [policy-name...(up to 5 max)]
— no import
export-limit number [log percentage]
— no export-limit
[no] group name
authentication-key [authentication-key | hash-key] [hash | hash2]
— no authentication-key
authentication-type {none | password | message-digest}
— no authentication-type
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name...(up to 5 max)]
— no export
export-limit number [log percentage]
— no export-limit
import policy-name [policy-name...(up to 5 max)]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-in metric
— no metric-in
preference preference
— no preference
receive receive-type
— no receive
receive send-type
— no receive
[no] shutdown
check-zero {enable | disable}
— no check-zero
timers update timeout flush
— no timers
[no] neighbor ip-int-name
authentication-key authentication-key | hash-key [hash | hash2]
— no authentication-key
authentication-type {none | password | message-digest}
— no authentication-type
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name...(up to 5 max)]
— no export
export-limit number [log percentage]
— no export-limit
import policy-name [policy-name...(up to 5 max)]
— no import
import policy-name [policy-name...(up to 5 max)]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
— no timers
timers update timeout flush
[no] unicast-address ipv6-address
export-limit number [log percentage]
— no export-limit
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
[no] propagate-metric
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
timers update timeout flush
— no timers

Threat Management Service Interface Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
tms-interface interface-name [create] [off-ramp-vprn off-ramp-svc] [mgmt-vprn mgmt-svc]
— no tms-interface interface-name
address {ip-address/mask | ip-address netmask}
— no address
description long-description-string
— no description
[no] ipv6
password [password]
— no password
port mda-id
— no port
[no] shutdown

RADIUS Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
radius-proxy
server server-name [create] [purpose {[accounting][authentication]}]
— no server server-name
cache
key packet-type {accept | request} attribute-type attribute-type [vendor-id vendor-id]
— no key
[no] shutdown
timeout [hrs hours] [min minutes] [sec seconds]
— no timeout
track-accounting [start] [stop] [interim-update]
— no track-accounting
default-accounting-server-policy policy-name
— no default-accounting-server-policy
default-authentication-server-policy policy-name
— no default-authentication-server-policy
description description-string
— no description
[no] interface ip-int-name
load-balance-key vendor vendor-id [vendor-id...(up to 5 max)] attribute-type attribute-type [attribute-type...(up to 5 max)]
load-balance-key source-ip-udp
— no load-balance-key
python-policy name
— no python-policy
secret secret [hash | hash2]
— no secret
[no] send-accounting-response
[no] shutdown
username user-name prefix-string [128 chars max] [accounting-server-policy policy-name] [authentication-server-policy policy-name]
— no username user-name
radius-server
server server-name [address ip-address] [secret key] [hash | hash2] [port port] [create]
— no server server-name
[no] accept-coa
coa-script-policy script-policy-name
— no coa-script-policy
description description-string
— no description
pending-requests-limit limit
— no pending-requests-limit
python-policy name
— no python-policy

Web Portal Protocol Configuration Commands

config
— service
vprn service-id [customer customer-id]
— no vprn service-id
[no] wpp
portals
portal
[no] shutdown
[no] shutdown

Command Descriptions

Generic Commands

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn
config>service>vprn>dhcp6>server>failover
config>service>vprn>igmp-trk
config>service>vprn>red-if
config>service>vprn>router-advert>if
config>service>vprn>gsmp
config>service>vprn>gsmp>group
config>service>vprn>gsmp>group>neighbor
config>service>vprn>igmp
config>service>vprn>igmp>grp-if>mcac>mc-constraints
config>service>vprn>igmp>if
config>service>vprn>igmp>if>mcac
config>service>vprn>igmp>if>mcac>mc-constraints
config>service>vprn>if
config>service>vprn>if>dhcp
config>service>vprn>if>dhcp>proxy
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
config>service>vprn>if>sap
config>service>vprn>if>sap>static-host
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>isis
config>service>vprn>isis>if
config>service>vprn>mld>grp-if>mcac>mc-constraints
config>service>vprn>mld>interface>mcac>mc-constraints
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
config>service>vprn>ospf
config>service>vprn>ospf>area>if
config>service>vprn>ospf3
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf>area>sham-link
config>service>vprn>red-if>spoke-sdp
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>pim
config>service>vprn>pim>if
config>service>vprn>pim>if>mcac>mc-constraints
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>ipv6>bsr-candidate
config>service>vprn>pim>rp>ipv6>embedded-rp
config>service>vprn>pim>rp>ipv6>rp-candidate
config>service>vprn>sub-if>grp-if
config>service>vprn>sub-if>grp-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp>proxy-server
config>service>vprn>sub-if>grp-if>sap
config>service>vprn>sub-if>grp-if>arp-host
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt
config>service>vprn>dhcp>server>failover
config>service>vprn>nw-if>dhcp
config>service>vprn>nw-if>eth-cfm>mep
config>service>vprn>radius-proxy>server>cache
config>service>vprn>radius-proxy>server
config>service>vprn>radius-server
config>service>vprn>if>sap>ipsec-tunnel
config>service>vprn>log>log-id
Description 

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

If the AS number was previously changed, the BGP AS number inherits the new value.

Special Cases 
Service Admin State—
Bindings to an SDP within the service will be put into the out-of-service state when the service is shutdown. While the service is shutdown, all customer packets are dropped and counted as discards for billing and debugging purposes.

A service is regarded as operational providing that one IP Interface SAP and one SDP is operational.

VPRN BGP and RIP—
This command disables the BGP or RIP instance on the given IP interface. Routes learned from a neighbor that is shutdown are immediately removed from the BGP or RIP database and RTM. If BGP or RIP is globally shutdown, then all RIP group and neighbor interfaces are shutdown operationally. If a BGP or RIP group is shutdown, all member neighbor interfaces are shutdown operationally. If a BGP or RIP neighbor is shutdown, just that neighbor interface is operationally shutdown.

description

Syntax 
description description-string
no description
Context 
config>service>vprn>if>dhcp
config>service>vprn>bgp
config>service>vprn>rip
config>service>vprn
config>service>vprn>l2tp
config>service>vprn>red-if
config>service>vprn>if
config>service>vprn>if>sap
config>service>vprn>if>dhcp
config>service>vprn>if>dhcp5
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>rip
config>service>vprn>ripng
config>service>vprn>rip>group
config>service>vprn>ripng>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng>group>neighbor
config>service>vprn>subscriber-interface
config>service>vprn>sub-if>dhcp
config>service>vprn>sub-if>grp-if
config>service>vprn>sub-if>grp-if>dhcp
config>service>vprn>sub-if>grp-if>sap>atm
config>service>vprn>dhcp
config>service>vprn>dhcp>server>pool
config>service>vprn>sub-if>grp-if>pppoe
config>service>vprn>nw-if
config>service>vprn>radius-proxy>server
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
string—
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

Global Commands

vprn

Syntax 
vprn service-id [customer customer-id] [inter-as-mvpn] [create]
no vprn service-id
Context 
config>service
Description 

This command creates or edits a Virtual Private Routed Network (VPRN) service instance.

If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

VPRN services allow the creation of customer-facing IP interfaces in the same routing instance used for service network core routing connectivity. VPRN services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

IP interfaces defined within the context of an VPRN service ID must have a SAP created as the access point to the subscriber network.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. If attempting to edit a service with the incorrect customer-id results in an error.

Multiple VPRN services are created to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within an VPRN service ID belongs to the same customer.

The no form of the command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shutdown and deleted.

Default 

n/a — No VPRN service instances exist until they are explicitly created.

Parameters 
service-id—
The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7750 SR on which this service is defined.
Values—

service-id:

1 to 2147483648

svc-name:

64 characters maximum

customer customer-id —
Specifies an existing customer identification number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
Values—
1 to 2147483647
inter-as-mvpn
a creation-time parameter, indicating that the VPRN service being configured is used for inter-AS MVPN only

aggregate

Syntax 
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [black-hole] [community comm-id] [description description]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [community comm-id] [indirect ip-address] [description description]
no aggregate ip-prefix/ip-prefix-length
Context 
config>service>vprn
Description 

This command creates an aggregate route.

Use this command to automatically install an aggregate in the routing table when there are one or more component routes. A component route is any route used for forwarding that is a more-specific match of the aggregate.

The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers, leading to smaller routing table sizes.

Overlapping aggregate routes may be configured; in this case a route becomes a component of only the one aggregate route with the longest prefix match. For example if one aggregate is configured as 10.0.0.0/16 and another as 10.0.0.0/24, then route 10.0.128/17 would be aggregated into 10.0.0.0/16, and route 10.0.0.128/25 would be aggregated into 10.0.0.0/24. If multiple entries are made with the same prefix and the same mask the previous entry is overwritten.

A standard 4-byte BGP community may be associated with an aggregate route in order to facilitate route policy matching.

By default aggregate routes are not installed in the forwarding table, however there are configuration options that allow an aggregate route to be installed with a black-hole next hop or with an indirect IP address as next hop.

The no form of the command removes the aggregate.

Default 

no aggregate

Parameters 
ip-prefix—
the destination address of the aggregate route in dotted decimal notation
Values—

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

the ipv6-prefix and ipv6-prefix-length apply only to the 7750 SR and 7950 XRS
the mask associated with the network address expressed as a mask length
Values: 0 to 32
summary-only—
This optional parameter suppresses advertisement of more specific component routes for the aggregate.

To remove the summary-only option, enter the same aggregate command without the summary-only parameter.

as-set—
This optional parameter is only applicable to BGP and creates an aggregate where the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Use this feature carefully as it can increase the amount of route churn due to best path changes.
aggregator as-number:ip-address
This optional parameter specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet AS number used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.
community comm-id
This configuration option associates a BGP community with the aggregate route. The community can be matched in route policies and is automatically added to BGP routes exported from the aggregate route.
Values—

comm-id

asn:comm-val | well-known-comm

asn

0 to 65535

comm-val

0 to 65535

well-known-comm

no-advertise, no-export, no-export-subconfed

black-hole—
This optional parameter installs the aggregate route, when activated, in the FIB with a black-hole next-hop; where packets matching this route are discarded.
indirect ip-address—
This configuration option specifies that the aggregate route should be installed in the FIB with a next-hop taken from the route used to forward packets to ip-address.
Values—

ipv4-prefix

a.b.c.d

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

The ipv6-prefix applies only to the 7750 SR and 7950 XRS.
description description-text
specifies a text description stored in the configuration file for a configuration context

allow-export-bgp-vprn

Syntax 
allow-export-bgp-vprn
no allow-export-bgp-vprn
Context 
config>service>vprn
Description 

This command causes the vrf-export and vrf-target functions of the VPRN to include BGP-VPN routes installed in the VPRN route table. For split–horizon reasons, these routes are normally not re-advertisable as VPN-IP routes.

When a BGP-VPN route is re-exported, the route-distinguisher and label values are rewritten per the configuration of the re-exporting VPRN.

Caution:

Ensure that routing updates do not loop back to the source when this command is used, otherwise the routes could become unstable.

Default 

no allow-export-bgp-vprn

auto-bind-tunnel

Syntax 
auto-bind-tunnel
Context 
config>service>vprn
Description 

This command enables the context to configure automatic binding of a VPRN service using tunnels to MP-BGP peers.

The auto-bind-tunnel node is simply a context to configure the binding of VPRN routes to tunnels. The user must configure the resolution option to enable auto-bind resolution to tunnels in TTM. If the resolution option is explicitly set to disabled, the auto-binding to tunnel is removed.

If resolution is set to any, any supported tunnel type in VPRN context will be selected following TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, then only these tunnel types will be selected again following the TTM preference.

The following tunnel types are supported in a VPRN context in order of preference: RSVP, LDP, Segment Routing (SR), and GRE. The BGP tunnel type is not explicitly configured and is thus implicit. It is always preferred over any other tunnel type enabled in the auto-bind-tunnel context.

The ldp value instructs BGP to search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next-hop.

The rsvp value instructs BGP to search for the best metric RSVP LSP to the address of the BGP next-hop. This address can correspond to the system interface or to another loopback used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

When the sr-isis (sr-ospf) value is enabled, a SR tunnel to the BGP next-hop is selected in the TTM from the lowest numbered ISIS (OSPF) instance.

The sr-te value instructs BGP to search for the best metric SR-TE LSP to the address of the BGP next-hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple SR-TE LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

The user must set resolution to filter to activate the list of tunnel-types configured under resolution-filter.

When an explicit SDP to a BGP next-hop is configured in a VPRN service (configure>service>vprn>spoke-sdp), it overrides the auto-bind-tunnel selection for that BGP next-hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke-sdp in the VPRN service context to resume using the auto-bind-tunnel selection for the BGP next-hop.

resolution

Syntax 
resolution {any | filter | disabled}
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the resolution mode in the automatic binding of a VPRN service to tunnels to MP-BGP peers.

Parameters 
any—
enables the binding to any supported tunnel type in VPRN context following TTM preference
filter—
enables the binding to the subset of tunnel types configured under resolution-filter
disabled—
disables the automatic binding of a VPRN service to tunnels to MP-BGP peers

resolution-filter

Syntax 
resolution-filter
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the subset of tunnel types which can be used in the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.

The following tunnel types are supported in a VPRN context in order of preference: RSVP, LDP, Segment Routing (SR), and GRE. The BGP tunnel type is not explicitly configured and is thus implicit. It is always preferred over any other tunnel type enabled in the auto-bind-tunnel context.

Parameters 
gre—
selects the GRE tunnel type
ldp—
selects the LDP tunnel type
rsvp—
selects the RSVP-TE tunnel type
sr-isis—
selects the Segment Routing (SR) tunnel type programed by an IS-IS instance in TTM
sr-ospf—
selects the SR-OSPF tunnel type
sr-te—
selects the SR-TE tunnel type

autonomous-system

Syntax 
autonomous-system as-number
no autonomous-system
Context 
config>service>vprn
Description 

This command defines the autonomous system (AS) to be used by this VPN routing/forwarding (VRF). This command defines the autonomous system to be used by this VPN routing

The no form of the command removes the defined AS from this VPRN context.

Default 

no autonomous-system

Parameters 
as-number —
specifies the AS number for the VPRN service
Values—
1 to 4294967295

backup-path

Syntax 
[no] backup-path [ipv4] [ipv6] [label-ipv4] [label-ipv6]
Context 
config>router
config>service>vprn
config>service>vprn>bgp
Description 

This command enables the computation and use of a backup path for IPv4 and/or IPv6 BGP-learned prefixes belonging to the base router or a particular VPRN. Multiple paths must be received for a prefix in order to take advantage of this feature. When a prefix has a backup path and its primary path(s) fail the affected traffic is rapidly diverted to the backup path without waiting for control plane re-convergence to occur. When many prefixes share the same primary path(s), and in some cases also the same backup path, the time to failover traffic to the backup path is independent of the number of prefixes. In some cases prefix independent convergence may require use of FP2 or later IOMs/IMMs/XMAs.

By default, IPv4 and IPv6 prefixes do not have a backup path installed in the IOM.

Default 

no backup-path

Parameters 
ipv4 —
Enables the use of a backup path for BGP-learned unlabeled IPv4 prefixes
ipv6 —
Enables the use of a backup path for BGP-learned unlabeled IPv6 prefixes
label-ipv4 —
Enables the use of a backup path for BGP-learned labeled-IPv4 prefixes
label-ipv6 —
Enables the use of a backup path for BGP-learned labeled-IPv6 prefixes. label-ipv6 is not supported within the config>service>vprn context.

carrier-carrier-vpn

Syntax 
[no] carrier-carrier-vpn
Context 
config>service>vprn
Description 

This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.

This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.

The no form of the command removes the Carrier Supporting Carrier capability from a VPRN.

Default 

no carrier-carrier-vpn

confederation

Syntax 
confederation confed-as-num members as-number [as-number…(up to 15 max)]
no confederation confed-as-num members as-number [as-number…(up to 15 max)]
no confederation
Context 
config>service>vprn
Description 

This command configures the VPRN BGP instance to participate in a BGP confederation. BGP confederations can be used to reduce the number of IBGP sessions required within an AS.

When a VPRN BGP instance is part of a confederation, it can form confederation-EBGP sessions with CE router peers in a different sub-autonomous systems of the same confederation as well as regular EBGP sessions with CE router peers outside the confederation. A VPRN BGP instance that is part of a confederation cannot import or export its routes to the base router instance (as VPN-IP routes).

The no form of the command deletes the specified member AS from the confederation. When members are not specified in the no statement, the entire list is removed and confederations is disabled. When the last member of the list is removed, confederations is disabled.

Default 

No confederations are defined.

Parameters 
confed-as-num—
the confederation AS number defined as a decimal value
Values—
1 to 4294967295
members as-number
The AS number(s) that are members of the confederation, each expressed as a decimal integer. Configure up to 15 members per confed-as-num.
Values—
1 to 4294967295

dns

Syntax 
[no] dns
Context 
config>service>vprn
Description 

This command enables the context to configure domain name servers.

The no form of the command disables DNS for this service.

ipv4-source-address

Syntax 
ipv4-source-address ipv4-address
no ipv4-source-address
Context 
config>service>vprn>dns
Description 

This command configures the IPv4 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv4 DNS server address by other means, can use this for DNS name resolution.

The ipv4-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of the command reverts to the default.

Default 

n/a

Parameters 
ipv4-address—
specifies the IPv4 address of the default secondary DNS server
Values—
ipv4-address - a.b.c.d

ipv6-source-address

Syntax 
ipv6-source-address ipv6-address
no ipv6-source-address
Context 
config>service>vprn>dns
Description 

This command configures the IPv6 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv6 DNS server address by other means, can use this for DNS name resolution.

The ipv6-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of the command reverts to the default.

Default 

n/a

Parameters 
ipv4-address—
specifies the IPv6 address of the default secondary DNS server
Values—
ipv4-address - a.b.c.d

primary-dns

Syntax 
primary-dns ip-address
no primary-dns
Context 
config>service>vprn>dns
Description 

This command configures the primary DNS server used for DNS name resolution. DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the primary DNS server from the configuration.

Default 

no primary-dns — No primary DNS server is configured.

Parameters 
ip-address—
the IP or IPv6 address of the primary DNS server
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface - 32 characters max, for link local addresses.

secondary-dns

Syntax 
secondary-dns ip-address
no secondary-dns
Context 
config>service>vprn>dns
Description 

This command configures the secondary DNS server for DNS name resolution. The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the secondary DNS server from the configuration.

Default 

no secondary-dns — no secondary DNS server is configured

Parameters 
ip-address—
the IP or IPv6 address of the secondary DNS server
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses.

tertiary-dns

Syntax 
tertiary-dns ip-address
no tertiary-dns
Context 
config>service>vprn>dns
Description 

This command configures the tertiary DNS server for DNS name resolution. The tertiary DNS server is used only if the primary DNS server and the secondary DNS server do not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of the command removes the tertiary DNS server from the configuration.

Default 

no tertiary-dns — No tertiary DNS server is configured.

Parameters 
ip-address—
the IP or IPv6 address of the tertiary DNS server
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses.

ecmp

Syntax 
ecmp max-ecmp-routes
no ecmp
Context 
config>service>vprn
Description 

This command enables equal-cost multipath (ECMP) and configures the number of routes for path sharing. For example, the value of 2 means that 2 equal cost routes will be used for cost sharing.

ECMP groups form when the system routes to the same destination with equal cost values. Routing table entries can be entered manually (as static routes), or they can be formed when neighbors are discovered and routing table information is exchanged by routing protocols. The system can balance traffic across the groups with equal costs.

ECMP can only be used for routes learned with the same preference and same protocol. See the discussion on preferences in the application6 command.

When more ECMP routes are available at the best preference than configured by the max-ecmp-routes parameter, then the lowest next-hop IP address algorithm is used to select the number of routes configured.

The no form of the command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the newly updated route is used.

Default 

no ecmp

Parameters 
max-ecmp-routes —
specifies the maximum number of routes for path sharing
Values—
0 to 32

export-grt

Syntax 
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 4 max)]]
no export-grt
Context 
config>service>vprn
Description 

This command is used to specify route policies that control how routes are exported from the local VRF route table to the base router (GRT) route table. The leaked routes show as protocol VPN-Leak in the GRT and allow traffic to ingress on a GRT interface and egress on a VPRN interface.

The export-grt command can reference up to 5 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 5 objects referenced by the export-grt command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 5 objects has a maximum length of 255 characters while the remaining 4 objects have a maximum length of 64 characters each.

When multiple export-grt commands are issued, the last command entered overrides the previous command.

The no form of the command removes all route policy names from the export-grt list.

Default 

no export-grt

Parameters 
plcy-or-long-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)
plcy-or-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)

export-inactive-bgp

Syntax 
export-inactive-bgp
no export-inactive-bgp
Context 
config>service>vprn
Description 

This command allows the best BGP route learned by a VPRN to be exported as a VPN-IP route even when that BGP route is inactive in the route table due to the presence of a preferred BGP-VPN route from another PE. In order for the BGP route to be exported, it must be accepted by the VRF export policy.

This “best-external” type of route advertisement is useful in active/standby multi-homing scenarios because it can ensure that all PEs have knowledge of the backup path provided by the standby PE.

By default, an inactive BGP route cannot be exported from a VPRN.

Default 

no export-inactive-bgp

fib-priority

Syntax 
fib-priority {high | standard}
Context 
config>service>vprn
Description 

This command specifies the FIB priority for VPRN.

Parameters 
high—
specifies high FIB priority for VPRN
standard—
specifies standard FIB priority for VPRN

flowspec

Syntax 
flowspec
Context 
config>service>vprn
Description 

This command enables the context to configure flowspec-related parameters for the specified routing instance.

ip-filter-max-size

Syntax 
ip-filter-max-size {value | default}
Context 
config>service>vprn>flowspec
Description 

This command configures the maximum number of flowspec routes or rules that can be embedded into an ingress IP filter policy for a specified routing instance. Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and “offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv4 filter that embeds IPv4 flowspec rules from this routing instance (excluding filters that embed at offset 65536) must not exceed 65536.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv4 flowspec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by flowspec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default 

ip-filter-max-size default

Parameters 
value—
the maximum number of flowspec routes or rules that can be embedded into an ingress IP filter policy
Values—
0 to 65535
default—
configures the maximum size as 512

ipv6-filter-max-size

Syntax 
ipv6-filter-max-size {value | default}
Context 
config>service>vprn>flowspec
Description 

This command configures the maximum number of IPv6 flowspec routes or rules that can be embedded into an ingress IPv6 filter policy for a specified routing instance. Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and “offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv6 filter that embeds IPv6 flowspec rules from this routing instance (excluding filters that embed at offset 65536) must not exceed 65536.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv6 flowspec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by flowspec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default 

ipv6-filter-max-size default

Parameters 
value—
the maximum number of flowspec routes or rules that can be embedded into an ingress IP filter policy
Values—
0 to 65535
default—
configures the maximum size as 512

grt-lookup

Syntax 
grt-lookup
Context 
config>service>vprn
Description 

This command provides the context under which all Global Route Table (GRT) leaking commands are configured. If all the supporting commands in the context are removed, this command will also be removed.

enable-grt

Syntax 
[no] enable-grt
Context 
config>service>vprn>grt-lookup
Description 

This command enables the functions required for looking up routes in the Global Route Table (GRT) when the lookup in the local VRF fails. If this command is enabled without the use of a static-route option (as subcommand to this parent), a lookup in the local VRF is preferred over the GRT. When the local VRF returns no route table lookup matches, the result from the GRT is preferred.

The no form of this command disables the lookup in the GRT when the lookup in the local VRF fails.

Default 

no enable-grt

allow-local-management

Syntax 
[no] allow-local-management
Context 
config>service>vprn>grt-lookup>enable-grt
Description 

Enables the support of specific management protocols over VPRN interfaces that terminate on Base routing context IPv4 and IPv6 interface addresses, including Base loopback and system addresses. Global Routing Table (GRT) leaking is used to enable visibility/access of the Base interface addresses in the VPRN. The supported protocols are Telnet, FTP, SNMP, and SSH (including applications that ride over SSH such as scp, sftp, and NETCONF).

Ping and traceroute responses from the Base router interfaces are supported and are not configurable.

The allow-local-management command does not control the support for management protocols terminating on VPRN interfaces directly. See the configure>service>vprn>snmp>access CLI command for SNMP support on VPRN interface addresses.

export-grt

Syntax 
export-grt policy-name [policy-name ...(up to 5 max)]
no export-grt
Context 
config>service>vprn>grt-lookup
Description 

This command uses route policy to determine which routes are exported from the VRF to the GRT along with all the forwarding information. These entries will be marked as BGP-VPN routes in the GRT. Routes must be in the GRT in order for proper routing to occur from the GRT to the VRF.

Default 

no export-grt

export-limit

Syntax 
export-limit num-routes
no export-limit
Context 
config>service>vprn>grt-lookup
config>service>vprn>ospf
config>service>vprn>ospf3
config>service>vprn>rip
Description 

This command provides the ability to limit the total number of routes exported from the VRF to the GRT. The value zero (0) provides an override that disables the maximum limit. Setting this value to zero (0) will not limit the number of routes exported from the VRF to the GRT. Configuring a range of one (1) to 1000 will limit the number of routes to the specified value.

The no form of the command sets the export-limit to a default of five (5).

Default 

export-limit 5

Parameters 
num-routes—
specifies the maximum number of routes that can be exported
Values—
0 to 1000

export-v6-limit

Syntax 
export-v6-limit num-routes
no export-v6-limit
Context 
config>service>vprn>grt-lookup
Description 

The export-limit range provides the ability to limit the total number of IPv6 routes exported from the VPRN to the GRT. The value “0” provides an override that disables the maximum limit. Setting this value to “0” will not limit the number of routes exported from the VPRN to the GRT. Configuring a range of 1-1000 will limit the number of routes to the specified value.

The no form of the command sets the export-limit to a default of 5.

Default 

export-v6-limit 5

Parameters 
num-routes—
specifies maximum number of routes that can be exported
Values—
0 to 1000

gsmp

Syntax 
gsmp
Context 
config>service>vprn
Description 

This command enables the context to configure GSMP connections maintained in this service.

Default 

not enabled

group

Syntax 
[no] group name
Context 
config>service>vprn>gsmp
Description 

This command specifies a GSMP name. A GSMP group name is unique only within the scope of the service in which it is defined.

Parameters 
name—
specifies the group name up to 32 characters in length

ancp

Syntax 
ancp
Context 
config>service>vprn>gsmp>group
Description 

This command configures ANCP parameters for this GSMP group.

dynamic-topology-discover

Syntax 
[no] dynamic-topology-discover
Context 
config>service>vprn>gsmp>group>ancp
Description 

This command enables the ANCP dynamic topology discovery capability.

The no form of this command disables the feature.

oam

Syntax 
[no] oam
Context 
config>service>vprn>gsmp>group>ancp
Description 

This command specifies whether or not the GSMP ANCP OAM capability should be negotiated at startup of the GSMP connection.

The no form of this command disables the feature.

hold-multiplier

Syntax 
hold-multiplier multiplier
no hold-multiplier
Context 
config>service>vprn>gsmp>group
Description 

This command configures the hold-multiplier for the GSMP connections in this group.

Parameters 
multiplier—
specifies the GSMP hold multiplier value
Values—
1 to 100

idle-filter

Syntax 
idle-filter
no idle-filter
Context 
config>service>vpls>gsmp
config>service>vprn>gsmp
Description 

This command when applied will filter out new subscriber’s ANCP messages from subscriber with “DSL-line-state” IDLE.

Default 

no idle-filter

keepalive

Syntax 
keepalive seconds
no keepalive
Context 
config>service>vprn>gsmp>group
Description 

This command configures keepalive values for the GSMP connections in this group.

Parameters 
seconds—
specifies the GSMP keepalive timer value in seconds
Values—
1 to 25

neighbor

Syntax 
[no] neighbor ip-address
Context 
config>service>vprn>gsmp>group
Description 

This command adds or removes a neighbor in this group.

Parameters 
ip-address—
specifies the IP address in dotted decimal notation

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>gsmp>group>neighbor
Description 

This command configures the source ip-address used in the connection towards the neighbor.

Parameters 
ip-address—
specifies the IP address in dotted decimal notation

priority-marking

Syntax 
priority-marking dscp dscp-name
priority-marking prec ip-prec-value
no priority-marking
Context 
config>service>vprn>gsmp>group>neighbor
Description 

This command configures the type of priority marking to be used.

Parameters 
dscp dscp-name—
specifies the DSCP code-point to be used
Values—
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63
prec ip-prec-value—
specifies the precedence value to be used
Values—
0 to 7

persistency-database

Syntax 
persistency-database
no persistency-database
Context 
config>service>vpls <service id>gsmp
config>service>vprn<service id>gsmp
Description 

This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information will remain in memory and accessible for Radius authentication and accounting.

Default 

no persistency-database

Router L2TP Commands

l2tp

Syntax 
l2tp
no l2tp
Context 
config>service>vprn
Description 

This command enables the context to configure L2TP parameters. L2TP extends the PPP model by allowing Layer 2 and PPP endpoints to reside on different devices interconnected by a packet-switched network.

avp-hiding

Syntax 
avp-hiding sensitive | always
no avp-hiding
Context 
config>service>vprn>l2tp
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

The no form of the command returns the value to never allow AVP hiding.

Default 

no avp-hiding

Parameters 
avp-hiding—
Specifies the method to be used for the authentication of the tunnels in this L2TP group.
Values—
sensitive — AVP hiding is used only for sensitive information (such as username/password)
always — AVP hiding is always used

calling-number-format

Syntax 
calling-number-format ascii-spec
no calling-number-format
Context 
config>service>vprn>l2tp
Description 

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

Parameters 
ascii-spec—
specifies the L2TP calling number AVP
Values—

ascii-spec

char-specification ascii-spec

char-specification

ascii-char | char-origin

ascii-char

a printable ASCII character

char-origin

%origin

origin

S | c | r | s | l

S

- system name, the value of TIMETRA-CHASSIS-MIB::tmnxChassisName

c

- Agent Circuit Id

r

- Agent Remote Id

s

- SAP ID, formatted as a character string

l

- Logical Line ID

challenge

Syntax 
challenge {always | never}
no challenge
Context 
config>service>vprn>l2tp
Description 

This command configures the use of challenge-response authentication.

The no form of the command reverts to the default never value.

Default 

no challenge

Parameters 
always—
Specifies that challenge-response authentication is always used.
never—
Specifies that challenge-response authentication is never used.

destruct-timeout

Syntax 
destruct-timeout destruct-timeout
no destruct-timeout
Context 
config>service>vprn>l2tp
Description 

This command configures the period of time that the data of a disconnected tunnel will persist before being removed.

The no form of the command removes the value from the configuration.

Default 

no destruct-timeout

Parameters 
destruct-timeout—
specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active
Values—
no destruct-timeout
Values—
60 to 86400

exclude-avps

Syntax 
exclude-avps calling-number
no exclude-avps
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP AVPs to exclude.

ipcp-subnet-negotiation

Syntax 
[no] ipcp-subnet-negotiation
Context 
config>router>l2tp>group>ppp
config>router>l2tp>group>tunnel>ppp
config>service>vprn>l2tp>group>ppp
config>service>vprn>l2tp>group>tunnel>ppp
Description 

Enables IPCP negotiation for PPPoE hosts. If not enabled (default setting), the current behavior will apply even if subnet is allocated to the host. Enables IPCP negotiation for PPPoE hosts. If not enabled (default setting), the current behavior will apply even if subnet is allocated in the host.

peer-address-change-policy

Syntax 
peer-address-change-policy {accept | ignore | reject}
Context 
config>service>vprn>l2tp
Description 

This command configures the reaction to a change of tunnel peer address in this router.

receive-window-size

Syntax 
receive-window-size window-size
no receive-window-size
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP receive window size.

Parameters 
window-size—
specifies the window size
Values—
4 to 1024

session-limit

Syntax 
session-limit session-limit
no session-limit
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP session limit of this router.

Parameters 
session-limit—
specifies the session limit
Values—
1 to 131071

group

Syntax 
group tunnel-group-name [create]
no group tunnel-group-name
Context 
config>service>vprn>l2tp
Description 

This command configures an L2TP tunnel group.

Parameters 
tunnel-group-name—
specifies a name string to identify a L2TP group up to 63 characters in length
create—
This keyword is mandatory when creating a tunnel group name. The create keyword requirement can be enabled/disabled in the environment>create context.

session-limit

Syntax 
session-limit session-limit
no session-limit
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP session limit for the router. L2TP is connection-oriented. The L2TP Network Server (LNS) and LAC maintain state for each call that is initiated or answered by an LAC. An L2TP session is created between the LAC and LNS when an end-to-end PPP connection is established between a remote system and the LNS. Datagrams related to the PPP connection are sent over the tunnel between the LAC and LNS. There is a one to one relationship between established L2TP sessions and their associated calls.

Default 

no session-limit

Parameters 
session-limit—
specifies the number of sessions allowed
Values—
1 to 131071

avp-hiding

Syntax 
avp-hiding sensitive | always
no avp-hiding
Context 
config>service>vprn>l2tp>group
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

The no form of the command returns the value to never allow AVP hiding.

Default 

no avp-hiding

Parameters 
avp-hiding—
specifies the method to be used for the authentication of the tunnels in this L2TP group
Values—
sensitive — AVP hiding is used only for sensitive information (such as username/password)
always — AVP hiding is always used

challenge

Syntax 
challenge always
no challenge
Context 
config>service>vprn>l2tp>group
Description 

This command configures the use of challenge-response authentication.

The no form of the command reverts to the default never value.

Default 

no challenge

Parameters 
always—
specifies when challenge-response is to be used for the authentication of the tunnels in this L2TP group
Values—
always

destruct-timeout

Syntax 
destruct-timeout destruct-timeout
no destruct-timeout
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the period of time that the data of a disconnected tunnel will persist before being removed.

The no form of the command removes the value from the configuration.

Default 

no destruct-timeout

Parameters 
destruct-timeout—
specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active
Values—
60 to 86400

hello-interval

Syntax 
hello-interval hello-interval
no hello-interval
Context 
config>service>vprn>l2tp>group
Description 

This command configures the time interval between two consecutive tunnel Hello messages. The Hello message is an L2TP control message sent by either peer of a LAC-LNS control connection. This control message is used as a keepalive for the tunnel.

The no form of the command removes the interval from the configuration.

Default 

no hello-interval

Parameters 
hello-interval—
specifies the time interval, in seconds, between two consecutive tunnel Hello messages
Values—
60 to 3600
Values—
60

idle-timeout

Syntax 
idle-timeout idle-timeout
no idle-timeout
Context 
config>service>vprn>l2tp>group
Description 

This command configures the period of time that an established tunnel with no active sessions will persist before being disconnected.

Enter the no form of the command to maintain a persistent tunnel.

The no form of the command removes the idle timeout from the configuration.

Default 

no idle-timeout

Parameters 
idle-timeout—
specifies the idle timeout value, in seconds until the group is removed
Values—
0 to 3600

l2tpv3

Syntax 
l2tpv3
Context 
config>service>vprn>l2tp
config>service>vprn>l2tp>group
Description 

This command enables the context to configure L2TPv3 parameters.

Default 

n/a

cookie-length

Syntax 
cookie-length {4 | 8 | none}
no cookie-length
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the length of the optional cookie field.

The no form of the command returns the cookie-length to a default of none.

Default 

no cookie-length

Parameters 
4—
Specifies the cookie length as 4 bytes
8—
Specifies the cookie length as 8 bytes
none—
Specifies that no cookie field should be included

digest-type

Syntax 
digest-type {none | md5 | sha1}
no digest-type
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the hashing algorithm used to calculate the message digest.

The no form of the command returns the digest-type to none.

Default 

no digest-type

Parameters 
none—
Specifies that no digest should be used
md5—
Specifies that the MD5 algorithm should be used
sha1—
Specifies that the SHA1 algorithm should be used

nonce-length

Syntax 
nonce-length {length | none}
no nonce-length
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the length for the local L2TPv3 nonce (random number) value used in the Nonce AVP.

The no form of the command returns the nonce-length to a default of none.

Default 

no nonce-length

Parameters 
length—
Specifies the length of the Nonce AVP value
Values—
16 to 64
none—
Specifies that no Nonce AVP is included

rem-router-id

Syntax 
rem-router-id ip-addr
no rem-router-id
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the IP address that should be used within the Remote Router-ID AVP.

The no form of this command removes the configured IP address.

Default 

no rem-router-id

Parameters 
ip-addr—
Specifies an IP address to be used within the Remote Router-ID AVP

pw-cap-list

Syntax 
pw-cap-list {ethernet | ethernet-vlan}
no pw-cap-list
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the allowable pseudowire capability list that is advertised to the far end. An empty list results in both pseudowire capabilities being advertised.

The no form of this command removes the list and advertises both pseudowire capabilities to the far end.

Default 

no pw-cap-list

Parameters 
ethernet—
Specifies that the Ethernet pseudo-wire type is advertised
ethernet-vlan—
Specifies that the Ethernet-VLAN pseudo-wire type is advertised

track-password-change

Syntax 
[no] track-password-change
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command enables tracking of password changes, allowing password tunnel passwords to be changed without bringing down active tunnels or sessions. This is only supported with L2TPv3.

The no form of the command disables password change tracking.

Default 

no track-password-change

transport-type

Syntax 
transport-type ip
no transport-type
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the transport type to be used to carry the L2TPv3 tunnel. Currently, only IP transport is supported.

The no form of this command returns the transport-type to the default value.

Default 

no transport-type

Parameters 
ip—
Specifies that IP should be used as the transport type for the L2TPv3 tunnel

lns-group

Syntax 
lns-group lns-group-id
no lns-group
Context 
config>service>vprn>l2tp>group
Description 

This command configures the ISA LNS group.

Parameters 
lns-group-id—
specifies the LNS group ID
Values—
1 to 4

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the local address.

Parameters 
ip-address—
specifies the IP address used during L2TP authentication

local-name

Syntax 
local-name host-name
no local-name
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command creates the local host name used by this system for the tunnels in this L2TP group during the authentication phase of tunnel establishment. It can be used to distinguish tunnels.

The no form of the command removes the name from the configuration.

Default 

no local-name

Parameters 
host-name—
specifies the host name, up to 64 characters in length, that the router will use to identify itself during L2TP authentication

max-retries-estab

Syntax 
max-retries-estab max-retries
no max-retries-estab
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of retries allowed for this L2TP tunnel while it is established, before its control connection goes down.

The no form of the command removes the value from the configuration.

Default 

no max-retries-estab

Parameters 
max-retries—
specifies the maximum number of retries for an established tunnel
Values—
2 to 7

max-retries-not-estab

Syntax 
max-retries-not-estab max-retries
no max-retries-not-estab
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of retries allowed for this L2TP tunnel while it is not established, before its control connection goes down.

The no form of the command removes the value from the configuration.

Default 

no max-retries-not-estab

Parameters 
max-retries—
specifies the maximum number of retries for non-established tunnels
Values—
2 to 7

password

Syntax 
password password [hash | hash2]
no password
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the password between L2TP LAC and LNS

The no form of the command removes the password.

Default 

no password

Parameters 
password —
Configures the password used for challenge/response calculation and AVP hiding. The maximum length can be up to 20 characters if unhashed, 32 characters if hashed, 54 characters if the hash2 keyword is specified.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

ppp

Syntax 
ppp
Context 
config>service>vprn>l2tp>group
Description 

This command configures PPP for the L2TP tunnel group.

authentication

Syntax 
authentication {chap | pap | pref-chap | pref-pap}
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the PPP authentication protocol to negotiate.

authentication-policy

Syntax 
authentication-policy auth-policy-name
no authentication-policy
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the authentication policy.

Parameters 
auth-policy-name—
specifies the authentication policy name
Values—
32 chars max

default-group-interface

Syntax 
default-group-interface ip-int-name service-id service-id
no default-group-interface
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the default group interface.

Parameters 
ip-int-name—
specifies the interface name
Values—
32 chars max
service-id—
specifies the service ID
Values—
1 to 2147483648
svc-name—
specifies the service name (instead of service ID)
Values—
64 chars max

keepalive

Syntax 
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the PPP keepalive interval and multiplier.

Parameters 
seconds—
specifies in seconds the interval
Values—
10 to 300
multiplier—
specifies the multiplier
Values—
1 to 5

mtu

Syntax 
mtu mtu-bytes
no mtu
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the maximum PPP MTU size.

Parameters 
mtu-bytes—
specifies, in bytes, the maximum PPP MTU size
Values—
512 to 9212

proxy-authentication

Syntax 
[no] proxy-authentication
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the use of the authentication AVPs received from the LAC.

proxy-lcp

Syntax 
[no] proxy-lcp
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the use of the proxy LCP AVPs received from the LAC.

user-db

Syntax 
user-db local-user-db-name
no user-db
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the local user database to use for PPP PAP/CHAP authentication.

Parameters 
local-user-db-name—
specifies the local user database name
Values—
32 chars max

session-assign-method

Syntax 
session-assign-method {existing-first | weighted | weighted-random}
no session-assign-method
Context 
config>service>vprn>l2tp>group
Description 

This command specifies how new sessions are assigned to one of the set of suitable tunnels that are available or could be made available.

Default 

session-assign-method existing-first

Parameters 
existing-first—
All new sessions are placed by preference in existing tunnels
weighted—
Enables weighted preference to tunnels in the group
weighted-random—
Enhances the weighted algorithm so that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel

session-limit

Syntax 
session-limit session-limit
no session-limit
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the session limit. The value controls how many L2TP session will be allowed within a given context (system, group, tunnel).

The no form of the command removes the value from the configuration.

Default 

no session-limit

Parameters 
session-limit—
specifies the allowed number of sessions within the given context
Values—
1 to 131071

Router L2TP Tunnel Commands

tunnel

Syntax 
tunnel tunnel-name [create]
no tunnel tunnel-name
Context 
config>service>vprn>l2tp>group
Description 

This command configures an L2TP tunnel. A tunnel exists between a LAC-LNS pair and consists of a Control Connection and zero or more L2TP sessions. The tunnel carries encapsulated PPP datagrams and control messages between the LAC and the L2TP Network Server (LNS).

Parameters 
tunnel-name—
specifies a valid string to identify a L2TP up to 32 characters in length
create—
mandatory while creating a new tunnel

auto-establish

Syntax 
[no] auto-establish
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command specifies if this tunnel is to be automatically set up by the system.

Default 

no auto-establish

avp-hiding

Syntax 
avp-hiding {never | sensitive | always}
no avp-hiding
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

Caution:

Nokia recommends that sensitive information not be sent in clear text.

The no form of the command removes the parameter of the configuration and indicates that the value on group level will be taken.

Default 

no avp-hiding

Parameters 
avp-hiding—
specifies the method to be used for the authentication of the tunnel
Values—
never — AVP hiding is not used
sensitive — AVP hiding is used only for sensitive information (such as username/password)
always — AVP hiding is always used

challenge

Syntax 
challenge {always | never}
no challenge
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the use of challenge-response authentication.

The no form of the command removes the parameter from the configuration and indicates that the value on group level will be taken.

Default 

no challenge

Parameters 
always—
Specifies that challenge-response authentication should always be used for the tunnel.
never—
Specifies that challenge-response authentication should never be used for the tunnel

hello-interval

Syntax 
hello-interval hello-interval
hello-interval infinite
no hello-interval
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of seconds between sending Hellos for a L2TP tunnel.

The no form removes the parameter from the configuration and indicates that the value on group level will be taken.

Parameters 
hello-interval—
specifies the time interval, in seconds, between two consecutive tunnel Hello messages
Values—
60 to 3600
infinite—
specifies that no Hello messages are sent

idle-timeout

Syntax 
idle-timeout idle-timeout
idle-timeout infinite
no idle-timeout
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the idle timeout to wait before being disconnect.

The no form indicates that the parameter will be removed from the configuration and that the value specified on group level will be taken.

Parameters 
idle-timeout—
specifies the idle timeout, in seconds
Values—
0 to 3600
infinite—
specifies that the tunnel will not be closed when idle

peer

Syntax 
peer ip-address
no peer
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the peer address.

The no form of the command removes the IP address from the tunnel configuration.

Default 

no peer

Parameters 
ip-address—
sets the LNS IP address for the tunnel

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment.

The no form of the command removes the preference value from the tunnel configuration.

Default 

no preference

Parameters 
preference—
specifies the tunnel preference number with its group. The value 0 corresponds to the highest preference
Values—
0 to 16777215

remote-name

Syntax 
remote-name host-name
no remote-name
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures a string to be compared to the host name used by the tunnel peer during the authentication phase of tunnel establishment.

Parameters 
host-name—
specifies a remote host name for the tunnel up to 64 characters in length

Router DHCP Configuration Commands

dhcp

Syntax 
dhcp
Context 
config>service>vprn
Description 

This command enables the context to configure DHCP parameters.

dhcp6

Syntax 
dhcp6
Context 
config>service>vprn
Description 

This command enables the context to configure DHCP6 parameters.

local-dhcp-server

Syntax 
local-dhcp-server server-name [create]
no local-dhcp-server server-name
Context 
config>service>vprn>dhcp
config>service>vprn>dhcp6
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command instantiates a local DHCP server. A local DHCP server can serve multiple interfaces but is limited to the routing context it was which it was created.

Default 

n/a

Parameters 
server-name —
specifies the name of local DHCP server
create—
Creates the server name. The create keyword requirement can be enabled/disabled in the environment>create context.

failover

Syntax 
failover
Context 
config>service>vprn>dhcp
Description 

This command enables the context to configure failover parameters.

ignore-mclt-on-takeover

Syntax 
ignore-mclt-on-takeover
no ignore-mclt-on-takeover
Context 
config>service>vprn>dhcp>server>failover
configure>router>dhcp6>server>failover
configure>router>dhcp6>server>pool
configure>service>vprn>dhcp6>server>failover
configure>service>vprn>dhcp6>server>pool
Description 

With this flag enabled, the ‘remote’ IP address/prefix can be taken over immediately upon entering the PARTNER-DOWN state of the intercommunication link, without having to wait for the MCLT to expire. By setting this flag, the lease times of the existing DHCP clients, while the intercommunication link is in the PARTNER-DOWN state, will still be reduced to the MCLT over time and all new lease times will be set to MCLT  this behavior remain the same as originally intended for MCLT.

Some deployments require that the ‘remote’ IP address/prefix range starts delegating new IP addresses/prefixes upon the failure of the intercommunication link, without waiting for the intercommunication link to transition from the COMM-INT state into the PARTNER-DOWN state and the MCLT to expire while in PARTNER-DOWN state.

This can be achieved by enabling the ignore-mclt-on-takeover flag and by configuring the partner-down-delay to 0.

Enabling this functionality must be exercised with caution. One needs to keep in mind that the partner-down-delay and MCLT timers were originally introduced to prevent IP address duplication in cases where DHCP redundant nodes transition out-of-sync due to the failure of intercommunication link. These timers (partner-down-delay and MCLT) would ensure that during their duration, the new IP addresses/prefixes are delegated only from one node – the one with local IP address-range/prefix. The drawback is of course that the new IP address delegation is delayed and thus service is impacted.

But if one could ensure that the intercommunication link is always available, then the DHCP nodes would stay in sync and the two timers would not be needed. This is why it is of utmost importance that in this mode of operation, the intercommunication link is well protected by providing multiple paths between the two DHCP nodes. The only event that should cause intercommunication link to fail is the entire nodal failure. This failure is acceptable since in this case only one DHCP node is available to provide new IP addresses/prefixes.

Default 

no ignore-mclt-on-takeover

maximum-client-lead-time

Syntax 
maximum-client-lead-time [hrs hours] [min minutes] [sec seconds]
no maximum-client-lead-time
Context 
config>service>vprn>dhcp>server>failover
config>service>vprn>dhcp>server>pool
config>router>vprn>dhcp6>server>failover
config>router>vprn>dhcp6>server>pool
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
Description 

The maximum-client-lead-time (MCLT) is the maximum time that a DHCP server can extend client’s lease time beyond the lease time currently known by the DHCP partner node. In dual-homed environment, the initial lease time for all DHCP clients is by default restricted to MCLT. Consecutive DHCP renews are allowed to extend the lease time beyond the MCLT.

The MCLT is a safeguard against IP address/prefix duplication in cases of a lease synchronization failure when local-remote failover model is deployed

Once the intercommunication link failure between the redundant DHCP servers is detected, the DHCP IP address range configured as remote will not be allowed to start delegating new leases until the MCLT + partner-down-delay intervals expire. This is to ensure that the new lease that was delegated from the ‘local’ IP address-range/prefix on one node, but was never synchronized due to the intercommunication link failure, will expire before the same IP address/prefix is allocated from the remote IP address-range/prefix on the other node.

However, the already existing (and synchronized) lease times can be renewed from the remote IP address range at any time, regardless of the state of the intercommunication link (operational or failed).

Lease synchronization failure can be caused either by a node failure, or a failure of the link over which the DHCP leases are synchronized (intercommunication link). Synchronization failure detection can take up to 3 seconds.

During the failure, the DHCP lease time for the new clients will be restricted to MCLT while for the existing clients the lease time will over time (by consecutive DHCP renews) be gradually reduced to the MCLT.

Default 

10 minutes

Parameters 
hrs hours
specifies the hour parameter of the MCLT
Values—
1 to 23
min minutes
specifies the minute parameter of the MCLT
Values—
1 to 59
sec seconds
specifies the seconds parameter of the MCLT
Values—
1 to 59

partner-down-delay

Syntax 
partner-down-delay [hrs hours] [min minutes] [sec seconds]
no partner-down-delay
Context 
config>service>vprn>dhcp>server>failover
config>router>dhcp6>server>failover
config>router>dhcp6>server>pool
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
Description 

Since the DHCP lease synchronization failure can be caused by the failure of the intercommunication link (and not necessary the entire node), there is a possibility the redundant DHCP servers become isolated in the network. In other words, they can serve DHCP clients but they cannot synchronize the lease. This can lead to duplicate assignment of IP addresses, since the servers have configured overlapping IP address ranges but they are not aware of each other’s leases.

The purpose of the partner-down-delay is to prevent the IP lease duplication during the intercommunication link failure by not allowing new IP addresses to be assigned from the remote IP address range. This timer is intended to provide the operator with enough time to remedy the failed situation and to avoid duplication of IP addresses/prefixes during the failure.

During the partner-down-delay time, the prefix designated as remote will be eligible only for renewals of the existing DHCP leases that have been synchronized by the peering node. Only after the sum of the partner-down-delay and the maximum-client-lead-time will the prefix designated as remote be eligible for delegation of the new DHCP leases. When this occurs, we say that the remote IP address range has been taken over.

It is possible to expedite the takeover of a remote IP address range so that the new IP leases can start being delegated from that range shortly after the intercommunication failure is detected. This can be achieved by configuring the partner-down-delay timer to 0 seconds, along with enabling the ignore-mclt-on-takeover CLI flag. Caution must be taken before enabling this functionality. It is safe to bypass safety timers (partner-down-delay + MCLT) only in cases where the operator is certain that the intercommunication between the nodes has failed due to the entire node failure and not due to the intercommunication (MCS) link failure. Failed intercommunication due to the nodal failure would ensure that only one node is present in the network for IP address delegation (as opposed to two isolated nodes with overlapping IP address ranges where address duplication can occur). For this reason, the operator MUST ensure that there are redundant paths between the nodes to ensure uninterrupted synchronization of DHCP leases.

In access-driven mode of operation, partner-down-delay has no effect.

Default 

23 hours, 59 minutes, and 59 seconds.

Parameters 
hrs hours
specifies the hour parameter of the partner down delay feature
Values—
1 to 23
min minutes
specifies the minute parameter of the partner down delay feature
Values—
1 to 59
sec seconds
specifies the seconds parameter of the partner down delay feature
Values—
1 to 59

peer

Syntax 
peer ip-address tag sync-tag-name
no peer ip-address
Context 
config>service>vprn>dhcp>server>failover
config>router>dhcp6>server>failover
config>router>dhcp6>server>pool
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
Description 

DHCP leases can be synchronized per DHCP server of DHCP pool. The pair of synchronizing servers or pools is identified by a tag. The synchronization information is carried over the Multi-Chassis Synchronization (MCS) link between the two peers. MCS link is a logical link (IP, or MPLS).

MCS runs over TCP, port 45067 and it is using either data traffic or keepalives to detect failure on the communication link between the two nodes. In the absence of any MCS data traffic for more than 0.5sec, MCS will send its own keepalive to the peer. If a reply is NOT received within 3sec, MCS will declare its operation state as DOWN and the DB Sync state as out-of-sync. MCS will consequently notify its clients (DHCP Server being one of them) of this. It can take up to 3 seconds before the DHCP client realizes that the inter-chassis communication link has failed.

The inter-chassis communication link failure does not necessarily assume the same failed fate for the access links. In other words the two redundant nodes can become isolated from each other in the network. This would occur in cases where only the intercommunication (MCS) link fails. It is of utmost importance that this MCS link be highly redundant.

Parameters 
ip-address—
specifies the IPv4 address of the peer
sync-tag sync-tag
specifies a synchronization tag to be used while synchronizing DHCP server or pools

startup-wait-time

Syntax 
[no] startup-wait-time [min minutes] [sec seconds]
Context 
config>service>vprn>dhcp6>server>failover
config>service>vprn>dhcp6>server>pool
config>router>dhcp6>server>failover
config>router>dhcp6>server>pool
Description 

This command enables startup-wait-time during which each peer waits after the initialization process before assuming the active role for the prefix designated as local or access-driven. This is to avoid transient issues during the initialization process.

Default 

2 minutes

Parameters 
min minutes
specifies the minute parameter of the startup wait time feature
Values—
1 to 10
sec seconds
specifies the seconds parameter of the startup wait time feature
Values—
1 to 59

ignore-rapid-commit

Syntax 
[no] ignore-rapid-commit
Context 
config>service>vprn>dhcp6>local-dhcp-server
Description 

This command specifies whether the Rapid Commit Option (RCO) sent by the DHCPv6 client is processed.

If enabled and the client has included an RCO in the solicit, the server ignores the option and processes the remainder of the message as if no RCO were present.

The no form of the command disables ignore-rapid-commit.

lease-hold-time

Syntax 
lease-hold-time [days days][hrs hours] [min minutes] [sec seconds]
no lease-hold-time
Context 
config>service>vprn>dhcp6>server
Description 

This command configures the time to remember this lease.

Parameters 
[days days][hrs hours] [min minutes] [sec seconds]—
S the lease hold time.
Values—

days:

[0 to 3650]

hours:

[0 to 23]

minutes:

[0 to 59]

seconds:

[0 to 59

force-renews

Syntax 
[no] force-renews
Context 
config>service>vprn>dhcp>server
Description 

This command enables the sending of sending force-renew messages.

The no form of the command disables the sending of force-renew messages.

Default 

no force-renews

pool

Syntax 
pool pool-name [create]
no pool pool-name
Context 
config>service>vprn>dhcp>server
Description 

This command configures a DHCP address pool on the router.

Default 

n/a

Parameters 
pool name—
Specifies the name of this IP address pool. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters.
create—
Keyword used to create the entity. The create keyword requirement can be enabled/disabled in the environment>create context.

max-lease-time

Syntax 
max-lease-time [days days] [hrs hours] [min minutes] [sec seconds]
no max-lease-time
Context 
config>service>vprn>dhcp>server>pool
Description 

This command configures the maximum lease time.

The no form of the command returns the value to the default.

Default 

10 days

Parameters 
time—
specifies the maximum lease time
Values—

days :

0 to 3650

hours

0 to 23

minutes:

0 to 59

seconds

0 to 59

min-lease-time

Syntax 
min-lease-time [days days] [hrs hours] [min minutes] [sec seconds]
no min-lease-time
Context 
config>service>vprn>dhcp>server>pool
Description 

This command configures the minimum lease time.

The no form of the command returns the value to the default.

Default 

10 minutes

Parameters 
time—
specifies the minimum lease time
Values—

days :

0 to 3650

hours

0 to 23

minutes:

0 to 59

seconds

0 to 59

minimum-free

Syntax 
minimum-free minimum-free [percent] [event-when-depleted]
no minimum-free
Context 
config>service>vprn>dhcp>server>pool
Description 

This command configures the minimum number of free addresses.

The no form of the command reverts to the default.

Default 

1

Parameters 
minimum-free—
Specifies the desired minimum number of free addresses in this pool. If the actual number of free addresses in this pool falls below this configured minimum, a notification is generated.
Values—
0 to 255
percent—
indicates the value indicates a percentage
event-when-depleted—
enables a system-generate event when all available addresses in the pool/subnet of local DHCP server are depleted

offer-time

Syntax 
offer-time [min minutes] [sec seconds]
no offer-time
Context 
config>service>vprn>dhcp>server>pool
Description 

This command configures the offer time.

The no form of the command returns the value to the default.

Default 

1 minute

Parameters 
time—
specifies the offer time
Values—
minutes: 0 to 10
seconds: 0 to 59

options

Syntax 
options
Context 
config>service>vprn>dhcp>server>pool
Description 

This command enables the context to configure pool options. The options defined here can be overruled by defining the same option in the local user database.

Default 

n/a

custom-option

Syntax 
custom-option option-number address ip-address [ip-address...(up to 4 max)] (DHCP only)
custom-option option-number address ipv6-address [ipv6-address...(up to 4 max)] (DHCP6 only)
custom-option option-number hex hex-string
custom-option option-number string ascii-string
no custom-option option-number
Context 
config>service>vprn>dhcp>server>pool>options
config>service>vprn>dhcp>server>pool>subnet>options
Description 

This command configures specific DHCP options. The options defined here can overrule options in the local user database.

The no form of the removes the option from the configuration.

Default 

n/a

Parameters 
option-number—
specifies the option number that the DHCP server uses to send the identification strings to the DHCP client
Values—
1 to 254
address ip-address
specifies the IP address of this host
hex hex-string—
specifies the hex value of this option
Values—
0x0 to 0xFFFFFFFF...(maximum 254 hex nibbles)
string ascii-string
specifies the value of this option
Values—
up to 127 characters maximum

dns-server

Syntax 
dns-server ip-address [ip-address...(up to 4 max)](DHCP only)
dns-server ipv6-address [ipv6-address...(up to 4 max)] (DHCP6 only)
no dns-server
Context 
config>service>vprn>dhcp>server>pool>options
Description 

This command configures the IP address of the DNS server.

Default 

n/a

Parameters 
ip-address—
The IP address of the DNS server. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 to 223.255.255.255 (with support of /31 subnets).

domain-name

Syntax 
domain-name domain-name
no domain-name
Context 
config>service>vprn>dhcp>server>pool>options
Description 

This command configures the default domain for a DHCP client that the router uses to complete unqualified hostnames (without a dotted-decimal domain name).

The no form of the command removes the name from the configuration.

Default 

n/a

Parameters 
domain-name—
specifies the domain name for the client
Values—
Up to 127 characters

renew-timer

Syntax 
renew-timer [days days][hrs hours] [min minutes] [sec seconds]
no renew-timer
Context 
config>service>vprn>dhcp6>server>pool>prefix
Description 

This command configures the renew-timer (T1), the time at which the client contacts the server from which the addresses in the IA_NA or IA_PD were obtained to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

1800

Parameters 
seconds—
Specifies the time duration relative to the current time, expressed in units of seconds. A value of zero leaves the renew-time at the discretion of the client.
Values—
0-604,800

rebind-timer

Syntax 
rebind-timer [days days][hrs hours] [min minutes] [sec seconds]
no rebind-timer
Context 
config>service>vprn>dhcp6>server>pool>prefix
Description 

This command configures the rebind-timer (T2), the time at which the client contacts any available server to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

2880

Parameters 
seconds—
T2 is a time duration relative to the current time. A value of zero leaves the rebind-time at the discretion of the client.
Values—
0 to 1209600
[days days][hrs hours] [min minutes] [sec seconds]—
Specifies the rebind timer.
Values—

days

0 to 3650

hours

0 to 23

minutes

0 to 59

seconds

0 to 59

prefix

Syntax 
prefix ipv6-address/prefix-length [failover {local | remote | access-driven}] [pd] [wan-host] [create]
no prefix ipv6-address/prefix-length
Context 
config>router>dhcp6>server>pool
config>service>vprn>dhcp6>server>pool
Description 

This command allows a list of prefixes (using the prefix command multiple times) to be routed to hosts associated with this pool. Each prefix will be represented in the associated FIB with a reference to the pool. Prefixes are defined as being for prefix delegation (pd) or use on a WAN interface or host (wan-host).

Default 

failover local

Parameters 
ipv6-address—
specifies the 128-bit IPv6 address
Values—
128-bit hexadecimal IPv6 address in compressed form
prefix-length—
specifies the length of any associated aggregate prefix
Values—
32 to 63
failover—
This command designates a IPv6 prefix as local, remote or access-driven. This is used when multi-chassis synchronization is enabled.
local—
An IPv6 prefix designated as local is used for new lease grants or to renew the existing lease grants. Local prefix designation should be always paired with the remote designation of the same prefix on the peering node.

The IPv6 prefix configured as local on one node can only be configured as remote on the other node. No other combination is allowed between the two nodes for an IPv6 prefix that is configured as local.

The dhcpv6 relay could point to both IPv6 DHCP server addresses— the one hosting the local IPv6 prefix and the one hosting the corresponding remote IPv6 prefix. Under normal circumstances the new lease will always be allocated from the local IPv6 prefix while the leases can be renewed from either IPv6 prefix (local or remote). Under network failure, the remote IPv6 prefix can be taken over according to the intercommunication link state transitions and associated timers.

remote—
An IPv6 prefix designated as remote is used only to renew the existing DHCP leases. The new leases will be delegated from it only after the maximum-client-lead-time + partner-down-delay time elapses. At that point we say that the remote IPv6 prefix has been taken over.

To ensure faster takeover, the partner-down-delay can be set to 0 and the MCLT time can be ignored. Extra caution should be exercised when enabling this mode of operation, as described in the configuration guides.

The IPv6 prefix configured as remote on one node can only be configured as local on the other node. No other combination is allowed between the two nodes for an IP address ranges that is configured as remote.

access-driven—
An IPv4 prefix designated as access-driven is used for new lease grants or to renew the existing lease grants regardless of the state of the intercommunication link (operational or failed). In this mode of operation the IPv6 prefix is actively shared between the two DHCPv6 server nodes. This can be used on both DHCPv6 servers only in cases where the access protection mechanism (SRRP or MC-LAG) will ensure that there is only a single active path for DHCPv6 clients using the same IPv6 prefix available to one of the redundant DHCPv6 nodes.

The IPv6 prefix configured as access-driven on one node can only be configured as access-driven on the other node. No other combination is allowed between the two nodes for an IPv6 prefix that is configured as access-driven.

There MUST be no crosslinks between the DHCPv6 servers that have IPv6 address ranges configured in access-driven failover mode. In other words, each node must have the dhcp-relay pointing to the IPv6 address of the local DHCPv6 server. This IPv6 address must be the same on both nodes. For example, both DHCPv6 servers should have a loopback address configured with the same IPv6 address (IPv4 or IPv6) and a DHCPv6 server associated with this loopback address. Those IPv6 addresses MUST not be advertised outside of each box. The DHCPv6 relay in each node would point to its local DHCPv6 server via this loopback IPv6 address.

pd—
specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation
wan-host—
specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface

preferred-lifetime

Syntax 
preferred-lifetime [days days][hrs hours] [min minutes] [sec seconds]
no preferred-lifetime
Context 
config>service>vprn>dhcp6>server>pool>prefix
Description 

The preferred lifetime for the IPv6 prefix or address in the option, expressed in units of seconds. When the preferred lifetime expires, any derived addresses are deprecated.

Default 

3600

Parameters 
time—
specifies the preferred lifetime
Values—

days

0 to 3650

hours

0 to 23

minutes

0 to 59

seconds

0 to 59

valid-lifetime

Syntax 
valid-lifetime [days days][hrs hours] [min minutes] [sec seconds]
no valid-lifetime
Context 
config>service>vprn>dhcp6>server>pool>prefix
Description 

The valid lifetime for the IPv6 prefix or address in the option, expressed in units of seconds.

Default 

86,400

Parameters 
time—
specifies the valid lifetime
Values—

days

0 to 3650

hours

0 to 23

minutes

0 to 59

seconds

0 to 59

use-link-address

Syntax 
use-link-address [scope scope]
no use-link-address
Context 
config>service>vprn>dhcp6>server
Description 

This command specifies whether the GI address selects a single subnet or a pool.

The no form of the command reverts to the default.

Default 

subnet

Parameters 
scope scope
specifies the scope of the IP address selection
Values—
subnet, pool

user-ident

Syntax 
user-ident user-ident
no user-ident
Context 
config>service>vprn>dhcp6>server
Description 

This command specifies which method is used by the local DHCP server to uniquely identify a user.

The no form of the command reverts to the default.

Default 

user-ident duid

Parameters 
user-ident—
configures the user identification method
Values—
duid, interface-id, interface-id-link-local

lease-rebind-time

Syntax 
lease-rebind-time [days days] [hrs hours] [min minutes] [sec seconds]
no lease-rebind-time
Context 
config>service>vprn>dhcp>server>pool>options
Description 

This command configures the time the client transitions to a rebinding state.

The no form of the command removes the time from the configuration.

Default 

n/a

Parameters 
time—
specifies the lease rebind time
Values—

days

0 to 3650

hours

0 to 23

minutes

0 to 59

seconds

0 to 59

lease-renew-time

Syntax 
lease-renew-time [days days] [hrs hours] [min minutes] [sec seconds]
no lease-renew-time
Context 
config>service>vprn>dhcp>server>pool>options
Description 

This command configures the time the client transitions to a renew state.

The no form of the command removes the time from the configuration.

Default 

n/a

Parameters 
time—
specifies the lease renew time
Values—

days

0 to 3650

hours

0 to 23

minutes

0 to 59

seconds

0 to 59

lease-time

Syntax 
lease-time [days days] [hrs hours] [min minutes] [sec seconds]
no lease-time
Context 
config>service>vprn>dhcp>server>pool>options
Description 

This command configures the amount of time that the DHCP server grants to the DHCP client permission to use a particular IP address.

The no form of the command removes the lease time parameters from the configuration.

Default 

n/a

Parameters 
time—
specifies the lease time
Values—

days

0 to 3650

hours

0 to 23

minutes

0 to 59

seconds

0 to 59

netbios-name-server

Syntax 
netbios-name-server ip-address [ip-address...(up to 4 max)]
no netbios-name-server
Context 
config>service>vprn>dhcp>server>pool>options
Description 

This command configures up to four Network Basic Input/Output System (NetBIOS) name server IP addresses.

Default 

n/a

Parameters 
ip-address—
The IP address of the NetBIOS name server. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 to 223.255.255.255 (with support of /31 subnets).

netbios-node-type

Syntax 
netbios-node-type netbios-node-type
no netbios-node-type
Context 
config>service>vprn>dhcp>server>pool>options
Description 

This command configures the Network Basic Input/Output System (NetBIOS) node type.

Default 

n/a

Parameters 
netbios-node-type—
specifies the netbios node type
Values—
B — Broadcast node uses broadcasting to query nodes on the network for the owner of a NetBIOS name.
P — Peer-to-peer node uses directed calls to communicate with a known NetBIOS name server for the IP address of a NetBIOS machine name.
M — Mixed node uses broadcasted queries to find a node, and if that fails, queries a known P-node name server for the address.
H — Hybrid node is the opposite of the M-node action so that a directed query is executed first, and if that fails, a broadcast is attempted.

server

Syntax 
server server-name
no server
Context 
config>service>ies>sub-if>grp-if>local-address-assignment
config>service>ies>sub-if>local-address-assignment
config>service>vprn>sub-if>grp-if>local-address-assignment
config>service>vprn>sub-if>local-address-assignment
Description 

This command designates a local DHCPv4 server for local pools management where IPv4 addresses for PPPoXv4 clients will be allocated without the need for the internal DHCP relay-agent. Those addresses will be tied to PPPoX sessions and they will be de-allocated when the PPPoX session is terminated.

Default 

n/a

Parameters 
server-name—
specifies the name of the local DHCP server

client-application

Syntax 
client-application [ppp-v4]
no client-application
Context 
config>service>ies>sub-if>grp-if>local-address-assignment
config>service>ies>sub-if>local-address-assignment
config>service>vprn>sub-if>grp-if>local-address-assignment
config>service>vprn>sub-if>local-address-assignment
Description 

This command enables local DHCP Server pool management for PPPoXv4 clients. A pool of IP addresses can be shared between IPoE clients that rely on DHCP protocol (lease renewal process) and PPPoX clients where address allocation is not dependent on DHCP messaging but instead an IP address allocation within the pool is tied to the PPPoX session.

Default 

n/a

default-pool

Syntax 
default-pool pool-name
no default-pool
Context 
config>service>ies>sub-if>grp-if>local-address-assignment
config>service>ies>sub-if>local-address-assignment
config>service>vprn>sub-if>grp-if>local-address-assignment
config>service>vprn>sub-if>local-address-assignment
Description 

This command references a default DHCP address pool for local PPPoX pool management in case that the pool-name is not returned via Radius or LUDB.

Default 

n/a

Parameters 
pool-name—
specifies the name of the local DHCP server pool

delayed-enable

Syntax 
delayed-enable seconds [init-only]
no delayed-enable
Context 
config>service>ies>sub-if>local-address-assignment
config>service>vprn>sub-if>local-address-assignment
Description 

This command will render the subscriber-interface non operation for the given amount of time once the node is rebooted or once the interface is enabled (no-shutdown). The purpose of this timer is to stall the operation of the subscriber-interface until the MCS database is synchronized.

A typical use case for this timer would be to prevent IP lease duplication for PPPoE clients using local PPPoXv4/v6 pools in redundant DHCPv4/v6 server configuration. Since there is no classical DHCP lease state maintained for local PPPoXv4/v6 pools, the IP addresses will not be synchronized via DHCP Server. Instead they will be synchronized via PPPoX clients whose state is maintained in the router. Once the PPPoX subscriber host is synchronized between the two nodes, the respective IP address lease will be updated in the respective local pool.

One artifact of this behavior (IP address assignment in local DHCP pools is synchronized via PPPoX clients and not via DHCP server synchronization mechanism) is that during the node boot, the DHCP server must wait for the completion of PPPoX subscriber synchronization via MCS so that it learns which addresses/prefixes are already allocated on the peering node. Since the DHCP server can theoretically start assigning IP addresses before the PPPoX sync is completed, a duplicate address assignment my occur. For example an IP address lease can be granted via DHCP local pools while PPPoX sync is still in progress. Once the PPPoX sync is completed, the DHCP server may discover that the granted IP lease has already been allocated by the peering node. The most recent lease will be kept and the other will be removed from both systems. To prevent this scenario, a configurable timer is set to an arbitrary value that will render sub-if non-operational until the timer expires. The purpose of this timer is to allow the PPPoX sync to complete before subscribers under the sub-intf can be served.

Default 

n/a

Parameters 
second—
specifies in seconds
Values—
1 to 1200

subnet

Syntax 
subnet {ip-address/mask | ip-address netmask} [create]
no subnet {ip-address/mask | ip-address netmask}
Context 
config>service>vprn>dhcp>server>pool
Description 

This command creates a subnet of IP addresses to be served from the pool. The subnet cannot include any addresses that were assigned to subscribers without those addresses specifically excluded. When the subnet is created no IP addresses are made available until a range is defined.

Default 

n/a

Parameters 
ip-address—
Specifies the base IP address of the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 to 223.255.255.255 (with support of /31 subnets).
mask—
The subnet mask in dotted decimal notation. Allowed values are dotted decimal addresses in the range 128.0.0.0 to 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
netmask—
specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains
create—
Keyword used to create the entity. The create keyword requirement can be enabled/disabled in the environment>create context.

address-range

Syntax 
address-range start-ip-address end-ip-address [failover {local | remote | access-driven}]
no address-range start-ip-address end-ip-address
Context 
config>service>vprn>dhcp>server>pool>subnet
configure>router>dhcp>server>pool>subnet
Description 

This command configures a range of IP addresses to be served from the pool. All IP addresses between the start and end IP addresses will be included (other than specific excluded addresses).

The only two valid failover combinations between the two redundant DHCP nodes are:

  1. local - remote
  2. access-driven - access-driven
Default 

failover local

Parameters 
start-ip-address—
Specifies the start address of this range to include. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
end-ip-address—
Specifies the end address of this range to include. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
failover—
This command designates an address range as local, remote or access-driven. This is used when multi-chassis synchronization is enabled.
local—
An IPv4 address-range designated as local is used for new lease grants or to renew the existing lease grants. Local address-range designation should be always paired with the remote designation of the same address-range on the peering node.

The IP address range configured as local on one node can only be configured as remote on the other node. No other combination is allowed between the two nodes for an IP address ranges that is configured as local.

The dhcp relay could point to both IP DHCP server addresses—the one hosting the local IP address range and the one hosting the corresponding remote IP address range. Under normal circumstances the new lease will always be allocated from the local IP address range while the leases can be renewed from either IP address range (local or remote). Under network failure, the remote IP address range can be taken over according to the intercommunication link state transitions and associated timers.

remote—
An IPv4 address-range designated as remote is used only to renew the existing DHCP leases. The new leases will be delegated from it only after the maximum-client-lead-time + partner-down-delay time elapses. At that point we say that the remote IP address range has been taken over.

To ensure faster takeover, the partner-down-delay can be set to 0 and the MCLT time can be ignored. Extra caution should be exercised when enabling this mode of operation, as described in the configuration guides.

The IP address range configured as remote on one node can only be configured as local on the other node. No other combination is allowed between the two nodes for an IP address ranges that is configured as remote.

access-driven—
An IPv4 address-range designated as access-driven is used for new lease grants or to renew the existing lease grants regardless of the state of the intercommunication link (operational or failed). In this mode of operation the IP address-range is actively shared between the two DHCP server nodes. This can be used on both DHCP servers only in cases where the access protection mechanism (SRRP or MC-LAG) will ensure that there is only a single active path for DHCP clients using the same IP address range available to one of the redundant DHCP nodes.

The IP address range configured as access-driven on one node can only be configured as access-driven on the other node. No other combination is allowed between the two nodes for an IP address ranges that is configured as access-driven.

There MUST be no crosslinks between the DHCP servers that have IP address ranges configured in access-driven failover mode. In other words, each node must have the dhcp-relay pointing to the IP address of the local DHCP server. This IP address must be the same on both nodes. For example, both DHCP servers should have a loopback address configured with the same IP address (IPv4 or IPv6) and a DHCP server associated with this loopback address. Those IP addresses MUST not be advertised outside of each box. The DHCP relay in each node would point to its local DHCP server via this loopback IP address.

drain

Syntax 
[no] drain
Context 
config>service>vprn>dhcp>server>pool>subnet
Description 

This command subnet draining which means no new leases can be assigned from this subnet and existing leases are cleaned up upon renew/rebind.

The no form of the command means the subnet is active and new leases can be assigned from it.

exclude-addresses

Syntax 
[no] exclude-addresses start-ip-address [end-ip-address]
Context 
config>service>vprn>dhcp>server>pool>subnet
Description 

This command specifies a range of IP addresses that excluded from the pool of IP addresses in this subnet.

Default 

n/a

Parameters 
start-ip-address—
Specifies the start address of this range to exclude. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
end-ip-address—
Specifies the end address of this range to exclude. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

maximum-declined

Syntax 
maximum-declined maximum-declined
no maximum-declined
Context 
config>service>vprn>dhcp>server>pool>subnet
Description 

This command configures the maximum number of declined addresses allowed.

Default 

64

Parameters 
maximum-declined—
specifies the maximum number of declined addresses allowed
Values—
0 to 4294967295

minimum-free

Syntax 
minimum-free minimum-free [percent] [event-when-depleted]
no minimum-free
Context 
config>service>vprn>dhcp>server>pool>subnet
Description 

This command configures the minimum number of free addresses in this subnet. If the actual number of free addresses in this subnet falls below this configured minimum, a notification is generated.

Default 

1

Parameters 
minimum-free—
specifies the minimum number of free addresses in this subnet
Values—
0 to 255
percent—
indicates the value indicates a percentage
event-when-depleted—
enables a system-generate event when all available addresses in the pool/subnet of local DHCP server are depleted

default-router

Syntax 
default-router ip-address [ip-address...(up to 4 max)]
no default-router
Context 
config>service>vprn>dhcp>server>pool>subnet
Description 

This command configures the IP address of the default router for a DHCP client. Up to four IP addresses can be specified.

The no form of the command removes the address(es) from the configuration.

Default 

n/a

Parameters 
ip-address—
Specifies the IP address of the default router. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).

subnet-mask

Syntax 
subnet-mask ip-address
no subnet-mask
Context 
config>service>vprn>dhcp>server>pool>subnet
Description 

This command specifies the subnet-mask option to the client. The mask can either be defined (for supernetting) or taken from the pool address.

The no form of the command removes the address from the configuration.

Default 

n/a

Parameters 
ip-address—
Specifies the IP address of the subnet mask. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 to 223.255.255.255 (with support of /31 subnets).

use-gi-address

Syntax 
[no] use-gi-address
Context 
config>service>vprn>dhcp>server
Description 

This command enables the use of gi-address matching. If the gi-address flag is enabled, a pool can be used even if a subnets is not found. If the local-user-db-name is not used, the gi-address flag is used and addresses are handed out by GI only. If a user must be blocked from getting an address the server maps to a local user database and configures the user with no address.

A pool can include multiple subnets. Since the GI is shared by multiple subnets in a subscriber-interface the pool may provide IP addresses from any of the subnets included when the GI is matched to any of its subnets. This allows a pool to be created that represents a sub-int.

Default 

no use-gi-address

use-pool-from-client

Syntax 
[no] use-pool-from-client
Context 
config>service>vprn>dhcp>server
config>service>vprn>dhcp6>server
Description 

This command specifies if the IP address pool to be used by this server is the pool indicated by the vendor-specific sub-option 13 of the DHCP Option 82.

When enabled, the pool indicated by the sub-option 13 is to be used.

The no form of the command indicates that the pool selection is specified by the value of use-gi-address setting.

user-db

Syntax 
user-db local-user-db-name
no user-db
Context 
config>service>vprn>dhcp>server
Description 

This command configures a local user database for authentication.

Default 

no user-db

Parameters 
local-user-db-name —
specifies the name of a local user database

IGMP Commands

igmp

Syntax 
[no] igmp
Context 
config>service>vprn
Description 

This command enables the context to configure IGMP parameters.

The no form of the command disables IGMP.

Default 

disabled

group-interface

Syntax 
[no] group-interface ip-int-name
[no] group-interface fwd-service service-id ip-int-name
Context 
config>service>vprn>igmp
Description 

This command configures IGMP group interfaces.

The no form of the command reverts to the default.

Default 

n/a

Parameters 
ip-int-name —
Specifies the name of the IP interface. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
fwd-service service-id
Specifies the service ID. This is only configured in the retailer VRF. This construct references the wholesaler service under which the group-interface (and the subscriber) is actually defined.
Values—
1 to 2147483650, svc-name up to 64 char maximum
Values—
n/a

disable-router-alert-check

Syntax 
[no] disable-router-alert-check
Context 
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command enables the IGMP router alert check option.

The no form of the command disables the router alert check.

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command specifies the policy that is to be applied on this interface.

Parameters 
policy-name—
specifies the policy to filter IGMP packets

max-groups

Syntax 
max-groups value
no max-groups
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command configures the maximum number of groups for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed.

The no form of the command removes the value.

Parameters 
value—
specifies the maximum number of groups for this interface
Values—
1 to 16000

max-sources

Syntax 
max-sources max-sources
no max-sources
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command specifies the maximum number of sources for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than currently accepted number of sources, the sources that are already accepted are not deleted. Only new sources will not be allowed.

Parameters 
sources—
specifies the maximum number of sources for this interface
Values—
1 to 1000

max-grp-sources

Syntax 
max-grp-sources max-group-sources
no max-grp-sources
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command configures the maximum number of group sources for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than currently accepted number of group sources, the group sources that are already accepted are not deleted. Only new group sources will not be allowed.

The no form of the command reverts to the default.

Default 

0

Parameters 
1 to 32000—
specifies the maximum number of group source
Values—
1 to 32000

mcac

Syntax 
mcac
Context 
config>service>vprn>igmp>group-interface
config>service>vprn>igmp>interface
config>service>vprn>mld>group-interface
config>service>vprn>mld>interface
config>service>vprn>pim>interface
Description 

This command configures multicast CAC policy and constraints for this interface.

Default 

n/a

if-policy

Syntax 
if-policy mcac-if-policy-name
no if-policy
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>interface>mcac
config>service>vprn>mld>grp-if>mcac
config>service>vprn>mld>interface>mcac
config>service>vprn>pim>interface>mcac
Description 

This command assigns existing MCAC interface policy to this interface.

The no form of the command removes the MCAC interface policy association.

Default 

no if-policy

Parameters 
mcac-if-policy-name—
specifies an existing MCAC interface policy

mc-constraints

Syntax 
mc-constraints
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>interface>mcac
config>service>vprn>mld>grp-if>mcac
config>service>vprn>mld>interface>mcac
config>service>vprn>pim>interface>mcac
Description 

This command enables the context to configure multicast CAC constraints.

Default 

n/a

level

Syntax 
level level-id bw bandwidth
no level level-id
Context 
config>service>vprn>igmp>interface>mcac>mc-constraints
config>service>vprn>mld>interface>mcac>mc-constraints
config>service>vprn>pim>interface>mcac>mc-constraints
Description 

This command configures interface levels and associated bandwidth for multicast CAC policy.

Parameters 
level-id—
specifies an entry for the multicast CAC policy constraint level configured on this system
Values—
1 to 8
bandwidth —
specifies the bandwidth in kb/s for the level
Values—
1 to 2147483647

number-down

Syntax 
number-down number-lag-port-down level level-id
no number-down
Context 
config>service>vprn>igmp>interface>mcac>mc-constraints
config>service>vprn>mld>interface>mcac>mc-constraints
config>service>vprn>pim>interface>mcac>mc-constraints
Description 

This command configures the number of ports down and level for interface’s multicast CAC policy.

Default 

not enabled

Parameters 
number-lag-port-down—
If the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface will be as per the levels configured in this context.
Values—
1 to 64 (for 64-link LAG)
1 to 32 (for other LAGs)
level-id—
specifies an entry for the multicast CAC policy constraint level configured on this system
Values—
1 to 8

use-lag-port-weight

Syntax 
[no] use-lag-port-weight
Context 
config>service>vprn>igmp>interface>mcac>mc-constraints
config>service>vprn>mld>interface>mcac>mc-constraints
config>service>vprn>pim>interface>mcac>mc-constraints
Description 

This command enables port weight to be used when determining available bandwidth per level when LAG ports go down/come up. The command is required for proper operation on mixed port-speed LAGs and can be used for non-mixed port-speed LAGs as well.

Default 

no use-lag-port-weight - port number is used when determining available bandwidth per level when LAG ports go down/come up.

policy

Syntax 
policy policy-name
no policy
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>interface>mcac
config>service>vprn>mld>grp-if>mcac
config>service>vprn>mld>interface>mcac
config>service>vprn>pim>interface>mcac
Description 

This command references the global channel bandwidth definition policy that is used for HMCAC and HQoS Adjust.

HQoS Adjustment is supported with redirection enabled or per-host-replication disabled. In other words, the policy from the redirected interface is used for HQoS Adjustment.

Hierarchical MCAC (HMCAC) is supported with redirection enabled or per-host-replication disabled. In HMCAC, the subscriber is checked first against its bandwidth limits followed by the check on the redirected interface against the bandwidth limits defined under the redirected interface. In the HMCAC case, the channel definition policy must be referenced under the redirected interface level.

Default 

No policy is referenced.

Parameters 
policy-name—
specifies the name of the global MCAC channel definition policy defined under the hierarchy configure>router>mcac>policy

policy

Syntax 
policy policy-name
no policy
Context 
config>service>vprn>igmp>if>mcac
config>service>vprn>pim>if>mcac
Description 

This command configures the mulitcast CAC policy name.

Parameters 
policy-name—
The multicast CAC policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

unconstrained-bw

Syntax 
unconstrained-bw bandwidth mandatory-bw mandatory-bw
no unconstrained-bw
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>interface>mcac
config>service>vprn>mld>grp-ifmcac
config>service>vprn>mld>interface>mcac
config>service>vprn>pim>interface>mcac
Description 

This command configures the bandwidth for the interface's multicast CAC policy traffic. When disabled (no unconstrained-bw) there will be no checking of bandwidth constraints on the interface level. When enabled and a policy is defined, enforcement is performed. The allocated bandwidth for optional channels should not exceed the unconstrained-bw minus the mandatory-bw and the mandatory channels have to stay below the specified value for the mandatory-bw. After this interface check, the bundle checks are performed.

Parameters 
bandwidth—
the bandwidth assigned for the interface’s MCAC policy traffic in kb/s
Values—
0 to 2147483647
mandatory-bw mandatory-bw
specifies the bandwidth pre-reserved for all the mandatory channels on a given interface, in kb/s

If the bandwidth value is 0, no mandatory channels are allowed. If bandwidth is not configured, then all mandatory and optional channels are allowed.

If the value of mandatory-bw is equal to the value of bandwidth, then all the unconstrained bandwidth on a given interface is allocated to mandatory channels configured through multicast CAC policy on that interface and no optional groups (channels) are allowed.

The value of mandatory-bw should always be less than or equal to that of bandwidth, An attempt to set the value of mandatory-bw greater than that of bandwidth, will result in inconsistent value error.

Values—
0 to 2147483647

query-src-ip

Syntax 
query-src-ip ip-address
no query-src-ip
Context 
config>service>vprn>igmp>grp-if
Description 

This command configures the query source IP address for the group interface. This IP address overrides the source IP address configured at the router level.

The no form of the command removes the IP address.

Default 

n/a

Parameters 
ip-address—
sets the source IPv4 address for all subscriber’s IGMP queries

sub-hosts-only

Syntax 
[no] sub-hosts-only
Context 
config>service>vprn>igmp>grp-if
Description 

This command enables the IGMP traffic from known hosts only.

The no form of the command disable the IGMP traffic from known hosts only

subnet-check

Syntax 
[no] subnet-check
Context 
config>service>vprn>igmp>grp-if
Description 

This command enables local subnet checking for IGMP.

The no form of the command disables local subnet checking for IGMP.

version

Syntax 
version version
no version
Context 
config>service>vprn>igmp>grp-if
Description 

This command configures the version of IGMP.

The no form of the command removes the version.

Parameters 
version—
specifies the IGMP version
Values—
1, 2, or 3

grp-if-query-src-ip

Syntax 
grp-if-query-src-ip ip-address
no grp-if-query-src-ip
Context 
config>service>vprn>igmp
Description 

This command configures the query source IP address for all group interfaces.

The no form of the command removes the IP address.

Default 

n/a

interface

Syntax 
interface ip-int-name
no interface
Context 
config>service>vprn>igmp
Description 

This command enables the context to configure IGMP interface parameters.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
Values—
1 to 32 characters maximum

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>igmp>if
Description 

This command imports a policy to filter IGMP packets. The no form of the command removes the policy association from the IGMP instance.

Default 

no import — No import policy specified.

Parameters 
policy-name—
The import route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

max-groups

Syntax 
max-groups value
no max-groups
Context 
config>service>vprn>igmp>if
Description 

This command specifies the maximum number of groups for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed.

Default 

0, no limit to the number of groups

Parameters 
value—
Specifies the maximum number of groups for this interface.
Values—
1 to 16000

static

Syntax 
static
Context 
config>service>vprn>igmp>if
Description 

This command tests forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

Default 

n/a

group

Syntax 
[no] group grp-ip-address
[no] group start grp-ip-address end grp-ip-address [step ip-address]
Context 
config>service>vprn>igmp>if>static
Description 

This command adds a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.

Default 

n/a

Parameters 
grp-ip-address—
Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group. The address must be in dotted decimal notation.
start grp-ip-address
specifies the start multicast group address
end grp-ip-address
specifies the end multicast group address
step ip-address
specifies the step increment

source

Syntax 
source ip-address
Context 
config>service>vprn>igmp>if>static>group
Description 

This command specifies an IPv4 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group is to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

Use the no form of the command to remove the source from the configuration.

Default 

n/a

Parameters 
ip-address—
specifies the IPv4 unicast address

starg

Syntax 
starg
Context 
config>service>vprn>igmp>if>static>group
Description 

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

Use the no form of the command to remove the starg entry from the configuration.

Default 

n/a

subnet-check

Syntax 
[no] subnet-check
Context 
config>service>vprn>igmp>if
Description 

This command enables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.

Default 

enabled

version

Syntax 
version version
no version
Context 
config>service>vprn>igmp>if
Description 

This command specifies the IGMP version. If routers run different versions of IGMP, they will negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP on that LAN.

For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.

Default 

3

Parameters 
version—
specifies the IGMP version number
Values—
1, 2, 3

query-interval

Syntax 
query-interval seconds
no query-interval
Context 
config>service>vprn>igmp
Description 

This command specifies the frequency that the querier router transmits general host-query messages. The host-query messages solicit group membership information and are sent to the all-systems multicast group address, 224.0.0.1.

Default 

125

Parameters 
seconds—
the time frequency, in seconds, that the router transmits general host-query messages
Values—
2 to 1024

query-last-member-interval

Syntax 
query-last-member-interval seconds
Context 
config>service>vprn>igmp
Description 

This command configures the frequency at which the querier sends group-specific query messages including messages sent in response to leave-group messages. The lower the interval, the faster the detection of the loss of the last member of a group.

Default 

1

Parameters 
seconds—
specifies the frequency, in seconds, at which query messages are sent
Values—
1 to 1024

query-response-interval

Syntax 
query-response-interval seconds
Context 
config>service>vprn>igmp
Description 

This command specifies how long the querier router waits to receive a response to a host-query message from a host.

Default 

10

Parameters 
seconds—
specifies the length of time to wait to receive a response to the host-query message from the host
Values—
1 to 1023

robust-count

Syntax 
robust-count robust-count
no robust-count
Context 
config>service>vprn>igmp
Description 

This command configures the robust count. The robust-count variable allows tuning for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count variable can be increased.

Default 

2

Parameters 
robust-count—
specifies the robust count value
Values—
2 to 10

ssm-translate

Syntax 
ssm-translate
Context 
config>service>vprn>igmp
config>service>vprn>igmp>if
Description 

This command enables the context to configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

grp-range

Syntax 
[no] grp-range start end
Context 
config>service>vprn>igmp>ssm-translate
Description 

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters 
start—
an IP address that specifies the start of the group range
end—
An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

source

Syntax 
[no] source ip-address
Context 
config>service>vprn>igmp>ssm-translate>grp-range
Description 

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters 
ip-address—
specifies the IP address that will be sending data

igmp-host-tracking

Syntax 
igmp-host-tracking
Context 
config>service>vprn
config>service>vprn>sap
Description 

This command enables the context to configure IGMP host tracking parameters.

expiry-time

Syntax 
expiry-time expiry-time
no expiry-time
Context 
config>service>vprn>igmp-trk
config>service>vprn>sap>igmp-trk
Description 

This command configures the time that the system continues to track inactive hosts.

The no form of the command removes the values from the configuration.

Default 

no expiry-time

Parameters 
expiry-time—
specifies the time, in seconds, that this system continues to track an inactive host
Values—
1 to 65535

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>sap>igmp-trk
Description 

This command associates an import policy to filter IGMP packets.

The no form of the command removes the values from the configuration.

Default 

no import

Parameters 
policy-name—
specifies the import policy name

max-num-groups

Syntax 
max-num-groups max-num-groups
no max-num-groups
Context 
config>service>vprn>sub-if>grp-if>sap>igmp-trk
Description 

This command configures the maximum number of multicast groups allowed to be tracked.

The no form of the command removes the values from the configuration.

Default 

no max-num-groups

Parameters 
max-num-groups—
specifies the maximum number of multicast groups allowed to be tracked
Values—
1 to 196607

max-num-grp-sources

Syntax 
max-num-grp-sources [number]
no max-num-grp-sources
Context 
config>service>vprn>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command configures the maximum number of multicast sources allowed to be tracked per group.

The no form of the command disables the check.

Default 

no max-num-grp-sources

Parameters 
number—
specifies the maximum number of multicast sources allowed to be tracked per group
Values—
1 to 32000

max-num-sources

Syntax 
max-num-sources max-num-sources
no max-num-sources
Context 
config>service>vprn>sub-if>grp-if>sap>igmp-host-tracking
Description 

This command specifies the maximum number of multicast sources allowed to be tracked per group.

The no form of the command reverts to the default.

Default 

no max-num-sources

Parameters 
max-num-sources—
specifies the maximum number of multicast sources allowed to be tracked per group
Values—
1 to 1000

label-mode

Syntax 
label-mode {vrf | next-hop}
no label-mode
Context 
config>service>vprn
Description 

This command controls the method by which service labels are allocated to routes exported by the VPRN as BGP-VPN routes. The vrf option selects service label per VRF mode while the next-hop option selects service label per next-hop mode.

The no form of the command sets the mode to the default mode of service label per VRF.

Default 

no label-mode

Parameters 
vrf—
selects service label per VRF mode
next-hop—
selects service label per next-hop mode

maximum-ipv6-routes

Syntax 
maximum-ipv6-routes number [log-only] [threshold percentage]
no maximum-ipv6-routes
Context 
config>service>vprn
Description 

This command specifies the maximum number of remote IPv6 routes that can be held within a VPN routing/ forwarding (VRF) context. The local, host, static and aggregate routes are not counted.

The VPRN service ID must be in a shutdown state in order to modify maximum-routes command parameters.

If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering will remain up but the exceeding BGP routes will not be added to the VRF.

The maximum route threshold can dynamically change to increase the number of supported routes even when the maximum has already been reached. Protocols will resubmit their routes which were initially rejected.

The no form of the command disables any limit on the number of routes within a VRF context. Issue the no form of the command only when the VPRN instance is shutdown.

Default 

0 or disabled — The threshold will not be raised.

Parameters 
number —
an integer that specifies the maximum number of routes to be held in a VRF context
Values—
1 to 2147483647
log-only—
Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes.
threshold percentage —
The percentage at which a warning log message and SNMP trap should be set. There are two warnings, the first is a mid-level warning at the threshold value set and the second is a high-level warning at level between the maximum number of routes and the mid-level rate ([mid+max] / 2).
Values—
0 to 100

maximum-routes

Syntax 
maximum-routes number [log-only] [threshold percentage]
no maximum-routes
Context 
config>service>vprn
Description 

This command specifies the maximum number of remote routes that can be held within a VPN routing/ forwarding (VRF) context. The local, host, static and aggregate routes are not counted.

The VPRN service ID must be in a shutdown state in order to modify maximum-routes command parameters.

If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering will remain up but the exceeding BGP routes will not be added to the VRF.

The maximum route threshold can dynamically change to increase the number of supported routes even when the maximum has already been reached. Protocols will resubmit their routes which were initially rejected.

The no form of the command disables any limit on the number of routes within a VRF context. Issue the no form of the command only when the VPRN instance is shutdown.

Default 

0 or disabled — The threshold will not be raised.

Parameters 
number —
an integer that specifies the maximum number of routes to be held in a VRF context
Values—
1 to 2147483647
log-only—
Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes.
threshold percentage —
The percentage at which a warning log message and SNMP trap should be set. There are two warnings, the first is a mid-level warning at the threshold value set and the second is a high-level warning at level between the maximum number of routes and the mid-level rate ( [mid+max] / 2 ).
Values—
0 to 100

multicast-info-policy

Syntax 
multicast-info-policy policy-name
no multicast-info-policy
Context 
config>service>vprn
Description 

This command configures multicast information policy.

Parameters 
policy-name—
Specifies the policy name.
Values—
32 chars max

mc-maximum-routes

Syntax 
mc-maximum-routes number [log-only] [threshold threshold]
Context 
config>service>vprn
Description 

This command specifies the maximum number of multicast routes that can be held within a VPN routing/forwarding (VRF) context. When this limit is reached, a log and SNMP trap are sent. If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then no new joins will be processed.

The no form of the command disables the limit of multicast routes within a VRF context. Issue the no form of the command only when the VPRN instance is shutdown.

Default 

no mc-maximum-routes

Parameters 
number—
specifies the maximum number of routes to be held in a VRF context
Values—
1 to 2147483647
log-only—
Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes.
threshold threshold
the percentage at which a warning log message and SNMP trap should be sent
Values—
0 to 100
Values—
10

network

Syntax 
network
Context 
config>service>vprn
Description 

This command enables the context to configure network parameters for the VPRN service.

ingress

Syntax 
ingress
Context 
config>service>vprn>network
Description 

This command enables the context to configure network ingress parameters for the VPRN service.

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
Context 
config>service>vprn>network>ingress
Description 

This command configures a network ingress filter for IPv4 or IPv6 traffic arriving over explicitly defined spokes or auto-bind network interfaces for the VPRN service.

The no form of the command removes an IPv4, IPv6, or both filters.

Default 

no filter

Parameters 
ip-filter-id/ipv6-filter-id—
specifies an existing IP/IPv6 filter policy of a scope template
Values—
[1..65535] | name
name: 64 characters maximum

ptp

Syntax 
[no] ptp
Context 
config>service>vprn
Description 

This command enables the context to configure PTP parameters for the VPRN service.

peer-limit

Syntax 
peer-limit limit
no peer-limit
Context 
config>service>vprn>ptp
Description 

This command specifies an upper limit to the number of discovered peers permitted within the routing instance. This can be used to ensure that a routing instance does not consume all the possible discovered peers and blocking discovered peers in other routing instances.

If it is desired to reserve a fixed number of discovered peers per router instance, then all router instances supporting PTP should have values specified with this command and the sum of all the peer-limit values must not exceed the maximum number of discovered peers supported by the system.

If the user attempts to specify a peer-limit, and there are already more discovered peers in the routing instance than the new limit being specified, the configuration will not be accepted.

Default 

no limit

Parameters 
limit—
specifies the maximum number of discovered peers allowed in the routing instance
Values—
0 to 50
Values—
0 (The maximum number of discovered peers supported by the system.)

peer

Syntax 
peer a.b.c.d [create]
Context 
config>system>ptp
config>service>vprn>ptp
Description 

This command configures a remote PTP peer. It provides the context to configure parameters for the remote PTP peer.

Up to 20 remote PTP peers may be configured.

The no form of the command deletes the specified peer.

If the clock-type is ordinary slave or boundary, and PTP is no shutdown, the last peer cannot be deleted. This prevents the user from having PTP enabled without any peer configured and enabled.

Peers are created within the routing instance associated with the context of this command. All configured PTP peers must use the same routing instance.

Default 

n/a

Parameters 
a.b.c.d—
the IP address of the remote peer
Values—
ipv4-address a.b.c.d

log-sync-interval

Syntax 
log-sync-interval log-interval
Context 
config>service>vprn>ptp>peer
Description 

This command configures the message interval used for unicast event messages. It defines the message interval for both Sync and Delay_Resp messages that are requested during unicast negotiation to the specific peer. This controls the Sync and Delay_Resp message rate sent from remote peers to the local node. It does not affect the Sync or Delay_Resp packet rate that may be sent from the local node to remote peers. Remote peers may request a Sync or Delay_Resp packet rate anywhere within the acceptable grant range.

The log-sync-interval cannot be changed unless the peer is shutdown.

This command only applies to the 7450 ESS and 7750 SR.

Default 

-6 (64 packets per second) for 1588-2008 or

-6 (64 packets per second) for g8265dot1-2010 or

-4 (16 packets per second) for g8275dot1-2014

Parameters 
log-interval—
specifies the sync message interval, in log form
Values—
[-6 to 0]

local-priority

Syntax 
local-priority local-priority
Context 
config>service>vprn>ptp>peer
Description 

This command configures the local priority used to choose between PTP masters in the best master clock algorithm (BMCA). This setting is relevant when the profile is set to either g8265dot1-2010 or g8275dot1-2014. The parameter is ignored when any other profile is selected.

The value 1 is the highest priority and 255 is the lowest priority. The priority of a peer cannot be configured if the PTP profile is ieee1588-2008.

For g8265dot1-2010, this parameter configures the priority used to choose between master clocks with the same quality (see G.8265.1 for more details).

For g8275dot1-2014, this parameter sets the value of the localPriority associated with the Announce messages received from external clocks (ptp>peer or ptp>port), or the local clock (ptp). See G.8275.1 for more detailed information.

Default 

128

Parameters 
local-priority—
specifies the value of the local priority
Values—
1 to 255

reassembly-group

Syntax 
reassembly-group nat-group-id
no reassembly-group
Context 
config>router
config>service>vprn
Description 

This command associate reassembly-group consisting of multiple ISAs with the

routing context in which the application requiring reassembly service resides.

Default 

no reassembly-group

Parameters 
nat-group-id —
nat-group id; the nat-group contains up to 10 active ISAs.
asn:number —
The ASN is a 2-byte value less than or equal to 65535. The assigned number can be any 32-bit unsigned integer value.

route-distinguisher

Syntax 
route-distinguisher [ip-address:number | asn:number]
route-distinguisher auto-rd
no route-distinguisher
Context 
config>service>vprn
Description 

This command sets the identifier attached to routes the VPN belongs to. Each routing instance must have a unique (within the carrier’s domain) route distinguisher associated with it. A route distinguisher must be defined for a VPRN to be operationally active.

Alternatively, the auto-rd option allows the system to automatically generate a Route Distinguisher (RD) based on the bgp-auto-rd-range command configured at the service level.

Default 

no route-distinguisher

Parameters 
route distinguisher—
The route distinguisher is a 6-byte value that can be specified in one of the following formats:
ip-address:number —
Specifies the IP address in dotted decimal notation. The assigned number must not be greater than 65535.
asn:number —
The ASN is a 2-byte value less than or equal to 65535. The assigned number can be any 32-bit unsigned integer value.
auto-rd—
the system will generate an RD for the service according to the IP address and range configured in the bgp-auto-rd-range command

router-id

Syntax 
router-id ip-address
no router-id
Context 
config>service>vprn
config>service>vprn>ospf
config>service>vprn>bgp
Description 

This command sets the router ID for a specific VPRN context.

When configuring the router ID in the base instance of OSPF it overrides the router ID configured in the config>router context. The default value for the base instance is inherited from the configuration in the config>router context. If the router ID in the config>router context is not configured, the following applies:

  1. The system uses the system interface address (which is also the loopback address).
  2. If a system interface address is not configured, use the last 32 bits of the chassis MAC address.

If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.

This is a required command when configuring multiple instances and the instance being configured is not the base instance.

When configuring a new router ID, the instance is not automatically restarted with the new router ID. The next time the instance is initialized, the new router ID is used.

To force the new router ID to be used, issue the shutdown and no shutdown commands for the instance, or reboot the entire router.

It is possible to configure an SR OS to operate with an IPv6 only BOF and no IPv4 system interface address. When configured in this manner, the operator must explicitly define IPv4 router IDs for protocols such as OSPF and BGP as there is no mechanism to derive the router ID from an IPv6 system interface address.

The no form of the command removes the router ID definition from the given VPRN context.

Default 

no router-id

Parameters 
ip-address—
the IP address must be given in dotted decimal notation

service-name

Syntax 
service-name service-name
no service-name
Context 
config>service>vprn
Description 

This command configures an optional service name, up to 64 characters in length, which adds a name identifier to a given service to then use that service name in configuration references as well as display and use service names in show commands throughout the system. This helps the service provider/administrator to identify and manage services within the 7450 ESS and 7750 SR platforms.

All services are required to assign a service ID to initially create a service. However, either the service ID or the service name can be used to identify and reference a given service once it is initially created.

Parameters 
service-name—
Specifies a unique service name to identify the service. Service names may not begin with an integer (0-9).

sgt-qos

Syntax 
sgt-qos
Context 
config>service>vprn
Description 

This command enables the context to configure DSCP/Dot1p re-marking for self-generated traffic.

application

Syntax 
application dscp-app-name dscp {dscp-value | dscp-name}
application dot1p-app-name dot1p dot1p-priority
no application {dscp-app-name | dot1p-app-name}
Context 
config>service>vprn>sgt-qos
Description 

This command configures DSCP/Dot1p re-marking for self-generated traffic. When an application is configured using this command, then the specified DSCP name/value is used for all packets generated by this application within the router instance it is configured.

Using the value configured in this command:

  1. Sets the DSCP bits in the IP packet.
  2. Maps to the FC. This value will be signaled from the CPM to the egress forwarding complex.
  3. Based on this signaled FC the egress forwarding complex QoS policy sets the IEEE802.1 dot1P and LSP EXP bits.
  4. The Dot1P and the LSP EXP bits are set by the egress complex for all packets based on the signaled FC. This includes ARP and IS-IS packets that, due to their nature, do not carry DSCP bits.
  5. The DSCP value in the egress IP header will be as configured in this command. The egress QoS policy will not overwrite this value.

Only one DSCP name/value can be configured per application, if multiple entries are configured then the subsequent entry overrides the previous configured entry.

The no form of this command reverts back to the default value.

Parameters 
dscp-app-name —
specifies the DSCP application name
Values—
bgp, cflowd, dhcp, diameter, dns, ftp, gtp, igmp, igmp-reporter, l2tp, ldp, mld, msdp, ndis, ntp, ospf, pcep, pim, ptp, radius, rip, rsvp, sflow, snmp, snmp-notification, srrp, ssh, syslog, tacplus, telnet, tftp, traceroute, vrrp
dscp-value—
Specifies a value when this packet egresses the respective egress policy should provide the mapping for the DSCP value to either LSP-EXP bits or IEEE 802.1p (Dot1P) bits as appropriate otherwise the default mapping applies.
Values—
0 to 63
dscp-name—
specifies the DSCP name
Values—
none, be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63
dot1p-priority—
specifies the Dot1P priority
Values—
0 to 7
dot1p-app-name—
specifies the Dot1P application name
Values—
arp, isis

dscp

Syntax 
dscp dscp-name fc fc-name
no dscp dscp-name
Context 
config>service>vprn>sgt-qos
Description 

This command creates a mapping between the DiffServ Code Point (DSCP) of the self generated traffic and the forwarding class.

Self generated traffic that matches the specified DSCP will be assigned to the corresponding forwarding class. Multiple commands can be entered to define the association of some or all sixty-four DiffServ code points to the forwarding class. For undefined code points, packets are assigned to the forwarding class specified under the default-action command.

All DSCP names that defines a DSCP value must be explicitly defined.

The no form of this command removes the DiffServ code point to forwarding class association. The default-action then applies to that code point value.

Default 

n/a

Parameters 
dscp-name—
The name of the DiffServ code point to be associated with the forwarding class. DiffServ code point can only be specified by its name and only an existing DiffServ code point can be specified. The software provides names for the well known code points.
Values—
be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63
fc fc-name
Specifies the forwarding class name. All packets with DSCP value or MPLS EXP bits that is not defined will be placed in this forwarding class.
Values—
n/a, the fc name must be specified
Values—
be, l2, af, l1, h2, ef, h1, nc

single-sfm-overload

Syntax 
single-sfm-overload [holdoff-time holdoff-time]
no single-sfm-overload
Context 
config>service>vprn
Description 

This command configures OSPF, OSPFv3 and IS-IS to set overload when the router has fewer than the full set of SFMs functioning, which reduces forwarding capacity. Setting overload enables a router to still participate in exchanging routing information, but routes all traffic away from it.

The conditions to set overload are as follows:

  1. 7750 SR-12/SR-7/SR-c12 and 7450 ESS-12/ESS-7/ESS-6 platforms: protocol sets overload if one of the SF/CPMs fails
  2. 7950 XRS and 7750 SR-12e platforms: protocol sets overload if two SFMs fail

The no form of this command configures the router to not set overload if an SFM fails.

Default 

no single-sfm-overload

Parameters 
holdoff-time —
specifies the delay between detecting SFM failures and setting overload
Values—
1 to 600 seconds
Values—
0 seconds

snmp

Syntax 
snmp
Context 
config>service>vprn
Description 

This command enables the context to configure SNMP parameters for this VPRN.

access

Syntax 
[no] access
Context 
config>service>vprn>snmp
Description 

This command enables/disables SNMP access on the VPRN interface. This command allows SNMP queries destined to the VPRN interface IP addresses for this VPRN (including VPRN interfaces that are bound to R-VPLS services) to be processed by the SNMP agent on the router. SNMP queries that arrive on VPRN interfaces but are destined to IP addresses in the Base routing context that can be accessed in the VPRN (for example, the router system address via grt leaking) do not require snmp-access to be enabled but do require allow-local-management to be enabled.

Refer to the 7450 ESS, 7750 SR, and 7950 XRS System Management Guide for detailed information about SNMP.

community

Syntax 
community community-name [hash | hash2] [access-permissions] [version SNMP-version] [src-access-list list-name]
no community [community-name]
Context 
config>service>vprn>snmp
Description 

This command sets the SNMP community name(s) to be used with the associated VPRN instance. These VPRN community names are used to associate SNMP v1/v2c requests with a particular vprn context and to return a reply that contains VPRN-specific data or limit SNMP access to data in a specific VPRN instance.

VPRN snmp communities configured with an access permission of 'r' are automatically associated with the default access group "snmp-vprn-ro” and the “vprn-view” view (read only). VPRN snmp communities configured with an access permission of 'rw' are automatically associated with the default access group "snmp-vprn” and the “vprn-view” view (read/write).

The community in an SNMP v1/v2 request determines the SNMP context (i.e., the vprn# for accessing SNMP tables) and not the VPRN of the incoming interface on which the request was received. When an SNMP request arrives on VPRN 5 interface “ringo” with a destination IP address equal to the “ringo” interface, but the community in the SNMP request is the community configured against VPRN 101, then the SNMP request will be processed using the VPRN 101 context. (the response will contain information about VPRN 101). It is recommended to avoid using a simple series of vprn snmp-community values that are similar to each other (for example, avoid my-vprncomm-1, my-vprn-comm-2, etc).

The no form of the command removes the SNMP community name from the given VPRN context.

Default 

n/a — The SNMP community must be explicitly specified.

Parameters 
community-name—
Specifies the SNMP v1/v2c community name. This is a secret/confidential key used to access SNMP and specify a context (base vs vprn1 vs vprn2).
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
version SNMP-version
specifies the SNMP version
Values—
v1, v2c, both
access-permissions—
specifies the access rights to MIB objects
Values—
r — Grants only read access to MIB objects. Creates an association of the community-name with the snmp-vprn-ro access group. rw — Grants read and write access to MIB objects. Creates an association of the community-name with the snmp-vprn access group.
list-name—
Configures the community to reference a specific src-access-list (created under configure system security snmp), which will be used to validate the source IP address of all received SNMP requests that use this community. Multiple community (vprn or base router) and usm-community instances can reference the same src-access-list.

source-address

Syntax 
source-address
Context 
config>service>vprn
Description 

This command enables the context to specify the source address and application that should be used in all unsolicited packets.

application

Syntax 
application app [ip-int-name | ip-address]
no application app
Context 
config>service>vprn>source-address
Description 

This command specifies the source address and application.

Parameters 
app—
specifies the application name
Values—
cflowd, dns, ftp, ntp, ping, ptp, radius, snmptrap, sntp, ssh, syslog, tacplus, telnet, traceroute, mcreporter, icmp-error
ip-int-name | ip-address—
Specifies the name of the IP interface or IP address. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

application6

Syntax 
application6 app ipv6-address
Context 
config>service>vprn>source-address
Description 

This command specifies the IPv6 source address and application.

Parameters 
app—
specifies the application name
Values—
cflowd, dns, ftp, ntp, ping, radius, snmptrap, syslog, tacplus, telnet, traceroute, icmp6-error
ipv6-address—
specifies the IPv6 address

static-route-entry

Syntax 
static-route-entry {ip-prefix/prefix-length} [mcast]
no static-route-entry {ip-prefix/prefix-length} [mcast]
Context 
config>service>vprn
Description 

This command creates a static route entry for both the network and access routes. A prefix and netmask must be specified.

Once the static route context for the specified prefix and netmask has been created, additional parameters associated with the static route(s) may be specified through the inclusion of additional static-route parameter commands

The no form of the command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, then as many parameters to uniquely identify the static route must be entered

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

Default 

No static routes are defined.

Parameters 
ip-prefix/prefix-length—
the destination address of the static route
Values—
The following values apply to the 7750 SR and 7950 XRS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

Values—
The following values apply to the 7450 ESS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

next-hop

Syntax 
next-hop { ip-address | ip-int-name | ipv6 address }
Context 
config>service>vprn>static-route-entry
Description 

This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over an unnumbered interface or a point-to-point interface, the ip-int-name of the unnumbered or point-to-point interface (on this node) can be configured.

If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.

The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.

Default 

no next-hop

Parameters 
ip-int-name, ipv4-address, ipv6-address—
the IP-INT, IPv4, and IPv6 addresses
Values—
The following values apply to the 7750 SR and 7950 XRS:

ip-int-name

32 characters max

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

indirect

Syntax 
[no] indirect ip-address
Context 
config>service>vprn>static-route-entry
Description 

This command specifies that the route is indirect and specifies the next hop IP address used to reach the destination.

The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only resolved from dynamic routing protocol. Another static route cannot be used to resolve the indirect address.

The ip-address configured here can be either on the network side or the access side and is typically at least one hop away from this node.

Default 

no indirect

Parameters 
ip-address—
the IP address of the IP interface
Values—

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

black-hole

Syntax 
[no] black-hole
Context 
config>service>vprn>static-route-entry
Description 

This command specifies that the route is a black hole route. If the destination address on a packet matches this static route, it will be silently discarded.

Default 

no black-hole

grt

Syntax 
[no] grt
Context 
config>service>vprn>static-route-entry
Description 

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.

This next-hop type cannot be used in conjunction with any other next-hop types.

Default 

no grt

ipsec-tunnel

Syntax 
[no] ipsec-tunnel name
Context 
config>service>vprn>static-route-entry
Description 

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.

This next-hop type cannot be used in conjunction with any other next-hop types.

Default 

no ipsec-tunnel

Parameters 
name—
IPsec tunnel name; maximum length up to 32 characters

bfd-enable

Syntax 
[no] bfd-enable
Context 
config>service>vprn>static-route-entry>next-hop
Description 

This command associates the static route state to a BFD session between the local system and the configured nexthop.

The remote end of the BFD session must also be configured to originate or accept the BFD session controlling the static route state.

The no form of this command removes the association of the static route state to that of the BFD session.

Default 

no bfd-enable

community

Syntax 
[no] community comm-id
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ip-sec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This configuration option associates a BGP community with the static route. The community can be matched in route policies and is automatically added to BGP routes exported from the static route.

The no form of this command removes the community association.

Default 

no community

Parameters 
comm-id—
specifies the community identifier
Values—

comm-id

asn:comm-val, well-known-comm

asn

0 to 65535

comm-val

0 to 65535

well-known-comm

no-advertise, no-export, no-export-subconfed

cpe-check

Syntax 
[no] cpe-check cpe-ip-address
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
Description 

This command enables CPE-check and specifies the IP address of the target CPE device.

This option initiates a background ICMP ping test to the configured target IP address. The IP address can either be an IPv4 address for IPv4 static routes or an IPv6 address for IPv6 static routes. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a given static route.

The no form of this command disables the cpe-check option.

Default 

no cpe-check

Parameters 
cpe-ip-address—
specifies the IP address of the CPE device

drop-count

Syntax 
[no] drop-count count
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter specifies the number of consecutive ping-replies that must be missed to declare the CPE down and to deactivate the associated static route.

Default 

3

Parameters 
count—
an integer count value
Values—
1 to 255

interval

Syntax 
[no] interval seconds
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter specifies the interval between ICMP pings to the target IP address.

Default 

1

Parameters 
seconds—
an integer interval value
Values—
1 to 255

padding-size

Syntax 
[no] padding-size padding-size
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter specifies the amount of padding to add to the ICMP packet in bytes. The parameter is only applicable when the cpe-check option is used with the associated static route.

Default 

0

Parameters 
padding-size—
an integer value
Values—
0 to 16384 bytes

log

Syntax 
[no] log
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter enables the ability to log transitions between active and in-active based on the CPE connectivity check. Events will be sent to the system log, syslog and SNMP traps.

Default 

no log

description

Syntax 
[no] description description-string
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-ipsec-tunnel
Description 

This command creates a text description stored in the configuration file for a configuration context.

The no form of the command removes the description string from the context

Default 

no description

Parameters 
description-string—
The description character string. Allowed values are any string up to 80 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

destination-class

Syntax 
[no] destination-class dest-index
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-ipsec-tunnel
Description 

This command configures the policy accounting destination-class index to be used when incrementing accounting statistic for traffic matching the associated static route.

The no form of the command removes the associated destination-class from the associated static route nexthop.

Default 

no destination-class

Parameters 
dest-index—
the destination index integer value
Values—
1 to 255

generate-icmp

Syntax 
[no] generate-icmp
Context 
config>service>vprn>static-route-entry>black-hole
Description 

This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.

This command can only be associated with a static route that has a black-hole next-hop

The no form of this command removes the black-hole next-hop from static route configuration.

Default 

no generate-icmp

forwarding-class

Syntax 
[no] forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc}
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-ipsec-tunnel
Description 

This command specifies the enqueuing forwarding class that should be associated with traffic matching the associate static route. If this parameter is not specified, the packet will use the forwarding-class association based on default classification or other QoS Policy associations.

Default 

no forwarding-class

Parameters 
Forwarding class—
the forwarding class must be one of the pre-defined system forwarding classes
Values—
be, l2, af, l1, h2, ef, h1, nc

ldp-sync

Syntax 
[no] ldp-sync
Context 
config>service>vprn>static-route-entry>indirect
Description 

This command extends the LDP synchronization feature to a static route. When an interface comes back up, it is possible that a preferred static route using the interface as next-hop for a given prefix is enabled before the LDP adjacency to the peer LSR comes up on this interface. In this case, traffic on an SDP that uses the static route for the far-end address would be black-holed until the LDP session comes up and the FECs exchanged.

This option when enabled delays the activation of the static route until the LDP session comes up over the interface and the ldp-sync-timer configured on that interface has expired

Default 

no ldp-sync

metric

Syntax 
[no] metric metric-value
Context 
config>service>vprn>static-route-entry>next-hop
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
Description 

This command specifies the cost metric for the static route, expressed as a decimal integer. This value is used when importing the static route into other protocols such as OSPF. When the metric is configured as 0 then the metric configured in OSPF, default-import-metric, applies. When modifying the metric of an existing static route, the preference will not change unless specified. This value is also used to determine which static route to install in the forwarding table.

If there are multiple static routes with the same preference but different metrics then the lower cost (metric) route will be installed.

The no form of this command returns the metric to the default value

Default 

no ldp-sync

Parameters 
metric-value
specifies the cost metric value
Values—
0 to 65535

preference

Syntax 
[no] preference preference-value
Context 
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>black-hole
Description 

This command specifies the route preference to be assigned to the associated static route. The lower the preference value the more preferred the route is considered.

Table 37 shows the default route preference based on the route source.

Table 37:   Default Route Preference 

Label

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

OSPF Internal routes

10

Yes

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

The no form of this command returns the returns the associated static route preference to its default value.

Default 

5

Parameters 
preference-value
specifies the route preference value
Values—
1 to 255

prefix-list

Syntax 
[no] prefix-list name {all | none | any}
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
config>service>vprn>static-route-entry>black-hole
Description 

This command associates a new constraint to the associated static route such that the static route is only active if any, none, or all of the routes in the prefix list are present and active in the route-table.

Default 

no prefix-list

Parameters 
name
specifies the name of a currently configured prefix-list
all
specifies that the static route condition is met if all prefixes in the prefix-list must be present in the active static route
none
specifies that the static route condition is met if none of the prefixes in the named prefix-list can be present in the active static route
any
specifies that the static route condition is met if any prefixes in the prefix-list are present in the active static route

priority

Syntax 
[no] priority {low | high}
Context 
config>service>vprn>static-route-entry>indirect>forwarding-class
config>service>vprn>static-route-entry>next-hop>forwarding-class
Description 

This optional command associates an enqueuing priority with the static route. The options are either high or low, with low being the default. This parameter has the ability to affect the likelihood that a packet will be enqueued at SAP ingress in the face of ingress congestion.

Once a packet is enqueued into an ingress buffer, the significance of this parameter is lost.

Default 

priority low

Parameters 
low
Setting the enqueuing parameter for a packet to low decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
high
Setting the enqueuing parameter for a packet to high increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This command causes the static route to be placed in an administratively down state and removed from the active route-table

Default 

no shutdown

source-class

Syntax 
[no] source-class source-index
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This command configures the policy accounting source-class index to be used when incrementing accounting statistic for traffic matching the associated static route.

If source route policy accounting is enabled and a source-class index is configured, traffic with a source IP address matches the associated static route, the source accounting statistics for the specified class will be incremented.

The no form of the command removes the associated destination-class from the associated static route nexthop.

Default 

no source-class

Parameters 
source-index
specifies an integer value for the accounting source class index
Values—
1 to 255

tag

Syntax 
[no] tag tag-value
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This command adds a 32-bit integer tag to the associated static route.

The tag value can be used in route policies to control distribution of the route into other protocols.

Default 

1

Parameters 
tag-value
specifies an integer tag value
Values—
32 bit integer

validate-next-hop

Syntax 
[no] validate-next-hop
Context 
config>service>vprn>static-route-entry>next-hop
Description 

This optional command tracks the state of the next-hop in the IPv4 ARP cache or IPv6 Neighbor Cache. When the next-hop is not reachable and is removed from the ARP or Neighbor Cache, the next-hop will no longer be considered valid and the associated static route state removed from the active route-table.

When the next-hop is reachable again and present in the ARP/Neighbor Cache, the static route will be considered valid and is subject to being placed into the active route-table.

Default 

no validate-next-hop

ttl-propagate

Syntax 
ttl-propagate
Context 
config>service>vprn
Description 

This command enables the context to configure TTL propagation for transit and locally generated packets in a given VPRN routing context.

Default 

n/a

local

Syntax 
local [inherit | all | vc-only | none]
Context 
config>service>vprn>ttl-propagate
Description 

This command overrides the global configuration of the TTL propagation for locally generated packets which are forwarded over a MPLS LSPs in a given VPRN service context.

The global configuration is performed under config>router>ttl-propagate>vprn-local.

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value

Default 

inherit

Parameters 
inherit—
the TTL propagation behavior is inherited from the global configuration under config>router>ttl-propagate>vprn-local
none—
the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack
vc-only—
the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack
all—
the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack

transit

Syntax 
transit [inherit | all | vc-only | none]
Context 
config>service>vprn
Description 

This command overrides the global configuration of the TTL propagation for in transit packets which are forwarded over a MPLS LSPs in a given VPRN service context.

The global configuration is performed under config>router>ttl-propagate>vprn-transit.

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.

Default 

inherit

Parameters 
inherit—
the TTL propoagation behavior is inherited from the global configuration under config>router>ttl-propogate>vprn-transit
none—
the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack
vc-only—
the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack
all—
the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack

type

Syntax 
type [hub | spoke | subscriber-split-horizon]
no type
Context 
config>service>vprn>
Description 

This command designates the type of VPRN instance being configured for hub and spoke topologies. Use the no form to reset to the default of a fully meshed VPRN.

Default 

no type

Parameters 
hub—
Specifies a hub VPRN which allows all traffic from the hub SAPs to be routed to the destination directly, while all traffic from spoke VPRNs or network interfaces can only be routed to a hub SAP.
spoke—
Specifies a spoke VPRN which allows traffic from associated SAPs or spoke terminations to only be forwarded through routes learned from separate VPRN, which should be configured as a type Hub VPRN.
subscriber-split-horizon—
Controls the flow of traffic for wholesale subscriber applications.

vrf-export

Syntax 
vrf-export plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
no vrf-export
Context 
config>service>vprn
Description 

This command is used to specify route policies that control how routes are exported from the local VRF to other VRFs on the same or remote PE routers (via MP-BGP). Route policies are configured in the config>router>policy-options context.

The vrf-export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 15 objects referenced by the vrf-export command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple vrf-export commands are issued, the last command entered overrides the previous command.

Aggregate routes are not advertised via MP-BGP protocols to the other MP-BGP peers.

The no form of the command removes all route policy names from the vrf-export list.

Default 

no vrf-export

Parameters 
plcy-or-long-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)
plcy-or-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)

vrf-import

Syntax 
vrf-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
no vrf-import
Context 
config>service>vprn
Description 

This command is used to specify route policies that control how VPN-IP routes exported by other VRFs, on the same or remote PEs, are imported into the local VRF. Route policies are configured in the config>router>policy-options context.

The vrf-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route

Only one of the 15 objects referenced by the vrf-import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple vrf-import commands are issued, the last command entered overrides the previous command.

The no form of the command removes all route policy names from the import list

Note that unless the preference value is changed by the policy, BGP-VPN routes imported with a vrf-import policy have the preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs on the same router.

Default 

no vrf-import

Parameters 
plcy-or-long-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)
plcy-or-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)

vrf-target

Syntax 
vrf-target {ext-community | export ext-community | import ext-community}
no vrf-target
Context 
config>service>vprn
Description 

This command facilitates a simplified method to configure the route target to be added to advertised routes or compared against received routes from other VRFs on the same or remote PE routers (via MP-BGP).

BGP-VPN routes imported with a vrf-target statement will use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs in the same router.

Specified vrf-import or vrf-export policies override the vrf-target policy.

The no form of the command removes the vrf-target

Default 

no vrf-target

Parameters 
ext-comm—
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

<ext-community>

: target:{<ip-addr:comm-val> | <2byte-asnumber:ext-comm-val> | <4byte-asnumber:comm-val>}

ip-addr:

a.b.c.d

comm-val:

[0 to 65535]

2byte-asnumber:

[0 to 65535]

ext-comm-val:

[0 to 4294967295]

4byte-asnumber:

[0 to 4294967295]

import ext-community
specifies communities allowed to be accepted from remote PE neighbors
export ext-community
specifies communities allowed to be sent to remote PE neighbors

weighted-ecmp

Syntax 
weighted-ecmp
no weighted-ecmp
Context 
config>service>vprn
Description 

This command enables weighted load-balancing for IS-IS ECMP routes in the VPRN instance. Weighted ECMP can be performed only when all the next-hops are associated with the same neighbor and all of them are configured with (non-zero) load-balancing weights. The weighted ECMP support for IS-IS ECMP routes applies to both IPv4 and IPv6.

The no form of the command restores regular ECMP spraying of packets to IS-IS route destinations.

Default 

no weighted-ecmp

IPSec Configuration Commands

ipsec

Syntax 
ipsec
Context 
config>service>vprn>ipsec
Description 

This command enables the context to configure IPSec policies.

Default 

n/a

security-policy

Syntax 
security-policy security-policy-id [create]
no security-policy security-policy-id
Context 
config>service>vprn>ipsec
Description 

This command configures a security policy to use for an IPSec tunnel.

Default 

n/a

Parameters 
security-policy-id—
specifies a value to be assigned to a security policy
Values—
1 to 8192
create—
Creates the security policy instance. The create keyword requirement can be enabled/disabled in the environment>create context.

entry

Syntax 
entry entry-id [create]
no entry entry-id
Context 
config>service>vprn>ipsec>sec-plcy
Description 

This command configures an IPSec security policy entry.

Parameters 
entry-id—
specifies the IPSec security policy entry
Values—
1 to 16
create—
Creates the security policy entry instance. The create keyword requirement can be enabled/disabled in the environment>create context.

local-ip

Syntax 
local-ip {ip-prefix/prefix-length | ip-prefix netmask | any}
Context 
config>service>vprn>ipsec>sec-plcy>entry
Description 

This command configures the local (from the VPN ) IP prefix/mask for the policy parameter entry.

Only one entry is necessary to describe a potential flow. The local-ip and remote-ip commands can be defined only once. The system will evaluate the local IP as the source IP when traffic is examined in the direction of VPN to the tunnel and as the destination IP when traffic flows from the tunnel to the VPN. The remote IP will be evaluated as the source IP when traffic flows from the tunnel to the VPN when traffic flows from the VPN to the tunnel.

Parameters 
ip-prefix—
the destination address of the aggregate route in dotted decimal notation.
Values—
a.b.c.d (host bits must be 0)
prefix-length: 1 to 32
netmask—
the subnet mask in dotted decimal notation
any—
specifies that it can be any address

remote-ip

Syntax 
remote-ip ip-prefix/prefix-length | ip-prefix netmask | any}
Context 
config>service>vprn>ipsec>sec-plcy>entry
Description 

This command configures the remote (from the tunnel) IP prefix/mask for the policy parameter entry.

Only one entry is necessary to describe a potential flow. The local-ip and remote-ip commands can be defined only once. The system will evaluate the local IP as the source IP when traffic is examined in the direction of VPN to the tunnel and as the destination IP when traffic flows from the tunnel to the VPN. The remote IP will be evaluated as the source IP when traffic flows from the tunnel to the VPN when traffic flows from the VPN to the tunnel.

Parameters 
ip-prefix—
the destination address of the aggregate route in dotted decimal notation
Values—
a.b.c.d (host bits must be 0)
prefix-length: 1 to 32
netmask—
the subnet mask in dotted decimal notation
any—
specifies that it can be any address

interface

Syntax 
interface ip-int-name [create] [tunnel]
no interface ip-int-name
Context 
config>service>vprn
Description 

This command creates a logical IP routing interface for a Virtual Private Routed Network (VPRN). Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within VPRN service IDs. The interface command can be executed in the context of an VPRN service ID. The IP interface created is associated with the service core network routing instance and default routing table. The typical use for IP interfaces created in this manner is for subscriber internet access.

Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config router interface and config service vprn interface. Interface names must not be in the dotted decimal notation of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

The available IP address space for local subnets and routes is controlled with the config router service-prefix command. The service-prefix command administers the allowed subnets that can be defined on service IP interfaces. It also controls the prefixes that may be learned or statically defined with the service IP interface as the egress interface. This allows segmenting the IP address space into config router and config service domains.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All VPRN IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shutdown before issuing the no interface command.

For VPRN services, the IP interface must be shutdown before the SAP on that interface may be removed. VPRN services do not have the shutdown command in the SAP CLI context. VPRN service SAPs rely on the interface status to enable and disable them.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
Values—
1 to 32 characters maximum
tunnel—
Specifies that the interface is configured as tunnel interface, which could be used to terminate IPSec or GRE runnels in the private service.
create—
Creates the IPSec interface instance. The create keyword requirement can be enabled/disabled in the environment>create context.

address

Syntax 
[no] address {ip-address/mask | ip-address netmasks}
Context 
config>service>vprn>if
Description 

This command assigns an IP address/IP subnet to the interface

Parameters 
ip-address—
Specifies the base IP address of the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
mask—
The subnet mask in dotted decimal notation. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
netmask—
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>vprn>if
config>service>vprn>if>sap>ip-tunnel
config>service>vprn>sap>ipsec-tunnel
Description 

This command configures the IP maximum transmit unit (packet) for this interface.

The no form of the command returns the default value.

Default 

no ip-mtu

Parameters 
octets—
specifies the MTU size for this interface
Values—
512 to 9000

ipsec-tunnel

Syntax 
ipsec-tunnel ipsec-tunnel-name [create]
no ipsec-tunnel ipsec-tunnel-name
Context 
config>service>vprn>if>sap
Description 

This command specifies an IPSec tunnel name. An IPSec client sets up the encrypted tunnel across public network. The 7750 SR IPSec MDA acts as a concentrator gathering, and terminating these IPSec tunnels into an IES or VPRN service. This mechanism allows as service provider to offer a global VPRN service even if node of the VPRN are on an uncontrolled or insecure portion of the network.

Default 

n/a

Parameters 
ipsec-tunnel-name—
specifies an IPSec tunnel name up to 32 characters in length
create—
Creates the IPSec tunnel instance. The create keyword requirement can be enabled/disabled in the environment>create context.

bfd-designate

Syntax 
[no] bfd-designate
Context 
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command specifies whether this IPSec tunnel is the BFD designated tunnel.

Default 

n/a

bfd-enable

Syntax 
[no] bfd-enable service service-id interface interface-name dst-ip ip-address
Context 
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command assign a BFD session provide heart-beat mechanism for given IPsec tunnel. There can be only one BFD session assigned to any given IPsec tunnel, but there can be multiple IPsec tunnels using same BFD session. BFD control the state of the associated tunnel, if BFD session goes down, system will also bring down the associated non-designated IPsec tunnel.

Default 

n/a

Parameters 
service service-id
specifies where the service-id that the BFD session resides
interface interface-name
specifies the name of the interface used by the BFD session
dst-ip ip-address
specifies the destination address to be used for the BFD session

clear-df-bit

Syntax 
[no] clear-df-bit
Context 
config>service>interface>ies>sap
config>service>vprn>if>sap>ipsec-tunnel
config>service>vprn>if>sap>ip-tunnel
config>service>ies>if>sap>ip-tunnel
config>ipsec>tnl-temp
Description 

This command specifies whether to clear the Do not Fragment (DF) bit in the outgoing packets in this tunnel.

dynamic-keying

Syntax 
[no] dynamic-keying
Context 
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command enables dynamic keying for the IPsec tunnel.

Default 

n/a

auto-establish

Syntax 
[no] auto-establish
Context 
config>service>vprn>if>sap>ipsec-tun>dyn
Description 

This command specifies whether to attempt to establish a phase 1 exchange automatically.

The no form of the command disables the automatic attempts to establish a phase 1 exchange.

Default 

no auto-establish

local-id

Syntax 
[no] local-id type {ipv4 <v4address> | fqdn <fqdn-value>}
Context 
config>service>vprn>if>sap>ipsec-tun>dynamic-keying
Description 

This command specifies the local id of the 7750 SR used for IDi or IDr for IKEv2 tunnels.

The local-id command can only be changed or removed when tunnel or gw is shutdown. The default value depends on the local-auth-method such as:

  1. Psk:local tunnel ip address
  2. Cert-auth: subject of the local certificate
Default 

no local-id

Parameters 
type—
specifies the type of local ID payload, it could be ipv4 address
ipv4—
specifies IPv4 as the local ID type. The default value is the local tunnel end-point address
v4address—
specifies an IPv4 address. A value must be configured
fqdn—
specifies FQDN as the local ID type. A value must be configured
fqdn-value—
specifies a FQDN value. A value must be configured

transform

Syntax 
transform transform-id [transform-id...(up to 4 max)]
no transform
Context 
config>service>vprn>if>sap>ipsec-tun>dynamic-keying
config>ipsec>tnl-temp
Description 

This command associates the IPSec transform sets allowed for this tunnel. A maximum of four transforms can be specified. The transforms are listed in decreasing order of preference (the first one specified is the most preferred).

Default 

n/a

Parameters 
transform-id—
specifies the value used for transforms for dynamic keying
Values—
1 to 2048

local-gateway-address

Syntax 
local-gateway-address ip-address peer ip-address delivery-service service-id
no local-gateway-address
Context 
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command specifies the local gateway address used for the tunnel and the address of the remote security gateway at the other end of the tunnel remote peer IP address to use.

Default 

The base routing context is used if the delivery-router option is not specified.

Parameters 
ip-address—
IP address of the local end of the tunnel
delivery-service service-id
The ID of the IES or VPRN (front-door) delivery service of this tunnel. Use this service-id to find the VPRN used for delivery.
Values—
service-id: 1 to 2147483648
svc-name: specifies an existing service name up to 64 characters in length

manual-keying

Syntax 
[no] manual-keying
Context 
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command configures Security Association (SA) for manual keying. When enabled, the command specifies whether this SA entry is created manually by the user or dynamically by the IPsec sub-system.

Default 

n/a

security-association

Syntax 
security-association security-entry-id authentication-key authentication-key encryption-key encryption-key spi spi transform transform-id direction {inbound | outbound}
no security-association security-entry-id direction {inbound | outbound}
Context 
config>service>vprn>if>sap>ipsec-tun>manual-keying
Description 

This command configures the information required for manual keying SA creation.

Default 

n/a

Parameters 
security-entry-id—
specifies the ID of an SA entry
Values—
1 to 16
encryption-key encryption-key
specifies the key used for the encryption algorithm
Values—
none or 0x0 to 0xFFFFFFFF...(max 64 hex nibbles)
authentication-key authentication-key
specifies the key used for the authentication algorithm
Values—
none or 0x0 to 0xFFFFFFFF...(max 40 hex nibbles)
spi spi
Specifies the SPI (Security Parameter Index) used to look up the instruction to verify and decrypt the incoming IPSec packets when the direction is inbound. When the direction is outbound, the SPI that will be used in the encoding of the outgoing packets. The remote node can use this SPI to lookup the instruction to verify and decrypt the packet.
Values—
256 to 16383
transform transform-id
specifies the transform entry that will be used by this SA entry. This object should be specified for all the entries created which are manual SAs. If the value is dynamic, then this value is irrelevant and will be zero.
Values—
1 to 2048
direction {inbound | outbound}—
specifies the direction of an IPsec tunnel

replay-window

Syntax 
replay-window {32 | 64 | 128 | 256 | 512}
no replay-window
Context 
config>ipsec>tnl-temp
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command specifies the size of the anti-replay window. The anti-replay window protocol secures IP against an entity that can inject messages in a message stream from a source to a destination computer on the Internet.

Default 

n/a

Parameters 
{32 | 64 | 128 | 256 | 512}—
specifies the size of the SA anti-replay window

security-policy

Syntax 
security-policy security-policy-id
no security-policy
Context 
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command configures an IPSec security policy. The policy may then be associated with tunnels defined in the same context.

Default 

n/a

Parameters 
security-policy-id—
specifies the IPSec security policy entry that the tunnel will use
Values—
1 to 8192

Log Commands

log

Syntax 
log
Context 
config>service>vprn
config>service>vprn>log-id
Description 

This command enables the context to configure event stream logging.

filter

Syntax 
[no] filter filter-id
Context 
config>service>vprn>log
config>service>vprn>log>log-id
Description 

This command creates a context for an event filter. An event filter specifies whether to forward or drop an event or trap based on the match criteria.

Filters are configured in the filter filter-id context and then applied to a log in the log-id log-id context. Only events for the configured log source streams destined to the log ID where the filter is applied are filtered.

Any changes made to an existing filter, using any of the sub-commands, are immediately applied to the destinations where the filter is applied.

The no form of the command removes the filter association from log IDs which causes those logs to forward all events.

Default 

No event filters are defined.

Parameters 
filter-id —
the filter ID uniquely identifies the filter
Values—
1 to 1000

default-action

Syntax 
default-action {drop | forward}
no default-action
Context 
config>service>vprn>log>filter
Description 

The default action specifies the action that is applied to events when no action is specified in the event filter entries or when an event does not match the specified criteria.

When multiple default-action commands are entered, the last command overwrites the previous command.

The no form of the command reverts the default action to the default value (forward).

Default 

default-action forward — the events which are not explicitly dropped by an event filter match are forwarded

Parameters 
drop—
the events which are not explicitly forwarded by an event filter match are dropped
forward—
the events which are not explicitly dropped by an event filter match are forwarded

entry

Syntax 
[no] entry entry-id
Context 
config>service>vprn>log>filter
Description 

This command is used to create or edit an event filter entry. Multiple entries may be created using unique entry-id numbers. The -TiMOS implementation exits the filter on the first match found and executes the action in accordance with the action command.

Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and are rendered inactive.

The no form of the command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log-id’s where the filter is applied.

Default 

No event filter entries are defined. An entry must be explicitly configured.

Parameters 
entry-id—
The entry ID uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.
Values—
1 to 999

action

Syntax 
action {drop | forward}
no action
Context 
config>service>vprn>log>filter>entry
Description 

This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.

Multiple action statements entered will overwrite previous actions.

The no form of the command removes the specified action statement.

Default 

Action specified by the default-action command will apply.

Parameters 
drop—
specifies packets matching the entry criteria will be dropped
forward—
specifies packets matching the entry criteria will be forwarded

match

Syntax 
[no] match
Context 
config>service>vprn>log>filter>entry
Description 

This command creates context to enter/edit match criteria for a filter entry. When the match criteria is satisfied, the action associated with the entry is executed.

If more than one match parameter (within one match statement) is specified, then all the criteria must be satisfied (AND functional) before the action associated with the match is executed.

Use the match command to display a list of the valid applications.

Match context can consist of multiple match parameters (application, event-number, severity, subject), but multiple match statements cannot be entered per entry.

The no form of the command removes the match criteria for the entry-id.

Default 

no match

application

Syntax 
application {eq | neq} application-id
no application
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an OS application as an event filter match criterion.

An OS application is the software entity that reports the event. Applications include IP, MPLS, OSPF, CLI, SERVICES etc. Only one application can be specified. The latest application command overwrites the previous command.

The no form of the command removes the application as a match criterion.

Default 

no application — no application match criterion is specified

Parameters 
eq | neq—
the operator specifying the type of match
Values—

eq

equal to

neq

not equal to

application-id
the application name string
Values—
port, ppp, rip, route_policy, rsvp, security, snmp, stp, svcmgr, system, user, vrrp, vrtr

message

Syntax 
message {eq | neq} pattern pattern [regexp]
no message
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds system messages as a match criterion.

The no form of the command removes messages as a match criterion.

Parameters 
eq—
determines if the matching criteria should be equal to the specified value
neq—
determines if the matching criteria should not be equal to the specified value
pattern pattern—
specifies a message up to 400 characters to be used in the match criteria
regexp—
Specifies the type of string comparison to use to determine if the log event matches the value of message command parameters. When the regexp keyword is not specified, the default matching algorithm used is a basic substring match.

number

Syntax 
number {eq | neq | lt | lte | gt | gte} event-id
no number
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an SR OS application event number as a match criterion.

SR OS event numbers uniquely identify a specific logging event within an application.

Only one number command can be entered per event filter entry. The latest number command overwrites the previous command.

The no form of the command removes the event number as a match criterion.

Default 

no event-number — no event ID match criterion is specified

Parameters 
eq | neq | lt | lte | gt | gte—
This operator specifies the type of match. Valid operators are listed below.
Values—

Operator

Note

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

event-id
the event ID, expressed as a decimal integer
Values—
1 to 4294967295

severity

Syntax 
severity {eq | neq | lt | lte | gt | gte} severity-level
no severity
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an event severity level as a match criterion. Only one severity command can be entered per event filter entry. The latest severity command overwrites the previous command.

The no form of the command removes the severity match criterion.

Default 

no severity — no severity level match criterion is specified

Parameters 
eq | neq | lt | lte | gt | gte—
Specifies the type of match. Valid operators are listed below.
Values—

Operator

Notes

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

severity-name
The ITU severity level name. Table 38 lists severity names and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.
Table 38:  Severity Levels 

Severity Number

Severity Name

1

cleared

2

indeterminate (info)

3

critical

4

major

5

minor

6

warning

Values—
cleared, intermediate, critical, major, minor, warning

subject

Syntax 
subject {eq | neq} subject [regexp]
no subject
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an event subject as a match criterion.

The subject is the entity for which the event is reported, such as a port. In this case the port-id string would be the subject. Only one subject command can be entered per event filter entry. The latest subject command overwrites the previous command.

The no form of the command removes the subject match criterion.

Default 

no subject no subject match criterion specified

Parameters 
eq | neq—
This operator specifies the type of match. Valid operators are listed below.
Values—

Operator

Notes

eq

equal to

neq

not equal to

subject—
a string used as the subject match criterion
regexp—
Specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered.

When regexp keyword is not specified, the subject command string is matched exactly by the event filter.

log-id

Syntax 
[no] log-id log-id
Context 
config>service>vprn>log
Description 

This command creates a context to configure destinations for event streams.

The log-id context is used to direct events, alarms/traps, and debug information to respective destinations.

A maximum of 10 logs can be configured.

Before an event can be associated with this log-id, the from command identifying the source of the event must be configured.

Only one destination can be specified for a log-id. The destination of an event stream can be an in-memory buffer, console, session, snmp-trap-group, syslog, or file.

Use the event-control command to suppress the generation of events, alarms, and traps for all log destinations.

An event filter policy can be applied in the log-id context to limit which events, alarms, and traps are sent to the specified log-id.

Log-IDs 99 and 100 are created by the agent. Log-ID 99 captures all log messages. Log-ID 100 captures log messages with a severity level of major and above.

Log-ID 99 provides valuable information for the admin-tech file. Removing or changing the log configuration may hinder debugging capabilities. It is strongly recommended not to alter the configuration for Log-ID 99.

The no form of the command deletes the log destination ID from the configuration.

Default 

No log destinations are defined.

Parameters 
log-id—
the log ID number, expressed as a decimal integer
Values—
1 to 100

to snmp

Syntax 
to snmp [size]
Context 
config>service>vprn>log>log-id
Description 

This is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination. This command instructs the alarms and traps to be directed to the snmp-trap-group associated with log-id.

A local circular memory log is always maintained for SNMP notifications sent to the specified snmp-trap-group for the log-id.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.

Default 

n/a

Parameters 
size—
the size parameter defines the number of events stored in this memory log
Values—
100
Values—
50 to 1024

to syslog

Syntax 
to syslog syslog-id
Context 
config>service>vprn>log>log-id
Description 

This is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the alarms and traps to be directed to a specified syslog. To remain consistent with the standards governing syslog, messages to syslog are truncated to 1k bytes.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.

Default 

n/a

Parameters 
syslog-id—
Instructs the events selected for the log ID to be directed to the syslog-id. The characteristics of the syslog-id referenced here must have been defined in the config>log>syslog syslog-id context.
Values—
1 to 10

from

Syntax 
from {[main] [change]}
no from
Context 
config>service>vprn>log>log-id
Description 

This command selects the source stream to be sent to a log destination.

One or more source streams must be specified. The source of the data stream must be identified using the from command before you can configure the destination using the to command. The from command can identify multiple source streams in a single statement (for example: from main change debug-trace).

Only one from command may be entered for a single log-id. If multiple from commands are configured, then the last command entered overwrites the previous from command.

The no form of the command removes all previously configured source streams.

Default 

No source stream is configured.

Parameters 
main—
Instructs all events in the main event stream to be sent to the destination defined in the to command for this destination log-id. The main event stream contains the events that are not explicitly directed to any other event stream. To limit the events forwarded to the destination, configure filters using the filter command.
change—
Instructs all events in the user activity stream to be sent to the destination configured in the to command for this destination log-id. The change event stream contains all events that directly affect the configuration or operation of this node. To limit the events forwarded to the change stream destination, configure filters using the filter command.

time-format

Syntax 
time-format {local | utc}
Context 
config>service>vprn>log>log-id
Description 

This command specifies whether the time should be displayed in local or Coordinated Universal Time (UTC) format.

Default 

time-format utc

Parameters 
local —
specifies that timestamps are written in the system’s local time
utc—
Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

syslog

Syntax 
[no] syslog syslog-id
Context 
config>service>vprn>log
Description 

This command creates the context to configure a syslog target host that is capable of receiving selected syslog messages from this network element.

A valid syslog-id must have the target syslog host address configured.

A maximum of 10 syslog-ids can be configured.

No log events are sent to a syslog target address until the syslog-id has been configured as the log destination (to) in the log-id node.

The syslog ID configured in the configure/service/vprn context has a local VPRN scope and only needs to be unique within the specific VPRN instance. The same ID can be reused under a different VPRN service or in the global log context under config>log.

Default 

No syslog IDs are defined.

Parameters 
syslog-id—
the syslog ID number for the syslog destination, expressed as a decimal integer
Values—
1 to 10

address

Syntax 
address ip-address
no address
Context 
config>service>vprn>log>syslog
Description 

This command adds the syslog target host IP address to/from a syslog ID.

This parameter is mandatory. If no address is configured, syslog data cannot be forwarded to the syslog target host.

Only one address can be associated with a syslog-id. If multiple addresses are entered, the last address entered overwrites the previous address.

The same syslog target host can be used by multiple log IDs.

The no form of the command removes the syslog target host IP address.

Default 

no address — There is no syslog target host IP address defined for the syslog ID.

Parameters 
ip-address—
the IP address of the syslog target host in dotted decimal notation
Values—

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR.

facility

Syntax 
facility syslog-facility
no facility
Context 
cconfig>service>vprn>log>syslog
Description 

This command configures the facility code for messages sent to the syslog target host.

Multiple syslog IDs can be created with the same target host but each syslog ID can only have one facility code. If multiple facility codes are entered, the last facility-code entered overwrites the previous facility-code.

If multiple facilities need to be generated for a single syslog target host, then multiple log-id entries must be created, each with its own filter criteria to select the events to be sent to the syslog target host with a given facility code.

The no form of the command reverts to the default value.

Default 

local7 — syslog entries are sent with the local7 facility code

Parameters 
syslog-facility—
The syslog facility name represents a specific numeric facility code. The code should be entered in accordance with the syslog RFC. However, the software does not validate if the facility code configured is appropriate for the event type being sent to the syslog target host.
Values—
kernel, user, mail, systemd, auth, syslogd, printer, netnews, uucp, cron, authpriv, ftp, ntp, logaudit, logalert, cron2, local0, local1, local2, local3, local4, local5, local6, local7
Valid responses per RFC3164, The BSD syslog Protocol, are listed in the table belowTable 39.
Table 39:  Syslog Facility Codes 

Numerical Code

Facility Code  

0

kernel

1

user

2

mail

3

systemd

4

auth

5

syslogd

6

printer

7

net-news

8

uucp

9

cron

10

auth-priv

11

ftp

12

ntp

13

log-audit

14

log-alert

15

cron2

16

local0

17

local1

18

local2

19

local3

20

local4

21

local5

22

local6

23

local7

Values: 0 to 23

log-prefix

Syntax 
log-prefix log-prefix-string
no log-prefix
Context 
config>service>vprn>log>syslog
Description 

This command adds the string prepended to every syslog message sent to the syslog host.

RFC3164, The BSD syslog Protocol, allows a alphanumeric string (tag) to be prepended to the content of every log message sent to the syslog host. This alphanumeric string can, for example, be used to identify the node that generates the log entry. The software appends a colon (:) and a space to the string and it is inserted in the syslog message after the date stamp and before the syslog message content.

Only one string can be entered. If multiple strings are entered, the last string overwrites the previous string. The alphanumeric string can contain lowercase (a-z), uppercase (A-Z) and numeric (0-9) characters.

The no form of the command removes the log prefix string.

Default 

no log-prefix — no prepend log prefix string defined

Parameters 
log-prefix-string —
An alphanumeric string of up to 32 characters. Spaces and colons ( : ) cannot be used in the string.

level

Syntax 
level syslog-level
no level
Context 
config>service>vprn>log>syslog
Description 

This command configures the syslog message severity level threshold. All messages with severity level equal to or higher than the threshold are sent to the syslog target host.

Only a single threshold level can be specified. If multiple levels are entered, the last level entered will overwrite the previously entered commands.

The no form of the command reverts to the default value.

Parameters 
value—
the threshold severity level name
Values—
emergency, alert, critical, error, warning, notice, info, debug

Router severity level

Numerical Severity (highest to lowest)

Configured Severity

Definition

0

emergency

system is unusable

3

1

alert

action must be taken immediately

4

2

critical

critical condition

5

3

error

error condition

6

4

warning

warning condition

5

notice

normal but significant condition

1 cleared 2 indeterminate

6

info

informational messages

7

debug

debug-level messages

port

Syntax 
port value
no port
Context 
config>service>vprn>log>syslog
Description 

This command configures the UDP port that will be used to send syslog messages to the syslog target host.

The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.

Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.

The no form of the command reverts to default value.

Default 

no port

Parameters 
value—
the value is the configured UDP port number used when sending syslog messages
Values—
1 to 65535

snmp-trap-group

Syntax 
[no] snmp-trap-group log-id
Context 
config>service>vprn>log
Description 

This command creates the context to configure a group of SNMP trap receivers and their operational parameters for a given log-id.

A group specifies the types of SNMP traps and specifies the log ID which will receive the group of SNMP traps. A trap group must be configured in order for SNMP traps to be sent.

To suppress the generation of all alarms and traps see the event-control command. To suppress alarms and traps that are sent to this log-id, see the filter command. Once alarms and traps are generated they can be directed to one or more SNMP trap groups. Logger events that can be forwarded as SNMP traps are always defined on the main event source.

The no form of the command deletes the SNMP trap group.

Default 

There are no default SNMP trap groups.

Parameters 
log-id—
The log ID value of a log configured in the log-id context. Alarms and traps cannot be sent to the trap receivers until a valid log-id exists.
Values—
1 to 99

trap-target

Syntax 
trap-target name [address ip-address] [port port] [snmpv1 | snmpv2c | snmpv3] notify-community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] [replay]
no trap-target name
Context 
config>service>vprn>log>snmp-trap-group
Description 

This command adds/modifies a trap receiver and configures the operational parameters for the trap receiver. A trap reports significant events that occur on a network device such as errors or failures.

Before an SNMP trap can be issued to a trap receiver, the log-id, snmp-trap-group and at least one snmp-trap-group must be configured.

The snmp-trap-group command is used to add/remove a trap receiver from an snmp-trap-group. The operational parameters specified in the command include:

  1. The IP address of the trap receiver
  2. The UDP port used to send the SNMP trap
  3. SNMP version
  4. SNMP community name for SNMPv1 and SNMPv2c receivers.
  5. Security name and level for SNMPv3 trap receivers.

A single snmp-trap-group log-id can have multiple trap-receivers. Each trap receiver can have different operational parameters.

An address can be configured as a trap receiver more than once as long as a different port is used for each instance.

To prevent resource limitations, only configure a maximum of 10 trap receivers.

If the same trap-target name port port parameter value is specified in more than one SNMP trap group, each trap destination should be configured with a different notify-community value. This allows a trap receiving an application, such as NMS, to reconcile a separate event sequence number stream for each router event log when multiple event logs are directed to the same IP address and port destination.

The no form of the command removes the SNMP trap receiver from the SNMP trap group.

Default 

No SNMP trap targets are defined.

Parameters 
name—
specifies the name of the trap target up to 28 characters in length
address ip-address
The IP address of the trap receiver in dotted decimal notation. Only one IP address destination can be specified per trap destination group.
Values—

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR.
port port—
The destination UDP port used for sending traps to the destination, expressed as a decimal integer. Only one port can be specified per trap-target statement. If multiple traps need to be issued to the same address then multiple ports must be configured.
Values—
1 to 65535
Values—
162
snmpv1 | snmpv2c | snmpv3—
Specifies the SNMP version format to use for traps sent to the trap receiver.

The keyword snmpv1 selects the SNMP version 1 format. When specifying snmpv1, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv1, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv2c selects the SNMP version 2c format. When specifying snmpv2c, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv2c, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv3 selects the SNMP version 3 format. When specifying snmpv3, the notify-community must be configured for the SNMP security-name. If the SNMP version is changed from snmpv1 or snmpv2c to snmpv3, then the notify-community parameter must be changed to reflect the security-name rather than the community string used by snmpv1 or snmpv2c.

Pre-existing conditions are checked before the snmpv3SecurityName is accepted. These are:

  1. The user name must be configured.
  2. The v3 access group must be configured.
  3. The v3 notification view must be configured.
Values—
snmpv1, snmpv2c, snmpv3
Values—
snmpv3
notify-community community | security-name—
Specifies the community string for snmpv1 or snmpv2c or the snmpv3 security-name. If no notify-community is configured, then no alarms nor traps will be issued for the trap destination. If the SNMP version is modified, the notify-community must be changed to the proper form for the SNMP version.
community—
The community string as required by the snmpv1 or snmpv2c trap receiver. The community string can be an ASCII string up to 31 characters in length.
security-name—
The security-name as defined in the config>system>security>user context for SNMP v3. The security-name can be an ASCII string up to 31 characters in length.
security-level {no-auth-no-privacy | auth-no-privacy | privacy}—
Specifies the required authentication and privacy levels required to access the views configured on this node when configuring an snmpv3 trap receiver.

The keyword no-auth-no-privacy specifies no authentication and no privacy (encryption) are required.

The keyword auth-no-privacy specifies authentication is required but no privacy (encryption) is required. When this option is configured the security-name must be configured for authentication.

The keyword privacy specifies both authentication and privacy (encryption) is required. When this option is configured the security-name must be configured for authentication and privacy.

Values—
no-auth-no-privacy, auth-no-privacy, privacy
Values—
no-auth-no-privacy. This parameter can only be configured if SNMPv3 is also configured.
replay—
Enable replay of missed events to target. If replay is applied to an SNMP trap target address, the address is monitored for reachability. Reachability is determined by whether or not there is a route in the routing table by which the target address can be reached. Before sending a trap to a target address, the SNMP module asks the PIP module if there is either an in-band or out-of-band route to the target address. If there is no route to the SNMP target address, the SNMP module saves the sequence-id of the first event that will be missed by the trap target. When the routing table changes again so that there is now a route by which the SNMP target address can be reached, the SNMP module replays (for example, retransmits) all events generated to the SNMP notification log while the target address was removed from the route table. Because of route table change convergence time, it is possible that one or more events may be lost at the beginning or end of a replay sequence. The cold-start-wait and route-recovery-wait timers under config>log>app-route-notifications can help reduce the probability of lost events.

Multicast VPN Commands

mvpn

Syntax 
mvpn
Context 
config>service>vprn
Description 

This command enables the context to configure MVPN-related parameters for the IP VPN.

auto-discovery

Syntax 
auto-discovery [default | mdt-safi] [source-address ip-address]
Context 
config>service>vprn>mvpn
Description 

This command enables MVPN membership auto-discovery through BGP. When auto-discovery is enabled, PIM peering on the inclusive provider tunnel is disabled. Changing auto-discovery configuration requires shutdown of this VPRN instance.

The no form of the command disables MVPN membership auto-discovery through BGP.

Default 

default

Parameters 
default—
enable s AD route exchange based on format defined in ng-MVPN (RFC6514)
mdt-safi—
enables AD route exchange based on mdt-safi format defined in draft-rosen-vpn-mcast

This command allows optionally to specify a source-address - an IP address to be used by Rosen M-VPN for core diversity non-default IGP instances (not using system IP). Two unique IP addresses for all MVPNs are supported. For instances using default System IP, source address configuration should not be specified to avoid consuming one of the addresses.

Explicitly defined source-address allows GRE-encapsulated Rosen MVPN multicast traffic (Default and Data MDT) to originate from a configured IP address, so the source IP address of the GRE packets won't be the default system IP address.

Value:

ip-address
an IPv4 address. To achieve the desired functionality the address should be a pre-configured non-default ISIS or OSPF loopback address for an IGP instance using loopback address different from the system IP loopback.

c-mcast-signaling

Syntax 
c-mcast-signaling {bgp | pim}
no c-mcast-signaling
Context 
config>service>vprn>mvpn
Description 

This command specifies BGP or PIM, for PE-to-PE signaling of CE multicast states. When this command is set to PIM and neighbor discovery by BGP is disabled, PIM peering will be enabled on the inclusive tree.

Changes may only be made to this command when the mvpn node is shutdown.

The no form of the command reverts it back to the default.

Default 

mcast-signaling bgp

Parameters 
bgp —
specifies to use BGP for PE-to-PE signaling of CEmulticast states. Auto-discovery must be enabled
pim —
specifies to use PIM for PE-to-PE signaling of CE multicast states

intersite-shared

Syntax 
intersite-shared [persistent-type5-adv] [kat-type5-adv-withdraw]
no intersite-shared
Context 
config>service>vprn>mvpn
Description 

This command specifies whether to use inter-site shared C-trees or not. Optional parameters allow enabling additional inter-site shared functionality. Not specifying an optional parameter when executing the command disables that parameter.

Default 

intersite-shared

Parameters 
persistent-type5-adv—
when specified for inter-site shared trees enabled, this parameter ensures that Type 5 SA routes are generated for the multicast source even if no joins are present for that source. When the parameter is not specified, the Type 5 SA routes are withdrawn where the prune from the last receiver is received for the multicast source.
kat-type5-adv-withdraw—
when specified for inter-site shared trees, this parameter allows operators to enable KeepAlive Timers (KAT) on source PEs for ng-MVPN inter-site shared deployments. On a multicast source failure, a KAT expiry on source PEs will trigger a withdrawal of Type-5 Source-Active (S-A) route and switch from (C-S,C-G) to (C-*,C-G). When receiver PEs process reflected Type-5 S-A route withdrawals, they will withdraw their Type-7 ng-MVPN routes to the failed multicast source. The following conditions apply:
  1. KAT must only be enabled on source PEs.
  2. Functionality is supported with mLDP and RSVP-TE in the P-instance.
  3. Local receiver per (C-S, C-G) must be configured on source PEs running KAT.

mdt-type

Syntax 
mdt-type {sender-receiver | sender-only | receiver-only}
Context 
config>service>vprn>mvpn
Description 

This command allows restricting MVPN instance per PE node to a specific role. By default, MVPN instance on a given PE node assumes the role of being a sender as well as receiver. This creates a mesh of MDT/PMSI across all PE nodes from this PE.

This command provides an option to configure either a sender-only or receiver-only mode per PE node. Restricting the role of a PE node prevents creating full mesh of MDT/PMSI across all PE nodes that are participating in MVPN instance.

auto-rp-discovery cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.

The no version of this command restores the default (sender-receiver).

Default 

mdt-type sender-receiver

Parameters 
sender-receiver—
MVPN has both sender and receivers connected to PE node
sender-only—
MVPN has only senders connected to PE node
receiver-only—
MVPN has only receivers connected to PE node

red-source-list

Syntax 
red-source-list
Context 
config>service>vprn>mvpn
Description 

This command enables context to configure list of redundant source prefixes for preferred source selection.

src-prefix

Syntax 
src-prefix ip-address/mask [ip-address/mask …up to 8 maximum]
no src-prefix ip-address/mask
Context 
config>service>vprn>mvpn>red-source-list
Description 

This command configures up to 8 multicast source IPv4 prefixes for preferred source selection. Single or multi-line inputs are allowed.

The no form of the command deletes specified prefix from the list.

Default 

No prefixes are specified.

Parameters 
ip-address/mask—
IPv4 address prefix with mask

ipv6

Syntax 
ipv6
Context 
config>service>vprn>mvpn>red-source-list
Description 

This command enables context to configure list of redundant IPv6 source prefixes for preferred source selection.

src-prefix

Syntax 
src-prefix ipv6-ip-address/prefix-length [ipv6-address/prefix-length …up to 8 maximum]
no ipv6-ip-address/prefix-length
Context 
config>service>vprn>mvpn>red-source-list>ipv6
Description 

This command configures up to 8 multicast source IPv6 prefixes for preferred source selection. Single or multi-line inputs are allowed.

The no form of the command deletes specified prefix from the list

Default 

No prefixes are specified.

Parameters 
ipv6-ip-address/mask—
IPv6 address prefix with prefix-length

rpf-select

Syntax 
rpf-select
Context 
config>service>vprn>mvpn
Description 

This command enables context for VRF extranet mapping for C-instance receivers in this receiver MVPN instance to multicast streams in P-instance core MVPN instances.

core-mvpn

Syntax 
[no] core-mvpn service-id
Context 
config>service>vprn>mvpn>rpf-select
Description 

This command enables context for VRF extranet mapping for C-instance receivers in this receiver MVPN instance to multicast streams in the specified P-instance core MVPN instance.

group-prefix

Syntax 
group-prefix ip-address/mask [ip-address/mask...(up to 8 max)][starg]
no group-prefix ip-address/mask
Context 
config>service>vprn>mvpn>rpf-select>core-mvpn
Description 

This command configures multicast group IPv4 prefixes for the MVPN with per-group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored.

When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.

The no form of the command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.

Default 

n/a

Parameters 
ip-address/mask—
specifies the IPv4 multicast address prefix with mask

provider-tunnel

Syntax 
provider-tunnel
Context 
config>service>vprn>mvpn
Description 

This command enables context to configure tunnel parameters for the MVPN.

inclusive

Syntax 
inclusive
Context 
config>service>vprn>mvpn>pt
Description 

This command enables the context for specifying inclusive provider tunnels

bsr

Syntax 
bsr {unicast | spmsi}
no bsr
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
Description 

This command configures the type of BSR signaling used.

The no form of the command restores the default.

Default 

no bsr

Parameters 
unicast—
BSR PDUs are sent/forwarded using unicast PDUs (default)
spmsi—
BSR PDUs are sent/forwarded using S-PMSI full mesh

mldp

Syntax 
mldp
no mldp
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
Description 

This command enables use of mLDP LSP for the provider tunnel.

Default 

no mldp

shutdown

Syntax 
shutdown
no shutdown
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>mldp
Description 

This command administratively disables and enables use of mLDP LSP for the provider tunnel.

Default 

no shutdown

pim

Syntax 
pim {asm | ssm} grp-ip-address
no pim
Context 
config>service>vprn>mvpn>pt>inclusive
Description 

This command specifies the PIM mode to use, ASM or SSM, for PIM-based inclusive provider tunnels and the multicast group address to use. Also enables the context for specifying parameters for PIM peering on the inclusive provider tunnel.

Auto-discovery must be enabled in order for SSM to operate.

The no form of the command removes the pim context including the statements under the context.

Default 

no pim

Parameters 
asm—
specifies to use PIM ASM for inclusive provider tunnels
ssm —
specifies to u PIM SSM for inclusive provider tunnels
group-address —
specifies the multicast group address to use

hello-interval

Syntax 
hello-interval hello-interval
no hello-interval
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
Description 

This command specifies the interval at which PIM Hello messages are transmitted on the PIM inclusive provider tunnel.

The no form of this command reverts to the default value.

Default 

30 seconds

Parameters 
hello-interval—
specifies the hello interval, in seconds. A 0 (zero) value disables the sending of Hello messages
Values—
0 to 255

hello-multiplier

Syntax 
hello-multiplier deci-units
no hello-multiplier
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
Description 

This command specifies the hello multiplier. The hello-multiplier in conjunction with the hello-interval determines the hold time for a PIM neighbor.

Hold time = (hello-interval * hello-multiplier) / 10.

The no form of the command reverts the value to the default.

Default 

35

Parameters 
deci-units—
specifies the value, in multiples of 0.1, for the formula used to calculate the hold time
Values—
20 to 100

improved-assert

Syntax 
[no] improved-assert
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
Description 

This command enables improved assert procedure on the PIM inclusive provider tunnel.

The no form of the command disables improved assert procedure.

Default 

enabled

three-way-hello

Syntax 
[no] three-way-hello
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
Description 

This command enables PIM three-way hello on the inclusive provider tunnel.

The no form of the command disables the PIM three-way hello.

Default 

disabled

tracking-support

Syntax 
[no] tracking-support
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
Description 

This command enables the setting of the T bit in the LAN Prune Delay option of the Hello message. This indicates the router's capability to disable Join message suppression.

The no form of the command disables the setting.

Default 

disabled

rsvp

Syntax 
rsvp
no rsvp
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
Description 

This command enables the context for specifying RSVP P2MP LSP for the provider tunnel. The no form of the command removes the rsvp context including all the statements in the context.

Default 

no rsvp

enable-bfd-root

Syntax 
enable-bfd-root [transmit-interval] [multiplier multiplier]
no enable-bfd-root
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>rsvp
Description 

This command enables unidirectional multi-point BFD session on a sender (Root) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

Parameters 
transmit-interval—
sets the transmit interval, in milliseconds
Values—
10 to 100000
Values—
100
multiplier multiplier—
sets the multiplier for the BFD session
Values—
3 to 20
Values—
3

enable-bfd-leaf

Syntax 
[no] enable-bfd-leaf
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>rsvp
Description 

This command enables unidirectional multi-point BFD session on a receiver (leaf) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

lsp-template

Syntax 
lsp-template
no lsp-template
Context 
Context config>service>vprn>mvpn>provider-tunnel>inclusive>rsvp
Description 

This command specifies the use of automatically created P2MP LSP as the provider tunnel. The P2MP LSP will be signaled using the parameters specified in the template, such as bandwidth constraints, etc.

Default 

no lsp-template

shutdown

Syntax 
shutdown
no shutdown
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>rsvp>lsp-template
Description 

This command administratively disables and enables use of RSVP P2MP LSP for the provider tunnel.

Default 

no shutdown

wildcard-spmsi

Syntax 
wildcard-spmsi
no wildcard-spmsi
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
Description 

This command enables RFC 6625 (C-*, C-*) S-PMSI functionality for NG-MVPN. When enabled, (C-*, C-*) S-PMSI is used instead of I-PMSI for this MVPN. Wildcard S-PMSI uses the I-PMSI LSP template.

auto-rp-discovery cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.

The no form disables the (C-*, C-*) S-PMSI functionality.

Default 

no wildcard-spmsi

selective

Syntax 
selective
Context 
config>service>vprn>mvpn>provider-tunnel
Description 

This command enables the context to specify selective provider tunnel parameters.

Default 

n/a

auto-discovery-disable

Syntax 
[no] auto-discovery-disable
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command disables C-trees to P-tunnel binding auto-discovery through BGP so it is signaled using PIM join TLVs.

This command requires the c-mcast-signaling parameter to be set to PIM.

For mutli-stream S-PMSI, this command must be enabled for BGP auto-discovery to function.

The no form of the command enables multicast VPN membership auto-discovery through BGP.

Default 

no auto-discovery-disable

data-delay-interval

Syntax 
data-delay-interval value
no data-delay-interval
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command specifies the interval, in seconds, before a PE router connected to the source switches traffic from the inclusive provider tunnel to the selective provider tunnel.

This command is not applicable to multi-stream S-PMSI,

The no form of the command reverts the value to the default.

Default 

3 seconds

Parameters 
value —
specifies the data delay interval, in seconds
Values—
3 to 180

data-threshold

Syntax 
data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
data-threshold c-grp-ipv6-addr/prefix-length s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
no data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask}
no data-threshold c-grp-ipv6-addr/prefix-length
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command specifies the data rate threshold that triggers the switch from the inclusive provider tunnel to the selective provider tunnel for (C-S, C-G) within the group range. Optionally, PE thresholds for creating/deleting ng-MVPN S-PMSI may also be specified. Omitting the PE thresholds, preserves currently set value (or defaults if never set). Multiple statements (one per a unique group) are allowed in the configuration.

This command is not applicable to multi-stream S-PMSI,

The no form of the command removes the values from the configuration.

Default 

no data-threshold

Parameters 
group-address/mask —
specifies a multicast group address and netmask length
c-grp-ip-addr/mask | c-grp-ip-addr netmask—
specifies an IPv4 multicast group address and netmask length or network mask
c-grp-ipv6-addr/prefix-length—
specifies an IPv6 multicast group address and prefix length
s-pmsi-threshold —
Specifies the rate, in kb/s. If the rate for a (C-S, C-G)) within the specified group range exceeds the threshold, traffic for the (C-S, C-G) will be switched to the selective provider tunnel.
s-pmsi-threshold-add —
Specifies the number of receiver PEs for creating S-PMSI. When the number of receiver PEs for a given multicast group configuration is non-zero and below the threshold and BW threshold is satisfied, S-PMSI is created.
s-pmsi-threshold-delete—
Specifies the number of receiver PEs for deleting S-PMSI. When the number of receiver PEs for a given multicast group configuration is above the threshold, S-PMSI is deleted and the multicast group is moved to I-PMSI or a wildcard S-PMSI. It is recommended that the delete threshold be significantly larger than the add threshold, to avoid re-signaling of S-PMSI as the receiver PE count fluctuates.
Values—

c-grp-ip-addr

: multicast group address a.b.c.d

mask

[4 to 32]

netmask

: a.b.c.d (network bits all 1 and host bits all 0)

s-pmsi-threshold

: [1 to 4294967294](threshold in kbps)

c-grp-ipv6-addr

: multicast ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length [1 to 128]

pe-threshold-add:

[1 to 65535], if never specified, 65535 is used (add threshold always met)

pe-threshold-delete:

[2 to 65535], if never specified, 65535 is used (delete threshold never met)

join-tlv-packing-disable

Syntax 
[no] join-tlv-packing-disable
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command enables packing of MDT join TLVs into a single PDU to improve efficiency, if multiple join TLVs are available at the time of transmission.

The no form of the command disables packing of MDT join TLVs into a single PDU.

Default 

no join-tlv-packing-disable

multistream-spmsi

Syntax 
[no] multistream-spmsi index [create]
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command creates a multi-stream S-PMSI policy. Having multiple multi-stream S-PMSIs per MVPN creates a link list, in which the first match (lowest index) will be chosen for a multicast stream. The number of configured multi-stream S-PMSIs cannot exceed the configured maximum S-PMSI for a given MVPN.

Parameters 
index—
specifies the index number
Values—
1 to 1024

group

Syntax 
[no] group ip-address [/mask]
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi
Description 

This command creates group prefixes that map to the multicast stream. At least one source must be specified for the policy to be active.

Parameters 
Ip-address/mask—
specifies the IP address
Values—

ipv4-prefix

a.b.c.d

ipv4-prefix-le

[0..32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

ipv6-prefix-le

[0..128]

source

Syntax 
[no] source ip-address [/mask]
[no] source any
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi>group
Description 

This command creates source prefixes for specific groups that map to the multicast stream.

Parameters 
Ip-address/mask—
specifies the IP address of the group
Values—

ipv4-prefix

a.b.c.d

ipv4-prefix-le

[0..32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

ipv6-prefix-le

[0..128]

sp-template

Syntax 
[no] lsp-template name
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi
Description 

This command creates a RSVP-TE LSP template for S-PSMI. Multi-stream S-PMSIs can share a single template or can each use their own template.

Parameters 
name—
specifies the LSP template name, up to 32 characters

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi
Description 

This commands enables multi-stream S-PSMI. At least one group must be active in a policy.

pim-asm

Syntax 
[no] pim-asm {grp-ip-address/mask | grp-ip-address netmask}
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command specifies the range of PIM-ASM groups to use on the sender PE to setup ASM multicast tree for draft Rosen based Data MDT.

rsvp

Syntax 
[no] rsvp
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command enables use of P2MP RSVP as the inclusive or selective provider tunnel.

Default 

no rsvp

lsp-template

Syntax 
[no] lsp-template lsp-template-name
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
config>service>vprn>mvpn>provider-tunnel>selective>rsvp
Description 

This command specifies the use of automatically created P2MP LSP as the inclusive or selective provider tunnel. The P2MP LSP will be signaled using the parameters specified in the template, such as bandwidth constraints, etc.

Default 

no lsp-template

mldp

Syntax 
[no] mldp
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command enables use of P2MP mLDP LSP as inclusive or selective PMSI tunnels.

For multi-stream S-PMSI, either LDP or RSVP-TE must first be configured before multi-stream policy can be configured.

Default 

no mldp

maximum-p2mp-spmsi

Syntax 
[no] maximum-p2mp-spmsi
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command specifies the maximum number of RSVP P2MP or LDP P2MP S-PMSI tunnels for the mVPN. When the limit is reached, no more RSVP P2MP S-PMSI or LDP P2MP S-PMSI is created and traffic over the data-threshold will stay on I-PMSI.

Default 

10

Parameters 
number—
specifies the maximum number of RSVP P2MP or LDP P2MP S-PMSI tunnel for the mVPN.
Values—
1 to 4k
Values—
10

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>rsvp>lsp-template
config>service>vprn>mvpn>provider-tunnel>inclusive>mldp
config>service>vprn>mvpn>provider-tunnel>selective>rsvp>lsp-template
config>service>vprn>mvpn>provider-tunnel>selective>mldp
Description 

This command administratively disables/enables use of P2MP RSVP LSP template or mLDP LSP for inclusive or selective PMSI tunnels.

Default 

no shutdown

enable-asm-mdt

Syntax 
[no] enable-asm-mdt
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command enables Data MDT with PIM-ASM mode on the receiver PE node. PIM-ASM or PIM-SSM operation mode is derived based on the locally configured SSM range on the node.

If asm-mode is disabled using this command, then PIM-SSM mode is enabled for all groups, independent of the configured SSM range on the node.

pim-ssm

Syntax 
pim-ssm {grp-ip-address/mask | grp-ip-address netmask}
no pim-ssm
Context 
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command specifies the PIM SSM groups to use for the selective provider tunnel.

Parameters 
group-address/mask —
specifies a multicast group address and netmask length

umh-pe-backup

Syntax 
umh-pe-backup
Context 
config>service>vprn>mvpn
Description 

This command enables context to configure primary and standby upstream PE association for the MVPN.

umh-pe

Syntax 
umh-pe ip-address standby ip-address
no umh-pe ip-address
Context 
config>service>vprn>mvpn>umh-pe-backup
Description 

This command assigns a standby PE to each primary PE that must be selected as an alternative PE in case the UFD session on tunnel from primary PE is detected down. Standby for a PE cannot be modified without shutting down the MVPN instance.

If a primary PE is not assigned a standby PE then the UMH selection would fall back to the default method.

umh-selection

Syntax 
umh-selection {highest-ip | hash-based | tunnel-status | unicast-rt-pref}
no umh-selection
Context 
config>service>vprn>mvpn
Description 

This command specifies which UMH selection mechanism to use, highest IP address, hash based or provider tunnel status.

The no form of the command resets it back to default.

Default 

umh-selection highest-ip

Parameters 
highest-ip—
specifies that the highest IP address is selected as UMH
hash-based—
specifies that the UMH selection is based on the hash based procedures
tunnel-status—
specifies that UMH selection is based on the state of the tunnel as well as the available unicast routes through the tunnel. Not supported for IPv6.
unicast-rt-pref—
When selected, best unicast route will decide which UMH is chosen. All PE routers shall prefer the same route to the UMH for the UMH selection criterion (for example BGP path selection criteria must not influence one PE to choose different UMH from another PE).

vrf-export

Syntax 
vrf-export {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]}
no vrf-export
Context 
config>service>vprn>mvpn
Description 

This command specifies the export policy (up to 16) to control MVPN routes exported from the local VRF to other VRFs on the same or remote PE routers.

Default 

vrf-export unicast

Parameters 
unicast—
specifies to use unicast VRF export policy for the MVPN
plcy-or-long-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes
plcy-or-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes

vrf-import

Syntax 
vrf-import {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]}
no vrf-import
Context 
config>service>vprn>mvpn
Description 

This command specifies the import policy (up to 16) to control MVPN routes imported to the local VRF from other VRFs on the same or remote PE routers.

Default 

vrf-import unicast

Parameters 
unicast—
specifies to use a unicast VRF import policy for the MVPN
plcy-or-long-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 255 characters in length composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
plcy-or-expr—
The route policy statement name or a policy logical expression. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes

vrf-target

Syntax 
vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}
no vrf-target
Context 
config>service>vprn>mvpn
Description 

This command specifies the route target to be added to the advertised routes or compared against the received routes from other VRFs on the same or remote PE routers. vrf-import or vrf-export policies override the vrf-target policy.

The no form of the command removes the vrf-target.

Default 

no vrf-target

Parameters 
unicast—
specifies to use unicast vrf-target ext-community for the multicast VPN
ext-comm—
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

import ext-community
specifies communities allowed to be accepted from remote PE neighbors
export ext-community
specifies communities allowed to be sent to remote PE neighbors

export

Syntax 
export {unicast | ext-community}
Context 
config>service>vprn>mvpn>vrf-target
Description 

This command specifies communities to be sent to peers.

Parameters 
unicast—
specifies to use unicast vrf-target ext-community for the multicast VPN
ext-comm—
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

import

Syntax 
import {unicast | ext-community}
Context 
config>service>vprn>mvpn>vrf-target
Description 

This command specifies communities to be accepted from peers.

Parameters 
unicast—
specifies to use unicast vrf-target ext-community for the multicast VPN
ext-comm—
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

Redundant Interface Commands

redundant-interface

Syntax 
[no] redundant-interface ip-int-name
Context 
config>service>vprn
Description 

This command configures a redundant interface.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

address

Syntax 
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
Context 
config>service>vprn>redundant-interface
Description 

This command assigns an IP address mask or netmask and a remote IP address to the interface.

Parameters 
ip-address/mask—
assigns an IP address/IP subnet format to the interface
ip-address netmask—
specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains

assigns an IP address netmask to the interface

remote-ip ip-address
assigns a remote IP to the interface

Router Advertisement Commands

router-advertisement

Syntax 
[no] router-advertisement
Context 
config>service>vprn
Description 

This command configures router advertisement properties. By default, it is disabled for all IPv6 enabled interfaces.

The no form of the command disables all IPv6 interface. However, the no interface interface-name command disables a specific interface.

Default 

disabled

dns-options

Syntax 
[no] dns-options
Context 
config>service>vprn>router-advertisement
config>service>vprn>router-advert>interface
Description 

This command enables the context for configuration of DNS information for Stateless Address Auto-Configuration (SLAAC) hosts.

When specified at the router-advertisement level in the routing context, this command allows configuration of service-wide parameters. These can then be inherited at the interface level by specifying the config>service>vprn>router-advert>interface>dns-options>include-dns command.

The no form of the command disables configuration of DNS information for Stateless Address Auto-Configuration (SLAAC) hosts.

Default 

disabled

server

Syntax 
server ipv6-address
no server
Context 
config>service>vprn>router-advert>dns-options
config>service>vprn>router-advert>interface>dns-options
Description 

This command specifies the IPv6 DNS servers to include in the RDNSS option in Router Advertisements. When specified at the router advertisement level this applies to all interfaces that have include-dns enabled, unless the interfaces have more specific dns-options configured.

Default 

n/a

Parameters 
ipv6-address—
Specify the IPv6 address of the DNS server(s), up to 4 max. Specified as eight 16-bit hexadecimal pieces.

include-dns

Syntax 
[no] include-dns
Context 
config>service>vprn>router-advert>interface>dns-options
Description 

This command enables the Recursive DNS Server (RDNSS) Option in router advertisements. This must be enabled for each interface on which the RDNSS option is required in router advertisement messages.

The no form of the command disables the RDNSS option in router advertisements.

Default 

disabled

rdnss-lifetime

Syntax 
rdnss-lifetime {seconds | infinite}
no rdnss-lifetime
Context 
config>service>vprn>router-advert>dns-options
config>service>vprn>router-advert>interface>dns-options
Description 

This command specifies the maximum time that the RDNSS address may be used for name resolution by the client. The RDNSS Lifetime must be no more than twice MaxRtrAdvLifetime with a maximum of 3600 seconds.

Default 

rdnss-lifetime infinite

Parameters 
infinite—
specifies an infinite RDNSS lifetime
seconds—
specifies the time in seconds
Values—
4to 3600

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>router-advertisement
Description 

This command configures router advertisement properties on a specific interface. The interface must already exist in the config>router>interface context.

Default 

No interfaces are configured by default.

Parameters 
ip-int-name—
Specifies the interface name. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

current-hop-limit

Syntax 
current-hop-limit number
no current-hop-limit
Context 
config>service>vprn>router-advert>if
Description 

This command configures the current-hop-limit in the router advertisement messages. It informs the nodes on the subnet about the hop-limit when originating IPv6 packets.

Default 

64

Parameters 
number—
specifies the hop limit
Values—
0 to 255. A value of zero means there is an unspecified number of hops.

managed-configuration

Syntax 
[no] managed-configuration
Context 
config>service>vprn>router-advert>if
Description 

This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address autoconfigured using stateless address autoconfiguration. See RFC 3315, Dynamic Host Configuration Protocol (DHCP) for IPv6.

Default 

no managed-configuration

max-advertisement-interval

Syntax 
[no] max-advertisement-interval seconds
Context 
config>service>vprn>router-advert>if
Description 

This command configures the maximum interval between sending router advertisement messages.

Default 

600

Parameters 
seconds—
Specifies the maximum interval in seconds between sending router advertisement messages.
Values—
4 to 1800

min-advertisement-interval

Syntax 
[no] min-advertisement-interval seconds
Context 
config>service>vprn>router-advert>if
Description 

This command configures the minimum interval between sending ICMPv6 neighbor discovery router advertisement messages.

Default 

200

Parameters 
seconds—
specifies the minimum interval in seconds between sending ICMPv6 neighbor discovery router advertisement messages.
Values—
3 to 1350

mtu

Syntax 
[no] mtu mtu-bytes
Context 
config>service>vprn>router-advert>if
Description 

This command configures the MTU for the nodes to use to send packets on the link.

Default 

no mtu — the MTU option is not sent in the router advertisement messages

Parameters 
mtu-bytes—
specifies the MTU for the nodes to use to send packets on the link
Values—
1280 to 9212

other-stateful-configuration

Syntax 
[no] other-stateful-configuration
 
Context 
 
Description 

This command sets the "Other configuration" flag. This flag indicates that DHCPv6lite is available for autoconfiguration of other (non-address) information such as DNS-related information or information on other servers in the network. See RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) for IPv6.

Default 

no other-stateful-configuration

prefix

Syntax 
[no] prefix [ipv6-prefix/prefix-length]
Context 
config>service>vprn>router-advert>if
Description 

This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until explicitly configured using prefix statements.

Default 

n/a

Parameters 
ip-prefix—
the IP prefix for prefix list entry in dotted decimal notation
Values—

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

prefix-length—
specifies a route must match the most significant bits and have a prefix length
Values—
1 to 128

autonomous

Syntax 
[no] autonomous
Context 
config>service>vprn>router-advert>if>prefix
Description 

This command specifies whether the prefix can be used for stateless address autoconfiguration.

Default 

enabled

on-link

Syntax 
[no] on-link
Context 
config>service>vprn>router-advert>if>prefix
Description 

This command specifies whether the prefix can be used for onlink determination.

Default 

enabled

preferred-lifetime

Syntax 
[no] preferred-lifetime {seconds | infinite}
Context 
config>service>vprn>router-advert>if
Description 

This command configures the remaining length of time in seconds that this prefix will continue to be preferred, such as, time until deprecation. The address generated from a deprecated prefix should not be used as a source address in new communications, but packets received on such an interface are processed as expected.

Default 

604800

Parameters 
seconds—
specifies the remaining length of time in seconds that this prefix will continue to be preferred
infinite—
specifies that the prefix will always be preferred. A value of 4,294,967,295 represents infinity

valid-lifetime

Syntax 
valid-lifetime {seconds | infinite}
Context 
config>service>vprn>router-advert>if
Description 

This command specifies the length of time in seconds that the prefix is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity.

The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

Default 

2592000

Parameters 
seconds—
specifies the remaining length of time in seconds that this prefix will continue to be valid
infinite—
specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity

reachable-time

Syntax 
reachable-time milli-seconds
no reachable-time
Context 
config>service>vprn>router-advert>if
Description 

This command configures how long this router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

Default 

no reachable-time

Parameters 
milli-seconds—
specifies the length of time the router should be considered reachable
Values—
0 to 3600000

retransmit-time

Syntax 
retransmit-timer milli-seconds
no retransmit-timer
Context 
config>service>vprn>router-advert>if
Description 

This command configures the retransmission frequency of neighbor solicitation messages.

Default 

no retransmit-time

Parameters 
milli-seconds—
specifies how often the retransmission should occur
Values—
0 to 1800000

router-lifetime

Syntax 
router-lifetime seconds
no router-lifetime
Context 
config>service>vprn>router-advert>if
Description 

This command sets the router lifetime.

Default 

1800

Parameters 
seconds—
the length of time, in seconds, (relative to the time the packet is sent) that the prefix is valid for route determination
Values—
0, 4 to 9000 seconds. 0 means that the router is not a default router on this link.

use-virtual-mac

Syntax 
[no] use-virtual-mac
Context 
config>service>vprn>router-advert>if
Description 

This command enables sending router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.

If the virtual router is not the master, no router advertisement messages are sent.

The no form of the command disables sending router advertisement messages.

Default 

no use-virtual-mac

Network Time Protocol Commands

ntp

Syntax 
[no] ntp
Context 
config>service>vprn
Description 

This command enables the context to configure Network Time Protocol (NTP) and its operation. This protocol defines a method to accurately distribute and maintain time for network elements. Furthermore this capability allows for the synchronization of clocks between the various network elements. Use the no form of the command to stop the execution of NTP and remove its configuration.

Default 

n/a

authenticate

Syntax 
[no] authenticate
Context 
config>service>vprn>ntp
Description 

This command enables authentication for the NTP server.

authentication-check

Syntax 
[no] authentication-check
Context 
config>service>vprn>ntp
Description 

This command provides the option to skip the rejection of NTP PDUs that do not match the authentication key-id, type or key requirements. The default behavior when authentication is configured is to reject all NTP protocol PDUs that have a mismatch in either the authentication key-id, type or key.

When authentication-check is enabled, NTP PDUs are authenticated on receipt. However, mismatches cause a counter to be increased, one counter for type and one for key-id, one for type, value mismatches. These counters are visible in a show command.

The no form of this command allows authentication mismatches to be accepted; the counters however are maintained.

Default 

authentication-check — rejects authentication mismatches

authentication-key

Syntax 
authentication-key key-id {key key} [hash | hash2] type {des | message-digest}
no authentication-key key-id
Context 
config>service>vprn>ntp
Description 

This command sets the authentication key-id, type and key used to authenticate NTP PDUs sent to or received by other network elements participating in the NTP protocol. For authentication to work, the authentication key-id, type and key value must match.

The no form of the command removes the authentication key.

Default 

n/a

Parameters 
key-id—
Configure the authentication key-id that will be used by the node when transmitting or receiving Network Time Protocol packets.

Entering the authentication-key command with a key-id value that matches an existing configuration key will result in overriding the existing entry.

Recipients of the NTP packets must have the same authentication key-id, type, and key value in order to use the data transmitted by this node. This is an optional parameter.

Values—
1 to 255
Values—
n/a
key —
The authentication key associated with the configured key-id, the value configured in this parameter is the actual value used by other network elements to authenticate the NTP packet.

The key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“.”).

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
type —
This parameter determines if DES or message-digest authentication is used.

This is a required parameter; either DES or message-digest must be configured.

Values—
des — specifies that DES authentication is used for this key
message-digest — specifies that MD5 authentication in accordance with RFC 2104 is used for this key
des is not permitted in FIPS-140-2 mode.

broadcast

Syntax 
broadcast {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]
no broadcast {interface ip-int-name}
Context 
config>service>vprn>ntp
Description 

This command configures the node to transmit NTP packets on a given interface. Broadcast and multicast messages can easily be spoofed, thus, authentication is strongly recommended.

The no form of this command removes the address from the configuration.

Parameters 
ip-int-name—
Specifies the local interface on which to transmit NTP broadcast packets. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
Values—
32 character maximum
key-id key-id
Identifies the configured authentication key and authentication type used by this node to receive and transmit NTP packets to and from an NTP server and peers. If an NTP packet is received by this node both authentication key and authentication type must be valid otherwise the packet will be rejected and an event/trap generated.
Values—
1 to 255
Values—
n/a
version version
Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode in which case all versions will be accepted.
Values—
1 to 4
Values—
4
ttl ttl
specifies the IP Time To Live (TTL) value
Values—
1 to 255
Values—
n/a

NAT Commands

nat

Syntax 
[no] nat
Context 
config>service>vprn
config>router
Description 

This command configures, creates or deletes a NAT instance.

inside

Syntax 
inside
Context 
config>service>vprn>nat
config>router>nat
Description 

This command enters the “inside” context to configure the inside NAT instance.

destination-prefix

Syntax 
[no] destination-prefix ip-prefix/length
Context 
config>service>vprn>nat>inside
config>router>nat>inside
Description 

This command configures a destination prefix. An (internal) static route will be created for this prefix. All traffic that hits this route will be subject to NAT. The system will not allow a destination-prefix to be configured if the configured nat-policy refers to an IP pool that resides in the same service (as this would result in a routing loop).

Parameters 
ip-prefix—
specifies the IP prefix; host bits must be zero (0)
Values—
a.b.c.d
length—
specifies the prefix length
Values—
0 to 32

dual-stack-lite

Syntax 
dual-stack-lite
Context 
config>service>vprn>nat
config>router>nat>inside
Description 

This command enables the context to configure Dual-Stack-Lite NAT parameters.

address

Syntax 
[no] address ipv6-address
Context 
config>service>vprn>nat>inside>dslite
Description 

This command configures a dual-stack-lite IPv6 address

The no form of the command removes the value from the configuration.

Default 

n/a

Parameters 
ipv6-address—
specifies the IPv6 address on the interface
Values—

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

tunnel-mtu

Syntax 
tunnel-mtu mtu-bytes
no tunnel-mtu
Context 
config>service>vprn>nat>inside>dslite>address
Description 

This command configures the DSLite tunnel MTU for this Dual Stack Lite address.

The no form of the command reverts the default.

Default 

1500

Parameters 
mtu-bytes—
specifies the DSLite tunnel MTU
Values—
512 to 9212

subscriber-prefix-length

Syntax 
subscriber-prefix-length prefix-length
no subscriber-prefix-length
Context 
config>service>vprn>nat>inside>dslite
Description 

This command configures the IPv6 prefix length of the dual-stack-lite subscribers.

The no form of the command reverts the default.

Default 

128

Parameters 
prefix-length prefix-length
specifies the IPv6 prefix length of the dual-stack-lite subscriber
Values—
32 to 64, 128
Values—
128

l2-aware

Syntax 
l2-aware
Context 
config>services>vprn>nat>inside
Description 

This command enables the context to configure parameters specific to Layer 2-aware NAT.

address

Syntax 
[no] address ip-address/mask
Context 
config>services>vprn>nat>inside>l2-aware
Description 

This command configures a Layer 2-aware NAT address. This address will act as a local address of the system. Hosts connected to the inside service will be able to ARP for this address. To verify connectivity, a host can also ping the address. This address is typically used as next hop of the default route of a Layer 2-aware host. The given mask defines a Layer 2-aware subnet. The (inside) IP address used by anLayer 2-aware host must match one of the subnets defined here or it will be rejected.

Parameters 
ip-address—
specifies the IP address in a.b.c.d format
mask—
specifies the mask
Values—
16 to 32

nat-policy

Syntax 
nat-policy nat-policy-name
no nat-policy
Context 
config>services>vprn>nat>inside
config>router>nat>inside
Description 

This command configures the NAT policy that will be used for large-scale NAT in this service.

Parameters 
nat-policy-name—
specifies the NAT policy name
Values—
32 chars max

redundancy

Syntax 
redundancy
Context 
config>service>vprn>nat>inside
config>service>vprn>nat>outside>pool
Description 

This command enables the context to configure redundancy parameters.

peer

Syntax 
peer ip-address
no peer
Context 
config>service>vprn>nat>inside>redundancy
Description 

This command configures the IP address of the NAT redundancy peer in the realm of this virtual router instance.

steering-route

Syntax 
steering-route ip-prefix/length
no steering-route
Context 
config>service>vprn>nat>inside>redundancy
Description 

This command configures specifies the IP address and prefix length of the steering route. The steering route is used in the realm of this virtual router instance as an indirect next-hop for all the traffic that must be routed to the large scale NAT function.

outside

Syntax 
outside
Context 
config>service>vprn>nat
config>router>nat
Description 

This command enters the “outside” context to configure the outside NAT instance.

pool

Syntax 
pool nat-pool-name [nat-group nat-group-id type pool-type [no-allocate] [create]
no pool nat-pool-name
Context 
config>service>vprn>nat>outside
config>router>nat>outside
Description 

This command configures a NAT pool.

Parameters 
nat-pool-name—
specifies the NAT pool name
Values—
32 chars max
nat-group-id—
specifies the NAT group ID
Values—
1 to 4
create—
This parameter must be specified to create the instance.
pool-type—
specifies the pool type, either large-scale or L2-aware

address-range

Syntax 
address-range start-ip-address end-ip-address [create]
no address-range start-ip-address end-ip-address
Context 
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool
Description 

This command configures a NAT address range.

Parameters 
start-ip-address—
specifies the beginning IP address in a.b.c.d form
end-ip-address—
specifies the ending IP address in a.b.c.d. form
create—
This parameter must be specified to create the instance.

description

Syntax 
description description-string
no description
Context 
config>service>vprn>nat>outside>pool>address-range
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool>address-range
config>router>nat>outside>pool
Description 

This command configures the description for the NAT address range.

Parameters 
description-string—
specifies the NAT address range description
Values—
80 chars max

drain

Syntax 
[no] drain
Context 
config>service>vprn>nat>outside>pool>address-range
config>router>nat>outside>pool>address-range
Description 

This command starts or stops draining this NAT address range. When an address-range is being drained, it will not be used to serve new hosts. Existing hosts, however, will still be able to use the address that was assigned to them even if it is being drained.An address-range can only be deleted if the parent pool is shut down or if the range itself is effectively drained (no hosts are using the addresses anymore).

mode

Syntax 
mode {auto | napt}
no mode
Context 
config>service>vprn>nat>outside>pool
Description 

This command configures the mode of operation of this NAT address pool.

The mode value is only relevant while the value of pool type is equal to largeScale; while the value of pool type is equal to l2Aware, the mode of operation is always NAPT.

port-forwarding-range

Syntax 
port-forwarding-range range-end
no port-forwarding-range
Context 
config>service>vprn>nat>outside>pool
Description 

This command configures the end of the port range available for port forwarding. The start of the range is always equal to one.

The actual maximum value of the range end may be restricted to less than 65535 depending on the value of the objects port reservation type and port reservation value and on system specifications.

Default 

1023

Parameters 
range-end—
specifies the mode of operation of this NAT pool
Values—
1023 to 65535

port-reservation

Syntax 
port-reservation blocks num-blocks
port-reservation ports num-ports
no port-reservation
Context 
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool
Description 

This command configures the size of the port-block that will be assigned to a host that is served by this pool. The number of ports configured here will be available to UDP, TCP and ICMP (as identifiers).

Parameters 
num-blocks—
Specifies the number of port-blocks per IP address. Setting num-blocks to one (1) for large scale NAT will enable 1:1 NAT for IP addresses in this pool.
Values—
1 to 64512
num-ports—
specifies the number of ports per block
Values—
1 to 32256

export

Syntax 
export ip-prefix/length
no export
Context 
config>service>vprn>nat>outside>pool>redundancy
Description 

his command installs the export route in the routing table for active NAT pools.

Once the export route is in the routing table, it can be advertised in the network via a routing protocol. NAT pools in the standby or disabled state will not advertise the export route.

A NAT pool will become active when it becomes operationally UP, AND there is no monitoring route (which is also the export route from the peer) present in the routing node (as received from the network). The pool will transition into standby state in case that the monitoring route (or export route from the peer) is already present in the routing table. In other words, the monitoring route is already advertised as an export route from the peering node with active NAT pool.

The export route can be advertised only from:

  1. The active lead pool.
  2. Active pool for which fate-sharing is disabled.
Default 

no export

Parameters 
ip-prefix/length—
specifies the IP prefix and length

Syntax:

ip-prefix/length :

ip-prefix

a.b.c.d

ip-prefix-length

0 to 32

Values—
0, 4, 16

follow

Syntax 
follow router router-instance pool name
no follow
Context 
config>service>vprn>nat>outside>pool>redundancy
config>router> nat>outside>pool>redundancy
Description 

This command implicitly enables Pool Fate-Sharing Group (PFSG) which is required in case of multiple NAT policies per inside routing context. A NAT pool configured with this command will not advertise or monitor any route in order to change its (activity) state but instead it will directly follow the state of the lead pool in the PFSG. Once the lead pool changes its (activity) state, all the remaining pools following the lead pool will change their state accordingly.

Default 

no follow

Parameters 
router router-instance
specifies the routing instance where the lead pool resides
Values—
<router-name> | <service-id>
router-name - Base
service-id - [1to2147483647]
pool name
the pool whose activity state is being shared up to 32 characters in length

monitor

Syntax 
monitor ip-prefix/length
no monitor
Context 
config>service>vprn>nat>outside>pool>redundancy
config>router> nat>outside>pool>redundancy
Description 

This command configures the monitoring route based on which the NAT multi-chassis switchover is triggered. Monitoring route of a NAT pool on the local node must match the export route of a corresponding NAT pool on the peering node. Presence of the monitoring route in the routing table is an indication that the peering NAT pool is active (since it is advertising its export route). The disappearance of the monitoring route from the routing table is an indication that the peering pool has failed and consequently the nodal switchover is triggered, the local pool becomes active and its export route is consequently advertised. The export route can be advertised only from:

  1. The active lead pool.
  2. Active pool for which fate-sharing is disabled.
Parameters 
ip-prefix/length—
specifies the IP prefix and length

Syntax:

ip-prefix/length :

ip-prefix

a.b.c.d

ip-prefix-length

0 to 32

subscriber-limit

Syntax 
subscriber-limit limit
no subscriber-limit
Context 
config>service>vprn>nat>outside>pool
Description 

This command configures the maximum number of subscribers per outside IP address.

If multiple port blocks per subscriber are used, the block size is typically small; all blocks assigned to a given subscriber belong to the same IP address; the subscriber limit guarantees that any subscriber can get a minimum number of ports.

Parameters 
limit—
specifies the maximum number of subscribers per outside IP address
Values—
1 to 65535

watermarks

Syntax 
watermarks high percentage-high low percentage-low
no watermarks
Context 
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool
Description 

This command configures the watermarks for this NAT pool.

Parameters 
percentage-high—
specifies the high percentage
Values—
2 to 100
percentage-low—
specifies the low percentage
Values—
1 to 99

Subscriber Interface Commands

subscriber-interface

Syntax 
subscriber-interface ip-int-name [fwd-service service-id fwd-subscriber-interface ip-int-name]
no subscriber-interface ip-int-name
Context 
config>service>vprn
Description 

This command allows the operator to create special subscriber-based interfaces. It is used to contain multiple group interfaces. Multiple subnets associated with the subscriber interface can be applied to any of the contained group interfaces in any combination. The subscriber interface allows subnet sharing between group interfaces.

Use the no form of the command to remove the subscriber interface.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
fwd-service service-id
specifies the forwarding service ID for a subscriber interface in a retailer context
fwd-subscriber-interface ip-int-name
specifies the forwarding subscriber interface for a subscriber interface in a retailer context

address

Syntax 
[no] address {ip-address/mask | ip-address netmask} [gw-ip-address ip-address] [populate-host-routes] [track-srrp srrp-instance [holdup-time msecs]]
Context 
config>service>vprn>subscriber-interface
Description 

This command configures the local subscriber subnets available on a subscriber IP interface. The configured ip-address and mask define the address space associated with the subscriber subnet. Up to 16 IP subnets can be created on a single subscriber IP interface. Each subnet supports a locally owned IP host address within the subnet that is not expected to appear on other routers that may be servicing the same subscriber subnet. For redundancy purposes, the keyword gw-address defines a separate IP address within the subnet for Subscriber Routed Redundancy Protocol (SRRP) routing. This IP address must be the same on the local and remote routers participating in a common SRRP instance.

In SRRP, a single SRRP instance is tied to a group IP interface. The group IP interface is contained directly within a subscriber IP interface context and thus directly associated with the subscriber subnets on the subscriber IP interface. The SRRP instance is also indirectly associated with any subscriber subnets tied to the subscriber interface through wholesale/retail VPRN configurations. With the directly-associated and the indirectly-associated subscriber interface subnets, a single SRRP instance can manage hundreds of SRRP gateway IP addresses. This automatic subnet association to the SRRP instance is different from VRRP where the redundant IP address is defined within the VRRP context.

Defining an SRRP gateway IP address on a subscriber subnet is not optional when the subnet is associated with a group IP interface with SRRP enabled. Enabling SRRP (no shutdown) will fail if one or more subscriber subnets do not have an SRRP gateway IP address defined. Creating a new subscriber subnet without an SRRP gateway IP address defined will fail when the subscriber subnet is associated with a group IP interface with an active SRRP instance. Once SRRP is enabled on a group interface, the SRRP instance will manage the ARP response and routing behavior for all subscriber hosts reachable through the group IP interface.

The no form of the command removes the address from a subscriber subnet. The address command for the specific subscriber subnet must be executed without the gw-address parameter. To succeed, all SRRP instances associated with the subscriber subnet must removed or shutdown.

Parameters 
ip-address/mask | ip-address netmask—
specifies the address space associated with the subscriber subnet
gw-ip-address ip-address
Specifies a separate IP address within the subnet for SRRP routing purposes. This parameter must be followed by a valid IP interface that exists within the subscriber subnet created by the address command. The defined gateway IP address cannot currently exist as a subscriber host (static or dynamic). If the defined ip-address already exists as a subscriber host address, the address command will fail. The specified ip-address must be unique within the system.

The gw-address parameter may be specified at anytime. If the subscriber subnet was created previously, executing the address command with a gw-address parameter will simply add the SRRP gateway IP address to the existing subnet.

If the address command is executed without the gw-address parameter when the subscriber subnet is associated with an active SRRP instance, the address will fail. If the SRRP instance is inactive or removed, executing the address command without the gw-address parameter will remove the SRRP gateway IP address from the specified subscriber subnet.

If the address command is executed with a new gw-address, all SRRP instances currently associated with the specified subscriber subnet will be updated with the new SRRP gateway IP address.

populate-host-routes—
Specifies to populate subscriber-host routes in local FIB. Storing them in FIB benefits topologies only where the external router advertises more specific routes than the one corresponding to locally configured subscriber-interface subnets.

allow-unmatching-subnets

Syntax 
[no] allow-unmatching-subnets
Context 
config>service>vprn>subscriber-interface
Description 

This command specifies whether subscriber hosts with a subnet that does not match any of the subnets configured on this interface, are allowed.

group-interface

Syntax 
[no] group-interface ip-int-name
Context 
config>service>vprn>subscriber-interface
Description 

This command enables the context to configure a group interface. A group interface is an interface that may contain one or more SAPs. This interface is used in triple-play services where multiple SAPs are part of the same subnet.

Default 

n/a

Parameters 
ip-int-name—
Configures the interface group name. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

arp-host

Syntax 
arp-host
Context 
config>service>vprn>sub-if>grp-if
Description 

This command enables the context to configure ARP host parameters.

host-limit

Syntax 
host-limit max-num-hosts
no host-limit
Context 
config>service>vprn>sub-if>grp-if>arp-host
Description 

This command configures the maximum number of ARP hosts.

Parameters 
max-num-hosts—
specifies the maximum number of ARP hosts
Values—
1 to 32767

min-auth-interval

Syntax 
min-auth-interval min-auth-interval
no min-auth-interval
Context 
onfig>service>vprn>sub-if>grp-if>arp-host
Description 

This command configures the minimum authentication interval.

Parameters 
min-auth-interval—
specifies the minimum authentication interval
Values—
1 to 6000

sap-host-limit

Syntax 
sap-host-limit max-num-hosts-sap
no sap-host-limit
Context 
config>service>vprn>sub-if>grp-if>arp-host
Description 

This command configures the maximum number of ARP hosts per SAP.

Parameters 
max-num-hosts-sap—
specifies the maximum number of ARP hosts per SAP allowed on this IES interface
Values—
1 to 32767

Interface Commands

interface

Syntax 
interface ip-int-name
no interface ip-int-name
Context 
config>service>vprn
Description 

This command creates a logical IP routing interface for a Virtual Private Routed Network (VPRN). Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within VPRN service IDs. The interface command can be executed in the context of an VPRN service ID. The IP interface created is associated with the service core network routing instance and default routing table. The typical use for IP interfaces created in this manner is for subscriber Internet access.

Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config router interface and config service vprn interface. Interface names must not be in the dotted decimal notation of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

The available IP address space for local subnets and routes is controlled with the config router service-prefix command. The service-prefix command administers the allowed subnets that can be defined on service IP interfaces. It also controls the prefixes that may be learned or statically defined with the service IP interface as the egress interface. This allows segmenting the IP address space into config router and config service domains.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All VPRN IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shutdown before issuing the no interface command.

For VPRN services, the IP interface must be shutdown before the SAP on that interface may be removed. VPRN services do not have the shutdown command in the SAP CLI context. VPRN service SAPs rely on the interface status to enable and disable them.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If ip-int-name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and context will not be changed to that IP interface. If ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.

active-cpm-protocols

Syntax 
[no] active-cpm-protocols
Context 
config>service>vprn>if
Description 

This command enables CPM protocols on this interface.

address

Syntax 
address {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [track-srrp srrp-instance]
no address
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

Assigns an IP address, IP subnet, and broadcast address format to a VPRN IP router interface. Only one IP address can be associated with an IP interface.

An IP address must be assigned to each VPRN IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7750 SR.

The local subnet that the address command defines must be part of the services address space within the routing context using the config router service-prefix command. The default is to disallow the complete address space to services. Once a portion of the address space is allocated as a service prefix, that portion can be made unavailable for IP interfaces defined within the config router interface CLI context for network core connectivity with the exclude option in the config router service-prefix command.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

Use the no form of this command to remove the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.

Address

Admin state

Oper state

No address

up

down

No address

down

down

1.1.1.1

up

up

1.1.1.1

down

down

The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an adminstratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface will be reinitialized.

Parameters 
ip-address—
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
/—
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the “/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.
mask-length—
The subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 0 – 30. A mask length of 32 is reserved for system IP addresses.
mask—
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
broadcast—
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

Values—
host-ones
all-ones—
The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
host-ones—
The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

track-srrp—
specifies the SRRP instance ID that this interface route needs to track

allow-directed-broadcasts

Syntax 
[no] allow-directed-broadcasts
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command controls the forwarding of directed broadcasts out of the IP interface.

A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined to the subnet broadcast address of the egress IP interface.

When enabled, a frame destined to the local subnet on this IP interface will be sent as a subnet broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a well-known mechanism used for denial-of-service attacks.

When disabled, directed broadcast packets discarded at this egress IP interface will be counted in the normal discard counters for the egress SAP.

By default, directed broadcasts are not allowed and will be discarded at this egress IP interface.

The no form of this command disables the forwarding of directed broadcasts out of the IP interface.

Default 

no allow-directed-broadcasts — Directed broadcasts are dropped.

bfd

Syntax 
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
no bfd
Context 
config>service>vprn>if
config>service>vprn>if>ipv6
config>service>vprn>nw-if
Description 

This command specifies the BFD parameters for the associated IP interface. If no parameters are defined the default value are used.

The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault.

The no form of the command removes BFD from the associated IGP protocol adjacency.

Note:

On the 7750 SR and 7950 XRS, the transmit-interval, receive receive-interval, and echo-receive echo-interval values can only be modified to a value less than 100 when:

  1. The type cpm-np option is explicitly configured.
  2. The interval is specified 10 to 100000.
  3. he service is shut down (shutdown)
  4. The service is re-enabled (no shutdown)

To remove the type cpm-np option, re-issue the bfd command without specifying the type parameter.

Default 

no bfd

Parameters 
transmit-interval—
sets the transmit interval for the BFD session
Values—
10 to 100000 (see the Caution above)
Values—
100
receive receive-interval
sets the receive interval for the BFD session
Values—
10 to 100000 (see the Caution above)
Values—
100
multiplier multiplier
set the multiplier for the BFD session
Values—
3to 20
Values—
3
echo-receive echo-interval
sets the minimum echo receive interval, in milliseconds, for the BFD session
Values—
100 to 100000
10 to 100000 (applies to the 7750 SR; see the Caution above)
Values—
100
type cpm-np—
specifies that BFD sessions associated with this interface will be created on the CPM network processor to allow for fast timers down to 10ms granularity. This parameter applies to the 7750 SR only.

cflowd-parameters

Syntax 
cflowd-parameters
no cflowd-parameters
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default 

no cflowd-parameters

sampling

Syntax 
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}]
no sampling {unicast | multicast}
Context 
config>service>vprn>if>cflowd-parameters
config>service>vprn>nw-if>cflowd-parameters
Description 

This command enables and configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.

This command can be used to configure the sampling parameters for unicast and multicast traffic separately. If sampling is not configured for either unicast or multicast traffic, then that type of traffic will not be sampled.

If cflowd is enabled without either egress-only or both specified or with the ingress-only keyword specified, then only ingress sampling will be enabled on the associated IP interface.

The no form of the command disables the associated type of traffic sampling on the associated interface.

Default 

no sampling

Parameters 
unicast—
specifies that the sampling command will control the sampling of unicast traffic on the associated interface/SAP
mulitcast—
specifies that the sampling command will control the sampling of multicast traffic on the associated interface/SAP
type—
specifies the sampling type
Values—
acl — specifies that the sampled traffic is controlled via an IP traffic filter entry with the action “filter-sample” configured
interface — specifies that all traffic entering or exiting the interface is subject to sampling
direction—
specifies the direction to collect traffic flow samples
Values—
ingress-only — enables ingress sampling only on the associated interface
egress-only — enables egress sampling only on the associated interface
both — enables both ingress and egress cflowd sampling

cpu-protection

Syntax 
cpu-protection policy-id
no cpu-protection
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command assigns an existing CPU protection policy to the associated service interface. For these interface types, the per-source rate limit is not applicable.The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU protection policy is assigned to a service interface, then a the default policy is used to limit the overall-rate.

The no form of the command removes CPU protection policy association from the interface, resulting in no default rate limiting of control packets.

Default 

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

none (for video-interfaces (where applicable), shown as no cpu-protection in CLI)

The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.

Parameters 
policy-id—
specifies an existing CPU protection policy
Values—
1 to 255

cpu-protection

Syntax 
cpu-protection policy-id [mac-monitoring]
no cpu-protection
Context 
config>service>vprn>if
config>service>vprn>if>sap
Description 

This command assigns an existing CPU protection policy to the associated service group interface SAP, interface or MSAP policy. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU protection policy is assigned to a service group interface SAP, then a the default policy is used to limit the overall-rate.

Default 

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

none (for video-interfaces (where applicable), shown as no cpu-protection in CLI)

The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.

Parameters 
policy-id—
specifies an existing CPU protection policy
Values—
1 to 255
mac-monitoring—
When specified, the per MAC rate limiting should be performed, using the per-source-rate from the associated cpu-protection policy.

dad-disable

Syntax 
[no] dad-disable
Context 
config>service>vprn>if>ipv6
Description 

This command disables duplicate address detection (DAD) on a per-interface basis. This prevents the router from performing a DAD check on the interface. All IPv6 addresses of an interface with DAD disabled, immediately enter a preferred state, without checking for uniqueness on the interface. This is useful for interfaces which enter a looped state during troubleshooting and operationally disable themselves when the loop is detected, requiring manual intervention to clear the DAD violation.

The no form of the command turns off dad-disable on the interface.

Default 

not enabled

dist-cpu-protection

Syntax 
dist-cpu-protection policy-name
no dist-cpu-protection
Context 
config>service>vprn>if>nw-if
Description 

This command assigns a Distributed CPU Protection (DCP) policy to the network interface. Only a valid created DCP policy can be assigned to a SAP or a network interface (this rule does not apply to templates such as an msap-policy)

Default 

no dist-cpu-protection

delayed-enable

Syntax 
delayed-enable seconds
no delayed-enable
Context 
config>service>vprn>if
config>service>vprn>if>nw-if
config>service>vprn>if>redundant-if
Description 

This command will cause a delay in the activation of an IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up.

The no form of the command removes the command from the active configuration and removes the delay in activating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires.

Parameters 
seconds—
specifies a delay, in seconds, to make the interface operational
Values—
1 to 1200

if-attribute

Syntax 
if-attribute
Context 
config>service>vprn>interface
Description 

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

admin-group

Syntax 
admin-group group-name [group-name...(up to 5 max)]
no admin-group group-name [group-name...(up to 5 max)]
no admin-group
Context 
config>service>vprn>if>if-attribute
Description 

This command configures the admin group membership of an interface. The user can apply admin groups to an IES, VPRN, network IP, or MPLS interface.

Each single operation of the admin-group command allows a maximum of five (5) groups to be specified at a time. However, a maximum of 32 groups can be added to a given interface through multiple operations. Once an admin group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured admin-group membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the admin groups bound to an MPLS interface are advertised area-wide in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the admin-group memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group with up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain.

srlg-group

Syntax 
srlg-group group-name [group-name...(up to 5 max)]
no srlg-group group-name [group-name...(up to 5 max)]
no srlg-group
Context 
config>service>vprn>if>if-attribute
Description 

This command configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface.

An interface can belong to up to 64 SRLG groups. However, each single operation of the srlg-group command allows a maximum of five (5) groups to be specified at a time. Once an SRLG group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured SRLG membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the SRLGs bound to an MPLS interface are advertised area-wide in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the SRLG memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain.

ingress

Syntax 
ingress
Context 
config>service>vprn>if
Description 

This command enters context to configure ingress parameters for network interfaces.

policy-accounting

Syntax 
policy-accounting <template-name>
no policy-accounting
Context 
config>service>vprn>if>ingress
Description 

This command configures the service vprn interface ingress policy accounting

Parameters 
template-name—
name of template (32 characters maximum)

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>vprn>if
Description 

This command configures the IP maximum transmit unit (packet) for this interface.

The no form of the command returns the default value.

Default 

no ip-mtu

ipcp

Syntax 
ipcp
Context 
config>service>vprn>if
Description 

This command creates allows access to the IPCP context within the interface configuration. Within this context, IPCP extensions can be configured to define such things as the remote IP address and DNS IP address to be signaled via IPCP on the associated PPP interface.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface.

Default 

n/a

dns

Syntax 
dns ip-address [secondary ip-address]
dns secondary ip-address
no dns [ip-address] [secondary ip-address]
Context 
config>service>vprn>if>ipcp
Description 

This command defines the dns address(es) to be assigned to the far-end of the associated PPP/MLPPP link via IPCP extensions.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The no form of the command deletes either the specified primary DNS address, secondary DNS address or both addresses from the IPCP extension peer-ip-address configuration.

Default 

no dns

Parameters 
ip-address—
specifies a unicast IPv4 address for the primary DNS server to be signaled to the far-end of the associate PPP/MLPPP link via IPCP extensions
secondary ip-address
specifies a unicast IPv4 address for the secondary DNS server to be signaled to the far-end of the associate PPP/MLPPP link via IPCP extensions

peer-ip-address

Syntax 
peer-ip-address ip-address
no peer-ip-address
Context 
config>service>vprn>if>ipcp
Description 

This command defines the remote IP address to be assigned to the far-end of the associated PPP/MLPPP link via IPCP extensions.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The interface must be shut down to modify the IPCP configuration.

The no form of the command deletes the IPCP extension peer-ip-address configuration.

Default 

no peer-ip-address (0.0.0.0)

Parameters 
ip-address—
specifies a unicast IPv4 address to be signaled to the far-end of the associated PPP/MLPPP link by IPCP extensions

ipv6

Syntax 
[no] ipv6
Context 
config>service>vprn>if
Description 

This command configures an IPv6 interface.

address

Syntax 
address ipv6-address/mask [eui-64] [preferred]
no address ipv6-address/prefix-length
Context 
config>service>vprn>if>ipv6
Description 

This command assigns an IPv6 address to the VPRN interface.

Parameters 
ipv6-address/prefix-length—
specifies the IPv6 address on the interface
Values—

ipv6-address/prefix:

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

1 to 128

eui-64—
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.
preferred—
specifies that the IPv6 address is the preferred IPv6 address for this interface. Preferred address is an address assigned to an interface whose use by upper layer protocols is unrestricted. Preferred addresses maybe used as the source (or destination) address of packets sent from (or to) the interface. Preferred address doesn’t go through the DAD process.

dhcp6-relay

Syntax 
[no] dhcp6-relay
Context 
config>service>vprn>if>ipv6
Description 

This command configures DHCPv6 relay parameters for the VPRN interface.

dhcp6-server

Syntax 
[no] dhcp6-server
Context 
config>service>vprn>if>ipv6
Description 

This command configures DHCPv6 server parameters for the VPRN interface.

icmp6

Syntax 
icmp6
Context 
config>service>vprn>if>ipv6
Description 

This command configures ICMPv6 for the interface.

link-local-address

Syntax 
link-local-address ipv6-address [preferred]
no link-local-address
Context 
config>router>if>ipv6
config>service>ies>if>ipv6
config>service>vprn>if>ipv6
Description 

This command configures the IPv6 link local address.

The no form of the command removes the configured link local address, and the router automatically generates a default link local address.

Caution:

Removing a manually configured link local address may impact routing protocols or static routes that have a dependency on that address. It is not recommended to remove a link local address when there are active IPv6 subscriber hosts on an IES or VPRN interface.

Parameters 
preferred—
disables duplicated address detection and sets the address to preferred, even if there is a duplicate address

local-proxy-nd

Syntax 
[no] local-proxy-nd
Context 
config>service>vprn>if>ipv6
Description 

This command enables or disables neighbor discovery on the interface.

neighbor

Syntax 
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context 
config>service>vprn>if>ipv6
Description 

This command configures IPv6-to-MAC address mapping on the interface.

Parameters 
ipv6-address—
specifies the IPv6 address on the interface
Values—

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

neighbor-limit

Syntax 
neigbor-limit limit [log-only] [threshold percent]
no neighbor-limit
Context 
config>service>vprn>if>ipv6
Description 

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of the command removes the neighbor-limit.

Default 

90 percent

Parameters 
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
percent —
the threshold value (as a percentage) that triggers a warning message to be sent
Values—
0 to 100
limit —
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.
Values—
0 to 102400

proxy-nd-policy

Syntax 
proxy-nd-policy policy-name [policy-name...(up to 5 max)]
no proxy-nd-policy
Context 
config>service>vprn>if>ipv6
Description 

This command configures a proxy neighbor discovery policy for the interface.

Parameters 
policy-name—
specifies the existing policy name(s)

load-balancing

Syntax 
load-balancing
Context 
config>service>vprn>if config>service>vprn>nw-if
Description 

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

Default 

not applicable

egr-ip-load-balancing

Syntax 
egr-ip-load-balancing {source | destination | inner-ip}
no egr-ip-load-balancing
Context 
config>service>vprn>if>load-balancing
config>service>vprn>if>nw-if>load-balancing
Description 

This command specifies whether to include the source address or destination address or both in the LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled, the command also applies to the inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default 

no egr-ip-load-balancing

Parameters 
source—
specifies using the source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port
destination—
specifies using the destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port
inner-ip—
specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic

lsr-load-balancing

Syntax 
lsr-load-balancing hashing-algorithm
no lsr-load-balancing
Context 
config>service>vprn>nw-if>load-balancing
Description 

This command specifies whether the IP header is used in the LAG and ECMP LSR hashing algorithm. This is the per interface setting.

Default 

no lsr-load-balancing

Parameters 
lbl-only—
only the label is used in the hashing algorithm
lbl-ip —
the IP header is included in the hashing algorithm
ip-only—
the IP header is used exclusively in the hashing algorithm
eth-encap-ip—
The hash algorithm parses down the label stack (up to 3 labels supported) and once it hits the bottom, the stack assumes Ethernet II non-tagged header follows. At the expected Ethertype offset location, algorithm checks whether the value present is IPv4/v6 (0x0800 or 0x86DD). If the check passes, the hash algorithm checks the first nibble at the expected IP header location for IPv4/IPv6 (0x0100/0x0110). If the secondary check passes, the hash is performed using IP SA/DA fields in the expected IP header; otherwise (if any of the checks failed) label-stack hash is performed.

spi-load-balancing

Syntax 
[no] spi-load-balancing
Context 
config>service>vprn>if>load-balancing config>service>vprn>nw-if>load-balancing
Description 

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting.

The no form disables the SPI function.

Default 

disabled

teid-load-balancing

Syntax 
[no] teid-load-balancing
Context 
config>service>vprn>if>load-balancing
config>service>vprn>nw-if>load-balancing
Description 

This command enables inclusion of TEID in hashing for GTP-U/C encapsulates traffic for GTPv1/GTPv2. The no form of this command ignores TEID in hashing.

Default 

disabled

local-proxy-arp

Syntax 
[no] local-proxy-arp
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
config>service>vprn>nw-if
Description 

This command enables local proxy ARP. When local proxy ARP is enabled on an IP interface, the system responds to all ARP requests for IP addresses belonging to the subnet with its own MAC address, and thus will become the forwarding point for all traffic between hosts in that subnet. When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

Default 

no local-proxy-arp

loopback

Syntax 
[no] loopback
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command specifies that the associated interface is a loopback interface that has no associated physical interface. As a result, the associated interface cannot be bound to a SAP.

When using mtrace/mstat in a Layer 3 VPN context then the configuration for the VPRN should have a loopback address configured which has the same address as the core instance's system address (BGP next-hop).

Default 

no loopback

mac

Syntax 
[no] mac ieee-mac-address
Context 
config>service>vprn>if
config>service>vprn>if>vrrp
config>service>vprn>sub-if>grp-if
config>service>vprn>nw-if
Description 

This command assigns a specific MAC address to a VPRN IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

Default 

The physical MAC address associated with the Ethernet interface that the SAP is configured on.

Parameters 
ieee-mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

ntp-broadcast

Syntax 
[no] ntp-broadcast
Context 
config>service>vprn>nw-if
Description 

This command enables receiving of NTP/SNTP broadcasts on the interface/

monitor-oper-group

Syntax 
monitor-oper-group name
no monitor-oper-group
Context 
config>service>vprn>if
Description 

This command specifies the operational group to be monitored by the object under which it is configured. The oper-group name must be already configured under the config>service context before its name is referenced in this command.

The no form of the command removes the association from the configuration.

Default 

no monitor-oper-group

Parameters 
name—
specifies a character string of maximum 32 ASCII characters identifying the group instance

proxy-arp

Syntax 
[no] proxy-arp
Context 
config>service>vprn>nw-if
Description 

This command enables proxy ARP on the interface.

Default 

no proxy-arp

proxy-arp-policy

Syntax 
[no] proxy-arp-policy policy-name [policy-name...(up to 5 max)]
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
config>service>vprn>nw-if
Description 

This command enables a proxy ARP policy for the interface.

The no form of this command disables the proxy ARP capability.

Default 

no proxy-arp

Parameters 
policy-name—
The export route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

ptp-hw-assist

Syntax 
[no] ptp-hw-assist
Context 
config>service>vprn>if
Description 

This command configures the 1588 port based timestamping assist function for the interface. This capability is supported on a specific set of hardware. The command may be blocked if not all hardware has the required level of support.

If the SAP configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

If the IPv4 address configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

Only one interface per physical port can have ptp-hw-assist enabled.

Default 

no ptp-hw-assist

qos-route-lookup

Syntax 
qos-route-lookup [source | destination]
no qos-route-lookup
Context 
config>service>vprn>if
config>service>vprn>if>ipv6
config>service>vprn>sub-if>group-interface
config>service>vprn>sub-if>grp-if>ipv6
Description 

This command enables QoS classification of the ingress IP packets on an interface based on the QoS information associated with routes in the forwarding table.

If the optional destination parameter is specified and the destination address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the destination address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network QoS policy.

If the optional source parameter is specified and the source address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the source address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network QoS policy.

If neither the optional source or destination parameter is present, then the default is destination address matching.

The functionality enabled by the qos-route-lookup command can be applied to IPv4 packets or IPv6 packets on an interface, depending on whether it is present at the interface context (applies to IPv4) or the interface>ipv6 context (applies to IPv6). The ability to specify source address based QoS lookup is not supported for IPv6. For the 7740 ESS, subscriber management group interfaces also do not support the source QPPB option.

The no form of the command reverts to the default.

Default 

destination

Parameters 
source—
enables QoS classification of incoming IP packets based on the source address matching a route with QoS information
destination—
enables QoS classification of incoming IP packets based on the destination address matching a route with QoS information

redundant-interface

Syntax 
redundant-interface red-ip-int-name
no redundant-interface
Context 
config>service>vprn
config>service>vprn>sub-if>grp-if
Description 

This command configures a redundant interface used for dual homing.

Parameters 
red-ip-int-name—
specifies the redundant IP interface name

remote-proxy-arp

Syntax 
[no] remote-proxy-arp
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
config>service>vprn>nw-if
Description 

This command enables remote proxy ARP on the interface.

Remote proxy ARP is similar to proxy ARP. It allows the router to answer an ARP request on an interface for a subnet that is not provisioned on that interface. This allows the router to forward to the other subnet on behalf of the requester. To distinguish remote proxy ARP from local proxy ARP, local proxy ARP performs a similar function but only when the requested IP is on the receiving interface.

Default 

no remote-proxy-arp

secondary

Syntax 
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
no secondary {ip-address/mask | ip-address netmask}
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command assigns an secondary IP address/IP subnet/broadcast address format to the interface.

Default 

n/a

Parameters 
ip-address—
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
mask—
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
netmask—
specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains
broadcast—
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indictates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed. This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface. (Default: host-ones)

all-ones—
The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
host-ones—
The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

igp-inhibit—
The optional igp-inhibit parameter signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces will not be injected and used as passive interfaces and will not be advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces will not source RIP updates.

static-arp

Syntax 
static-arp ieee-mac-address unnumbered
no static-arp unnumbered
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP will appear in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface. If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Default 

n/a

Parameters 
ip-address—
specifies the IP address for the static ARP in IP address dotted decimal notation
ieee-mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
unnumbered—
Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

static-tunnel-redundant-next-hop

Syntax 
static-tunnel-redundant-next-hop ip-address
no static-tunnel-redundant-next-hop
Context 
config>service>vprn>if
Description 

This command specifies redundant next-hop address on public or private IPsec interface (with public or private tunnel-sap) for static IPsec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them.

The next-hop address will be resolved in routing table of corresponding service.

The no form of the command removes the address from the interface configuration.

Default 

n/a

Parameters 
ip-address—
specifies the static ISA tunnel redundant next-hop address

secure-nd

Syntax 
[no] secure-nd
Context 
config>service>vprn>if>ipv6
Description 

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of the command reverts to the default and disabled SeND.

allow-unsecured-msgs

Syntax 
[no] allow-unsecured-msgs
Context 
config>service>vprn>if>secure-nd
Description 

This command specifies whether unsecured messages are accepted. When Secure Neighbor Discovery (SeND) is enabled, only secure messages are accepted by default.

The no form of the command disables accepting unsecured messages.

link-local-modifier

Syntax 
link-local-modifier modifier
[no] link-local-modifier
Context 
config>service>vprn>if>secure-nd
Description 

This command configures the Cryptographically Generated Address (CGA) modifier for link-local addresses.

Parameters 
modifier—
specifies the modifier in 32 hexadecimal nibbles
Values—
0x0–0xFFFFFFFF

public-key-min-bits

Syntax 
public-key-min-bits bits
[no] public-key-min-bits
Context 
config>service>vprn>if>secure-nd
Description 

This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).

Parameters 
bits—
specifies the number of bits
Values—
512–1024

security-parameter

Syntax 
security-parameter sec
[no] security-parameter
Context 
config>service>vprn>if>secure-nd
Description 

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters 
sec—
specifies the security parameter
Values—
0–1

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>if>secure-nd
Description 

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

stale-time

Syntax 
stale-time seconds
no stale-time
Context 
config>service>vprn>ipv6
config>service>vprn>if>ipv6
Description 

This command configures the time a neighbor discovery cache entry can remain stale before being removed.

The no form of the command removes the stale-time value.

Default 

no stale-time

Parameters 
seconds—
the allowed stale time (in seconds) before a neighbor discovery cache entry is removed
Values—
60 - 65535

tcp-mss

Syntax 
tcp-mss mss-value
no tcp-mss
Context 
service>vprn>if
service>vprn>if>ipv6
Description 

This command statically sets the TCP maximum segment size (MSS) for TCP connections originated from the associated IP interface to the specified value.

The no form of the command removes the static value and allows the TCP MSS value to be calculated based on the IP MTU value by subtracting the base IP and TCP header lengths from the IP MTU value (tcp_mss = ip_mtu – 40).

Default 

no tcp-mss

Parameters 
mss-value—
the TCP MSS value that should be used in the TCP SYN packet during the three-way handshake negotiation of a TCP connection

Note: 9158 = max-IP_MTU (9198)-40

Values—
536 - 9158 (IPv4)
1220 - 9138 (IPv6)

tos-marking-state

Syntax 
tos-marking-state {trusted | untrusted}
no tos-marking-state
Context 
config>service>vprn>sub-if>grp-if
config>service>vprn>nw-if
Description 

This command is used to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all VPRN and network IP interface as untrusted.

When the ingress interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions. Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing.

The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no tos-marking-state command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default 

trusted

Parameters 
trusted—
The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set.
untrusted—
Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

ipv6

Syntax 
[no] ipv6
Context 
config>service>vprn>sub-if
config>service>vprn>sub-if>grp-if
Description 

This command configures IPv6 parameters.

allow-unmatching-prefixes

Syntax 
[no] allow-unmatching-prefixes
Context 
config>service>vprn>sub-if
Description 

This command allows address assignment to PPPoX hosts in cases where the assigned address falls outside the range of the configured subnets below the subscriber interface. Alternatively, if the interface is configured as unnumbered, this command cannot be enabled.

Default 

no allow-unmatching-prefixes

allow-unmatching-prefixes

Syntax 
[no] allow-unmatching-prefixes
Context 
config>service>vprn>sub-if>ipv6>
config>service>ies>sub-if>ipv6>
Description 

This command allows address assignment to IPv6 hosts in cases where the assigned address or the prefix falls outside of the range of the configured IPv6 subscriber-prefixes under the configure>service>vprn/ies>sub-if>ipv6 hierarchy.

Unnumbered PPPoEv6 does not mean that the PPPoEv6 hosts do not have an IPv6 address or prefix assigned. It only means that the IPv6 address range (out of which the address or prefix is assigned to the host) does not have to be known in advance via configuration under the subscriber-interface>ipv6>subscriber-prefixes node.

Default 

no allow-unmatching-prefixes

delegated-prefix-length

Syntax 
delegated-prefix-length bits
delegated-prefix-length variable
no delegated-prefix-length
Context 
config>router>sub-if>ipv6
config>service>vprn>sub-if>ipv6
Description 

This command configures the subscriber-interface level setting for delegated prefix length. The delegated prefix length for a subscriber- interface can be either set to a fixed value that is explicitly configured under the subscriber-interface CLI hierarchy or a variable value that can be obtained from various sources. This command can be changed only when no IPv6 prefixes are configured under the subscriber-interface.

Default 

no delegated-prefix-length This means that the delegated prefix length is 64.

Parameters 
bits —
The delegated prefix length in bits. This value will beapplicable to the entire subscriber-interface. In case that the delegated prefix length is also supplied via other means (LUDB, Radius or DHCP Server), such supplied value must match the value configured under the subscriber-interface. Otherwise the prefix instantiation in the router will fail.
Values—
48 to 64
variable—
The delegated prefix value can be of any length between 48 to 64. The value itself can vary between the prefixes and it will be provided at the time of prefix instantiation. The order of priority for the source of the delegated prefix length is:
  1. LUDB
  2. Radius
  3. DHCPv6 server

dhcp6

Syntax 
[no] dhcp6
Context 
config>service>vprn>sub-if>grp-if>ipv6
Description 

This command allows access to the DHCP6 context within the group interface configuration. Within this context, DHCP6 parameters can be configured.

Default 

no dhcp6

option

Syntax 
[no] option
Context 
config>service>vprn>sub-if>grp-if>ipv6
Description 

This command enables the context to configure DHCPv6 relay information options.

The no form of the command disables DHCPv6 relay information options.

interface-id

Syntax 
interface-id
interface-id ascii-tuple
interface-id ifindex
interface-id sap-id
interface-id string
no interface-id
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>option
Description 

This command enables the sending of interface ID options in the DHCPv6 relay packet.

The no form of the command disables the sending of interface ID options in the DHCPv6 relay packet

Parameters 
ascii-tuple—
specifies that the ASCII-encoded concatenated tuple will be used which consists of the access-node-identifier, service-id, and interface-name, separated by “|”.
ifindex—
specifies that the interface index will be used (the If Index of a router interface can be displayed using the command show>router>if>detail)
sap-id—
specifies that the SAP identifier will be used
string—
Specifies a string of up to 32 characters long, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

remote-id

Syntax 
[no] remote-id
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>option
Description 

This command enables the sending of remote ID option in the DHCPv6 relay packet.

The client DHCP Unique Identifier (DUID) is used as the remote ID.

The no form of the command disables the sending of remote ID option in the DHCPv6 relay packet.

proxy-server

Syntax 
[no] proxy-server
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6
Description 

This command allows access to the DHCP6 proxy server context. Within this context, DHCP6 proxy server parameters of the group interface can be configured.

Default 

no proxy-server

renew-timer

Syntax 
renew-timer seconds
no renew-timer
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command configures the renew-timer (T1), the time at which the client contacts the server from which the addresses in the IA_NA or IA_PD were obtained to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

1800

Parameters 
seconds—
Specifies the time duration relative to the current time, expressed in units of seconds. A value of zero leaves the renew-time at the discretion of the client.
Values—
0 to 604800

rebind-timer

Syntax 
rebind-timer seconds
no rebind-timer
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command configures the rebind-timer (T2), the time at which the client contacts any available server to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

2880

Parameters 
seconds—
T2 is a time duration relative to the current time. A value of zero leaves the rebind-time at the discretion of the client.
Values—
0 to 1209600

preferred-lifetime

Syntax 
preferred-lifetime [seconds | infinite]
no preferred-lifetime
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

The preferred lifetime for the IPv6 prefix or address in the option, expressed in units of seconds. When the preferred lifetime expires, any derived addresses are deprecated.

Default 

3600

Parameters 
seconds—
specifies a decimal time interval in seconds
Values—
600 to 424967295
infinite—
specifies a 0xffffffff value, Dec = 4294967295

valid-lifetime

Syntax 
valid-lifetime [seconds | infinite]
no valid-lifetime
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

The valid lifetime for the IPv6 prefix or address in the option, expressed in units of seconds.

Default 

86,400

Parameters 
seconds—
specifies a decimal time interval in seconds
Values—
600 to 424967295
infinite—
specifies a 0xffffffff value, Dec = 4294967295

client-applications

Syntax 
client-applications [dhcp] [ppp]
no client-applications
Context 
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command configures the client host types to which the DHCP6 proxy server is allowed to assign addresses.

Parameters 
dhcp—
specifies IP over Ethernet hosts
ppp—
specifies PPP over Ethernet hosts

router-advertisements

Syntax 
[no] router-advertisements
Context 
config>service>vprn>sub-if>grp-if>ipv6
Description 

This command enables Router Advertisement transmission on this group interface.

Default 

router-advertisements

current-hop-limit

Syntax 
current-hop-limit hop-count
no current-hop-limit
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command specifies the hop-limit advertised to hosts in router advertisements.

Default 

64

Parameters 
hop-count—
specifies the current hop limit (decimal) inserted into router advertisements
Values—
0 to 255

managed-configuration

Syntax 
[no] managed-configuration
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address auto-configured using stateless address auto-configuration. See RFC 3315, Dynamic Host Configuration Protocol (DHCP) for IPv6.

Default 

no managed-configuration

max-advertisement-interval

Syntax 
max-advertisement-interval seconds
no max-advertisement-interval
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command configures the maximum interval between sending router advertisement messages.

Default 

1800

Parameters 
seconds—
specifies the maximum interval in seconds between sending router advertisement messages
Values—
900 to 1800

min-advertisment-interval

Syntax 
min-advertisement-interval seconds
no min-advertisement-interval
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command configures the minimum interval between sending router advertisement messages.

Default 

900

Parameters 
seconds—
specifies the minimum interval, in seconds, between sending router advertisement messages
Values—
900 to 1350

mtu

Syntax 
mtu bytes
no mtu
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command configures the MTU for the nodes to use to send packets on the link.

Default 

no mtu

Parameters 
bytes—
specifies the MTU for the nodes to use to send packets on the link
Values—
1280 to 9212

other-stateful-configuration

Syntax 
[no] other-stateful-configuration
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command sets the “Other configuration” flag. This flag indicates that DHCPv6 is available for auto-configuration of other (non-address) information such as DNS-related information or information on other servers in the network. See RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) for IPv6.

Default 

no other-stateful-configuration

prefix-options

Syntax 
[no] prefix-options
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command configures router advertisement parameters for IPv6 prefixes returned via RADIUS Framed-IPv6-Prefix. All prefixes will inherit these configuration parameters.

Default 

no prefix-options

autonomous

Syntax 
[no] autonomous
Context 
config>services>vprn>sub-if>grp-if>ipv6>router-ad>prefix-op
Description 

This command specifies whether the prefix can be used for stateless address auto-configuration.

Default 

no autonomous

preferred-lifetime

Syntax 
preferred-lifetime [seconds | infinite]
no preferred-lifetime
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad>prefix-op
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command configures the remaining length of time in seconds that this prefix will continue to be preferred, such as, time until deprecation. The address generated from a deprecated prefix should not be used as a source address in new communications, but packets received on such an interface are processed as expected.

Default 

3600

Parameters 
seconds—
specifies a decimal time interval in seconds.
Values—
0-4294967295
infinite—
specifies a 0xffffffff value. Dec = 4294967295

valid-lifetime

Syntax 
valid-lifetime [seconds | infinite]
no valid-lifetime
Context 
config>service>vprn>sub-if>grp-if>ipv6>router-ad>prefix-op
config>service>vprn>sub-if>grp-if>ipv6>dhcp6>proxy-server
Description 

This command specifies the length of time, in seconds, that the prefix is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity. The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

Default 

86400

Parameters 
seconds—
specifies a decimal time interval in seconds
Values—
0-4294967295
infinite—
specifies a 0xffffffff value. Dec = 4294967295

reachable-time

Syntax 
reachable-time milliseconds
no reachable-time
Context 
config>services>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command configures how long this router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

Default 

no reachable-time

Parameters 
milliseconds—
the length of time the router should be considered reachable for default router selection
Values—
0-3600000

retransmit-time

Syntax 
retransmit-time milliseconds
no retransmit-time
Context 
config>services>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command configures the retransmission frequency of neighbor solicitation messages.

Default 

no retransmit-time

Parameters 
milliseconds—
specifies how often the retransmission should occur
Values—
0 to 1800000

router-lifetime

Syntax 
router-lifetime seconds
router-lifetime no-default-router
no router-lifetime
Context 
config>services>vprn>sub-if>grp-if>ipv6>router-ad
Description 

This command sets the router lifetime. A value of zero indicates this router should not be used by hosts as a default router.

Default 

4500

Parameters 
seconds—
specifies how long this router is valid for default router selection
Values—
2700 to 9000

renew-timer

Syntax 
renew-timer seconds
no renew-timer
Context 
config>services>vprn>sub-if>grp-if>ipv6>dhcpv6
Description 

This command configures the renew-timer (T1). The time at which the client contacts the server from the addresses in the IA_NA or IA_PD were obtained to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

1800

Parameters 
seconds—
Time duration relative to the current time expressed in units of seconds. A value of zero (0) leaves the renew-time at the discretion of the client.
Values—
0 to 604800

rebind-timer

Syntax 
rebind-timer seconds
no rebind-timer
Context 
config>services>vprn>sub-if>grp-if>ipv6>dhcpv6
Description 

This command configures the rebind-timer (T2), the time at which the client contacts any available server to extend the lifetimes of the addresses or prefixes assigned to the client.

Default 

2880

Parameters 
seconds—
T2 is a time duration relative to the current time expressed in units of seconds. A value of zero (0) leaves the rebind-time at the discretion of the client.
Values—
0 to 1209600

delegated-prefix-length

Syntax 
[no] delegated-prefix-length prefix-length
Context 
config>service>vprn>sub-if>ipv6
Description 

This command defines the prefix-length used for all DHCPv6 prefix delegations on this subscriber interface.

Parameters 
prefix-length—
specifies the prefix length in use on this subscriber interface for DHCPv6 IA_PD
Values—
48 to 64
Values—
64

subscriber-prefixes

Syntax 
subscriber-prefixes
Context 
config>service>vprn>sub-if>ipv6
Description 

This command specifies aggregate off-link subscriber prefixes associated with this subscriber interface. Individual prefixes are specified under the prefix context list aggregate routes in which the next-hop is indirect via the subscriber interface.

prefix

Syntax 
prefix ipv6-address/prefix-length [pd] [wan-host]
no prefix ipv6-address/prefix-length
Context 
config>service>vprn>sub-if>ipv6>sub-prefixes
Description 

This command allows a list of prefixes (using the prefix command multiple times) to be routed to hosts associated with this subscriber interface. Each prefix will be represented in the associated FIB with a reference to the subscriber interface. Prefixes are defined as being for prefix delegation (pd) or use on a WAN interface or host (wan-host).

Parameters 
ipv6-address—
specifies the 128-bit IPv6 address
Values—
128-bit hexadecimal IPv6 address in compressed form
prefix-length—
specifies the length of any associated aggregate prefix
Values—
32 to 63
pd—
specifies that this aggregate is used by IPv6 ESM hosts for DHCPv6 prefix-delegation
wan-host—
specifies that this aggregate is used by IPv6 ESM hosts for local addressing or by a routing gateway’s WAN interface

private-retail-subnets

Syntax 
[no] private-retail-subnets
Context 
config>service>vprn>sub-if
Description 

This command controls the export of subnets to the forwarding service. When this attribute is configured, subnets defined on this retail subscriber interface will no longer be exported to the associated wholesale VPRN and will remain private to the retail VPRN. This is useful in a PPPoE business service context as it allows retail services to use overlapping IP address spaces even if these services are associated with the same wholesale service.

PPPoE sessions are actually terminated in the retail service although their traffic transits on a SAP belonging to the wholesale service. This configuration is incompatible, however, with IPoE host management (DHCP, static-host and ARP-host) as these host types require that the retail subnets are exported to the wholesale VPRN. Thus, if PPPoE sessions need to coexist with IPoE hosts, this attribute should not be configured on this retail interface.

This command will fail if the subscriber interface is not associated with a wholesale service.

If the retail VPRN is of the type hub, this attribute is mandatory. Then, it will be enabled by default and it will not be possible to deconfigure it.

unnumbered

Syntax 
unnumbered [ip-int-name | ip-address]
no unnumbered
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command configures the interface as an unnumbered interface. An unnumbered IP interface is supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters 
ip-int-name—
Specifies the name of an IP interface. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
ip-address—
specifies an IP address

qos

Syntax 
qos network-policy-id port-redirect-group queue-group-name egress-instance instance-id fp- redirect-group queue-group-name ingress-instance instance-id
no qos
Context 
config>service>vprn>nw-if
Description 

This command associates a network Quality of Service (QoS) policy with a network IP interface. Only one network QoS policy can be associated with an IP interface at one time. Attempts to associate a second QoS policy return an error.

Associating a network QoS policy with a network interface is useful for the following purposes:

  1. To apply classification rules for determining the forwarding-class and profile of ingress packets on the interface.
  2. To associate ingress packets on the interface with a queue-group instance applied to the ingress context of the interface’s forwarding plane (FP). (This is only applicable to interfaces on IOM3 and later cards.) The referenced ingress queue-group instance may have policers defined in order to rate limit ingress traffic on a per-forwarding class (and forwarding type: unicast vs. multicast) basis.
  3. To perform 802.1p, DSCP, IP precedence and/or MPLS EXP re-marking of egress packets on the interface.
  4. To associate egress packets on the interface with a queue-group instance applied to the egress context of the interface’s port. The referenced egress queue-group instance may have policers and/or queues defined in order to rate limit egress traffic on a per-forwarding class basis.

The no form of the command removes the network QoS policy association from the network IP interface, and the QoS policy reverts to the default.

Default 

no qos

Parameters 
network-policy-id—
an existing network policy ID to associate with the IP interface
Values—
1 to 65535
port-redirect-group queue-group-name
This optional parameter specifies the egress queue-group used for all egress forwarding-class redirections specified within the network QoS policy ID. The specified queue-group-name must exist as an egress queue group applied to the egress context of the port associated with the IP interface.
egress-instance instance-id
Since multiple instances of the same egress queue-group can be applied to the same port this optional parameter is used to specify which particular instance to associate with this particular network IP interface.
Values—
1 to 16384
fp- redirect-group queue-group-name
This optional parameter specifies the ingress queue-group used for all ingress forwarding-class redirections specified within the network QoS policy ID. The specified queue-group-name must exist as an ingress queue group applied to the ingress context of the forwarding plane associated with the IP interface.
ingress-instance instance-id
Since multiple instances of the same ingress queue-group can be applied to the same forwarding plane this parameter is required to specify which particular instance to associate with this particular network IP interface.
Values—
1 to 16384

urpf-check

Syntax 
[no] urpf-check
Context 
config>service>vprn>if
config>service>vprn>nw-if
config>service>vprn>if>ipv6
config>service>vprn>sub-if>grp-if
Description 

This command enables unicast RPF (uRPF) check on this interface.

The no form of the command disables unicast RPF (uRPF) Check on this interface.

Default 

disabled

vas-if-type

Syntax 
vas-if-type {to-from-access | to-from-network | to-from-both}
no vas-if-type
Context 
config>service>vprn>if
Description 

This command configures the type of a Value Added Service (VAS) facing interface. To change the vas-if-type, the shutdown command is required. The vas-if-type and loopback commands are mutually exclusive.

The no form of the command removes the VAS interface type configuration.

Default 

no vas-if-type

Parameters 
to-from-access—
used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from access interfaces (upstream) is redirected to a PBR target reachable over this interface for upstream VAS processing. Downstream traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
to-from-network—
used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from network interfaces (downstream) is redirected to a PBR target reachable over this interface for downstream VAS processing. Upstream traffic after VAS processing must arrive on this interface, so that regular routing can be applied.
to-from-both—
used when a single interface is used for VAS connectivity (no local-to-local traffic). For service chaining, both traffic arriving from access and from network is redirected to a PBR target reachable over this interface for upstream/downstream VAS processing. Traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.

mode

Syntax 
mode {strict | loose | strict-no-ecmp}
no mode
Context 
config>service>vprn>if>urfp-check
config>service>vprn>nw-if>urfp-check
config>service>vprn>sub-if>grp-if>urpf-check
Description 

This command specifies the mode of unicast RPF check.

The no form of the command reverts to the default (strict) mode.

Default 

strict

Parameters 
strict—
When specified, uRPF checks whether incoming packet has a source address that matches a prefix in the routing table, and whether the interface expects to receive a packet with this source address prefix.
loose—
In loose mode, uRPF checks whether incoming packet has source address with a corresponding prefix in the routing table. However, the loose mode does not check whether the interface expects to receive a packet with a specific source address prefix. This object is valid only when urpf-check is enabled.
strict-no-ecmp—
When a packet is received on an interface in this mode and the SA matches an ECMP route the packet is dropped by uRPF.

Network Interface Commands

network-interface

Syntax 
network-interface interface-name [create]
no network-interface interface-name
Context 
config>service>vprn
Description 

This command configures a network interface in a VPRN that acts as a CSC interface to a CSC-CE in a Carrier Supporting Carrier IP VPN deployment model.

Interface DHCP Commands

dhcp

Syntax 
dhcp
Context 
config>service>vprn>if
config>service>vprn>nw-if
config>service>vprn>subscriber-interface
config>service>vprn>sub-if>grp-if
Description 

This command enables the context to configure DHCP parameters.

client-applications

Syntax 
client-applications dhcp
client-applications ppp
client-applications dhcp ppp
no client-applications
Context 
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command enables the clients that will try to contact the DHCP server(s).

The no form of the command removes the server client type from the configuration.

Parameters 
dhcp—
specifies that the DHCP relay will forward requests to the DHCP server(s)
ppp—
specifies that PPPoE will attempt to request an IP address for a PPPoE client from the DHCP server(s)ly assigned to PPPoE node

action

Syntax 
action {replace | drop | keep}
no action
Context 
config>service>vprn>if>dhcp>option
config>service>vprn>nw-if>dhcp>option
config>service>vprn>sub-if>grp-if>dhcp>option
Description 

This command configures the processing required when the router receives a DHCP request that already has a Relay Agent Information Option (Option 82) field in the packet.

The no form of this command returns the system to the default value.

Default 

Per RFC 3046, DHCP Relay Agent Information Option , section 2.1.1, Reforwarded DHCP requests, the default is to keep the existing information intact. The exception to this is if the giaddr of the received packet is the same as the ingress address on the router. In that case the packet is dropped and an error is logged.

Parameters 
replace—
In the upstream direction (from the user), the existing Option 82 field is replaced with the Option 82 field from the router. In the downstream direction (towards the user) the Option 82 field is stripped (in accordance with RFC 3046).
drop—
the packet is dropped, and an error is logged
keep—
The existing information is kept in the packet and the router does not add any additional information. In the downstream direction the Option 82 field is not stripped and is sent on towards the client.

The behavior is slightly different in case of Vendor Specific Options (VSOs). When the keep parameter is specified, the router will insert his own VSO into the Option 82 field. This will only be done when the incoming message has already an Option 82 field.

If no Option 82 field is present, the router will not create the Option 82 field. In this in that case, no VSO will be added to the message.

circuit-id

Syntax 
circuit-id [ascii-tuple | ifindex | sap-id | vlan-ascii-tuple]
no circuit-id
Context 
config>service>vprn>if>dhcp>option
config>service>vprn>nw-if>dhcp>option
config>service>vprn>sub-if>grp-if>dhcp>option
Description 

When enabled, the router sends the interface index (If Index) in the circuit-id suboption of the DHCP packet. The If Index of a router interface can be displayed using the command show>router>interface>detail. This option specifies data that must be unique to the router that is relaying the circuit.

If disabled, the circuit-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default 

circuit-id

Parameters 
ascii-tuple—
specifies that the ASCII-encoded concatenated tuple will be used which consists of the access-node-identifier, service-id, and interface-name, separated by “|”
ifindex—
specifies that the interface index will be used. The If Index of a router interface can be displayed using the command show>router>interface>detail
sap-id—
specifies that the SAP ID will be used
vlan-ascii-tuple—
specifies that the format will include VLAN-id and dot1p bits in addition to what is included in ascii-tuple already. The format is supported on dot1q and qinq ports only. Thus, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet.

filter

Syntax 
filter filter-id
no filter
Context 
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command configures the DHCP filter for this interface.

Parameters 
filter-id—
Specifies the filter policy. The filter ID must already exist within the created IP filters.
Values—
1 to 65535

gi-address

Syntax 
gi-address ip-address [src-ip-addr]
no gi-address
Context 
config>service>vprn>if>dhcp
config>service>vprn>nw-if>dhcp
config>service>vprn>sub-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command configures the gateway interface address for the DHCP relay. A subscriber interface can include multiple group interfaces with multiple SAPs. The GI address is needed, when the router functions as a DHCP relay, to distinguish between the different subscriber interfaces and potentially between the group interfaces defined.

Default 

no gi-address

Parameters 
ip-address—
specifies the host IP address to be used for DHCP relay packets
src-ip-address—
specifies the source IP address to be used for DHCP relay packets

lease-populate

Syntax 
lease-populate [nbr-of-leases]
lease-populate [nbr-of-leases] route-populate [pd] na [ta]
lease-populate [nbr-of-leases] route-populate pd [na] [ta] [exclude]
lease-populate [nbr-of-leases] route-populate [pd] [na] ta
no lease-populate
Context 
config>service>vprn>if>ipv6>dhcp-relay
Description 

This command specifies the maximum number of DHCPv6 lease states allocated by the DHCPv6 relay function, allowed on this interface.

Optionally, by specifying “route-populate” parameter, system could:

  1. Create routes based on the IA_PD/IA_NA/IA_TA prefix option in relay-reply message.
  2. Create black hole routes based on OPTION_PD_EXCLUDE in IA_PD in relay-reply message.

These routes could be redistributed into IGP/BGP by using route-policy, following protocol types that could be used in “from protocol”:

  1. dhcpv6-pd
  2. dhcpv6-na
  3. dhcpv6-ta
  4. dhcpv6-pd-excl
Parameters 
nbr-of-entries—
Defines the number lease state table entries allowed for this interface. If this parameter is omitted, only a single entry is allowed. Once the maximum number of entries has been reached, subsequent lease state entries are not allowed and subsequent DHCPv6 ACK messages are discarded.
Values—
1 to 8000
route-populate—
specifies the route populate on which to allocate DHCPv6 lease states
Values—
pd/na/ta — create route based on specified option
exclude — create black hole route based on OPTION_PD_EXCLUDE

neighbor-resolution

Syntax 
[no] neighbor-resolution
Context 
config>service>vprn>if>ipv6>dhcp6-relay
Description 

This command enables neighbor resolution with DHCPv6 relay.

The no form of the command disables neighbor resolution.

match-circuit-id

Syntax 
[no] match-circuit-id
Context 
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command enables Option 82 circuit ID on relayed DHCP packet matching. For routed CO, the group interface DHCP relay process is stateful. When packets are relayed to the server the virtual router ID, transaction ID, SAP ID, and client hardware MAC address of the relayed packet are tracked.

When a response is received from the server the virtual router ID, transaction ID, and client hardware MAC address must be matched to determine the SAP on which to send the packet out. In some cases, the virtual router ID, transaction ID, and client hardware MAC address are not guaranteed to be unique.

When the match-circuit-id command is enabled we use this as part of the key to guarantee correctness in our lookup. This is really only needed when we are dealing with an IP aware DSLAM that proxies the client hardware MAC address.

Default 

no match-circuit-id

option

Syntax 
[no] option
Context 
config>service>vprn>if>dhcp
config>service>vprn>nw-if>dhcp
config>service>vprn>sub-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command enables DHCP Option 82 (Relay Agent Information Option) parameters processing and enters the context for configuring Option 82 sub-options.

The no form of this command returns the system to the default.

Default 

no option

copy-82

Syntax 
[no] copy-82
Context 
config>service>vprn>nw-if>dhcp>option
Description 

This command enables the copy-82 option.

The no form of the command disables the option.

remote-id

Syntax 
remote-id [mac | string string]
no remote-id
Context 
config>service>vprn>sub-if>grp-if>dhcp>option
config>service>vprn>nw-if>dhcp>option
Description 

When enabled, the router sends the MAC address of the remote end (typically the DHCP client) in the remote-id suboption of the DHCP packet. This command identifies the host at the other end of the circuit. If disabled, the remote-id suboption of the DHCP packet will be left empty.

The no form of this command returns the system to the default.

Default 

remote-id

Parameters 
mac—
specifies the MAC address of the remote end is encoded in the suboption
string string
specifies the remote-id

vendor-specific-option

Syntax 
[no] vendor-specific-option
Context 
config>service>vprn>if>dhcp>option
config>service>vprn>nw-if>dhcp>option
config>service>vprn>sub-if>grp-if>dhcp>option
Description 

This command configures the Nokia vendor specific suboption of the DHCP relay packet.

client-mac-address

Syntax 
[no] client-mac-address
Context 
config>service>vprn>if>dhcp>option
config>service>vprn>nw-if>dhcp>option
config>service>vprn>if>dhcp>option>vendor
config>service>vprn>sub-if>grp-if>dhcp>option>vendor
Description 

This command enables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the MAC address in the Nokia vendor specific suboption of the DHCP relay packet.

pool-name

Syntax 
[no] pool-name
Context 
config>service>vprn>if>dhcp>option
Description 

This command enables the sending of the pool name in the Nokia vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the feature.

if-name

Syntax 
[no] if-name
Context 
config>service>vprn>nw-if>dhcp>option
Description 

This command enables the sending of the interface name in the Nokia vendor-specific suboption of the DHCP relay packet

The no form of the command disables the sending.

port-id

Syntax 
[no] port-id
Context 
config>service>vprn>nw-if>dhcp>option
Description 

This command enables sending of the port-id in the Nokia vendor-specific suboption of the DHCP relay packet

The no form of the command disables the sending.

sap-id

Syntax 
[no] sap-id
Context 
config>service>vprn>if>dhcp>option>vendor
config>service>vprn>sub-if>grp-if>dhcp>option>vendor
Description 

This command enables the sending of the SAP ID in the Nokia vendor-specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the SAP ID in the Nokia vendor specific suboption of the DHCP relay packet.

service-id

Syntax 
[no] service-id
Context 
config>service>vprn>if>dhcp>option>vendor
config>service>vprn>sub-if>grp-if>dhcp>option>vendor
Description 

This command enables the sending of the service ID in the Nokia vendor specific suboption of the DHCP relay packet.

The no form of the command disables the sending of the service ID in the Nokia vendor specific suboption of the DHCP relay packet.

string

Syntax 
[no] string text
Context 
config>service>vprn>if>dhcp>option>vendor
config>service>vprn>sub-if>grp-if>dhcp>option>vendor
Description 

This command specifies the vendor specific suboption string of the DHCP relay packet.

The no form of the command returns the default value.

Parameters 
text—
The string can be any combination of ASCII characters up to 32 characters in length. If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

system-id

Syntax 
[no] system-id
Context 
config>service>vprn>if>dhcp>option>vendor
config>service>vprn>nw-if>dhcp>option>vendor
config>service>vprn>sub-if>grp-if>dhcp>option>vendor
Description 

This command specifies whether the system-id is encoded in the Nokia vendor specific sub-option of Option 82.

Default 

n/a

proxy-server

Syntax 
proxy-server
Context 
config>service>if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command configures the DHCP proxy server.

emulated-server

Syntax 
emulated-server ip-address
no emulated-server
Context 
config>service>vprn>if>dhcp>proxy
config>service>vprn>sub-if>grp-if>dhcp>proxy-server
Description 

This command configures the IP address to be used as the DHCP server address in the context of this service. Typically, the configured address should be in the context of the subnet.

The no form of this command reverts to the default setting. The local proxy server will not become operational without a specified emulated server address.

Parameters 
ip-address—
specifies the emulated server address
Values—
For a retail interface, the default is the local interface.

lease-time

Syntax 
lease-time [days days] [hrs hours] [min minutes] [sec seconds] [radius-override]
no lease-time
Context 
config>service>vprn>if>dhcp>proxy
config>service>vprn>sub-if>grp-if>dhcp>proxy-server
Description 

This command defines the length of lease-time that will be provided to DHCP clients. By default the local-proxy-server will always make use of the lease-time information provide by either a RADIUS or DHCP server.

The no form of this command disables the use of the lease-time command. The local-proxy-server will use the lease-time offered by either a RADIUS or DHCP server.

Default 

7 days 0 hours 0 seconds

Parameters 
radius-override—
specifies that the local-proxy-server will use the configured lease-time information to provide DHCP clients
days—
specifies the number of days that the given IP address is valid
Values—
0 to 3650
hours—
specifies the number of hours that the given IP address is valid
Values—
0 to 23
minutes—
specifies the number of minutes that the given IP address is valid
Values—
0 to 59
seconds—
specifies the number of seconds that the given IP address is valid
Values—
0 to 59

server

Syntax 
server server1 [server2...(up to 8 max)]
Context 
config>service>vprn>if>dhcp
config>service>vprn>nw-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command specifies a list of servers where requests will be forwarded. The list of servers can entered as either IP addresses or fully qualified domain names. There must be at least one server specified for DHCP relay to work. If there are multiple servers then the request is forwarded to all of the servers in the list. There can be a maximum of 8 DHCP servers configured.

The flood command is applicable only in the VPLS case. There is a scenario with VPLS where the VPLS node only wants to add Option 82 information to the DHCP request to provider per-subscriber information, but it does not do full DHCP relay. In this case, the server is set to “flood”. This means the DHCP request is still a broadcast and is sent through the VPLS domain. A node running at L3 further upstream then can perform the full L3 DHCP relay function.

Default 

no server

Parameters 
server—
specifies the DHCP server IP address

python-policy

Syntax 
python-policy name
no python-policy
Context 
config>service>vprn>if>dhcp
Description 

This command specifies a python policy to be used for DHCPv4. Python policies are configured in the config>python> python-policy name context.

Parameters 
name—
specifies the name of an existing python script up to 32 characters in length

python-policy

Syntax 
python-policy name
no python-policy
Context 
config>service>vprn>if>dhcp6-relay
Description 

This command specifies a python policy to be used for DHCPv6 relay. Python policies are configured in the config>python> python-policy name context.

Parameters 
name—
specifies the name of an existing python script up to 32 characters in length

relay-plain-bootp

Syntax 
[no] relay-plain-bootp
Context 
config>service>vprn>if>dhcp
Description 

This command enables the relaying of plain BOOTP packets.

The no form of the command disables the relaying of plain BOOTP packets.

relay-unicast-msg

Syntax 
relay-unicast-msg [release-update-src-ip]
no relay-unicast-msg
Context 
config>service>vprn>sub-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
Description 

Relay unicast client DHCPv4 request (renew) messages. In the upstream direction: update the source-ip address and add the gateway IP address (gi-address) field before sending the message to the intended DHCP server (the message is not broadcasted to all configured DHCP servers). In the downstream direction: remove the gi-address and update the destination IP address to the value of the yiaddr (your IP addess) field.

By default, unicast DHCPv4 release messages are forwarded transparently.

Additionally when the optional flag “relay-unicast-msg” is enabled, then the gi address and source IP address of relayed DHCPv4 messages can be configured to any local configured IP address in the same routing instance.

Default 

no relay-unicast-msg

Parameters 
release-update-src-ip—
updates the source IP address with the value used for relayed DHCPv4 messages

snoop

Syntax 
[no] snoop
Context 
config>service>vprn>nw-if>dhcp
Description 

This command enables snooping of DHCP packets on this interface.

The no form of the command disables snooping.

trusted

Syntax 
[no] trusted
Context 
config>service>vprn>if>dhcp
config>service>vprn>nw-if>dhcp
config>service>vprn>sub-if>grp-if>dhcp
Description 

According to RFC 3046, DHCP Relay Agent Information Option, a DHCP request where the giaddr is 0.0.0.0 and which contains a Option 82 field in the packet, should be discarded, unless it arrives on a “trusted” circuit.

If trusted mode is enabled on an IP interface, the relay agent router will modify the request's giaddr to be equal to the ingress interface and forward the request.

This behavior only applies when the action in the Relay Agent Information Option is “keep”. In the case where the Option 82 field is being replaced by the relay agent (action = replace), the original Option 82 information is lost anyway, and there is thus no reason for enabling the trusted option.

The no form of this command returns the system to the default.

Default 

not enabled

egress

Syntax 
egress
Context 
config>service>vprn>nw-if
Description 

This command enables the context to configure egress network filter policies for the interface.

use-arp

Syntax 
[no] use-arp
Context 
config>service>vprn>if>dhcp
Description 

This command enables the use of ARP to determine the destination heardware address.

The no form of the command disables the use of ARP to determine the destination heardware address

user-db

Syntax 
user-db local-user-db-name
no user-db
Context 
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command configures the local user database to use for authentication.

The no form of the command removes the value from the configuration.

Default 

no user-db

Parameters 
local-user-db-name—
specifies the local user database to use for authentication

dynamic-tunnel-redundant-next-hop

Syntax 
dynamic-tunnel-redundant-next-hop ip-address
no dynamic-tunnel-redundant-next-hop
Context 
config>service>vprn>if
Description 

This command specifies redundant next-hop address on public or private IPsec interface (with public or private tunnel-sap) for dynamic IPsec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them.

The next-hop address will be resolved in routing table of corresponding service.

Default 

n/a

Parameters 
ip-address—
specifies the dynamic ISA tunnel redundant next-hop address

egr-ip-load-balancing

Syntax 
egr-ip-load-balancing {source | destination | inner-ip}
no egr-ip-load-balancing
Context 
config>service>vprn>if>load-balancing
config>service>vprn>if>nw-if>load-balancing
Description 

This command specifies whether to include source address or destination address or both in LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled the command applies also to inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default 

no egr-ip-load-balancing

Parameters 
source—
specifies using source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port
destination—
specifies using destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port
inner-ip—
specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic

enable-ingress-stats

Syntax 
[no] enable-ingress-stats
Context 
config>router>interface
config>service>ies >interface
config>service>vprn>interface
config>service>ies>sub-if>grp-if
config>service>vprn>sub-if>grp-if
Description 

This command enables the collection of ingress interface IP stats. This command is only applicable to IP statistics, and not to uRPF statistics.

If enabled, then the following statistics are collected:

  1. IPv4 offered packets
  2. IPv4 offered octets
  3. IPv6 offered packets
  4. IPv6 offered octets
  5. Octet statistics for IPv4 and IPv6 bytes at IP interfaces include the layer 2 frame overhead.
Default 

no enable-ingress-stats

enable-mac-accounting

Syntax 
[no] enable-mac-accounting
Context 
config>service>vprn>if
Description 

This command enables MAC accounting functionality on this interface.

The no form of the command disables MAC accounting functionality on this interface.

host-connectivity-verify

Syntax 
host-connectivity-verify [source {vrrp | interface}] [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count]
host-connectivity-verify [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count] [family family]
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
config>service>vprn>sub-if>grp-if>dhcp
Description 

This command enables enables subscriber host connectivity verification on a given SAP within a service.

This tool will periodically scan all known hosts (from dhcp-state) and perform a UC ARP request. The subscriber host connectivity verification will maintain state (connected vs. not-connected) for all hosts.

Default 

no host-connectivity-verify

Parameters 
source {vrrp | interface}—
Specifies the source to be used for generation of subscriber host connectivity verification packets. The interface keyword forces the use of the interface mac and ip addresses. There are up to 16 possible subnets on a given interface, therefore subscriber host connectivity verification tool will use always an address of the subnet to which the given host is pertaining. In case of group-interfaces. one of the parent subscriber-interface subnets (depending on host's address) will be used.
interval interval
The interval, expressed in minutes, which specifies the time interval which all known sources should be verified. The actual rate is then dependent on number of known hosts and interval.
Values—
1to 6000 (A zero value can be used by the SNMP agent to disable host-connectivity-verify.)
action {remove | alarm}—
Defines the action taken on a subscriber host connectivity verification failure for a given host. The remove keyword raises an alarm and removes dhcp-state and releases all allocated resources (queues, table entries, etc.). DHCP-RELEASE will be signaled to corresponding DHCP server. Static hosts will never be removed. The alarm keyword raises an alarm indicating that the host is disconnected.
timeout retry-timeout
specifies the timeout in seconds between consecutive retries of subscriber host connectivity verification checks, in case the host does not respond
Values—
10to 60 seconds
retry-count count
specifies the number of retries that will be carried out before a subscriber host is considered to have failed the SHCV check
Values—
2to 29
family family
Indicates the IP address family for which subscriber host connectivity verification checks will be enabled. It can be set to ipv4 or ipv6 only, or both.
Values—
2to 29

hold-time

Syntax 
hold-time
Context 
config>service>vprn>interface
config>service>vprn>network-interface
config>service>vprn>subscriber-interface
config>service>vprn>redundant-interface
Description 

This command creates the CLI context to configure interface level hold-up and hold-down timers for the associated IP interface.

The up timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the deactivation of the associated interface for the specified amount of time.

The down timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the activation of the associated interface for the specified amount of time

up

Syntax 
up ip seconds
no up ip
up ipv6 seconds
no up ipv6
Context 
config>service>vprn>if>hold-time
config>service>vprn>nw-if>hold-time
config>service>vprn>sub-if>hold-time
config>service>vprn>red-if>hold-time
Description 

This command will cause a delay in the deactivation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of the command removes the command from the active configuration and removes the delay in deactivating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires.

Parameters 
seconds—
the time delay, in seconds, to make the interface operational
Values—
1 to 1200

down

Syntax 
down ip seconds [init-only]
no up ip
up ipv6 seconds [init-only]
no up ipv6
Context 
config>service>vprn>if>hold-time
config>service>vprn>nw-if>hold-time
config>service>vprn>sub-if>hold-time
config>service>vprn>red-if>hold-time
Description 

This command will cause a delay in the activation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is configured, the delay is only applied when the IP interface is first configured or after a system reboot.

The no form of the command removes the command from the active configuration and removes the delay in activating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it completes.

Parameters 
seconds—
the time delay, in seconds, to make the interface operational
Values—
1 to 1200
init-only
specifies that the down delay is only applied when the interface is configured or after a reboot
Values—
1 to 1200

Interface ICMP Commands

icmp

Syntax 
icmp
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
config>service>vprn>nw-if
Description 

This command configures Internet Control Message Protocol (ICMP) parameters on a VPRN service.

mask-reply

Syntax 
[no] mask-reply
Context 
config>service>vprn>if>icmp
config>service>vprn>sub-if>grp-if>icmp
config>service>vprn>nw-if>icmp
Description 

This command enables responses to Internet Control Message Protocol (ICMP) mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

By default, the router instance will reply to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

Default 

mask-reply — specifies to reply to ICMP mask requests

redirects

Syntax 
redirects [number seconds]
no redirects
Context 
config>service>vprn>if>icmp
config>service>vprn>sub-if>grp-if>icmp
config>service>vprn>nw-if>icmp
Description 

This commad configures the rate for Internet Control Message Protocol (ICMP) redirect messages issued on the router interface.

When routes are not optimal on this router and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.

By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the generation of icmp redirects on the router interface.

Default 

redirects 100 10 — maximum of 100 redirect messages in 10 seconds

Parameters 
number—
The maximum number of ICMP redirect messages to send. This parameter must be specified with the seconds parameter.
Values—
10 to 1000
seconds—
the time frame in seconds used to limit the seconds of ICMP redirect messages that can be issued
Values—
1 to 60

ttl-expired

Syntax 
ttl-expired number seconds
no ttl-expired
Context 
config>service>vprn>if>icmp
config>service>vprn>sub-if>grp-if>icmp
config>service>vprn>nw-if>icmp
Description 

Configures the rate Internet Control Message Protocol (ICMP) TTL expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the limiting the rate of TTL expired messages on the router interface.

Default 

ttl-expired 100 10

Parameters 
number—
The maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. This parameter must be specified with the seconds parameter.
Values—
10 to 1000
seconds—
the time frame in seconds used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer
Values—
1 to 60

unreachables

Syntax 
unreachables [number seconds]
no unreachables
Context 
config>service>vprn>if>icmp
config>service>vprn>sub-if>grp-if>icmp
config>service>vprn>nw-if>icmp
Description 

This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 10 per 10 second time interval.

The no form of this command disables the generation of icmp destination unreachable messages on the router interface.

Default 

unreachables 100 10

Parameters 
number—
The maximum number of ICMP unreachable messages to send. This parameter must be specified with the seconds parameter.
Values—
10 to 1000
seconds—
the time frame in seconds used to limit the number of ICMP unreachable messages that can be issued
Values—
1 to 60

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>vprn>nw-if
Description 

This command configures the IP maximum transmit unit (packet) for the associated router IP interface.

The configured IP-MTU cannot be larger then the calculated IP MTU based on the port MTU configuration.

The MTU that is advertised from the IES size is:

MINIMUM((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

The no form of the command returns the associated IP interfaces MTU to its default value, which is calculated based on the port MTU setting. For Ethernet ports this will typically be 1554.

Default 

no ip-mtu

Parameters 
octets —
specifies the octets
Values—
512 to 9000

lag

Syntax 
lag lag-id[:encap-val]
no lag
Context 
config>service>vprn>nw-if
Description 

This command binds the interface to a Link Aggregation Group (LAG)

The no form of the command removes the LAG id from the configuration.

Parameters 
lag-id[:encap-val]—
specifies the LAG ID
Values—

lag-id

1 to 800

encap-val

0 (for null)

0 to 4094 (for dot1q)

lag-per-link-hash

Syntax 
lag-per-link-hash class {1 | 2 | 3} weight [1 to 1024]
no per-link-hash
Context 
config>service>vprn>nw-if
Description 

This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores the default configuration.

Default 

no lag-per-link-hash (equivalent to weight 1 class 1)

Interface SAP ATM Commands

atm

Syntax 
atm
Context 
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command enables the context to configure ATM-related attributes. This command can only be used when a given context (for example, a channel or SAP) supporting ATM functionality such as:

  1. Configuring ATM port or ATM port-related functionality on MDAs supporting ATM functionality.
  2. Configuring ATM-related configuration for ATM-based SAPs that exist on MDAs supporting ATM functionality.

If ATM functionality is not supported for a given context, the command returns an error.

egress

Syntax 
egress
Context 
config>service>vprn>if>sap>atm
config>service>vprn>sub-if>grp-if>sap>atm
Description 

This command configures egress ATM attributes for the SAP.

encapsulation

Syntax 
encapsulation atm-encap-type
Context 
config>service>vprn>if>sap>atm
config>service>vprn>sub-if>grp-if>sap>atm
Description 

This command configures RFC 2684, Multiprotocol Encapsulation over ATM AAL5, encapsulation for an ATM PVCC delimited SAP. This command specifies the data encapsulation for an ATM PVCC delimited SAP. The definition also references the ATM Forum LAN Emulation specification.

Ingress traffic that does not match the configured encapsulation will be dropped.

Default 

The encapsulation is driven by the services for which the SAP is configured.

For VPRN service SAPs, the default is aal5snap-routed.

Parameters 
atm-encap-type—
specifies the encapsulation type
Values—
aal5snap-routed — Routed encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684.
aal5mux-ip — Routed IP encapsulation for VC multiplexed circuit as defined in RFC 2684.
aal5snap-bridged — Bridged encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684.
aal5mux-bridged-eth-nofcs — Bridged IP encapsulation for VC multiplexed circuit as defined in RFC 2684.

ingress

Syntax 
ingress
Context 
config>service>vprn>if>sap>atm
config>service>vprn>sub-if>grp-if>sap>atm
Description 

This command configures ingress ATM attributes for the SAP.

traffic-desc

Syntax 
traffic-desc traffic-desc-profile-id
no traffic-desc
Context 
config>service>vprn>if>sap>atm>egress
config>service>vprn>if>sap>atm>ingress
config>service>vprn>sub-if>grp-if>sap>atm>egress
config>service>vprn>sub-if>grp-if>sap>atm>ingress
Description 

This command assigns an ATM traffic descriptor profile to a given context (for example, a SAP). When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction. When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.

The no form of the command reverts the traffic descriptor to the default traffic descriptor profile.

Default 

The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created PVCC-delimited SAPs.

Parameters 
traffic-desc-profile-id—
specifies a defined traffic descriptor profile (see the QoS atm-td-profile command)

oam

Syntax 
oam
Context 
config>service>vprn>if >sap>atm
config>service>vprn>sub-if>grp-if>sap>atm
Description 

This command enables the context to configure OAM functionality for a PVCC delimiting a SAP.

The ATM-capable MDAs support F5 end-to-end OAM functionality (AIS, RDI, Loopback):

  1. ITU-T Recommendation I.610 - B-ISDN Operation and Maintenance Principles and Functions version 11/95
  2. GR-1248-CORE - Generic Requirements for Operations of ATM Network Elements (NEs). Issue 3 June 1996
  3. GR-1113-CORE - Bellcore, Asynchronous Transfer Mode (ATM) and ATM Adaptation Layer (AAL) Protocols Generic Requirements, Issue 1, July 1994

alarm-cells

Syntax 
[no] alarm-cells
Context 
config>service>vprn>if>sap>atm>oam
config>service>vprn>sub-if>grp-if>sap>atm>oam
Description 

This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC termination to monitor and report the status of their connection by propagating fault information through the network and by driving PVCC’s operational status.

When alarm-cells functionality is enabled, a PVCC’s operational status is affected when a PVCC goes into an AIS or RDI state because of an AIS/RDI processing (assuming nothing else affects PVCC’s operational status, for example, if the PVCC goes DOWN, or enters a fault state and comes back UP, or exits that fault state). RDI cells are generated when PVCC is operationally DOWN. No OAM-specific SNMP trap is raised whenever an endpoint enters/exits an AIS or RDI state, however, if as result of an OAM state change, the PVCC changes operational status, then a trap is expected from an entity the PVCC is associated with (for example a SAP).

The no command disables alarm-cells functionality for a PVCC. When alarm-cells functionality is disabled, a PVCC’s operational status is no longer affected by a PVCC’s OAM state changes due to AIS/RDI processing (when alarm-cells is disabled, a PVCC will change operational status to UP due to alarm-cell processing) and RDI cells are not generated as result of the PVCC going into AIS or RDI state. The PVCC’s OAM status, however, will record OAM faults as described above.

Default 

enabled for PVCCs delimiting VPRN SAPs

periodic-loopback

Syntax 
[no] periodic-loopback
Context 
config>service>vprn>if >sap>atm>oam
config>service>vprn>sub-if>grp-if>sap>atm
Description 

This command enables periodic OAM loopbacks on this SAP. This command is only configurable on VPRN SAPs. When enabled, an ATM OAM loopback cell is transmitted every period as configured in the config>system>atm>oam>loopback-period period context.

If a response is not received and consecutive retry-down retries also result in failure, the endpoint will transition to an alarm indication signal/loss of clock state. Then, an ATM OAM loopback cell will be transmitted every period as configured in the loopback-period period. If a response is received for the periodic loopback and consecutive retry-up retries also each receive a response, the endpoint will transition back to the up state.

The no form of the command sets the value back to the default.

Default 

no periodic-loopback

Interface Anti-Spoofing Commands

anti-spoof

Syntax 
anti-spoof {ip | mac | ip-mac | nh-mac}
no anti-spoof-type
Context 
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the interface.

The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, mac, ip-mac, nh-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.

The no form of the command disables anti-spoof filtering on the SAP.

Default 

Filter type default types:

  1. Non-Ethernet encapsulation default anti-spoof filter type — When enabled on a non-Ethernet encapsulated SAP, the anti-spoof filter default type is ip.
  2. Ethernet encapsulated default anti-spoof filter type — When enabled on an Ethernet encapsulated SAP, the anti-spoof default type is ip-mac.
  3. Default anti-spoof filter state — Anti-spoof filtering is disabled by default on the SAP.
Parameters 
ip—
Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof type ip command will fail.
mac—
Configures SAP anti-spoof filtering to use only the source MAC address in its lookup. Setting the anti-spoof filter type to mac is not allowed on non-Ethernet encapsulated SAPs. If a static host exists on the SAP without a specified MAC address, the anti-spoof type mac command will fail. The anti-spoof type mac command will also fail if the SAP does not support Ethernet encapsulation.
ip-mac—
Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof type ip-mac command will fail. This is also true if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type ip-mac command will also fail if the SAP does not support Ethernet encapsulation.
nh-mac—
Indicates that the ingress anti-spoof is based on the source MAC address and the egress anti-spoof is based on the nh-ip-address.

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command configures the application profile name.

Parameters 
app-profile-name—
specifies an existing application profile name configured in the config>app-assure>group>policy context

arp-limit

Syntax 
arp-limit limit [log-only] [threshold percent]
no arp-limit
Context 
config>service>vprn>interface
Description 

This command configures the maximum amount of dynamic IPv4 ARP entries that can be learned on an IP interface.

When the number of dynamic ARP entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of the command removes the arp-limit.

Default 

90 percent

Parameters 
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
percent—
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 — 100
limit—
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic ARP learning is disabled and no dynamic ARP entries are learned.
Values—
0 — 524288

arp-populate

Syntax 
[no] arp-populate
Context 
config>service>vprn>if
config>service>vprn>sub-if>subscriber-interface
config>service>vprn>sub-if>grp-if
Description 

This command enables populating static and dynamic hosts into the system ARP cache. When enabled, the host’s IP address and MAC address are placed in the system ARP cache as a managed entry. Static hosts must be defined on the interface using the host command. Dynamic hosts are enabled on the system through enabling lease-populate in the IP interface DHCP context. In the event that both a static host and a dynamic host share the same IP and MAC address, the system’s ARP cache retains the host information until both the static and dynamic information are removed. Both static and dynamic hosts override static ARP entries. Static ARP entries are marked as inactive when they conflict with static or dynamic hosts and will be repopulated once all static and dynamic host information for the IP address are removed. Since static ARP entries are not possible when static subscriber hosts are defined or when DHCP lease state table population is enabled, conflict between static ARP entries and the arp-populate function is not an issue.

The arp-populate command will fail if an existing static subscriber host on the SAP does not have both MAC and IP addresses specified.

Once arp-populate is enabled, creating a static subscriber host on the SAP without both an IP address and MAC address will fail.

arp-populate can only be enabled on VPRN interfaces supporting Ethernet encapsulation.

Use the no form of the command to disable ARP cache population functions for static and dynamic hosts on the interface. All static and dynamic host information in the systems ARP cache will be removed. Any existing static ARP entries previously inactive due to static or dynamic hosts will be populated in the system ARP cache.

When arp-populate is enabled, the system will not send out ARP Requests for hosts that are not in the ARP cache. Only statically configured and DHCP learned hosts are reachable through an IP interface with arp-populate enabled.

Default 

not enabled

arp-retry-timer

Syntax 
arp-retry-timer timer-multiple
no arp-retry-timer
Context 
config>service>vprn>if
config>service>vprn>network-interface
Description 

This command allows the arp retry timer to be configured to a specific value.

The timer value is entered as a multiple of 100 ms. So a timer value of 1, means the ARP timer will be set to 100 ms.

The no form of this command removes the command from the active configuration and returns the ARP retry timer to its default value of 5 s.

Default 

5 seconds

Parameters 
timer-multiple
specifies the multiple of 100 ms that the ARP retry timer will be configured as.
Values—
1 to 300 (equally a timer range of 100 ms to 30 000 ms)

arp-timeout

Syntax 
arp-timeout seconds
no arp-timeout
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
Description 

This command configures the minimum time in seconds an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.

The no form of this command restores arp-timeout to the default value.

Default 

14400 seconds

Parameters 
seconds—
The minimum number of seconds a learned ARP entry will be stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries will not be aged.
Values—
0 to 65535

authentication-policy

Syntax 
authentication-policy name
no authentication-policy
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
Description 

This command assigns an authentication policy to the interface.

The no form of this command removes the policy name from the group interface configuration.

Default 

no authentication-policy

Parameters 
name —
specifies the authentication policy name. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes

calling-station-id

Syntax 
calling-station-id calling-station-id
no calling-station-id
Context 
config>service>vprn>sub-if>grp-if>sap
config>service>vprn>if>sap
Description 

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages. The value inserted is set at the SAP level. If no value is set at the SAP level, an empty string is included.

Default 

This attribute is not sent by default.

host

Syntax 
[no] host {[ip ip-address [mac ieee-address]} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
no host {[ip ip-address] [mac ieee-address]}
Context 
config>service>vprn>if>sap
Description 

This command creates a static host for the SAP. Applications within the system that make use of static host entries include anti-spoof, and source MAC population into the VPLS forwarding database.

Multiple static hosts can be defined on the SAP. Each host is identified by a source IP address, a source MAC address, or both a source IP and source MAC address. When anti-spoof in enabled on the SAP, the host information will be populated into the SAP’s anti-spoof table, allowing ingress packets matching the entry access to the SAP. When the MAC address exists in the host definition, the MAC address is populated into the VPLS forwarding database and associates it with the SAP. The static host definition overrides any static MAC entries using the same MAC and prevents dynamic learning of the MAC on another interface.

Defining a static host identical to an existing static host has no effect and will not generate a log or error message.

Every static host definition must have at least one address defined, IP or MAC.

Static hosts may exist on the SAP even with anti-spoof and arp-populate (VPRN) features disabled. When enabled, each feature has different requirements for static hosts.

Default 

There are no default static entries.

Parameters 
anti-spoof—
When enabled, this feature uses static and dynamic host information to populate entries into an anti-spoof filter table. The anti-spoof filter entries generated will be of the same type as specified in the anti-spoof type parameter. If the SAP anti-spoof filter is defined as mac, each static host definition must specify a MAC address. If the SAP anti-spoof filter is defined as ip, each static host definition must specify an IP address. If the SAP anti-spoof filter is defined as ip-mac, each static host definition must specify both an IP address and MAC address. If definition of a static host is attempted without the appropriate addresses specified for the enabled anti-spoof filter, the static host definition will fail.
arp-populate—
When enabled, this feature uses static and dynamic host information to populate entries into the system’s ARP cache. This is only available on the VPRN service SAPs. Both a MAC address and IP address are required to populate an ARP entry in the system. If definition of a static host is attempted without both a MAC and IP address specified when arp -populate is enabled, the static host definition will fail.
fdb-populate—
This is an implicit feature that uses the static host definition as a static MAC in the VPLS forwarding database. It cannot be enabled or disabled and has no effect on the ability to create static hosts without a MAC address specified. When a MAC address is specified for a static host, it will automatically be populated into the VPLS forwarding database associated with the SAP on which the host is created. The static host MAC address will override any static MAC entries using the same MAC and prevent dynamic learning of the MAC on another interface. Existing static MAC entries with the same MAC address as a static host are marked as inactive but not deleted. If all static hosts are removed from the SAP, the static MAC may be populated. New static MAC definitions for the VPLS instance may be created while a static host exists associated with the static MAC address.

The no form of the command removes a static entry from the system. The specified ip address and mac address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the affect of its removal on the anti-spoof filter, ARP cache or the VPLS forwarding database is also evaluated.

ip ip-address
Specifies this optional parameter when defining a static host. The IP address must be specified for anti-spoof ip and anti-spoof ip-mac commands. Only one static host can be configured on the SAP with a given IP address.

The following rules apply to configure static hosts using an IP address:

  1. Only one static host can be defined using a specific IP address.
  2. Defining a static host with the same IP address as a previous static host overwrites the previous static host.
  3. If a static host has an IP address assigned, the MAC address for the host is optional (depending on the features enabled on the SAP).
mac mac-address
Specifies this optional parameter when defining a static host. The MAC address must be specified for anti-spoof mac, and anti-spoof ip-mac. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address. The following rules apply to configuring static hosts using a MAC address:
  1. Multiple static hosts may share the same MAC address.
  2. Executing the host command with the same MAC address but a different IP address as an existing static host will create a new static host.
  3. If a static host has a MAC address assigned, the IP address for the host is optional (depending on the features enabled on the SAP).
Values—
8k static and dynamic hosts per 10G forwarding complex. 64k8k per system.
subscriber sub-ident-string —
This optional parameter specifies an existing subscriber identification profile to be associated with the static subscriber host. The subscriber identification profile is configured in the config>subscr-mgmt>sub-ident-policy context. The subscriber information is used by the VPRN SAP arp-reply-agent to determine the proper handling of received ARP requests from subscribers.
  1. For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host’s sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.

If the static subscriber host’s sub-ident string is not defined, the host is not considered to belong to the same subscriber as another host on the SAP.

If source or destination host is unknown, the hosts are not considered to belong to the same subscriber. ARP messages from unknown hosts are subject to anti-spoof filtering rules applied at the SAP.

If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.

ARP requests are never forwarded back to the same SAP or within the receiving SAP’s split horizon group.

sub-profile sub-profile-name
Specifies this optional parameter to specify an existing subscriber profile name to be associated with the static subscriber host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.
sla-profile sla-profile-name
Specifies this optional parameter to specify an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

frame-relay

Syntax 
frame-relay
Context 
config>service>vprn>if>sap
Description 

This command enables the context to configure Frame Relay parameters on the SAP.

frf-12

Syntax 
[no] frf-12
Context 
config>service>vprn>if>sap
Description 

This command enables the use of FRF12 headers.

The no form of the command disables the use of FRF12 headers.

ete-fragment-threshold

Syntax 
ete-fragment-threshold threshold
no ete-fragment-threshold
Context 
config>service>vprn>if>sap>frf-12
Description 

This command specifies the maximum length of a fragment to be transmitted.

The no form of the command reverts to the default.

Parameters 
threshold—
specifies the maximum length of a fragment to be transmitted
Values—
128 to 512
Values—
0

interleave

Syntax 
[no] interleave
Context 
config>service>vprn>if>sap>frame-relay>frf.12
Description 

This command enables interleaving of high priority frames and low-priority frame fragments within a FR SAP using FRF.12 end-to-end fragmentation.

When this option is enabled, only frames of the FR SAP non expedited forwarding class queues are subject to fragmentation. The frames of the FR SAP expedited queues are interleaved, with no fragmentation header, among the fragmented frames. In effect, this provides a behavior like in MLPPP Link Fragment Interleaving (LFI).

When this option is disabled, frames of all the FR SAP forwarding class queues are subject to fragmentation. The fragmentation header is however not included when the frame size is smaller than the user configured fragmentation size. In this mode, the SAP transmits all fragments of a frame before sending the next full or fragmented frame.

The receive direction of the FR SAP supports both modes of operation concurrently, with and without fragment interleaving.

The no form of this command restores the default mode of operation.

Default 

no interleave

scheduling-class

Syntax 
scheduling-class class-id
Context 
config>service>vprn>if>sap
Description 

This command specifies the scheduling class to use for this SAP.

Parameters 
class-id—
specifies the scheduling class to use for this SAP
Values—
0 to 3
Values—
0

host-lockout-policy

Syntax 
host-lockout-policy policy-name
no host-lockout-policy
Context 
config>service>vprn>if>sap
Description 

This command configures a host lockout policy.

The no form of the command removes the policy name from the configuration.

host-shutdown

Syntax 
[no] host-shutdown
Context 
config>service>vprn>if>sap
Description 

This command administratively enables host creation on this SAP.

ip-tunnel

Syntax 
ip-tunnel name [create]
no ip-tunnel name
Context 
config>service>vprn>if>sap
Description 

This command is used to configure an IP-GRE or IP-IP tunnel and associate it with a private tunnel SAP within an IES or VPRN service.

The no form of the command deletes the specified IP/GRE or IP-IP tunnel from the configuration. The tunnel must be administratively shutdown before issuing the no ip-tunnel command.

Default 

No IP tunnels are defined.

Parameters 
ip-tunnel-name—
Specifies the name of the IP tunnel. Tunnel names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

backup-remote-ip

Syntax 
backup-remote-ip ip-address
no backup-remote-ip
Context 
config>service>interface>vprn>sap>ip-tunnel
Description 

This command sets the backup destination IPv4 address of GRE encapsulated packets associated with a particular GRE tunnel. If the primary destination address is not reachable in the delivery service (there is no route) or not defined then this is the destination IPv4 address of GRE encapsulated packets sent by the delivery service.

The no form of the command deletes the backup-destination address from the GRE tunnel configuration.

Parameters 
ip-address—
specifies the destination IPv4 address of the GRE tunnel
Values—
1.0.0.0 to 223.255.255.255

delivery-service

Syntax 
delivery-service {service-id | svc-name}
no delivery-service
Context 
config>service>interface>vprn>sap>ip-tunnel
Description 

This command sets the delivery service for GRE encapsulated packets associated with a particular GRE tunnel. This is the IES or VPRN service where the GRE encapsulated packets are injected and terminated. The delivery service may be the same service that owns the private tunnel SAP associated with the GRE tunnel. The GRE tunnel does not come up until a valid delivery service is configured.

The no form of the command deletes the delivery-service from the GRE tunnel configuration.

Parameters 
service-id—
identifies the service used to originate and terminate the GRE encapsulated packets belonging to the GRE tunnel
Values—
1 to 2147483648
svc-name—
identifies the service used to originate and terminate the GRE encapsulated packets belonging to the GRE tunnel
Values—
1 to 64 characters

dscp

Syntax 
dscp dscp-name
no dscp
Context 
config>service>interface>vprn>sap>ip-tunnel
Description 

This command sets the DSCP code-point in the outer IP header of GRE encapsulated packets associated with a particular GRE tunnel. The default, set using the no form of the command, is to copy the DSCP value from the inner IP header (after remarking by the private tunnel SAP egress qos policy) to the outer IP header.

Default 

no dscp

Parameters 
dscp—
specifies the DSCP code-point to be used
Values—
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

source

Syntax 
source ip-address
no source
Context 
config>service>interface>vprn>sap>ip-tunnel
Description 

This command sets the source IPv4 address of GRE encapsulated packets associated with a particular GRE tunnel. It must be an address in the subnet of the associated public tunnel SAP interface. The GRE tunnel does not come up until a valid source address is configured.

The no form of the command deletes the source address from the GRE tunnel configuration. The tunnel must be administratively shutdown before issuing the no source command.

Parameters 
ip-address—
specifies the source IPv4 address of the GRE tunnel
Values—
1.0.0.0 to 223.255.255.255

remote-ip

Syntax 
remote-ip ip-address
no remote-ip
Context 
config>service>interface>vprn>sap>ip-tunnel
Description 

This command sets the primary destination IPv4 address of GRE encapsulated packets associated with a particular GRE tunnel. If this address is reachable in the delivery service (there is a route) then this is the destination IPv4 address of GRE encapsulated packets sent by the delivery service.

The no form of the command deletes the destination address from the GRE tunnel configuration.

Parameters 
ip-address—
specifies the destination IPv4 address of the GRE tunnel
Values—
1.0.0.0 to 223.255.255.255

Interface SAP Filter and QoS Policy Commands

egress

Syntax 
egress
Context 
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command enables the context to configure egress SAP Quality of Service (QoS) policies and filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

ingress

Syntax 
ingress
Context 
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command enables the context to configure ingress SAP Quality of Service (QoS) policies and filter policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

agg-rate

Syntax 
[no] agg-rate
Context 
config>service>vprn>if>sap>egress
config>service>vprn>sub-if>grp-if>sap>egress
Description 

This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.

limit-unused-bandwidth

Syntax 
[no] limit-unused-bandwidth
Context 
config>service>vprn>if>sap>egress>agg-rate
config>service>vprn>sub-if>grp-if>sap>egress
Description 

This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.

queue-frame-based-accounting

Syntax 
[no] queue-frame-based-accounting
Context 
config>service>vprn>if>sap>egress>agg-rate
config>service>vprn>sub-if>grp-if>sap>egress
Description 

This command is used to enabled (or disable) frame based accounting on all policers and queues associated with the agg-rate context. Only supported on Ethernet ports. Not supported on HSMDA Ethernet ports. Packet byte offset settings are not included in the applied rate when queue frame-based accounting is configured; the offsets are applied to the statistics.

rate

Syntax 
rate {max | rate}
no rate
Context 
config>service>vprn>if>sap>egress>agg-rate
config>service>vprn>sub-if>grp-if>sap>egress
Description 

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object (SAP, subscriber, VPORT etc.).

agg-rate-limit

Syntax 
agg-rate-limit agg-rate [queue-frame-based-accounting]
no agg-rate-limit
Context 
config>service>vprn>sub-if>grp-if>wlan-gw>egress
Description 

This command defines a maximum total rate for all egress queues on a service SAP or multi-service site. The agg-rate-limit command is mutually exclusive with the egress scheduler policy. When an egress scheduler policy is defined, the agg-rate-limit command will fail. If the agg-rate-limit command is specified, an attempt to bind a scheduler-policy to the SAP or multi-service site will fail.

A multi-service site must have a port scope defined that ensures all queues associated with the site are on the same port or channel. If the scope is not set to a port, the agg-rate-limit command will fail. Once an agg-rate-limit has been assigned to a multi-service site, the scope cannot be changed to card level.

A port scheduler policy must be applied on the egress port or channel the SAP or multi-service site is bound to in order for the defined agg-rate-limit to take effect. The egress port scheduler enforces the aggregate queue rate as it distributes its bandwidth at the various port priority levels. The port scheduler stops offering bandwidth to member queues once it has detected that the aggregate rate limit has been reached.

If a port scheduler is not defined on the egress port, the queues are allowed to operate based on their own bandwidth parameters.

The no form of the command removes the aggregate rate limit from the SAP or multi-service site.

Parameters 
agg-rate—
defines the rate, in kilobits-per-second, that the maximum aggregate rate that the queues on the SAP or multi-service site can operate
Values—
1 to 40000000, max
queue-frame-based-accounting—
This keyword enables frame based accounting on all queues associated with the SAP or Multi-Service Site. If frame based accounting is required when an aggregate limit is not necessary, the max keyword should precede the queue-frame-based-accounting keyword. If frame based accounting must be disabled, execute agg-rate-limit without the queue-frame-based-accounting keyword present.
Values—
Frame based accounting is disabled by default.

filter

Syntax 
filter ip ip-filter-id
no filter
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
config>service>vprn>sub-if>grp-if>sap>egress
Description 

This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface. Filter policies control the forwarding and dropping of packets based on IP matching criteria.

The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress SAP. The ip-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters 
ip ip-filter-id
Specifies IP filter policy. The filter ID must already exist within the created IP filters.
Values—
1 to 65535

policer-control-policy

Syntax 
policer-control-policy policy-name
no policer-control-policy
Context 
config>service>vprn>sub-if>grp-if>sap>egress
Description 

This command is used to specify a policer control policy to apply to SAP egress.

Default 

N/A

Parameters 
policy-name—
Specifies the name of a policer control policy. 32 characters maximum.

hsmda-queue-override

Syntax 
[no] hsmda-queue-override
Context 
config>service>vprn>if>sap>egress
Description 

This command enables the context to configure HSMDA queue overrides.

queue

Syntax 
queue queue-id [create]
no queue queue-id
Context 
config>service>vprn>if>sap>egress>hsmda-queue-overider
Description 

This command configures overrides for a HSMDA queue. The actual valid values are those defined in the given SAP QoS policy.

Parameters 
queue-id—
specifies the queue ID to override
Values—
1 to 8
create—
This keyword is mandatory when creating a new queue override.

packet-byte-offset

Syntax 
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context 
config>service>vprn>if>sap>egress>hsmda-queue-overider
Description 

This command adds or subtracts the specified number of bytes to the accounting function for each packet handled by the HSMDA queue. Normally, the accounting and leaky bucket functions are based on the Ethernet DLC header, payload and the 4 byte CRC (everything except the preamble and inter-frame gap). As an example, the packet-byte-offset command can be used to add the frame encapsulation overhead (20 bytes) to the queues accounting functions.

The accounting functions affected include:

  1. Offered High Priority / In-Profile Octet Counter
  2. Offered Low Priority / Out-of-Profile Octet Counter
  3. Discarded High Priority / In-Profile Octet Counter
  4. Discarded Low Priority / Out-of-Profile Octet Counter
  5. Forwarded In-Profile Octet Counter
  6. Forwarded Out-of-Profile Octet Counter
  7. Peak Information Rate (PIR) Leaky Bucket Updates
  8. Committed Information Rate (CIR) Leaky Bucket Updates
  9. Queue Group Aggregate Rate Limit Leaky Bucket Updates

The secondary shaper leaky bucket, scheduler priority level leaky bucket and the port maximum rate updates are not affected by the configured packet-byte-offset. Each of these accounting functions are frame based and always include the preamble, DLC header, payload and the CRC regardless of the configured byte offset.

The packet-byte-offset command accepts either add or subtract as valid keywords which define whether bytes are being added or removed from each packet traversing the queue. Up to 31 bytes may be added to the packet and up to 32 bytes may be removed from the packet. An example use case for subtracting bytes from each packet is an IP based accounting function. Given a Dot1Q encapsulation, the command packet-byte-offset subtract 14 would remove the DLC header and the Dot1Q header from the size of each packet for accounting functions only. The 14 bytes are not actually removed from the packet, only the accounting size of the packet is affected.

As inferred above, the variable accounting size offered by the packet-byte-offset command is targeted at the queue and queue group level. The packet-byte-offset, when set, applies to all queues in the quee group. The accounting size of the packet is ignored by the secondary shapers, the scheduling priority level shapers and the scheduler maximum rate. The actual on-the-wire frame size is used for these functions to allow an accurate representation of the behavior of the subscriberís packets on an Ethernet aggregation network.

The packet-byte-offset value may be overridden at the queue-group level.

Parameters 
add add-bytes
Indicates that the byte value should be added to the packet for queue and queue group level accounting functions. Either the add or subtract keyword must be specified. The corresponding byte value must be specified when executing the packet-byte-offset command. The add keyword is mutually exclusive with the subtract keyword.
Values—
0 to 31
subtract sub-bytes
Indicates that the byte value should be subtracted from the packet for queue and queue group level accounting functions. The subtract keyword is mutually exclusive with the add keyword. Either the add or subtract keyword must be specified. The corresponding byte value must be specified when executing the packet-byte-offset command.
Values—
1 to 64

slope-policy

Syntax 
slope-policy hsmda-slope-policy-name
no slope-policy
Context 
config>service>vprn>if>sap>egress>hsmda-queue-overider
Description 

This command specifies an existing slope policy name.

wrr-weight

Syntax 
wrr-weight value
no wrr-weight
Context 
config>service>vprn>if>sap>egress>hsmda-queue-overider>queue
Description 

This command assigns the weight value to the HSMDA queue.

The no form of the command returns the weight value for the queue to the default value.

Parameters 
percentage
specifies the weight for the HSMDA queue
Values—
1to 32

wrr-policy

Syntax 
wrr-policy hsmda-wrr-policy-name
no wrr-policy
Context 
config>service>vprn>if>sap>egress>hsmda-queue-overider
Description 

This command associates an existing HSMDA weighted-round-robin (WRR) scheduling loop policy to the HSMDA queue.

Parameters 
hsmda-wrr-policy-name
specifies the existing HSMDA WRR policy name to associate to the queue

secondary-shaper

Syntax 
secondary-shaper secondary-shaper-name
no secondary-shaper
Context 
config>service>vprn>if>sap>egress>hsmda-queue-overider
Description 

This command configures an HSMDA secondary shaper. A shaper override can only be configured on an HSMDA SAP.

Parameters 
secondary-shaper-name—
specifies a secondary shaper name up to 32 characters in length

policer-override

Syntax 
[no] policer-override
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of the command is used to remove any existing policer overrides.

Default 

no policer-override

policer

Syntax 
policer policer-id [create]
no policer policer-id
Context 
config>service>vprn>if>sap>egress>policer-override
config>service>vprn>if>sap>ingress>policer-override
Description 

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.

The no form of the command is used to remove any existing overrides for the specified policer-id.

Parameters 
policer-id—
This parameter is required when executing the policer command within the policer-override context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.
create—
The create keyword is required when a policer override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit configuration, the create keyword is not required.

match-qinq-dot1p

Syntax 
match-qinq-dot1p {top | bottom}
no match-qinq-dot1p
Context 
config>service>vprn>if>sap>ingress
config>service>vprn>sub-if>grp-if>sap>ingress
Description 

This command specifies which Dot1Q tag position Dot1P bits in a QinQ encapsulated packet should be used to evaluate Dot1P QoS classification.

The match-qinq-dot1p command allows the top or bottom PBits to be used when evaluating the applied sap-ingress QoS policy’s Dot1P entries. The top and bottom keywords specify which position should be evaluated for QinQ encapsulated packets.

The no form of the command restores the default dot1p evaluation behavior for the SAP.

By default, the bottom most service delineating Dot1Q tags Dot1P bits are used. Table 40 defines the default behavior for Dot1P evaluation when the match-qinq-dot1p command is not executed.

Table 40:  Dot1P Default Behavior 

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q PBits

null

TopQ BottomQ

TopQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (Default SAP)

none

Dot1Q

Dot1P (Default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

QinQ / QinQ

TopQ BottomQ

BottomQ PBits

Default 

no match-qinq-dot1p - No filtering based on p-bits.

top or bottom must be specified to override the default QinQ dot1p behavior.

Parameters 
top—
The top parameter is mutually exclusive to the bottom parameter. When the top parameter is specified, the top most PBits are used (if existing) to match any dot1p dot1p-value entries. Table 41 defines the dot1p evaluation behavior when the top parameter is specified.
Table 41:  Dot1P Evaluation Behavior 

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q

Dot1Q PBits

null

TopQ BottomQ

TopQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (Default SAP)

none

Dot1Q

Dot1P (Default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

bottom—
The bottom parameter is mutually exclusive to the top parameter. When the bottom parameter is specified, the bottom most PBits are used (if existing) to match any dot1p dot1p-value entries. The following tables define the bottom position QinQ and TopQ SAP dot1p evaluation and the default dot1p explicit marking actions.
Table 42:  Bottom Position QinQ and TopQ SAP Dot1P Evaluation  

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q

Dot1Q PBits

null

TopQ BottomQ

BottomQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (default SAP)

none

Dot1Q

Dot1P (default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

BottomQ PBits

QinQ / QinQ

TopQ BottomQ

BottomQ PBits

Table 43:  Default Dot1P Explicit Marking Actions 

Egress SAP Type

Ingress Packet Preserved Dot1P State

Marked (or Remarked) PBits

null

no preserved Dot1P bits

none

null

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

Dot1Q

no preserved Dot1P bits

new PBits marked using dot1p-value

Dot1Q

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

TopQ

no preserved Dot1P bits

TopQ PBits marked using dot1p-value

TopQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits marked using dot1p-value, BottomQ PBits preserved

QinQ

no preserved Dot1P bits

TopQ PBits and BottomQ PBits marked using dot1p-value

QinQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits and BottomQ PBits marked using dot1p-value

The dot1p dot1p-value command must be configured without the qinq-mark-top-only parameter to remove the TopQ PBits only marking restriction.

qinq-mark-top-only

Syntax 
[no] qinq-mark-top-only
Context 
config>service>vprn>if>sap>egress
config>service>vprn>sub-if>grp-if>sap>egress
Description 

When enabled (the encapsulation type of the access port where this SAP is defined as qinq), the qinq-mark-top-only command specifies which P-bits/DEI bit to mark during packet egress. When disabled, both set of P-bits/DEI bit are marked. When the enabled, only the P-bits/DEI bit in the top Q-tag are marked.

Default 

no qinq-mark-top-only

qos

Syntax 
qos policy-id [port-redirect-group queue-group-name instance instance-id]
no qos
Context 
config>service>vprn>if>sap>egress
config>service>vprn>sub-if>grp-if>sap>egress
Description 

This command associates a Quality of Service (QoS) policy with an ingress or egress Service Access Point (SAP).

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP or IP interface. If the policy- id does not exist, an error will be returned.

The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy can be associated with a SAP or IP interface at one time. Attempts to associate a second QoS policy of a given type will return an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Default 

n/a

Parameters 
policy-id—
The ingress/egress policy ID to associate with SAP or IP interface on ingress/egress. The policy ID must already exist.
Values—
1 to 65535
port-redirect-group—
This keyword associates a SAP egress with an instance of a named queue group template on the egress port of a given IOM/IMM/XMA. The queue-group-name and instance instance-id are mandatory parameters when executing the command.
queue-group-name
Specifies the name of the egress port queue group of the IOM/IMM/XMA, up to 32 characters in length. The queue-group-name must correspond to a valid egress queue group, created under config>port>ethernet>access>egress.
instance instance-id
specifies the instance of the named egress port queue group on the IOM/IMM/XMA
Values—
1 to 40960
Values—
1

qos

Syntax 
qos policy-id [shared-queuing | multipoint-shared] fp-redirect-group queue-group-name instance instance-id
no qos
Context 
config>service>vprn>if>sap>ingress
config>service>vprn>sub-if>grp-if>sap>ingress
Description 

This command associates a Quality of Service (QoS) policy with an ingress Service Access Point (SAP).

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy- id does not exist, an error will be returned.

The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy can be associated with a SAP or IP interface at one time. Attempts to associate a second QoS policy of a given type will return an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Default 

n/a

Parameters 
policy-id—
The ingress/egress policy ID to associate with SAP or IP interface on ingress/egress. The policy ID must already exist.
Values—
1 to 65535
shared-queuing—
Specifies the ingress shared queue policy used by this SAP. When the value of this object is null it means that the SAP will use individual ingress QoS queues instead of the shared ones.
multipoint-shared—
Specifies that this queue-id is for multipoint forwarded traffic only. This queue-id can only be explicitly mapped to the forwarding class multicast, broadcast, or unknown unicast ingress traffic. Attempting to map forwarding class unicast traffic to a multipoint queue generates an error; no changes are made to the current unicast traffic queue mapping.

A queue must be created as multipoint. The multipoint designator cannot be defined after the queue is created. If an attempt is made to modify the command to include the multipoint keyword, an error is generated and the command will not execute.

The multipoint keyword can be entered in the command line on a pre-existing multipoint queue to edit queue-id parameters.

Values—
Present (the queue is created as non-multipoint).
Values—
Multipoint or not present.
fp-redirect-group—
Creates an instance of a named queue group template on the ingress forwarding plane of a given IOM/IMM/XMA. The queue-group-name and instance instance-id are mandatory parameters when executing the command. The named queue group template can contain only policers. If it contains queues, then the command will fail.
queue-group-name
Specifies the name of the queue group template to be instantiated on the forwarding plane of the IOM/IMM/XMA, up to 32 characters in length. The queue-group-name must correspond to a valid ingress queue group template name, configured under config>qos>queue-group-templates.
instance-id
specifies the instance of the named queue group to be created on the IOM/IMM/XMA ingress forwarding plane

scheduler-policy

Syntax 
scheduler-policy scheduler-policy-name
no scheduler-policy
Context 
config>service>vprn>if>sap>ingress
config>service>vprn>if>sap>egress
config>service>vprn>sub-if>grp-if>sap>egress
config>service>vprn>sub-if>grp-if>sap>ingress
Description 

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP policers and queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the SAP policers and queues associated with the customer site. Policers and queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers and queues that rely on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers and queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters 
scheduler-policy-name:—
The scheduler-policy-name parameter applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues created on associated SAPs.
Values—
any existing valid scheduler policy name

ipsec-gw

Syntax 
ipsec-gw name
no ipsec-gw
Context 
config>service>vprn>if>sap
Description 

This command configures the IPSec gateway.

Parameters 
name—
specifies the IPSec gateway name up to 32 characters in length

cert

Syntax 
cert
Context 
config>service>vprn>if>sap>ipsec-gw
Description 

This command enables the context to configure certificate parameters.

cert

Syntax 
cert filename
no cert
Context 
config>service>vprn>if>sap>ipsec-gw>cert
Description 

This command configures the cert with local file URL.

Default 

n/a

Parameters 
filename—
specifies the local file URL of the certificate to be used with this SAP IPSec tunnel and only applies to the 7750 SR

cert-profile

Syntax 
cert-profile profile-name
no cert-profile
Context 
config>service>vprn>if>sap>ipsec-gw>cert
config>service>vprn>if>sap>ipsec-tun>dyn>cert
Description 

This command specifies the cert-profile for the ipsec-tunnel or ipsec-gw. This command will override “cert” and “key” configuration under the ipsec-tunnel or ipsec-gw.

Default 

n/a

Parameters 
profile-name—
specifies the name of cert-profile

key

Syntax 
key filename
no key
Context 
config>service>vprn>if>sap>ipsec-gw>cert
Description 

This command configures the key-pair file to be used for X.509 certificate authentication with this SAP IPSec tunnel.

Default 

n/a

Parameters 
filename—
specifies a key with the CA profile

trust-anchor

Syntax 
trust-anchor ca-profile-name
no trust-anchor
Context 
config>service>vprn>if>sap>ipsec-gw>cert
Description 

This command configures the Certificate-Authority Profile name associated with this SAP IPSec tunnel certificate.

Default 

n/a

Parameters 
ca-profile-name—
specifies a CA profile name up to 32 characters in length

default-secure-service

Syntax 
default-secure-service service-id interface ip-int-name
no default-secure-service
Context 
config>service>vprn>if>sap>ipsec-gw
Description 

This command specifies a service ID or service name of the default security service used by this SAP IPSec gateway.

Parameters 
service-id—
specifies a default secure service
Values—
service-id: 1 to 2147483648
svc-name: specifies an existing service name up to 64 characters in length

default-tunnel-template

Syntax 
default-tunnel-template ipsec template identifier
no default-tunnel-template
Context 
config>service>vprn>if>sap>ipsec-gw
Description 

This command configures the default tunnel policy template for the gateway.

Parameters 
ipsec template id*—
[1 to 2048]

ike-policy

Syntax 
ike-policy ike-policy-id
no ike-policy
Context 
config>service>vprn>if>sap>ipsec-gw
config>service>vprn>if>sap>ipsec-tunnel>dynamic-keying
Description 

This command configures the IKE policy for the gateway.

Parameters 
ike-policy-id—
specifies the IKE policy ID
Values—
1 to 2048

local-gateway-address

Syntax 
local-gateway-address ip-address
no local-gateway-address
Context 
config>service>vprn>if>sap>ipsec-gw
Description 

This command configures the ipsec-gateway local address.

Parameters 
ip-address—
specifies the IP unicast address

local-id

Syntax 
local-id type {ipv4 | fqdn} [value [value]]
no local-id
Context 
config>service>vprn>if>sap>ipsec-gw
Description 

This command specifies the local ID of the router used for IDi or IDr for IKEv2 tunnels. The local-id can only be changed or removed when tunnel or gateway is shutdown.

Default: Depends on local-auth-method such as:

  1. Psk:local tunnel ip address
  2. Cert-auth: subject of the local certificate
Parameters 
type —
specifies the type of local ID payload, it could be ipv4 address/FQDN domain name/distinguish name of subject in X.509 certificate.
Values—
ipv4 — Use ipv4 as the local ID type, the default value is the local tunnel end-point address.
fqdn — Use FQDN as the local ID type, the value must be configured.
dn — Use the subject of the certificate configured for the tunnel or gateway.

pre-shared-key

Syntax 
pre-shared-key key
no pre-shared-key
Context 
config>service>vprn>if>sap>ipsec-gw
config>service>vprn>if>sap>ipsec-tunnel>dynamic-keying
Description 

This command specifies the shared secret between the two peers forming the tunnel.

Parameters 
key—
specifies a pre-shared-key for dynamic-keying

radius-accounting-policy

Syntax 
radius-accounting-policy policy-name
no radius-accounting-policy
Context 
config>service>vprn>if>sap>ipsec-gw
config>service>vprn>l2tp
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the radius-accounting-policy.

Parameters 
policy-name—
32 characters maximum

radius-authentication-policy

Syntax 
radius-authentication-policy name
no radius-authentication-policy
Context 
config>service>vprn>if>sap>ipsec-gw
Description 

This command configures the radius-authentication-policy.

Parameters 
name—
32 characters maximum

lag-link-map-profile

Syntax 
lag-link-map-profile link-map-profile-id
no lag-link-map-profile
Context 
config>service>vprn>if>sap
config>service>vprn> sub-if>grp-if >sap
Description 

This command assigns a pre-configured lag link map profile to a SAP/network interface configured on a LAG or a PW port that exists on a LAG. Once assigned/de-assigned, the SAP/network interface egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP/network interface to use per-flow, service or link hash as configured for the service/LAG.

Default 

no lag-link-map-profile

Parameters 
link-map-profile-id—
an integer from 1 to 64 that defines a unique lag link map profile on which the LAG the SAP/network interface exist

multi-service-site

Syntax 
multi-service-site customer-site-name
no multi-service-site customer-site-name
Context 
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command creates a new customer site or edits an existing customer site with the customer-site-name parameter. A customer site is an anchor point to create an ingress and egress virtual scheduler hierarchy. When a site is created, it must be assigned to a chassis slot or port on the 7750 SR. When scheduler policies are defined for ingress and egress, the scheduler names contained in each policy are created according to the parameters defined in the policy. Multi-service customer sites exist for the sole purpose of creating a virtual scheduler hierarchy and making it available to queues on multiple Service Access Points (SAPs).

The scheduler policy association with the customer site normally prevents the scheduler policy from being deleted until after the scheduler policy is removed from the customer site. The multi-service-site object will generate a log message indicating that the association was deleted due to scheduler policy removal.

When the multi-service customer site is created, an ingress and egress scheduler policy association does not exist. This does not prevent the site from being assigned to a chassis slot or prevent service SAP assignment. After the site has been created, the ingress and egress scheduler policy associations can be assigned or removed at any time.

Default 

n/a — Each customer site must be explicitly created.

Parameters 
customer-site-name—
Each customer site must have a unique name within the context of the customer. If customer-site-name already exists for the customer ID, the CLI context changes to that site name for the purpose of editing the site scheduler policies or assignment. Any modifications made to an existing site will affect all SAPs associated with the site. Changing a scheduler policy association may cause new schedulers to be created and existing policers and queues on the SAPs to no longer be orphaned. Existing schedulers on the site may cease to exist, causing policers and queues relying on that scheduler to be orphaned.

If the customer-site-name does not exist, it is assumed that an attempt is being made to create a site of that name in the customer ID context. The success of the command execution depends on the following:

  1. The maximum number of customer sites defined for the chassis slot has not been met.
  2. The customer-site-name is valid.
  3. The create keyword is included in the command line syntax (if the system requires it).

When the maximum number of customer sites has been exceeded a configuration error occurs; the command will not execute and the CLI context will not change.

If the customer-site-name is invalid, a syntax error occurs; the command will not execute and the CLI context will not change.

Values—
Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

static-host

Syntax 
static-host ip ip/did-address [mac ieee-address] [create]
static-host mac ieee-address [create]
no static-host [ip ip-address>] mac ieee-address>
no static-host all [force]
no static-host ip ip-address
Context 
config>service>vprn>if>sap
config>service>vprn>sub-if>grp-if>sap
Description 

This command configures a static host on this SAP.

Parameters 
ip ip-address
specifies the IPv4 unicast address
mac ieee-address —
Specifies this optional parameter when defining a static host. Every static host definition must have at least one address defined, IP or MAC.
force—
specifies the forced removal of the static host addresses

sla-profile sla-profile-name

This optional parameter is used to specify an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

ancp-string

Syntax 
ancp-string ancp-string
no ancp-string
Context 
config>service>vprn>if>sap>static-host
config>service>vprn>sub-if>grp-if>sap>static-host
Description 

This command specifies the ANCP string associated to this SAP host.

Parameters 
ancp-string—
specifies the ANCP string up to 63 characters in length

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>vprn>if>sap>static-host
config>service>vprn>sub-if>grp-if>sap>static-host
Description 

This command specifies an application profile name.

Parameters 
app-profile-name—
specifies the application profile name up to 32 characters in length

inter-dest-id

Syntax 
inter-dest-id intermediate-destination-id
no inter-dest-id
Context 
config>service>vprn>if>sap>static-host
config>service>vprn>sub-if>grp-if>sap>static-host
Description 

This command specifies to which intermediate destination (for example a DSLAM) this host belongs.

Parameters 
intermediate-destination-id—
specifies the intermediate destination ID

managed-routes

Syntax 
managed-routes
Context 
config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes
Description 

This command configures managed routes.

route

Syntax 
route {ip-prefix/length | ip-prefix netmask} [create]
no route {ip-prefix/length | ip-prefix netmask}
Context 
config>service>vprn>sub-if>grp-if>sap>static-host>managed-routes
Description 

This command assigns managed-route to a given subscriber-host. As a consequence, a static route pointing subscriber-host ip address as a next hop will be installed in FIB. Up to 16 managed routes per subscriber-host can be configured.

The no form of the command removes the respective route. Per default, there are no managed-routes configured.

sla-profile

Syntax 
sla-profile sla-profile-name
no sla-profile
Context 
config>service>vprn>if>sap>static-host
config>service>vprn>sub-if>grp-if>sap>static-host
Description 

This command specifies an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

Parameters 
sla-profile-name—
specifies the SLA profile name

sub-profile

Syntax 
sub-profile sub-profile-name
no sub-profile
Context 
config>service>vprn>if>sap>static-host
config>service>vprn>sub-if>grp-if>sap>static-host
Description 

This command specifies an existing subscriber profile name to be associated with the static subscriber host.

Parameters 
sub-profile-name—
specifies the sub-profile name

subscriber

Syntax 
subscriber sub-ident
no subscriber
Context 
config>service>vprn>if>sap>static-host
config>service>vprn>sub-if>grp-if>sap>static-host
Description 

This command specifies an existing subscriber identification profile to be associated with the static subscriber host.

Parameters 
sub-ident—
specifies the subscriber identification

subscriber-sap-id

Syntax 
[no] subscriber-sap-id
Context 
config>service>vprn>if>sap>static-host
config>service>vprn>sub-if>grp-if>sap>static-host
Description 

This command enables using the SAP ID as subscriber id.

Parameters 
subscriber-sap-id—
specifies to use the sap-id as the subscriber-id

queue-override

Syntax 
[no] queue-override
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command enables the context to configure override values for the specified SAP egress or ingress QoS queue. These values override the corresponding ones specified in the associated SAP egress or ingress QoS policy.

queue

Syntax 
[no] queue queue-id
Context 
config>service>vprn>if>sap>egress>queue-override
config>service>vprn>if>sap>ingress>queue-override
Description 

This command specifies the ID of the queue whose parameters are to be overridden.

Parameters 
queue-id—
the queue ID whose parameters are to be overridden
Values—
1 to 32

adaptation-rule

Syntax 
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

The no form of the command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default 

no adaptation-rule

Parameters 
pir—
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
cir—
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
adaptation-rule—
specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset
Values—
max — The max (maximum) keyword is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue will be equal to or less than the administrative rate specified using the rate command.
min — The min (minimum) keyword is mutually exclusive with the max and closest options. When min is defined, the operational PIR for the queue will be equal to or greater than the administrative rate specified using the rate command.
closest — The closest parameter is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the queue will be the rate closest to the rate specified using the rate command.

avg-frame-overhead

Syntax 
avg-frame-overhead percent
no avg-frame-overhead
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a Sonet or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).

When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:

  1. Offered-load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet based offered-load.
  2. Frame encapsulation overhead — Using the avg-frame-overhead parameter, the frame encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10000 octets and the avg-frame-overhead equals 10%, the frame encapsulation overhead would be 10000 x 0.1 or 1000 octets.

For egress Ethernet queues, the frame encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets then the frame encapsulation overhead would be 50 x 20 or 1000 octets.

  1. Frame based offered-load — The frame based offered-load is calculated by adding the offered-load to the frame encapsulation overhead. If the offered-load is 10000 octets and the encapsulation overhead was 1000 octets, the frame based offered-load would equal 11000 octets.
  2. Packet to frame factor — The packet to frame factor is calculated by dividing the frame encapsulation overhead by the queue’s offered-load (packet based). If the frame encapsulation overhead is 1000 octets and the offered-load is 10000 octets then the packet to frame factor would be 1000 / 10000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor making this calculation unnecessary.
  3. Frame based CIR — The frame based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR and then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame based CIR would be 500 x 1.1 or 550 octets.
  4. Frame based within-cir offered-load — The frame based within-cir offered-load is the portion of the frame based offered-load considered to be within the frame-based CIR. The frame based within-cir offered-load is the lesser of the frame based offered-load and the frame based CIR. If the frame based offered-load equaled 11000 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would be limited to 550 octets. If the frame based offered-load equaled 450 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would equal 450 octets (or the entire frame based offered-load).

As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame based within-cir offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-cir pass.

  1. Frame based PIR — The frame based PIR is calculated by multiplying the packet to frame factor with the queue’s configured PIR and then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame based PIR would be 7500 x 1.1 or 8250 octets.
  2. Frame based within-pir offered-load — The frame based within-pir offered-load is the portion of the frame based offered-load considered to be within the frame based PIR. The frame based within-pir offered-load is the lesser of the frame based offered-load and the frame based PIR. If the frame based offered-load equaled 11000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered-load would be limited to 8250 octets. If the frame based offered-load equaled 7000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered load would equal 7000 octets.

Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to determine the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.

SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.

The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.

Default 

0

Parameters 
percent—
This parameter sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Values—
0 to 100

cbs

Syntax 
cbs size-in-kbytes
no cbs
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error will occur, preventing the CBS change.

The no form of this command returns the CBS size to the default value.

Default 

no cbs

Parameters 
size-in-kbytes—
The size parameter is an integer expression of the number of kilobytes reserved for the queue. If a value of 10KBytes is desired, enter the value 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimal reserved size can still be applied for scheduling purposes).
Values—
0 to 131072 or default

high-prio-only

Syntax 
high-prio-only percent
no high-prio-only
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s high-prio-only parameters. The high-prio-only command configures the percentage of buffer space for the queue, used exclusively by high priority packets.

The priority of a packet can only be set in the SAP ingress QoS policy and is only applicable on the ingress queues for a SAP. The high-prio-only parameter is used to override the default value derived from the network-queue command.

The defined high-prio-only value cannot be greater than the MBS size of the queue. Attempting to change the MBS to a value smaller than the high priority reserve will generate an error and fail execution. Attempting to set the high-prio-only value larger than the current MBS size will also result in an error and fail execution.

The no form of this command restores the default high priority reserved size.

Parameters 
percent—
The percent parameter is the percentage reserved for high priority traffic on the queue. If a value of 10KBytes is desired, enter the value 10. A value of 0 specifies that none of the MBS of the queue will be reserved for high priority traffic. This does not affect RED slope operation for packets attempting to be queued.
Values—
0 to 100 | default

mbs

Syntax 
mbs {size-in-kbytes | default}
no mbs
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>egress>hsmda-queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s MBS parameters. The MBS is a mechanism to override the default maximum size for the queue.

The sum of the MBS for all queues on an egress access port can oversubscribe the total amount of buffering available. When congestion occurs and buffers become scarce, access to buffers is controlled by the RED slope a packet is associated with. A queue that has not exceeded its MBS size is not guaranteed that a buffer will be available when needed or that the packet’s RED slope will not force the discard of the packet. Setting proper CBS parameters and controlling CBS oversubscription is one major safeguard to queue starvation (when a queue does not receive its fair share of buffers). Another is properly setting the RED slope parameters for the needs of services on this port or channel.

If the CBS value is larger than the MBS value, an error will occur, preventing the MBS change.

The no form of this command returns the MBS size assigned to the queue.

Default 

default

Parameters 
size-in-kbytes—
The size parameter is an integer expression of the maximum number of kilobytes of buffering allowed for the queue. For a value of 100 kbps, enter the value 100. A value of 0 causes the queue to discard all packets.

For sap>egress>queue-override>queue:

Values—
0 to 1073741824 or default in bytes or kilobites
size-in-kbytes—
The size parameter is an integer expression of the maximum number of kilobytes of buffering allowed for the queue. For a value of 100 kbps, enter the value 100. A value of 0 causes the queue to discard all packets.

For sap>egress>hsmda-queue-override>queue:

Values—
[0 to 2625][kilobytes] | [0 to 2688000]bytes | default

mbs

Syntax 
mbs {size-in-kbytes | default}
no mbs
Context 
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s MBS parameters. The MBS value is used by a queue to determine whether it has exhausted all of its buffers while enqueuing packets. Once the queue has exceeded the amount of buffers allowed by MBS, all packets are discarded until packets have been drained from the queue.

The sum of the MBS for all queues on an ingress access port can oversubscribe the total amount of buffering available. When congestion occurs and buffers become scarce, access to buffers is controlled by the RED slope a packet is associated with. A queue that has not exceeded its MBS size is not guaranteed that a buffer will be available when needed or that the packet’s RED slope will not force the discard of the packet. Setting proper CBS parameters and controlling CBS oversubscription is one major safeguard to queue starvation (when a queue does not receive its fair share of buffers). Another is properly setting the RED slope parameters for the needs of services on this port or channel.

If the CBS value is larger than the MBS value, an error will occur, preventing the MBS change.

The defined high-prio-only value cannot be greater than the MBS size of the queue. Attempting to change the MBS to a value smaller than the high priority reserve will generate an error and fail execution. Attempting to set the high-prio-only value larger than the current MBS size will also result in an error and fail execution.

The no form of this command returns the MBS size assigned to the queue to the value.

Default 

mbs default

Parameters 
size-in-kbytes—
The size parameter is an integer expression of the maximum number of kilobytes of buffering allowed for the queue. For a value of 100 kbps, enter the value 100. A value of 0 causes the queue to discard all packets.
Values—
0 to 131072 or default

parent

Syntax 
parent [weight weight] [cir-weight cir-weight]
no parent
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of the command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default 

no parent

Parameters 
weight weight
Weight defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values—
0 to 100
Values—
1
cir-weight cir-weight
The cir-weight keyword defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values—
0 to 100
Values—
1

percent-rate

Syntax 
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gigabit and a 10-Gigabit Ethernet port, the queue’s rates will be 10 times greater on the 10 Gigabit port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at anytime.

An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.

The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.

Parameters 
pir-percent
Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Values—
0.01 to 100.00
Values—
100.00
cir-percent—
Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Values—
0.00 to 100.00
Values—
100.00

rate

Syntax 
rate pir-rate [cir cir-rate]
no rate
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR) and the Committed Information Rate (CIR) parameters. The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

The no form of the command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default 

rate max cir 0 - The max default specifies the amount of bandwidth in kilobits per second (thousand bits per second). The max value is mutually exclusive to the pir-rate value.

Parameters 
pir-rate—
Defines the administrative PIR rate, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values—
1 to 2000000000, max
Values—
max
cir-rate—
The cir parameter overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be given as a positive integer. The sum keyword specifies that the CIR be used as the summed CIR values of the children schedulers or queues.

Values—
0 to 2000000000, max
Values—
0

rate

Syntax 
rate pir-rate
no rate
Context 
config>service>vprn>if>sap>egress>hsmda-queue-overide>queue
Description 

This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR). The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The rate command can be executed at any time, altering the PIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

The no form of the command returns all queues created with the queue-id by association with the QoS policy to the default PIR parameters (max, 0).

Parameters 
pir-rate—
Defines the administrative PIR rate, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values—
1 to 100000000
Values—
max

scheduler-override

Syntax 
[no] scheduler-override
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command specifies the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

scheduler

Syntax 
scheduler scheduler-name
no scheduler scheduler-name
Context 
config>service>vprn>if>sap>egress>sched-override
config>service>vprn>if>sap>ingress>sched-override
Description 

This command can be used to override specific attributes of the specified scheduler name.

A scheduler defines a bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues, or other schedulers defined as child associations. The scheduler can be a child (take bandwidth from a scheduler in a higher tier, except for schedulers created in tier 1). A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.
  2. The provided scheduler-name is valid.
  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters 
scheduler-name—
the name of the scheduler
Values—
Valid names consist of any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
Values—
n/a. Each scheduler must be explicitly created.
create—
This optional keyword explicitly specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

parent

Syntax 
parent [weight weight] [cir-weight cir-weight]
no parent
Context 
config>service>vprn>if>sap>ingress>sched-override>scheduler
config>service>vprn>if>sap>egress>sched-override>scheduler
Description 

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of the command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default 

no parent

Parameters 
weight weight
Weight defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values—
0 to 100
Values—
1
cir-weight cir-weight
The cir-weight keyword defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values—
0 to 100
Values—
1

rate

Syntax 
rate pir-rate [cir cir-rate]
no rate
Context 
config>service>vprn>if>sap>egress>sched-override>scheduler
config>service>vprn>if>sap>ingress>sched-override
Description 

This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s ‘within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other then its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child policers and queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns all queues created with this queue-id by association with the QoS policy to the default PIR and CIR parameters.

Parameters 
pir-rate—
The pir parameter accepts a value of 1 to 3200000000, or the max keyword. Any other value will result in an error without modifying the current PIR rate.
Values—
1 to 3200000000, max
Values—
max
cir-rate—
The cir parameter accepts a value of 0 to 3200000000, or the max or sum keywords. Any other value will result in an error without modifying the current CIR rate.

If the cir is set to max, then the CIR rate is set to infinity, but is limited by the pir-rate.

If the cir is set to sum, then the CIR rate is set to the summed CIR values of the children schedulers, policers, or queues.

Values—
0 to 3200000000, max, sum
Values—
sum

Interface VRRP Commands

vrrp

Syntax 
vrrp virtual-router-id [owner] [passive]
no vrrp virtual-router-id
Context 
config>service>vprn>if
Description 

This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRRP nodes can be defined on an IP interface. One, both, or none may be defined as owner. The nodal context of vrrp virtual-router-id is used to define the configuration parameters for the VRID.

The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shutdown in order to remove the virtual router instance.

Default 

n/a

Special Cases 
Virtual Router Instance Owner IP Address Conditions—
The virtual router instance owner can be created prior to assigning the parent IP interface primary or secondary IP addresses. In this case, the virtual router instance is not associated with an IP address. The operational state of the virtual router instance is down.
VRRP Owner Command Exclusions—
By specifying the VRRP vrid as owner, the following commands are no longer available:
  1. vrrp priority — The virtual router instance owner is hard-coded with a priority value of 255 and cannot be changed.
  2. vrrp master-int-inherit — Owner virtual router instances do not accept VRRP advertisement messages; the advertisement interval field is not evaluated and cannot be inherited.
  3. ping-reply, telnet-reply and ssh-reply — The owner virtual router instance always allows Ping, Telnet and SSH if the management and security parameters are configured to accept them on the parent IP interface.
  4. vrrp shutdownThe owner virtual router instance cannot be shut down on the vrrp node. If this was allowed, VRRP messages would not be sent, but the parent IP interface address would continue to respond to ARPs and forward IP packets. Another virtual router instance may detect the missing master due to the termination of VRRP advertisement messages and become master. This would result in two routers responding to ARP requests for the same IP addresses. To shut down the owner virtual router instance, use the shutdown command in the parent IP interface context. This will prevent VRRP participation, IP ARP reply and IP forwarding. To continue parent IP interface ARP reply and forwarding without VRRP participation, remove the vrrp vrid instance.
  5. traceroute-reply
VRRP Passive Command Exclusions—
By specifying the VRRP vrid as passive, the following commands related to the master election and processing of VRRP advertisement messages are no longer available:
  1. vrrp priority
  2. policy
  3. preempt
  4. master-int-inherit
  5. standby-forwarding
  6. int-delay
  7. message-interval
  8. authentication-key
  9. bfd-enable
Parameters 
virtual-router-id—
The virtual-router-id parameter specifies a new virtual router ID or one that can be modified on the IP interface.
Values—
1 to 255
owner—
Identifies this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.
passive—
Identifies this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operational-up), or the init state (if the interface is operational-down). The passive keyword is not required when entering the vrid for editing purposes. Once a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>vprn>if>vrrp
Description 

The authentication-key command, within the vrrp virtual-router-id context, is used to assign a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.

The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, this command is not required. If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.

To change the current in-use password key on multiple virtual router instances:

  1. Identify the current master
  2. Shutdown the virtual router instance on all backups
  3. Execute the authentication-key command on the master to change the password key
  4. Execute the authentication-key command and no shutdown command on each backup key

The no form of this command restores the default null string to the value of key.

Default 

n/a. The authentication data field contains the value 0 in all 16 octets.

Parameters 
authentication-key—
The key parameter identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.

The key parameter is expressed as a string consisting of up to eight alpha-numeric characters. Spaces must be contained in quotation marks ( “ ” ). The quotation marks are not considered part of the string.

The string is case sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.

Values—
Any 7-bit printable ASCII character.

Exceptions:

Double quote (")

ASCII 34

Carriage Return

ASCII 13

Line Feed

ASCII 10

Tab

ASCII 9

Backspace

ASCII 8

hash-key—
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”)

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

backup

Syntax 
[no] backup ip-address
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command configures virtual router IP addresses for the interface.

bfd-enable

Syntax 
bfd-enable interface interface-name dst-ip ip-address
bfd-enable service-id interface interface-name dst-ip ip-address
no bfd-enable interface interface-name dst-ip ip-address
no bfd-enable service-id interface interface-name dst-ip ip-address
Context 
config>service>vprn>if>vrrp
config>service>vprn>sub-if>grp-if>srrp
config>service>vprn>if>ipv6>vrrp
Description 

This commands assigns a bi-directional forwarding (BFD) session providing heart-beat mechanism for the given VRRP/SRRP instance. There can be only one BFD session assigned to any given VRRP/SRRP instance, but there can be multiple SRRP/VRRP sessions using the same BFD session. If the interface used is configured with centralized BFD, the BFD transmit and receive intervals need to be set to at least 300 ms.

BFD control the state of the associated interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface. The specified interface may not be configured with BFD; when it is, the virtual router will then initiate the BFD session.

The no form of this command removes BFD from the configuration.

Default 

n/a

Parameters 
service-id—
specifies the service ID of the interface running BFD
Values—

service-id:

1 to 2147483648

svc-name:

Specifies an existing service name up to 64 characters in length

No service ID indicates a network interface

interface interface-name
specifies the name of the interface running BFD
dst-ip ip-address
specifies the destination address to be used for the BFD session

init-delay

Syntax 
init-delay seconds
no init-delay
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command configures a VRRP initialization delay timer.

Default 

no init-delay

Parameters 
seconds—
specifies the initialization delay timer for VRRP, in seconds
Values—
1 to 65535

mac

Syntax 
[no] mac ieee-mac-address
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command assigns a specific MAC address to an IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

Default 

The physical MAC address associated with the Ethernet interface that the SAP is configured on.

Parameters 
ieee-mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

master-int-inherit

Syntax 
[no] master-int-inherit
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command allows the master instance to dictate the master down timer (non-owner context only).

Default 

no master-int-inherit

message-interval

Syntax 
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
Context 
config>service>vprn>if
config>service>vprn>if>ipv6>vrrp
Description 

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers participating as a virtual router. Any VRRP advertisement message received with an Advertisement Interval field different than the virtual router instance configured message-interval value will be silently discarded.

The message-interval command is available in both non-owner and owner vrrp virtual-router-id nodal contexts. If the message-interval command is not executed, the default message interval of 1 second will be used.

The no form of this command restores the default message interval value of 1 second to the virtual router instance.

Parameters 
seconds—
the number of seconds that will transpire before the advertisement timer expires
Values—
1 to 255
Values—
1
milliseconds milliseconds
Specifies the milliseconds time interval between sending advertisement messages. This parameter is not supported on single-slot chassis.
Values—
100 to 900

ping-reply

Syntax 
[no] ping-reply
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to ICMP Echo Requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP Echo Requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP Echo Requests regardless of the setting of ping-reply configuration.

The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.

Default 

no ping-reply

policy

Syntax 
policy vrrp-policy-id
no policy
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).

Parameters 
vrrp-policy-id—
specifies a VRRP priority control policy
Values—
1 to 9999

preempt

Syntax 
[no] preempt
Context 
config>service>vprn>if
config>service>vprn>if>ipv6>vrrp
Description 

The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.

When preempt is enabled, the virtual router instance overrides any non-owner master with an “in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.

The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.

The default value for preempt mode is enabled.

Default 

preempt

priority

Syntax 
priority priority
no priority
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.

The no form of this command restores the default value of 100 to base-priority.

Parameters 
base-priority—
The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP priority control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.
Values—
1 to 254
Values—
100

ssh-reply

Syntax 
[no] ssh-reply
Context 
config>service>vprn>if>vrrp
Description 

This command enables the non-owner master to reply to SSH Requests directed at the virtual router instance’s IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Proper login and CLI command authentication is still enforced.

When ssh-reply is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded. Non-owner backup virtual routers never respond to SSH regardless of the ssh-reply configuration.

The ssh-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default 

no ssh-reply

standby-forwarding

Syntax 
[no] standby-forwarding
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command allows the forwarding of packets by a standby router.

The no form of the command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.

Default 

no standby-forwarding

telnet-reply

Syntax 
[no] telnet-reply
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to TCP port 23 Telnet Requests directed at the virtual router instance’s IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet Requests regardless of the telnet-reply configuration.

The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default 

no telnet-reply

traceroute-reply

Syntax 
[no] traceroute-reply
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default 

no traceroute-reply

Interface SAP Commands

sap

Syntax 
sap sap-id [create]
no sap sap-id
Context 
config>service>vprn>if
config>service>vprn>sub-if>grp-if
config>service>vprn>if>sap
Description 

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object. Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the config interface port-type port-id mode access command. Channelized TDM ports are always access ports.

If a port is shutdown, all SAPs on that port become operationally down. When a service is shutdown, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted. The no form of the command cuases the ptp-h-assist to be disabled.

Default 

No SAPs are defined.

Special Cases 
VPRN—
A VPRN SAP must be defined on an Ethernet interface.

sap ipsec-id.private | public:tag — This parameter associates an IPSec group SAP with this interface. This is the public side for an IPSec tunnel. Tunnels referencing this IPSec group in the private side may be created if their local IP is in the subnet of the interface subnet and the routing context specified matches with the one of the interface.

This context will provide a SAP to the tunnel. The operator may associate an ingress and egress QoS policies as well as filters and virtual scheduling contexts. Internally this creates an Ethernet SAP that will be used to send and receive encrypted traffic to and from the MDA. Multiple tunnels can be associated with this SAP. The “tag” will be a dot1q value. The operator may see it as an identifier. The range is limited to 1 to 4094.

Parameters 
sap-id—
specifies the physical port identifier portion of the SAP definition
port-id—
specifies the physical port ID

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example 6/2/3 specifies port 3 on MDA 2 in slot 6.

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels the port ID must include the channel ID. A period “.” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

create—
creates a SAP instance
split-horizon-group group-name
specifies the name of the split horizon group to which the SAP belongs

aarp

Syntax 
aarp aarpId type type
no aarp
Context 
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
Description 

This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.

The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.

The no form of the command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.

Default 

no aarp

Parameters 
aarpId—
specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
Values—
1 to 65535
type—
specifies the role of the SAP referenced by the AARP instance
Values—
dual-homed — the primary dual-homed AA subscriber side service-point of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP. dual-homed-secondary — one of the secondary dual-homed AA subscriber side service-points of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

transit-policy

Syntax 
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}
no transit-policy
Context 
config>service>vprn>if>sap>
config>service>vprn>if>spoke-sdp>
Description 

This command associates an AA transit policy to the service. The transit IP policy must be defined prior to associating the policy with a SAP in the config>application assurance>group>policy>transit-ip-policy context.

Transit AA subscribers are managed by the system through this service policy, which determines how transit subs are created and removed for that service.

The no form of the command removes the association of the policy to the service.

Default 

no transit-policy

Parameters 
ip-aasub-policy-id—
specifies an integer identifying an IP transit IP profile entry
Values—
1 to 65535
prefix-aasub-policy-id—
specifies an integer identifying a prefix transit profile entry
Values—
1 to 65535

accounting-policy

Syntax 
accounting-policy acct-policy-id
no accounting-policy
Context 
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
Description 

This command creates the accounting policy context that can be applied to an interface SAP or interface SAP spoke SDP.

An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default 

default accounting policy

Parameters 
acct-policy-id—
the accounting policy-id as configured in the config>log>accounting-policy context
Values—
1 to 99

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>vprn>if>spoke-sdp
Description 

This command configures the application profile name.

Parameters 
app-profile-name—
specifies the application profile name
Values—
32 chars max

bfd-enable

Syntax 
bdf-enable
no bfd-enable
Context 
config>service>vprn>if>spoke-sdp
Description 

This command enables VCCV BFD on the PW associated with the VLL, BGP VPWS, or VPLS service. The parameters for the BFD session are derived from the named BFD template, which must have been first configured using the bfd-template command.

bfd-template

Syntax 
bdf-template name
no bfd-template
Context 
config>service>vprn>if>spoke-sdp
Description 

This command configures a named BFD template to be used by VCCV BFD on PWs belonging to the VLL, BGP VPWS, or VPLS service. The template specifies parameters, such as the minimum transmit and receive control packet timer intervals, to be used by the BFD session. Template parameters are configured under the config>router>bfd context.

Default 

no bfd-template

Parameters 
name—
a text string name for the template of up to 32 characters in printable 7-bit ASCII, enclosed in double quotes

collect-stats

Syntax 
[no] collect-stats
Context 
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
Description 

This command enables accounting and statistical data collection for either an interface SAP or interface SAP spoke SDP, or network port. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default 

no collect-stats

cpu-protection

Syntax 
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate][car]]
no cpu-protection
Context 
config>service>vprn>sub-if>grp-if>sap
Description 

This command assigns an existing CPU protection policy to the associated group interface. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU-Protection policy is assigned to a group interface SAP, then the default policy is used to limit the overall-rate. The default policy is policy number 254 for access interfaces and 255 for network interfaces.

The no form of the command removes the association of the CPU protection policy from the associated interface and reverts to the default policy values.

Default 

cpu-protection 254 (for access interfaces); cpu-protection 255 (for network interfaces)

The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.

Parameters 
policy-id—
specifies an existing CPU protection policy.
Values—
1 to 255
mac-monitoring—
enables MAC monitoring
eth-cfm-monitoring
enables Ethernet Connectivity Fault Management monitoring
aggregate—
applies the rate limit to the sum of the per peer packet rates
car—
(Committed Access Rate) causes Eth-CFM packets to be ignored when enforcing the overall-rate

dist-cpu-protection

Syntax 
dist-cpu-protection policy-name
no dist-cpu-protection
Context 
config>service>vprn>sub-if>grp-if>sap
config>service>>vprn>if>sap
Description 

This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid created DCP policy can be assigned to a SAP or a network interface (This rule does not apply to templates such as an msap-policy).

Default 

no dist-cpu-protection

default-host

Syntax 
default-host ip-address/mask next-hop next-hop-ip
no default-host ip-address/mask
Context 
config>service>vprn>sub-if>grp-if>sap
Description 

This command configures the default-host to be used. More than one default-host can be configured per SAP.

The no form of the command removes the values from the configuration.

Parameters 
ip-address/mask—
assigns an IP address/IP subnet format to the interface
next-hop next-hop-ip
assigns the next hop IP address

source

Syntax 
source ip-address
no source
Context 
config>service>ies>if>sap>ip-tunnel
Description 

This command configures the source IPv4 or IPv6 address to use for an IP tunnel. This configuration applies to the outer IP header of the encapsulated packets. The IPv4 or IPv6 address must belong to the one of the IP subnets associated with the public SAP interface of the tunnel-group. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the source address contains an IPv6 address it must be a global unicast address.

Default 

no source

Parameters 
ip-address—
an IPv4 address or an IPv6 address

remote-ip

Syntax 
remote-ip ip-address
no remote-ip
Context 
config>service>ies>if>sap>ip-tunnel
Description 

This command configures the primary destination IPv4 or IPv6 address to use for an IP tunnel. This configuration applies to the outer IP header of the encapsulated packets. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the remote-ip address contains an IPv6 address it must be a global unicast address.

Default 

no remote-ip

Parameters 
ip-address—
an IPv4 address or an IPv6 address

backup-remote-ip

Syntax 
backup-remote-ip ip-address
no remote-ip
Context 
config>service>ies>if>sap>ip-tunnel
Description 

This command configures the alternate destination IPv4 or IPv6 address to use for an IP tunnel. This destination address is used only if the primary destination configured with the remote-ip command is unreachable in the delivery service. The source address, remote-ip address and backup-remote-ip address of a tunnel must all belong to the same address family (IPv4 or IPv6). When the backup-remote-ip address contains an IPv6 address it must be a global unicast address.

Default 

no remote-ip

Parameters 
ip-address—
an IPv4 address or an IPv6 address

Routed VPLS Commands

vpls

Syntax 
vpls service-name
Context 
config>service
config>service>vprn>if
Description 

The vpls command, within the IP interface context, is used to bind the IP interface to the specified service name.

The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system will scan the available VPLS services that have the allow-ip-int-bind flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system will immediately attempt to resolve the given name.

If a VPLS service is found associated with the name and with the allow-ip-int-bind flag set, the IP interface will be attached to the VPLS service allowing routing to and from the service virtual ports once the IP interface is operational.

A VPLS service associated with the specified name that does not have the allow-ip-int-bind flag set or a non-VPLS service associated with the name will be ignored and will not be attached to the IP interface.

If the service name is applied to a VPLS service after the service name is bound to an IP interface and the VPLS service allow-ip-int-bind flag is set at the time the name is applied, the VPLS service will be automatically resolved to the IP interface if the interface is administratively up or when the interface is placed in the administratively up state.

If the service name is applied to a VPLS service without the allow-ip-int-bind flag set, the system will not attempt to resolve the applied service name to an existing IP interface bound to the name. To rectify this condition, the flag must first be set and then the IP interface must enter or reenter the administratively up state.

While the specified service name may be assigned to only one service context in the system, it is possible to bind the same service name to more than one IP interface. If two or more IP interfaces are bound to the same service name, the first IP interface to enter the administratively up state (if currently administratively down) or to reenter the administratively up state (if currently administratively up) when a VPLS service is configured with the name and has the allow-ip-int-bind flag set will be attached to the VPLS service. Only one IP interface is allowed to attach to a VPLS service context. No error is generated for the remaining non-attached IP interfaces using the service name.

Once an IP interface is attached to a VPLS service, the name associated with the service cannot be removed or changed until the IP interface name binding is removed. Also, the allow-ip-int-bind flag cannot be removed until the attached IP interface is unbound from the service name.

Unbinding the service name from the IP interface causes the IP interface to detach from the VPLS service context. The IP interface may then be bound to another service name or a SAP or SDP binding may be created for the interface using the sap or spoke-sdp commands on the interface.

IES Chassis Mode Dependency

An IES IP interface cannot be bound to a service name unless the system is configured in chassis mode D Once an IES interface is bound to a service name, the chassis mode of the system cannot be changed to B or C.

VPRN Hardware Dependency

When a service name is bound to a VPRN IP interface, all SAPs associated with the VPRN service must be on hardware based on the FlexPath forwarding plane. Currently, these include the IOM3-XP, the various IMM modules and the SR7710c12. If any SAPs are associated with the wrong hardware type, the service name binding to the VPRN IP interface will fail. Once an IP interface within the VPRN service is bound to a service name, attempting to create a SAP on excluded hardware will fail.

Route Export and Import between Routing Contexts

The IES chassis mode dependency and the VPRN hardware dependency each are designed to prevent a condition where an ingress routing decision on hardware that does not support the mixed Layer 2 and Layer 3 behavior of routed VPLS is asked to route to a VPLS based next-hop.

Even with these restrictions, it is still possible using route leaking or import/export routing policies to create a condition where a FlexPath forwarding plane resolves a route to a VPLS next-hop. In this case, the forwarding plane handles the resolved next-hop as if it points to a null IP interface. Packets associated with a null next-hop egress IP interface will be discarded and an ICPM unreachable message will be generated when enabled.

IP Interface MTU and Fragmentation

A VPLS service is affected by two MTU values; port MTUs and the VPLS service MTU. The MTU on each physical port defines the largest Layer 2 packet (including all DLC headers and CRC) that may be transmitted out a port. The VPLS itself has a service level MTU that defines the largest packet supported by the service. This MTU does not include the local encapsulation overhead for each port (QinQ, Dot1Q, TopQ or SDP service delineation fields and headers) but does include the remainder of the packet. As virtual ports are created in the system, the virtual port cannot become operational unless the configured port MTU minus the virtual port service delineation overhead is greater than or equal to the configured VPLS service MTU. Thus, an operational virtual port is ensured to support the largest packet traversing the VPLS service. The service delineation overhead on each Layer 2 packet is removed before forwarding into a VPLS service. VPLS services do not support fragmentation and must discard any Layer 2 packet larger than the service MTU after the service delineation overhead is removed.

IP interfaces have a configurable up MTU that defines the largest packet that may egress the IP interface without being fragmented. This MTU encompasses the IP portion of the packet and does not include any of the egress DLC header or CRC. This MTU does not affect the size of the largest ingress packet on the IP interface. If the egress IP portion of the packet is larger than the IP interface MTU and the IP header do not fragment flag is not set, the packet is fragmented into smaller packets that will not exceed the configured MTU size. If the do not fragment bit is set, the packet is silently discarded at egress when it exceeds the IP MTU.

When the IP interface is bound to a VPLS service, the IP MTU must be at least 18 bytes less than the VPLS service MTU. This allows for the addition of the minimal Ethernet encapsulation overhead; 6 bytes for the DA, 6 bytes for the SA, 2 bytes for the Etype and 4 bytes for the trailing CRC. Any remaining egress virtual port overhead (Dot1P, Dot1Q, QinQ, TopQ or SDP) required above the minimum is known to be less than the egress ports MTU since the virtual port would not be operational otherwise.

If the IP interface IP MTU value is too large based on the VPLS service MTU, the IP interface will enter the operationally down state until either the IP MTU is adequately lowered or the VPLS service MTU is sufficiently increased.

The no form of the command on the IP interface is used to remove the service name binding from the IP interface. If the service name has been resolved to a VPLS service context and the IP interface has been attached to the VPLS service, the IP interface will also be detached from the VPLS service.

Default 

n/a

Parameters 
service-name—
The service-name parameter is required when using the IP interface vpls command and specifies the service name that the system will attempt to resolve to an allow-ip-int-bind enabled VPLS service associated with the name. The specified name is expressed as an ASCII string comprised of up to 32 characters. It does not need to already be associated with a service and the system does not check to ensure that multiple IP interfaces are not bound to the same name.

ingress

Syntax 
ingress
Context 
config>service>vprn>if>vpls
Description 

The ingress node in this context under the vpls binding is used to define the routed IPv4 and IPv6 optional filter overrides.

v4-routed-override-filter

Syntax 
v4-routed-override-filter ipv4-filter-id
no v4-routed-override-filter
Context 
config>service>vprn>if>vpls>ingress
Description 

The v4-routed-override-filter command is used to specify an IPv4 filter ID that will be applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv4 routed packets will use the any existing ingress IPv4 filter on the VPLS virtual port.

The no form of the command is used to remove the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface will use the IPv4 ingress filter applied to the packets virtual port when defined.

Default 

n/a

Parameters 
ipv4-filter-id—
The ipv4-filter-id parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command will fail.

v6-routed-override-filter

Syntax 
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context 
config>service>vprn>if>vpls>ingress
Description 

The v6-routed-override-filter command is used to specify an IPv6 filter ID that will be applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv6 routed packets will use the any existing ingress IPv6 filter on the VPLS virtual port.

The no v6-routed-override-filter command is used to remove the IPv6 routed override filter from the ingress IP interface. When removed, the IPv6 ingress routed packets within a VPLS service attached to the IP interface will use the IPv6 ingress filter applied to the packets virtual port when defined.

Default 

n/a

Parameters 
ipv6-filter-id—
The ipv6-filter-id parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command will fail.

egress

Syntax 
egress
Context 
config>service>vprn>if>vpls
Description 

The egress node under the vpls binding is used to define the optional sap-egress QoS policy that will be used for reclassifying the egress forwarding class or profile for routed packets associated with the IP interface on the attached VPLS service context.

reclassify-using-qos

Syntax 
reclassify-using-qos sap-egress-qos-id
no reclassify-using-qos
Context 
config>service>vprn>if>vpls>egress
Description 

The reclassify-using-qos command is used to specify a sap-egress QoS policy that will be used to reclassify the forwarding class and profile of egress routed packets on the VPLS service. When routed packets associated with the IP interface egress a VPLS SAP, the reclassification rules within the sap-egress QoS policy applied to the SAP are always ignored (even when reclassify-using-qos is not defined).

Any queues or policers defined within the specified QoS policy are ignored and are not created on the VPLS egress SAPs. Instead, the routed packets continue to use the forwarding class mappings, queues and policers from the sap-egress QoS policy applied to the egress VPLS SAP.

While the specified sap-egress policy ID is applied to an IP interface it cannot be deleted from the system.

The no form of the command removes the sap-egress QoS policy used for reclassification from the egress IP interface. When removed, IP routed packets will not be reclassified on the egress SAPs of the VPLS service attached to the IP interface.

Parameters 
sap-egress-qos-id—
The sap-egress-qos-id parameter is required when executing the reclassify-using-qos command. The specified SAP egress QoS ID must exist within the system or the command will fail.

allow-ip-int-bind

Syntax 
[no] allow-ip-int-bind
Context 
config>service>vpls
Description 

This command sets a flag on the VPLS service that enables the ability to attach an IES or VPRN IP interface to the VPLS service in order to make the VPLS service routable. When the allow-ip-int-bind command is not enabled, the VPLS service cannot be attached to an IP interface.

VPLS Configuration Constraints for Enabling allow-ip-int-bind

When attempting to set the allow-ip-int-bind VPLS flag, the system first checks to see if the correct configuration constraints exist for the VPLS service and the network ports. The following VPLS features must be disabled or not configured for the allow-ip-int-bind flag to set:

  1. SAP ingress QoS policies applied to the VPLS SAPs cannot have MAC match criteria defined
  2. SDPs used in spoke or mesh SDP bindings cannot be configured as GRE
  3. The VPLS service type cannot be B-VPLS or M-VPLS and it cannot be an I-VPLS service bound to a B-VPLS context
  4. MVR from Routed VPLS and to another SAP is not supported
  5. Enhanced and Basic Subscriber Management features
  6. Network Domain on SDP bindings

Once the VPLS allow-ip-int-bind flag is set on a VPLS service, the above features cannot be enabled on the VPLS service.

Network Port Hardware Constraints

The system also checks to ensure that all ports configured in network mode are associated with FlexPath forwarding planes. If a port is currently in network mode and the port is associated with a FlexPath forwarding plane, the allow-ip-int-bind command will fail. Once the allow-ip-int-bind flag is set on any VPLS service, attempting to enable network mode on a port associated with a FlexPath forwarding plane will fail.

VPLS SAP Hardware Constraints

Besides VPLS configuration and network port hardware association, the system also checks to that all SAPs within the VPLS are created on Ethernet ports and the ports are associated with FlexPath forwarding planes. Certain Ethernet ports and virtual Ethernet ports are not supported which include HSMDA ports and CCAG virtual ports (VSM based). If a SAP in the VPLS exists on an unsupported port type or is associated with a FlexPath forwarding plane, the allow-ip-int-bind command will fail. Once the allow-ip-int-bind flag is set on the VPLS service, attempting to create a VPLS SAP on the wrong port type or associated with a FlexPath forwarding plane will fail.

VPLS Service Name Bound to IP Interface without allow-ip-int-bind flag Set

In the event that a service name is applied to a VPLS service and that service name is also bound to an IP interface but the allow-ip-int-bind flag has not been set on the VPLS service context, the system attempt to resolve the service name between the VPLS service and the IP interface will fail. After the allow-ip-int-bind flag is successfully set on the VPLS service, either the service name on the VPLS service must be removed and reapplied or the IP interface must be re-initialized using the shutdown / no shutdown commands. This will cause the system to reattempt the name resolution process between the IP interface and the VPLS service.

The no form of the command resets the allow-ip-int-bind flag on the VPLS service. If the VPLS service currently has an IP interface from an IES or VPRN service attached, the no allow-ip-int-bind command will fail. Once the allow-ip-int-bind flag is reset on the VPLS service, the configuration and hardware restrictions associated with setting the flag are removed. The port network mode hardware restrictions are also removed.

Network Ingress Commands

network

Syntax 
network
Context 
config>service>vprn
Description 

This command enables the context to configure network parameters for the VPRN service.

ingress

Syntax 
ingress
Context 
config>service>vprn>network
Description 

This command enables the context to configure network ingress parameters for the VPRN service.

qos

Syntax 
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
no qos
Context 
config>service>vprn>network>ingress
Description 

This command is used to redirect unicast packets arriving on an automatically (using the auto-bind command) or manually configured (using a spoke-sdp command, but not the spoke-sdp command under the VPRN IP interface) binding in a VPRN to a policer in an ingress forwarding plane queue-group for the purpose of rate-limiting.

For the policer to be used, the following must be true:

  1. The configured queue group template name must be applied to the forwarding plane on which the ingress traffic arrives using the instance id specified.
  2. The policer referenced in the FC-to-policer mappings in the ingress context of a network QoS policy must be present in the specified queue group template.

The command will fail if the queue group template name does not exist or if the policer specified in the network QoS policy does not exist in the queue group template. If the queue group template name with the specified instance is not applied to the forwarding plane on which the VPRN binding unicast traffic arrives then this traffic will use the ingress network queues related to the network interface, however, the ingress classification is still based on the applied network QoS policy.

The unicast traffic can be redirected to a policer under the forwarding class fp-redirect-group command in the ingress section of a network QoS policy; any fp-redirect-group multicast-policer, broadcast-policer or unknown-policer commands are ignored for this traffic. Multicast traffic would use the ingress network queues or queue group related to the network interface.

Ingress classification is based on the configuration of the ingress section of the specified network QoS policy, noting that the dot1p and exp classification is based on the outer Ethernet header and MPLS label whereas the DSCP applies to the outer IP header if the tunnel encapsulation is GRE, or the DSCP in the first IP header in the payload if ler-use-dscp is enabled in the ingress section of the referenced network QoS policy.

When this command is applied, it overrides the QoS applied to the related network interfaces for unicast traffic arriving on bindings in that VPRN.

The no version of this command removes the redirection of VPRN binding traffic to the queue-group policers.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535
fp-redirect-group queue-group-name
specifies the name of the queue group template up to 32 characters in length
instance instance-id
specifies the identification of a specific instance of the queue-group
Values—
1 to 65535

SAP Subscriber Management Commands

sub-sla-mgmt

Syntax 
[no] sub-sla-mgmt
Context 
config>service>vprn>sub-if>grp-if>sap
Description 

This command enables the context to configure subscriber management parameters for this SAP.

Default 

no sub-sla-mgmt

def-sla-profile

Syntax 
def-sla-profile default-sla-profile-name
no def-sla-profile
Context 
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command specifies a default SLA profile for this SAP. The SLA profile must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sla-profile context.

An SLA profile is a named group of QoS parameters used to define per service QoS for all subscriber hosts common to the same subscriber within a provider service offering. A single SLA profile may define the QoS parameters for multiple subscriber hosts. SLA profiles are maintained in two locations, the subscriber identification policy and the subscriber profile templates. After a subscriber host is associated with an SLA profile name, either the subscriber identification policy used to identify the subscriber or the subscriber profile associated with the subscriber host must contain an SLA profile with that name. If both the subscriber identification policy and the subscriber profile contain the SLA profile name, the SLA profile in the subscriber profile is used.

The no form of the command removes the default SLA profile from the SAP configuration.

Default 

no def-sla-profile

Parameters 
default-sla-profile-name—
Specifies a default SLA profile for this SAP. The SLA profile must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sla-profile context.

def-sub-profile

Syntax 
def-sub-profile default-subscriber-profile-name
Context 
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command specifies a default subscriber profile for this SAP. The subscriber profile must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sub-profile context.

A subscriber profile defines the aggregate QoS for all hosts within a subscriber context. This is done through the definition of the egress and ingress scheduler policies that govern the aggregate SLA for subscriber using the subscriber profile. Subscriber profiles also allow for specific SLA profile definitions when the default definitions from the subscriber identification policy must be overridden.

The no form of the command removes the default SLA profile from the SAP configuration.

Parameters 
default-sub-profile—
Specifies a default subscriber profile for this SAP. The subscriber profile must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sub-profile context.

multi-sub-sap

Syntax 
multi-sub-sap [number-of-sub]
no multi-sub-sap
Context 
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command configures the maximum number of subscribers for this SAP. It is used in conjunction with the profiled-traffic-only command on single subscriber SAPs and creates a subscriber host which is used to forward non-IP traffic through the single subscriber SAP without the need for SAP queues.

The no form of this command returns the default value.

Default 

1

Parameters 
number-of-sub—
specifies the maximum number of subscribers for this SAP
Values—
2 to 8000

single-sub-parameters

Syntax 
single-sub-parameters
Context 
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command enables the context to configure single subscriber parameters for this SAP.

non-sub-traffic

Syntax 
non-sub-traffic sub-profile sub-profile-name sla-profile sla-profile-name [subscriber sub-ident-string]
no non-sub-traffic
Context 
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt>single-sub
Description 

This command configures non-subscriber traffic profiles. It is used in conjunction with the profiled-traffic-only command on single subscriber SAPs and creates a subscriber host which is used to forward non-IP traffic through the single subscriber SAP without the need for SAP queues.

The no form of the command removes removes the profiles and disables the feature.

Parameters 
sub-profile sub-profile-name
Specifies an existing subscriber profile name to be associated with the static subscriber host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.
sla-profile sla-profile-name
Specifies an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.
subscriber sub-ident-string —
Specifies an existing subscriber identification profile to be associated with the static subscriber host. The subscriber identification profile is configured in the config>subscr-mgmt>sub-ident-policy context. The subscriber information is used by the VPRN SAP arp-reply-agent to determine the proper handling of received ARP requests from subscribers.
  1. For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host’s sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.

If the static subscriber host’s sub-ident string is not defined, the host is not considered to belong to the same subscriber as another host on the SAP.

If source or destination host is unknown, the hosts are not considered to belong to the same subscriber. ARP messages from unknown hosts are subject to anti-spoof filtering rules applied at the SAP.

If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.

ARP requests are never forwarded back to the same SAP or within the receiving SAP’s split horizon group.

profiled-traffic-only

Syntax 
[no] profiled-traffic-only
Context 
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt>single-sub
Description 

This command enables profiled traffic only for this SAP. The profiled traffic refers to single subscriber traffic on a dedicated SAP (in the VLAN-per-subscriber model). When enabled, subscriber queues are instantiated through the QOS policy defined in the sla-profile and the associated SAP queues are deleted. This can increase subscriber scaling by reducing the number of queues instantiated per subscriber (in the VLAN-per-subscriber model). In order for this to be achieved, any configured multi-sub-sap limit must be removed (leaving the default of 1).

The no form of the command disables the command.

sub-ident-policy

Syntax 
sub-ident-policy sub-ident-policy-name
Context 
config>service>vprn>sub-if>grp-if>sap>sub-sla-mgmt
Description 

This command associates a subscriber identification policy to this SAP. The subscriber identification policy must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sub-ident-policy context.

Subscribers are managed by the system through the use of subscriber identification strings. A subscriber identification string uniquely identifies a subscriber. For static hosts, the subscriber identification string is explicitly defined with each static subscriber host.

For dynamic hosts, the subscriber identification string must be derived from the DHCP ACK message sent to the subscriber host. The default value for the string is the content of Option 82 CIRCUIT-ID and REMOTE-ID fields interpreted as an octet string. As an option, the DHCP ACK message may be processed by a subscriber identification policy which has the capability to parse the message into an alternative ASCII or octet string value.

When multiple hosts on the same port are associated with the same subscriber identification string they are considered to be host members of the same subscriber.

The no form of the command removes the default subscriber identification policy from the SAP configuration.

Default 

no sub-ident-policy

Parameters 
sub-ident-policy-name—
Specifies a subscriber identification policy for this SAP. The subscriber profile must be defined prior to associating the profile with a SAP in the config>subscriber-mgmt>sub-ident-policy context.

srrp

Syntax 
[no] srrp srrp-id
Context 
config>service>vprn>sub-if>grp-if
Description 

This command creates an SRRP instance on a group IP interface. An SRRP instance manages all subscriber subnets within the group interfaces subscriber IP interface or other subscriber IP interfaces that are associated through a wholesale/retail relationship. Only one unique SRRP instance can be configured per group interface.

The no form of the command removes an SRRP instance from a group IP interface. Once removed, the group interface ignores ARP requests for the SRRP gateway IP addresses that may exist on subscriber subnets associated with the group IP interface. Then the group interface stops routing using the redundant IP interface associated with the group IP interface and will stop routing with the SRRP gateway MAC address. Ingress packets destined to the SRRP gateway MAC will also be silently discarded. This is the same behavior as a group IP interface that is disabled (shutdown).

Default 

no srrp

Parameters 
srrp-id—
Specifies a 32 bit instance ID that must be unique to the system. The instance ID must also match the instance ID used by the remote router that is participating in the same SRRP context. SRRP is intended to perform a function similar to VRRP where adjacent IP hosts within local subnets use a default gateway to access IP hosts on other subnets.
Values—
1 to 4294967295

gw-mac

Syntax 
gw-mac mac-address
no gw-mac
Context 
config>service>vprn>sub-if>grp-if>srrp
Description 

This command overrides the default SRRP gateway MAC address used by the SRRP instance. Unless specified, the system uses the same base MAC address for all SRRP instances with the last octet overridden by the lower 8 bits of the SRRP instance ID. The same SRRP gateway MAC address should be in-use by both the local and remote routers participating in the same SRRP context.

One reason to change the default SRRP gateway MAC address is if two SRRP instances sharing the same broadcast domain are using the same SRRP gateway MAC. The system will use the SRRP instance ID to separate the SRRP messages (by ignoring the messages that does not match the local instance ID), but a unique SRRP gateway MAC is essential to separate the routed packets for each gateway IP address.

The no form of the command removes the explicit SRRP gateway MAC address from the SRRP instance. The SRRP gateway MAC address can only be changed or removed when the SRRP instance is shutdown.

Parameters 
mac-address—
specifies a MAC address that is used to override the default SRRP base MAC address
Values—
Any MAC address except all zeros, broadcast or multicast addresses. The offset is expressed in normal Ethernet MAC address notation. The defined gw-mac cannot be 00:00:00:00:00:00, ff:ff:ff:ff:ff:ff or any multicast address.
Values—
If not specified, the system uses the default SRRP gateway MAC address with the last octet set to the 8 least significant bits of the SRRP instance ID.

keep-alive-interval

Syntax 
keep-alive-interval interval
no keep-alive-interval
Context 
config>service>vprn>sub-if>grp-if>srrp
Description 

This command defines the interval between SRRP advertisement messages sent when operating in the master state. The interval is also the basis for setting the master-down timer used to determine when the master is no longer sending. The system uses three times the keep-alive interval to set the timer. Every time an SRRP advertisement is seen that is better then the local priority, the timer is reset. If the timer expires, the SRRP instance assumes that a master does not exist and initiates the attempt to become master.

When in backup state, the SRRP instance takes the keep-alive interval of the master as represented in the masters SRRP advertisement message. Once in master state, the SRRP instance uses its own configured keep-alive interval.

The keep-alive-interval may be changed at anytime, but will have no effect until the SRRP instance is in the master state.

The no form of the command restores the default interval.

Parameters 
interval—
specifies the interval, in ms, between SRRP advertisement messages sent when operating in the master state
Values—
1 to 100
Values—
10 ms

message-path

Syntax 
message-path sap-id
no message-path
Context 
config>service>vprn>sub-if>grp-if>srrp
Description 

This command defines a specific SAP for SRRP in-band messaging. A message-path SAP must be defined prior to activating the SRRP instance. The defined SAP must exist on the SRRP instances group IP interface for the command to succeed and cannot currently be associated with any dynamic or static subscriber hosts. Once a group IP interface SAP has been defined as the transmission path for SRRP Advertisement messages, it cannot be administratively shutdown, will not support static or dynamic subscriber hosts and cannot be removed from the group IP interface.

The SRRP instance message-path command may be executed at anytime on the SRRP instance. Changing the message SAP will fail if a dynamic or static subscriber host is associated with the new SAP. Once successfully changed, the SRRP instance will immediately disable anti-spoof on the SAP and start sending SRRP Advertisement messages if the SRRP instance is activated.

Changing the current SRRP message SAP on an active pair of routers should be done in the following manner:

  1. Shutdown the backup SRRP instance.
  2. Change the message SAP on the shutdown node.
  3. Change the message SAP on the active master node.
  4. Re-activate the shutdown SRRP instance.

Shutting down the backup SRRP instance prevents the SRRP instances from becoming master due to temporarily using differing message path SAPs.

If an MCS peering is operational between the redundant nodes and the SRRP instance has been associated with the peering, the designated message path SAP will be sent from each member.

The no form of the command can only be executed when the SRRP instance is shutdown. Executing no message-path allows the existing SAP to be used for subscriber management functions. A new message-path SAP must be defined prior to activating the SRRP instance.

Parameters 
sap-id—
specifies the physical port identifier portion of the SAP definition

policy

Syntax 
[no] policy vrrp-policy-id
Context 
config>service>vprn>sub-if>grp-if>srrp
Description 

This command associates one or more VRRP policies with the SRRP instance. A VRRP policy is a collection of connectivity and verification tests used to manipulate the in-use priorities of VRRP and SRRP instances. A VRRP policy can test the link state of ports, ping IP hosts, discover the existence of routes in the routing table or the ability to reach Layer 2 hosts. When one or more of these tests fail, the VRRP policy has the option of decrementing or setting an explicit value for the in-use priority of an SRRP instance.

More than one VRRP policy may be associated with an SRRP instance. When more than one VRRP policy is associated with an SRRP instance the delta decrement of the in-use priority is cumulative unless one or more test fail that have explicit priority values. When one or more explicit tests fail, the lowest priority value event takes effect for the SRRP instance. When the highest delta-in-use-limit is used to manage the lowest delta derived in-use priority for the SRRP instance.

VRRP policy associations may be added and removed at anytime. A maximum of two VRRP policies can be associated with a single SRRP instance.

The no form of the command removes the association with vrrp-policy-id from the SRRP instance.

Parameters 
vrrp-policy-id—
specifies one or more VRRP policies with the SRRP instance
Values—
1 to 9999

priority

Syntax 
priority priority
no priority
Context 
config>service>vprn>sub-if>grp-if>srrp
Description 

This command overrides the default base priority for the SRRP instance. The SRRP instance priority is advertised by the SRRP instance to its neighbor router and is compared to the priority received from the neighbor router. The router with the best (highest) priority enters the master state while the other router enters the backup state. If the priority of each router is the same, the router with the lowest source IP address in the SRRP advertisement message assumes the master state.

The base priority of an SRRP instance can be managed by VRRP policies. A VRRP policy defines a set of connectivity or verification tests which, when they fail, may lower an SRRP instances base priority (creating an in-use priority for the instance). Every time an SRRP instances in-use priority changes when in master state, it sends an SRRP advertisement message with the new priority. If the dynamic priority drops to zero or receives an SRRP Advertisement message with a better priority, the SRRP instance transitions to the becoming backup state.

When the priority command is not specified, or the no priority command is executed, the system uses a default base priority of 100. The priority command may be executed at anytime.

The no form of the command restores the default base priority to the SRRP instance. If a VRRP policy is associated with the SRRP instance, it will use the default base priority as the basis for any modifications to the SRRP instances in-use priority.

Parameters 
priority—
specifies a base priority for the SRRP instance to override the default
Values—
1 to 254
Values—
100

send-fib-population-packets

Syntax 
send-fib-population-packets (all | outer-tag-only)
no send-fib-population-packets
Context 
config>service>vprn>sub-if>grp-if>srrp
Description 

This command sends FIB population packets.

The no form of the command disables sending FIB population packets.

Default 

all

Parameters 
all—
Sends FIB population packets to all VLANs.
outer-tag-only—
Sends FIB population packets to only outer VLAN tags.

generate-garp-on-outer-vlan

Syntax 
send-fib-population-packets (all | outer-tag-only)
no send-fib-population-packets
Context 
config>service>vprn>sub-if>grp-if>srrp
Description 

This command sends GARP packets to outer VLANs only.

The no form of the command disables sending GARP packets to outer VLANs only.

Default 

no send-fib-population-packets

BGP Commands

bgp

Syntax 
[no] bgp
Context 
service>vprn
Description 

This command enables the BGP protocol with the VPRN service.

The no form of the command disables the BGP protocol from the given VPRN service.

Default 

no bgp

bgp-shared-queue

Syntax 
bgp-shared-queue [cir rate] [pir rate]
no bgp-shared-queue
Context 
config>service>vprn
Description 

This command enables all BGP peers within a VPRN instance to share a single CPM queue. This command takes affect on new BGP connections established; already established BGP peers continue to use their own CPM queue. Any changes to PIR/CIR of the shared queue takes effect only after BGP connections are re-established.

Parameters 
cir rate
specifies the CIR rate for the shared queue
pir rate
specifies the PIR rate for the shared queue

advertise-inactive

Syntax 
[no] advertise-inactive
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables or disables the advertising of inactive BGP routers to other BGP peers.

By default, BGP only advertises BGP routes to other BGP peers if a given BGP route is chosen by the route table manager as the most preferred route within the system and is active in the forwarding plane. This command allows system administrators to advertise a BGP route even though it is not the most preferred route within the system for a given destination.

Default 

no advertise-inactive

aggregator-id-zero

Syntax 
[no] aggregator-id-zero
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command is used to set the router ID in the BGP aggregator path attribute to zero when BGP aggregates routes. This prevents different routers within an AS from creating aggregate routes that contain different AS paths.

When BGP is aggregating routes, it adds the aggregator path attribute to the BGP update messages. By default, BGP adds the AS number and router ID to the aggregator path attribute.

When this command is enabled, BGP adds the router ID to the aggregator path attribute. This command is used at the group level to revert to the value defined under the global level, while this command is used at the neighbor level to revert to the value defined under the group level.

The no form of the command used at the global level reverts to default where BGP adds the AS number and router ID to the aggregator path attribute.

The no form of the command used at the group level reverts to the value defined at the group level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

no aggregator-id-zero — BGP adds the AS number and router ID to the aggregator path attribute.

always-compare-med

Syntax 
always-compare-med {zero | infinity}
no always-compare-med strict-as {zero | infinity}
no always-compare-med
Context 
config>router>bgp>best-path-selection
Description 

This command configures the comparison of BGP routes based on the MED attribute. The default behavior of SR-OS (equivalent to the no form of the command) is to only compare two routes on the basis of MED if they have the same neighbor AS (the first non-confed AS in the received AS_PATH attribute). Also by default, a route without a MED attribute is handled the same as though it had a MED attribute with the value 0. The always-compare-med command without the strict-as keyword allows MED to be compared even if the paths have a different neighbor AS; in this case, if neither zero or infinity is specified, the zero option is inferred, meaning a route without a MED is handled the same as though it had a MED attribute with the value 0. When the strict-as keyword is present, MED is only compared between paths from the same neighbor AS, and in this case, zero or infinity is mandatory and tells BGP how to interpret paths without a MED attribute.

Default 

no always-compare-med

Parameters 
zero—
Specifies that for routes learned without a MED attribute that a zero (0) value is used in the MED comparison. The routes with the lowest metric are the most preferred.
infinity—
Specifies for routes learned without a MED attribute that a value of infinity (2^32-1) is used in the MED comparison. This in effect makes these routes the least desirable.
strike-as—
specifies BGP paths to be compared even with different neighbor AS

as-path-ignore

Syntax 
as-path-ignore [ipv4] [ipv6] [label-ipv4]
no as-path-ignore
Context 
config>service>vprn>bgp
Description 

This command configures whether AS path length is considered in the selection of the best BGP route for a prefix.

If an address family is listed in this command, then the length of AS paths is not a factor in the route selection process for routes of that address family.

The no form of the command removes the parameter from the configuration.

Default 

no as-path-ignore

Parameters 
ipv4—
Specifies that the AS-path length will be ignored for all unlabeled unicast IPv4 routes.
ipv6—
Specifies that the AS-path length will be ignored for all unlabeled unicast IPv6 routes.
label-ipv4—
Specifies that the AS-path length will be ignored for all labeled-unicast IPv4 routes.

deterministic-med

Syntax 
[no] deterministic-med
Context 
config>service>vprn>bgp>best-path-selection
Description 

This command controls how the BGP decision process compares routes on the basis of MED. When deterministic-med is configured, BGP groups paths that are equal up to the MED comparison step based on neighbor AS, and then compares the best path from each group to arrive at the overall best path. This change to the BGP decision process makes best path selection completely deterministic in all cases. Without deterministic-med, the overall best path selection is sometimes dependent on the order of the route arrival because of the rule that MED cannot be compared in routes from different neighbor AS.

Default 

no deterministic-med

ebgp-ibgp-equal

Syntax 
ebgp-ibgp-equal [ipv4] [ipv6] [label-ipv4]
no ebgp-ibgp-equal
Context 
config>router>vprn>bgp>best-path-selection
Description 

This command instructs the BGP decision process to ignore the difference between EBGP and IBGP routes in selecting the best path and eligible multipaths (if multipath and ECMP are enabled). The result is a form of EIBGP load-balancing in a multipath scenario.

By default (with the no form of the command), the BGP decision process prefers an EBGP learned route over an IBGP learned route.

The behavior can be applied selectively to only certain types of routes by specifying one or more address family names in the command. If no families are specified, the command applies to IPv4 and IPv6 routes, and VPN-IPv4 and VPN-IPv6 routes.

Default 

no ebgp-ibg-equal

Parameters 
ipv4—
Specifies that the command should be applied to unlabeled unicast IPv4 routes.
ipv6—
Specifies that the command should be applied to unlabeled unicast IPv6 routes.
label-ipv4—
Specifies that the command should be applied to labeled IPv4 routes.

as-override

Syntax 
[no] as-override
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command replaces all instances of the peer's AS number with the local AS number in a BGP route's AS_PATH.

This command breaks BGP's loop detection mechanism. It should be used carefully.

Default 

as-override is not enabled by default.

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP authentication key.

Authentication is performed between neighboring routers before setting up the BGP session by verifying the password. Authentication is performed using the MD-5 message-based digest. The authentication key can be any combination of letters or numbers from 1 to 16.

The no form of the command removes the authentication password from the configuration and effectively disables authentication.

Default 

Authentication is disabled and the authentication password is empty.

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 255 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

auth-keychain

Syntax 
auth-keychain name
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP authentication key for all peers.

The keychain allows the rollover of authentication keys during the lifetime of a session.

Default 

no auth-keychain

Parameters 
name
specifies the name of an existing keychain, up to 32 characters, to use for the specified TCP session or sessions

best-path-selection

Syntax 
best-path-selection
Context 
config>service>vprn>bgp
Description 

This command enables path selection configuration.

ignore-nh-metric

Syntax 
ignore-nh-metric
no ignore-nh-metric
Context 
config>router>bgp>best-path-selection
config>service>vprn
config>service>vprn>bgp>best-path-selection
Description 

This command instructs BGP to disregard the resolved distance to the BGP next-hop in its decision process for selecting the best route to a destination. When configured in the config>router>bgp>best-path-selection context, this command applies to the comparison of two BGP routes with the same NLRI learned from base router BGP peers. When configured in the config>service>vprn context, this command applies to the comparison of two BGP-VPN routes for the same IP prefix imported into the VPRN from the base router BGP instance. When configured in the config>service>vprn>bgp>best-path-selection context, this command applies to the comparison of two BGP routes for the same IP prefix learned from VPRN BGP peers.

The no form of the command (no ignore-nh-metric) restores the default behavior whereby BGP factors distance to the next-hop into its decision process.

Default 

no ignore-nh-metric

ignore-router-id

Syntax 
ignore-router-id
no ignore-router-id
Context 
config>router>bgp>best-path-selection
config>service>vprn>bgp>best-path-selection
Description 

When the ignore-router-id command is present and the current best path to a destination was learned from EBGP peer X with BGP identifier x and a new path is received from EBGP peer Y with BGP identifier y the best path remains unchanged if the new path is equivalent to the current best path up to the BGP identifier comparison – even if y is less than x. The no form of the command restores the default behavior of selecting the route with the lowest BGP identifier (y) as best.

Default 

no ignore-router-id

bfd-enable

Syntax 
[no] bfd-enable
Context 
config>router>bgp
config>router>bgp>group
config>router>bgp>group>neighbor
Description 

This command enables the use of bi-directional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface.

The no form of this command removes BFD from the associated BGP protocol peering.

Default 

no bfd-enable

cluster

Syntax 
cluster cluster-id
no cluster
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the cluster ID for a route reflector server.

Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.

When a route reflector receives a route, first it must select the best path from all the paths received. If the route was received from a non-client peer, then the route reflector sends the route to all clients in the cluster. If the route came from a client peer, the route reflector sends the route to all non-client peers and to all client peers except the originator.

For redundancy, a cluster can have multiple route reflectors.

Confederations can also be used to remove the full IBGP mesh requirement within an AS.

The no form of the command deletes the cluster ID and effectively disables the Route Reflection for the given group.

Default 

no cluster — No cluster ID is defined.

Parameters 
cluster-id—
The route reflector cluster ID is expressed in dot decimal notation.
Values—
Any 32 bit number in dot decimal notation. (0.0.0.1 to 255.255.255.255)

connect-retry

Syntax 
connect-retry seconds
no connect-retry
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP connect retry timer value in seconds.

When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), peer-group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

120 seconds

Parameters 
seconds—
the BGP Connect Retry timer value in seconds, expressed as a decimal integer
Values—
1 to 65535

damp-peer-oscillations

Syntax 
damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command controls how long a BGP peer session remains in the idle-state after some type of error causes the session to reset. In the idle state, BGP does not initiate or respond to attempts to establish a new session. Repeated errors that occur a short while after each session reset cause longer and longer hold times in the idle state. This command supports the DampPeerOscillations FSM behavior described in section 8.1 of RFC 4271, A Border Gateway Protocol 4 (BGP-4).

The default behavior, which applies when no damp-peer-oscillations is configured, is to immediately transition out of the idle-state after every reset.

Default 

no damp-peer-oscillations

Parameters 
initial-wait—
the amount of time, in minutes, that a session remains in the idle-state after it has been stable for a while
Values—
0 to 2048
Values—
0
second-wait—
a period of time, in minutes, that is doubled after each repeated session failure that occurs within a relatively short span of time
Values—
0 to 2048
Values—
5
max-wait—
the maximum amount of time, in minutes, that a session remains in the idle-state after it has experienced repeated instability
Values—
0 to 2048
Values—
60
minutes —
the interval of time, in minutes after a session reset, during which the session must be error-free in order to reset the penalty counter and return to idle-hold-time to initial-wait
Values—
0 to 2048
Values—
30

damping

Syntax 
[no] damping
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables BGP route damping for learned routes which are defined within the route policy. Use damping to reduce the number of update messages sent between BGP peers and reduce the load on peers without affecting the route convergence time for stable routes. Damping parameters are set via route policy definition.

The no form of the command used at the global level disables route damping.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

When damping is enabled and the route policy does not specify a damping profile, the default damping profile is used. This profile is always present and consists of the following parameters:

Half-life: 15 minutes

Max-suppress: 60 minutes

Suppress-threshold: 3000

Reuse-threshold: 750

Default 

no damping — Learned route damping is disabled.

disable-4byte-asn

Syntax 
[no] disable-4byte-asn
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command disables the use of 4-byte ASNs. It can be configured at all 3 level of the hierarchy so it can be specified down to the per peer basis.

If this command is enabled 4-byte ASN support should not be negotiated with the associated remote peer(s).

The no form of the command resets the behavior to the default which is to enable the use of 4-byte ASN.

disable-capability-negotiation

Syntax 
[no] disable-capability-negotiation
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command disables the exchange of capabilities. When command is enabled and after the peering is flapped, any new capabilities are not negotiated and will strictly support IPv4 routing exchanges with that peer.

The no form of the command removes this command from the configuration and restores the normal behavior.

Default 

no disable-capability-negotiation

disable-client-reflect

Syntax 
[no] disable-client-reflect
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command disables the reflection of routes by the route reflector to the group or neighbor. This only disables the reflection of routes from other client peers. Routes learned from non-client peers are still reflected to all clients.

The no form re-enables client reflection of routes.

Default 

no disable-client-reflect — Client routes are reflected to all client peers.

disable-communities

Syntax 
disable-communities [standard] [extended]
no disable-communities
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures BGP to disable sending communities.

Parameters 
standard—
specifies standard communities that existed before VPRNs or 2547
extended—
specifies BGP communities used were expanded after the concept of 2547 was introduced, to include handling the VRF target

disable-fast-external-failover

Syntax 
[no] disable-fast-external-failover
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures BGP fast external failover.

dynamic-neighbor-limit

Syntax 
dynamic-neighbor-limit peers
no dynamic-neighbor-limit
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
Description 

This command configures the maximum number of dynamic BGP sessions that will be accepted from remote peers associated with the entire BGP instance or a specific peer group. If accepting a new dynamic session would cause either the group limit or the instance limit to be exceeded, then the new session attempt is rejected and a Notification message is sent back to the remote peer.

The no form of the command removes the limit on the number of dynamic sessions.

Default 

no dynamic-neighbor-limit

Parameters 
peers—
the maximum number of dynamic BGP sessions
Values—
1 to 8192

dynamic-neighbor

Syntax 
dynamic-neighbor
Context 
config>service>vprn>bgp>group
Description 

This command enables the context to configure dynamic BGP sessions for a peer group.

prefix

Syntax 
[no] prefix ip-prefix/prefix-length
Context 
config>service>vprn>bgp>group>dynamic-neighbor
Description 

This command configures a prefix from which to accept dynamic BGP sessions; particularly, sessions from source IP addresses not matching any configured neighbor addresses. A dynamic session is associated with the group having the longest match prefix entry for the source IP address of the peer. The group association determines local parameters that apply to the session, including the local AS, the local IP address, the peer AS, the import and export policies, and so on.

The no form of the command removes a prefix entry.

Default 

n/a

Parameters 
ip-prefix/prefix-length—
specifies a prefix from which to accept dynamic BGP sessions
Values—
ipv4-prefix — a.b.c.d (host bits must be 0)
ipv4-prefix-length — 0 to 32
ipv6-prefix — x:x:x:x:x:x:x:x (eight 16-bit pieces)
                        x:x:x:x:x:x:d.d.d.d
                        x — [0 to FFFF]H
                        d — [0 to 255]D
ipv6-prefix-length — 0 to 128

eibgp-loadbalance

Syntax 
[no] eibgp-loadbalance
Context 
config>service>vprn>bgp
Description 

This command enables eiBGP load sharing so routes with both MP-BGP and IPv4 next-hops can be used simultaneously.

In order for this command to be effective, the ecmp and multipath commands for the associated VPRN instance must also be configured to allow for multiple routes to the same destination.

The no form of the command used at the global level reverts to default values.

Default 

no eibgp-loadbalance — multipath disabled

enable-bgp-vpn-backup

Syntax 
enable-bgp-vpn-backup [ipv4] [ipv6]
no enable-bgp-vpn-backup
Context 
config>service>vprn>bgp
Description 

This command allows BGP-VPN routes imported into the VPRN to be used as backup paths for IPv4 and/or IPv6 BGP-learned prefixes.

Parameters 
ipv4—
allows BGP-VPN routes to be used as backup paths for IPv4 prefixes
ipv6—
allows BGP-VPN routes to be used as backup paths for IPv6 prefixes

ebgp-link-bandwidth

Syntax 
ebgp-link-bandwidth [ipv4] [ipv6] [label-ipv4]
no ebgp-link-bandwidth
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

When the egp-link-bandwidth command is configured, BGP automatically adds a link-bandwidth extended community to every route (of the selected types) received from directly connected (single-hop) EBGP peers within the scope of the command.

The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.

Default 

no egp-link-bandwidth

No link bandwidth extended community is automatically added to received BGP routes.

Parameters 
family
the BGP address family
Values—
ipv4 — Add a link-bandwidth extended community to unlabeled unicast IPv4 routes.
ipv6 — Add a link-bandwidth extended community to unlabeled unicast IPv6 routes.
label-ipv4 — Add a link-bandwidth extended community to labeled-unicast IPv4 routes.

enable-peer-tracking

Syntax 
[no] enable-peer-tracking
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables BGP peer tracking.

Default 

no enable-peer-tracking

graceful-restart

Syntax 
[no] graceful-restart
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables or disables graceful-restart for all VPRN BGP peers.

enable-notification

Syntax 
enable-notification
no enable-notification
Context 
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description 

When this command is present, the graceful restart capability sent by this router indicates support for NOTIFICATION messages. If the peer also supports this capability then the session can be restarted gracefully (while preserving forwarding) if either peer needs to sends a NOTIFICATION message due to some type of event or error.

Default 

no enable-notification

restart-time

Syntax 
restart-time seconds
no restart-time
Context 
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description 

This command sets the value of the restart-time that is advertised in the router’s graceful-restart capability. If this command is not configured, the default is 300.

Default 

no restart time

Parameters 
seconds—
the restart-time that is advertised in the router’s graceful-restart capability
Values—
0 to 4095 seconds
Values—
300

stale-routes-time

Syntax 
[no] stale-routes-time time
Context 
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description 

This command configures the time period to keep stale routes before the END-OF-RIB message is received from the restarting router.

Default 

360 seconds

Parameters 
time—
[1 to 3600 seconds]

error-handling

Syntax 
error-handling
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command specifies whether the error handling mechanism for optional transitive path attributes is enabled for this peer group.

update-fault-tolerance

Syntax 
[no] update-fault-tolerance
Context 
config>service>vprn>bgp>error-handling
config>service>vprn>bgp>group>error-handling
config>service>vprn>bgp>group>neighbor>error-handling
Description 

This command enables treat-as-withdraw and other similarly non-disruptive approaches for handling a wide range of UPDATE message errors, as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed.

Default 

no fault-tolerance

export

Syntax 
export plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
no export
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command is used to specify route policies that control how outbound routes transmitted to certain peers are handled. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used.

The export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the export command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple export commands are issued, the last command entered overrides the previous command.

When an export policy is not specified, BGP-learned routes are advertised by default; non-BGP routes are not advertised.

The no form of this command removes the policy association.

Default 

no export

Parameters 
plcy-or-long-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)
plcy-or-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)

family

Syntax 
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv4] [mcast-ipv6] [flow-ipv6]
no family
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the set of BGP address families (AFI plus SAFI) to be supported by the applicable VPRN BGP sessions.

The no form of the command restores the default, which corresponds to unlabeled IPv4 unicast routes (AFI 1, SAFI 1) only.

Default 

family ipv4

Parameters 
ipv4—
Adds support for the IPv4 unicast (unlabeled) address family.
label-ipv4—
Adds support for the IPv4 unicast (labeled) address family.
ipv6—
Adds support for the IPv6 unicast (unlabeled) address family.
mcast-ipv4—
Adds support for the IPv4 multicast SAFI address family.
flow-ipv4—
Adds support for the IPv4 flow-spec address family.
mcast-ipv6—
Adds support for the IPv4 multicast SAFI address family.
flow-ipv6—
Adds support for the IPv4 flow-spec address family.

flowspec-validate

Syntax 
flowspec-validate
no flowspec-validate
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables/disables validation of received flowspec routes. A flow route with a destination prefix subcomponent received from a particular peer is considered valid if and only if that peer also advertised the best unicast route to the destination prefix and any of its more-specific components. If validation is enabled and a flowspec route is not valid, it is not eligible for import into the RIB, it is not used for filtering, and it is not propagated to other flowspec peers.

The no form of the command disables the validation procedure.

Default 

no flowspec-validate

group

Syntax 
group name [esm-dynamic-peer]
no group
Context 
config>service>vprn>bgp
Description 

This command creates a context to configure a BGP peer group.

The no form of the command deletes the specified peer group and all configurations associated with the peer group. The group must be shutdown before it can be deleted.

Default 

n/a — No peer groups are defined.

Parameters 
name —
The peer group name. Allowed values is a string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.
esm-dynamic-peer —
This flag designates that the given BGP group will be used by BGP peers created dynamically based on subscriber-hosts pointing to corresponding BGP peering policy. There can be only one BGP group with this flag set in any given VPRN. No BGP neighbors can be manually configured in a BGP group with this flag set.
Values—
disabled

neighbor

Syntax 
[no] neighbor ip-address
Context 
config>service>vprn>bgp>group
Description 

This command creates a BGP peer/neighbor instance within the context of the BGP group.

This command can be issued repeatedly to create multiple peers and their associated configuration.

The no form of the command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shutdown, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.

Default 

n/a — No neighbors are defined.

Parameters 
ip-address—
the IP address of the BGP peer router in dotted decimal notation
Values—

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR only.

family

Syntax 
family [ipv4] [ipv6] [mcast-ipv4]
no family
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command specifies the address family or families to be supported over BGP peerings in the base router. This command is additive so issuing the family command adds the specified address family to the list.

The no form of the command removes the specified address family from the associated BGP peerings. If an address family is not specified, then reset the supported address family back to the default.

Default 

ipv4

Parameters 
ipv4—
provisions support for IPv4 routing information
ipv6—
exchange IPv6 routing information (applies to the 7750 SR only)
mcast-ipv4 —
provisions Multicast IPv4 support

hold-time

Syntax 
hold-time seconds [min seconds2]
no hold-time
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP hold time, expressed in seconds.

The BGP hold time specifies the maximum time BGP waits between successive messages (either keepalive or update) from its peer, before closing the connection. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

Even though the router OS implementation allows setting the keepalive time separately, the configured keepalive timer is overridden by the hold-time value under the following circumstances:

  1. If the specified hold-time is less than the configured keepalive time, then the operational keepalive time is set to a third of the hold-time; the configured keepalive time is not changed.
  2. If the hold-time is set to zero, then the operational value of the keepalive time is set to zero; the configured keepalive time is not changed. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

90 seconds

Parameters 
seconds—
The hold-time, in seconds, expressed as a decimal integer. A value of 0 indicates the connection to the peer is up permanently.
Values—
0, 3 to 65535
seconds2
The minimum hold-time that will be accepted for the session. If the peer proposes a hold-time lower than this value the session attempt will be rejected.

ibgp-multipath

Syntax 
[no] ibgp-multipath
Context 
config>service>vprn>bgp
Description 

This command defines the type of IBGP multipath to use when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of the command disables the IBGP multipath load balancing feature.

Default 

n/a

import

Syntax 
import plcy-or-long-expr [plcy-or-expr [plcy-or-expr... (up to 14 max)]]
no import
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command is used to specify route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default 

no import

Parameters 
plcy-or-long-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)
plcy-or-expr—
the route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long)

keepalive

Syntax 
keepalive seconds
no keepalive
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires. The seconds parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The keepalive value is generally one-third of the hold-time interval. Even though the OS implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:

If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive is set to one third of the current hold-time value.

If the specified hold-time interval is less than the configured keepalive value, then the keepalive value is reset to one third of the specified hold-time interval.

If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of the command used at the global level reverts to the default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

30 seconds

Parameters 
seconds—
the keepalive timer in seconds, expressed as a decimal integer
Values—
0 to 21845

label-preference

Syntax 
label-preference value
no label-preference
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the route preference for routes learned from labeled-unicast peers.

This command can be configured at three levels:

  1. Global level — applies to all peers
  2. Group level — applies to all peers in the peer-group
  3. Neighbor level — applies only to the specified peer

The most specific value is used.

The lower the preference, the higher the chance of the route being the active route.

The no form of the command used at the global level reverts to the default value of 170.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

no label-preference

Parameters 
value—
Specifies the route preference value.
Values—
1 to 255

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

Configures the local IP address used by the group or neighbor when communicating with BGP peers.

Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.

When a local address is not specified, the OS uses the system IP address when communicating with IBGP peers and uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.

The no form of the command removes the configured local-address for BGP.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Parameters 
no local-address —
the router ID is used when communicating with IBGP peers and the interface address is used for directly connected EBGP peers
ip-address—
The local address expressed in dotted decimal notation. Allowed values are a valid routable IP address on the router, either an interface or system IP address.

local-as

Syntax 
local-as as-number [private] [no-prepend-global-as]
no local-as
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures a BGP virtual autonomous system (AS) number.

In addition to the global AS number configured for BGP in the config>router>autonomous-system context, a virtual (local) AS number can be configured to support various AS number migration scenarios.The local AS number is added to the to the beginning the as-path attribute ahead of the router’s AS number.

This configuration parameter can be set at three levels: global level (applies to all EBGP peers), group level (applies to all EBGP peers in peer-group) or neighbor level (only applies to EBGP specified peer). Thus, by specifying this at each neighbor level, it is possible to have a separate local-as per EBGP session. The local-as command is not supported for IBGP sessions. When the optional private keyword is specified in the command the local-as number is not added to inbound routes from the EBGP peer that has local-as in effect.

When a command is entered multiple times for the same AS, the last command entered is used in the configuration. The private attribute can be added or removed dynamically by reissuing the command.

Changing the local AS at the global level in an active BGP instance causes the BGP instance to restart with the new local AS number. Changing the local AS at the global level in an active BGP instance causes BGP to re-establish the peer relationships with all peers in the group with the new local AS number. Changing the local AS at the neighbor level in an active BGP instance causes BGP to re-establish the peer relationship with the new local AS number.

This is an optional command and can be used in the following circumstance:

Provider router P is moved from AS1 to AS2. The customer router that is connected to P, however, is configured to belong to AS1. To avoid reconfiguring the customer router, the local-as value on router P can be set to AS1. Thus, router P adds AS1 to the as-path message for routes it advertises to the customer router.

The no form of the command used at the global level will remove any virtual AS number configured.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

no local-as

Parameters 
as-number—
the virtual autonomous system number, expressed as a decimal integer
Values—
1 to 65535
private—
specifies the local-as is hidden in paths learned from the peering
no-prepend-global-as—
specifies that the global-as is hidden in paths announced to the EBGP peer

local-preference

Syntax 
local-preference local-preference
no local-preference
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables setting the BGP local-preference attribute in incoming routes if not specified and configures the default value for the attribute. This value is used if the BGP route arrives from a BGP peer without the local-preference integer set.

The specified value can be overridden by any value set via a route policy. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command at the global level specifies that incoming routes with local-preference set are not overridden and routes arriving without local-preference set are interpreted as if the route had local-preference value of 100.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

no local-preference - Does not override the local-preference value set in arriving routes and analyze routes without local preference with value of 100.

Parameters 
local-preference—
the local preference value to be used as the override value, expressed as a decimal integer
Values—
0 to 4294967295

loop-detect

Syntax 
loop-detect {drop-peer | discard-route | ignore-loop| off}
no loop-detect
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures how the BGP peer session handles loop detection in the AS path.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

Dynamic configuration changes of loop-detect are not recognized.

The no form of the command used at the global level reverts to default, which is loop-detect ignore-loop.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

loop-detect ignore-loop

Parameters 
drop-peer—
sends a notification to the remote peer and drops the session
discard-route—
discards routes received with loops in the AS path
ignore-loop—
ignores routes with loops in the AS path but maintains peering
off—
disables loop detection

med-out

Syntax 
med-out {number | igp-cost}
no med-out
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables advertising the Multi-Exit Discriminator (MED) and assigns the value used for the path attribute for the MED advertised to BGP peers if the MED is not already set.

The specified value can be overridden by any value set via a route policy.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command used at the global level reverts to default where the MED is not advertised.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

no med-out

Parameters 
number—
the MED path attribute value, expressed as a decimal integer
Values—
0 to 4294967295
igp-cost—
the MED is set to the IGP cost of the given IP prefix

min-route-advertisement

Syntax 
min-route-advertisement seconds
no min-route-advertisement
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the minimum interval, in seconds, at which a prefix can be advertised to a peer.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of the command reverts to default values.

Default 

30 seconds

Parameters 
seconds—
the minimum route advertising interval, in seconds, expressed as a decimal integer
Values—
1 to 255

multihop

Syntax 
multihop ttl-value
no multihop
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the time to live (TTL) value entered in the IP header of packets sent to an EBGP peer multiple hops away.

This parameter is meaningful only when configuring EBGP peers. It is ignored if set for an IBGP peer.

The no form of the command is used to convey to the BGP instance that the EBGP peers are directly connected.

The no form of the command reverts to default values.

Default 

1 — EBGP peers are directly connected

64 — IBGP

Parameters 
ttl-value—
the TTL value, expressed as a decimal integer
Values—
1 to 255

multipath

Syntax 
multipath max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict{same-neighbor-as | exact-as-path}]
no multipath
Context 
config>service>vprn>bgp
Description 

This command enables BGP multipath for the IPv4 and IPv6 address families.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers 'equal' to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth extended community).

To qualify as a multipath, a non-best route must meet the following criteria (some criteria are controlled by this command):

  1. must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method)
  2. must be tied with the best path for all criteria of equal or higher importance than IGP cost to reach the BGP next-hop, except for criteria that are configured to be ignored
  3. must not have the same BGP next-hop as the best path or any other multipath
  4. must not cause the ECMP limit of the routing instance to be exceeded (configurable using the ecmp command to a value in the range 1-64)
  5. must not cause the configured max-paths limit of the BGP instance to be exceeded
    If the best path is an EBGP learned route and the ebgp option is present, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP learned route and the ibgp option is present, the ibgp-max-paths limit overrides the max-paths limit.
    All path limits are configurable up to a maximum of 64. Multipath is effectively disabled if a value is set to one
  6. must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured
    By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multipath.
  7. must have the exact same AS path as the best path if the restrict exact-as-path option is configured
    By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multipath.

The no form of the command disables BGP multipath (equivalent to multipath 1).

Default 

no multipath

Parameters 
max-paths—
the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply
Values—
1 to 64
ebgp-max-paths—
the maximum number of multipaths per prefix/NLRI when the best path is an EBGP-learned route
Values—
1 to 64
ibgp-max-paths—
the maximum number of multipaths per prefix/NLRI when the best path is an IBGP-learned route
Values—
1 to 64
same-neighbor-as—
the non-best path must have the same neighbor AS in its AS path as the best path
exact-as-path-as—
the non best path must have the exact same AS path as the best path

next-hop-resolution

Syntax 
next-hop-resolution
Context 
config>service>vprn>bgp
Description 

This command enables the context to configure next-hop resolution parameters.

next-hop-self

Syntax 
[no] next-hop-self
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the group or neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.

This is primarily used to avoid third-party route advertisements when connected to a multi-access network.

The no form of the command used at the group level allows third-party route advertisements in a multi-access network.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Parameters 
no next-hop-self —
third-party route advertisements are allowed

passive

Syntax 
[no] passive
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables passive mode for the BGP group or neighbor.

When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.

The no form of the command used at the group level disables passive mode where BGP actively attempts to connect to its peers.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Parameters 
no passive—
BGP will actively try to connect to all the configured peers

peer-as

Syntax 
peer-as as-number
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.

For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level since the peer will be in a different autonomous system than this router

For IBGP peers, the peer AS number must be the same as the autonomous system number of this router configured under the global level.

This is a required command for each configured peer. This may be configured under the group level for all neighbors in a particular group.

Default 

No AS numbers are defined.

Parameters 
as-number—
the autonomous system number, expressed as a decimal integer
Values—
1 to 65535

policy

Syntax 
policy policy-name
no policy
Context 
config>service>vprn>bgp>next-hop-res
Description 

This command specifies the name of a policy statement to use with the BGP next-hop resolution process. The policy controls which IP routes in RTM are eligible to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next-hops to MPLS tunnels. If a BGP next-hop of an IPv4 or IPv6 route R is resolved in RTM and the longest matching route for the next-hop address is an IP route N that is rejected by the policy then route R is unresolved; if the route N is accepted by the policy then it becomes the resolving route for R.

The default next-hop resolution policy (when the no policy command is configured) is to use the longest matching active route in RTM that is not a BGP route (unless use-bgp-routes is configured), an aggregate route or a subscriber management route.

Default 

no policy

Parameters 
policy-name—
The route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

peer-tracking-policy

Syntax 
peer-tracking-policy policy-name
no peer-tracking-policy
Context 
config>service>vprn>bgp
Description 

This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where this is enabled. The policy controls which IP routes in RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in RTM for a BGP neighbor address is an IP route that is rejected by the policy, or it is a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.

The default peer-tracking policy (when the no peer-tracking-policy command is configured) is to use the longest matching active route in RTM that is not an LDP shortcut route or an aggregate route.

Default 

no peer-tracking-policy

Parameters 
policy-name—
The route policy name. Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

preference

Syntax 
[no] preference preference
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
Description 

This command configures the route preference for routes learned from the configured peer(s).

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The lower the preference the higher the chance of the route being the active route. The OS assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.

The no form of the command used at the global level reverts to default value.

The no form of the command used at the group level reverts to the value defined at the global level.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

170

Parameters 
preference—
the route preference, expressed as a decimal integer
Values—
1 to 255

prefix-limit

Syntax 
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
no prefix-limit family
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the maximum number of BGP routes that can be received from a peer before administrative action is taken. The administrative action can be the generation of a log event or taking down the session. If a session is taken down, then it can be brought back up automatically after an idle-timeout period, or else it can be configured to stay down ('forever') until the operator performs a reset.

The prefix-limit command allows each address family to have its own limit; a set of address family limits can be applied to one neighbor or to all neighbors in a group.

The no form of the command removes the prefix-limit.

Default 

No prefix limits for any address family.

Parameters 
percent—
the threshold value (as a percentage) that triggers a warning message to be sent
Values—
1 to 100
family—
the address family to which the limit applies
Values—
ipv4, label-ipv4, ipv6, mcast-ipv4, flow-ipv4, flow-ipv6, mcast-ipv6
limit—
the number of routes that can be learned from a peer expressed as a decimal integer
Values—
1 to 4294967295
minutes—
specifies duration in minutes before automatically re-establishing a session
Values—
1 to 1024
forever—
specifies that the session is reestablished only after clear router bgp command is executed
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is reached. However, the BGP session is not taken down.
post-import—
specifies that the limit should be applied only to the number of routes that are accepted by import policies

rapid-withdrawal

Syntax 
[no] rapid-withdrawal
Context 
config>service>vprn>bgp
Description 

This command disables the delay (Minimum Route Advertisement) on sending BGP withdrawals. Normal route withdrawals may be delayed up to the minimum route advertisement to allow for efficient packing of BGP updates.

The no form of the command removes this command from the configuration and returns withdrawal processing to the normal behavior.

Default 

no rapid-withdrawal

remove-private

Syntax 
remove-private [limited] [skip-peer-as]
no remove-private
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command allows private AS numbers to be removed from the AS path before advertising them to BGP peers.

When the remove-private parameter is set at the global level, it applies to all peers regardless of group or neighbor configuration. When the parameter is set at the group level, it applies to all peers in the group regardless of the neighbor configuration.

The OS software recognizes the set of AS numbers that are defined by IANA as private. These are AS numbers in the range 64512 through 65535, inclusive.

The no form of the command used at the global level reverts to default value. The no form of the command used at the group level reverts to the value defined at the global level. The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

no remove-private - Private AS numbers will be included in the AS path attribute.

Parameters 
limited—
This optional keyword removes private ASNs up to the first public ASN encountered. It then stops removing private ASNs.
skip-peer-as—
This optional keyword causes this command to not remove a private ASN from the AS-Path if that ASN is the same as the BGP peer AS number.

rib-management

Syntax 
rib-management
Context 
config>service>vprn>bgp
Description 

This command enables the context to configure RIB management parameters.

Default 

N/A

leak-import

Syntax 
leak-import plcy-or-long-expr [plcy-or-expr ... (up to 14 max)]
no leak-import
Context 
config>service>vprn>bgp>rib-management>ipv4
config>service>vprn>bgp>rib-management>label-ipv4
config>service>vprn>bgp>rib-management>ipv6
Description 

This command is used to specify route policies that control the importation of leak-eligible routes from the BGP RIB of another routing instance into the unlabeled-IPv4, unlabeled-IPv6, or labeled-IPv4 RIB of the base router. To leak a route from one routing instance to another, the origin and destination RIB types must be the same; for example, it is not possible to leak a route from an unlabeled-IPv4 RIB of a VPRN into the labeled-IPv4 RIB of the base router.

The leak-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 15 objects referenced by the leak-import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple leak-import commands are issued, the last command entered overrides the previous command.

When a leak-import policy is not specified, no BGP routes from other routing instances are leaked into the VPRN BGP RIB.

The no form of the command removes the policy association.

Default 

n/a

Parameters 
plcy-or-long-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 255 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.
plcy-or-expr—
The route policy name (up to 64 characters long) or a policy logical expression (up to 255 characters long). Allowed values are any string up to 64 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed within double quotes.

route-table-import

Syntax 
route-table-import policy-name
no route-table-import
Context 
config>service>vprn>bgp>rib-management>ipv4
config>service>vprn>bgp>rib-management>label-ipv4
config>service>vprn>bgp>rib-management>ipv6
Description 

This command specifies the name of a route policy to control the importation of active routes from the IP route table into one of the BGP RIBs.

If the route-table-import command is not configured, or if the command refers to an empty policy, all non-BGP routes from the IP route table are imported into the applicable RIB.

If the route-table-import command is configured, then routes dropped or rejected by the configured policy are not installed in the associated RIB. Rejected routes cannot be advertised to BGP peers associated with the RIB, but they can still be used to resolve BGP next-hops of routes in that RIB. If the active route for a prefix is rejected by the route-table-import policy, then the best BGP route for that prefix in the BGP RIB can be advertised to peers as though it is used.

Aggregate routes are always imported into each RIB, independent of the route-table-import policy.

Route modifications specified in the actions of a route-table-import policy are ignored and have no effect on the imported routes.

Default 

no route-table-import

Parameters 
policy-name—
Specifies the name of a policy-statement (up to 64 characters).

split-horizon

Syntax 
split-horizon
no split-horizon
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables the use of split-horizon. When applied globally, to a group, or a specific peer, split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer; confed-EBGP, EBGP and IBGP.

The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.

Caution:

Use of the split-horizon command may have a detrimental impact on peer and route scaling and therefore operators are encouraged to use it only when absolutely needed.

The no form of the command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default 

no split-horizon

third-party-nexthop

Syntax 
third-party-nexthop
no third-party-nexthop
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

Use this command to enable the router to send third-party next-hop to EBGP peers in the same subnet as the source peer, as described in RFC 4271. If enabled when an IPv4 or IPv6 route is received from one EBGP peer and advertised to another EBGP peer in the same IP subnet, the BGP next-hop is left unchanged. Third-party next-hop is not done if the address family of the transport does not match the address family of the route.

The no form of the command prevents BGP from performing any third party next-hop processing toward any single-hop EBGP peers within the scope of the command. No third-party next-hop means the next-hop will always carry the IP address of the interface used to establish the TCP connection to the peer.

Default 

no third-party-nexthop

type

Syntax 
[no] type {internal | external}
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command designates the BGP peer as type internal or external.

The type of internal indicates the peer is an IBGP peer while the type of external indicates that the peer is an EBGP peer.

By default, the OS derives the type of neighbor based on the local AS specified. If the local AS specified is the same as the AS of the router, the peer is considered internal. If the local AS is different, then the peer is considered external.

The no form of the command used at the group level reverts to the default value.

The no form of the command used at the neighbor level reverts to the value defined at the group level.

Default 

no type

Parameters 
internal—
configures the peer as internal
external—
configures the peer as external
no type —
type of neighbor is derived on the local AS specified

updated-error-handling

Syntax 
[no] updated-error-handling
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command controls whether SR OS utilizes the new neighbor-complete bit when processing optional transitive path attributes and advertising them to the associated BGP neighbor.

This command also control if SR OS utilizes the error handling mechanism for optional-transitive path attributes.

Default 

no updated-error-handling

ttl-security

Syntax 
ttl-security min-ttl-value
no ttl-security
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

Configure TTL security parameters for incoming packets.

Parameters 
min-ttl-value—
specifies the minimum TTL value for an incoming BGP packet
Values—
1 to 255
Values—
1

ETH-CFM Service Commands

eth-cfm

Syntax 
eth-cfm
Context 
config>service>vprn
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
config>service>vprn>sub-if>grp-if>sap
Description 

This command enables the context to configure ETH-CFM parameters.

collect-lmm-stats

Syntax 
collect-lmm-stats
no collect-lmm-stats
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show sap-using eth-cfm collect-lmm-stats command and the show sdp-using eth-cfm collect-lmm-stats command can be used to display which entities are collecting stats.

The no form of the command disables and deletes the counters for this SAP or MPLS SDP binding.

Default 

no collect-lmm-stats

mep

Syntax 
mep mep-id domain md-index association ma-index [direction {up | down}]
no mep mep-id domain md-index association ma-index
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command configures the ETH-CFM maintenance endpoint (MEP).

Parameters 
mep-id—
specifies the maintenance association end point identifier
Values—
1 to 8191
md-index—
specifies the maintenance domain (MD) index value
Values—
1 to 4294967295
ma-index—
specifies the MA index value
Values—
1 to 4294967295
direction up | down—
Indicates the direction in which the maintenance association (MEP) faces on the bridge port. Direction UP is not supported on VPRN MEPs.
Values—
down — sends continuity check messages away from the MAC relay entity
up — sends continuity check messages towards the MAC relay entity

ais-enable

Syntax 
[no] ais-enable
Context 
config>service>vprn>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command configures the reception of Alarm Indication Signal (AIS) message.

interface-support-enable

Syntax 
[no] interface-support-enable
Context 
config>service>vprn>sap>eth-cfm>mep>ais-enable
config>service>vprn>spoke-sdp>eth-cfm>mep>ais-enable
Description 

This command enables the AIS function to consider the operational state of the entity on which it is configured. With this command, ETH-AIS on DOWN MEPs will be triggered and cleared based on the operational status of the entity on which it is configured. If CCM is also enabled then transmission of the AIS PDU will be based on either the non operational state of the entity or on ANY CCM defect condition. AIS generation will cease if BOTH operational state is UP and CCM has no defect conditions. If the MEP is not CCM enabled then the operational state of the entity is the only consideration assuming this command is present for the MEP.

Default 

no interface-support-enabled (AIS will not be generated or stopped based on the state of the entity on) which the DOWN MEP is configured.

ccm-enable

Syntax 
[no] ccm-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables the generation of CCM messages.

The no form of the command disables the generation of CCM messages.

ccm-ltm-priority

Syntax 
ccm-ltm-priority priority
no ccm-ltm-priority
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of the command removes the priority value from the configuration.

Default 

The highest priority on the bridge-port.

Parameters 
priority—
Specifies the priority of CCM and LTM messages.
Values—
0 to 7

ccm-padding-size

Syntax 
[no] ccm-padding-size ccm-padding
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command sets the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer Two encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Default 

ccm-padding-size

Parameters 
ccm-padding—
specifies the byte size of the Optional Data TLV
Values—
3 to 1500

csf-enable

Syntax 
[no] csf-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command enables the reception and local processing of ETH-CSF frames.

multiplier

Syntax 
multiplier multiplier-value
no multiplier
Context 
config>service>vprn>if>sap>eth-cfm>mep>cfs-enable
config>service>vprn>if>spoke-sdp>eth-cfm>mep>cfs-enable
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>cfs-enable
Description 

This command enables the multiplication factor applied to the receive time used to clear the CSF condition in increments of 5.

Default 

3.5

Parameters 
multiplier-value—
specifies the multiplier used for timing out CSF
Values—
0.0, 2.0 to 30.0

eth-test-enable

Syntax 
[no] eth-test-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test then can be done using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

test-pattern

Syntax 
test-pattern {all-zeros | all-ones} [crc-enable]
no test-pattern
Context 
config>service>vprn>if>sap>eth-cfm>mep>eth-test-enable
config>service>vprn>if>spoke-sdp>eth-cfm>mep>eth-test-enable
config>service>vprn>sub-if>grp-if>sap>eth-cfm>eth-test-enable
Description 

This command configures the test pattern for eth-test frames.

The no form of the command removes the values from the configuration.

Default 

all-zeros

Parameters 
all-zeros —
specifies to use all zeros in the test pattern
all-ones—
specifies to use all ones in the test pattern
crc-enable—
generates a CRC checksum

bit-error-threshold

Syntax 
bit-error-threshold bit-errors
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command specifies the lowest priority defect that is allowed to generate a fault alarm.

Default 

1

Parameters 
bit-errors
specifies the lowest priority defect
Values—
0 to 11840

one-way-delay-threshold

Syntax 
one-way-delay-threshold time
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables one way delay threshold time limit.

Default 

3 seconds

Parameters 
priority—
specifies the value for the threshold
Values—
0 to 600

squelch-ingress-levels

Syntax 
squelch-ingress-levels [md-level [md-level]]
no squelch-ingress-levels
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command defines the levels of the ETH-CFM PDUs that will silently be discarded on ingress into the SAP or SDP Binding from the wire. All ETH-CFM PDUs inbound to the SAP or SDP binding will be dropped that match the configured levels without regard for any other ETH-CFM criteria. No statistical information or drop count will be available for any ETH-PDU that is silently discarded by this option. The operator must configure a complete contiguous list of md-levels up to the highest level that will be dropped. The command must be retyped in complete form to modify a previous configuration, if the operator does not want to delete it first.

The no form of the command removes the silent discarding of previously matching ETH-CFM PDUs.

Default 

no squelch-ingress-levels

Parameters 
md-level—
identifies the level
Values—
[0 to 7]

tunnel-fault

Syntax 
tunnel-fault {accept | ignore}
Context 
config>service>vprn>eth-cfm
config>service>vprn>if>sap>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

Allows the individual service SAPs to react to changes in the tunnel MEP state. When tunnel-fault accept is configured at the service level, the SAP will react according to the service type, Epipe will set the operational flag and VPLS, IES and VPRN SAP operational state will become down on failure or up on clear. This command triggers the OAM mapping functions to mate SAPs and bindings in an Epipe service as well as setting the operational flag. If AIS generation is the requirement for the Epipe services this command is not required. See the command ais-enable under epipe>sap>eth-cfm>ais-enable for more details. This works in conjunction with the tunnel-fault accept on the individual SAPs. Both must be set to accept to react to the tunnel MEP state. By default the service level command is “ignore” and the sap level command is “accept”. This means simply changing the service level command to “accept” will enable the feature for all SAPs. This is not required for Epipe services that only wish to generate AIS on failure.

Default 

ignore (Service Level)

accept (SAP Level for Epipe and VPLS)

Parameters 
accept—
share fate with the facility tunnel MEP
ignore—
do not share fate with the facility tunnel MEP

fault-propagation-enable

Syntax 
fault-propagation-enable {use-if-tlv | suspend-ccm}
no fault-propagation-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command configures the fault propagation for the MEP.

Parameters 
use-if-tlv—
specifies to use the interface TLV
suspend-ccm—
specifies to suspend the continuity check messages

low-priority-defect

Syntax 
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command specifies the lowest priority defect that is allowed to generate a fault alarm.

Default 

macRemErrXcon

Parameters 
parameters—
specifies the lowest priority defect
Values—

allDef

DefRDICCM, DefMACstatus, DefRemoteCCM, DefErrorCCM, and DefXconCCM

macRemErrXcon

Only DefMACstatus, DefRemoteCCM, DefErrorCCM, and DefXconCCM

remErrXcon

Only DefRemoteCCM, DefErrorCCM, and DefXconCCM

errXcon

Only DefErrorCCM and DefXconCCM

xcon

Only DefXconCCM; or

noXcon

No defects DefXcon or lower are to be reported

IS-IS Commands

isis

Syntax 
[no] isis isis-instance
Context 
config>service>vprn
Description 

This command enables the ISIS protocol instance with the VPRN service.

The no form of the command disables the ISIS protocol instance from the given VPRN service.

Default 

no ISIS

advertise-passive-only

Syntax 
[no] advertise-passive-only
Context 
config>service>vprn>isis
Description 

This command enables and disables IS-IS for the VPRN instance to advertise only prefixes that belong to passive interfaces.

advertise-router-capability

Syntax 
advertise-router-capability {area | as}
no advertise-router-capability
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A new TLV as defined in RFC 4971 advertises the TE Node Capability Descriptor capability.

The parameters (area & as) control the scope of the capabilities advertisements.

The no form of this command, disables this capability.

Default 

no advertise-router-capability

Parameters 
area—
capabilities are only advertised within the area of origin
as—
capabilities are only advertised throughout the entire autonomous system

all-l1isis

Syntax 
all-l1isis ieee-address
no all-l1isis
Context 
config>service>vprn>isis
Description 

This command specifies the MAC address to use for the VPRN instance of the L1 IS-IS routers. The MAC address should be a multicast address. You should shut/no shut the IS-IS instance to make the change operational.

Default 

all-l1isis 01-80-C2-00-01-00

Parameters 
ieee-address—
specifies the destination MAC address for all L1 I-IS neighbors on the link for this ISIS instance

all-l2isis

Syntax 
all-l2isis ieee-address
no all-l2isis
Context 
config>service>vprn>isis
Description 

This command specifies the MAC address to use for L2 IS-IS routers for the VPRN instance. The MAC address should be a multicast address. You should shut/no shut the IS-IS instance to make the change operational.

Default 

all-l2isis 01-80-C2-00-02-11

Parameters 
ieee-address—
specifies the destination MAC address for all L2 ISIS neighbors on the link for this ISIS instance

area-id

Syntax 
[no] area-id area-address
Context 
config>service>vprn>isis
Description 

This command configures the area ID portion of NSAP addresses for the VPRN instance. This identifies a point of connection to the network, such as a router interface, and is called a Network Service Access Point (NSAP). Addresses in the IS-IS protocol are based on the ISO NSAP addresses and Network Entity Titles (NETs), not IP addresses.

A maximum of 3 area addresses can be configured for the VPRN instance.

NSAP addresses are divided into three parts. Only the area ID portion is configurable.

  1. Area ID — A variable length field between 1 and 13 bytes long. This includes the Authority and Format Identifier (AFI) as the most significant byte and the area ID.
  2. System ID — A six-byte system identification. This value is not configurable. The system ID is derived from the system or router ID.
  3. Selector ID — A one-byte selector identification that must contain zeros when configuring a NET. This value is not configurable. The selector ID is always 00.

The NET is constructed like an NSAP but the selector byte contains a 00 value. NET addresses are exchanged in hello and LSP PDUs. All net addresses configured on the node are advertised to its neighbors.

For Level 1 interfaces, neighbors can have different area IDs, but, they must have at least one area ID (AFI + area) in common. Sharing a common area ID, they become neighbors and area merging between the potentially different areas can occur.

For Level 2 (only) interfaces, neighbors can have different area IDs. However, if they have no area IDs in common, they become only Level 2 neighbors and Level 2 LSPs are exchanged.

For Level 1 and Level 2 interfaces, neighbors can have different area IDs. If they have at least one area ID (AFI + area) in common, they become neighbors. In addition to exchanging Level 2 LSPs, area merging between potentially different areas can occur.

If multiple area-id commands are entered, the system ID of all subsequent entries must match the first area address.

The no form of the command removes the area address.

auth-keychain

Syntax 
auth-keychain name
Context 
config>service>vprn>isis>
config>service>vprn>isis>level
Description 

This command configures an authentication keychain to use for the protocol interface for the VPRN instance. The keychain allows the rollover of authentication keys during the lifetime of a session.

Default 

no auth-keychain

Parameters 
name —
specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions

authentication-check

Syntax 
[no] authentication-check
Context 
confi>service>vprn>isis
Description 

This command sets an authentication check to reject PDUs that do not match the type or key requirements for the VPRN instance.

The default behavior when authentication is configured is to reject all IS-IS protocol PDUs that have a mismatch in either the authentication type or authentication key.

When no authentication-check is configured, authentication PDUs are generated and IS-IS PDUs are authenticated on receipt. However, mismatches cause an event to be generated and will not be rejected.

The no form of this command allows authentication mismatches to be accepted and generate a log event.

Default 

authentication-check — rejects authentication mismatches

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command sets the authentication key used to verify PDUs sent by neighboring routers on the interface for the VPRN instance.

Neighboring routers use passwords to authenticate PDUs sent from an interface. For authentication to work, both the authentication key and the authentication type on a segment must match. The OSPF Commands statement must also be included.

To configure authentication on the global level, configure this command in the config>router>isis context. When this parameter is configured on the global level, all PDUs are authenticated including the hello PDU.

To override the global setting for a specific level, configure the authentication-key command in the config>router>isis>level context. When configured within the specific level, hello PDUs are not authenticated.

The no form of the command removes the authentication key.

Default 

no authentication-key — No authentication key is configured.

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 255 characters in length (un-encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

authentication-type

Syntax 
authentication-type {password | message-digest}
no authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables either simple password or message digest authentication or must go in either the global IS-IS or IS-IS level context.

Both the authentication key and the authentication type on a segment must match. The authentication-key statement must also be included.

Configure the authentication type on the global level in the config>router>isis context.

Configure or override the global setting by configuring the authentication type in the config>router>isis>level context.

The no form of the command disables authentication.

Default 

no authentication-type — No authentication type is configured and authentication is disabled.

Parameters 
password—
specifies that simple password (plain text) authentication is required.
message-digest—
specifies that MD5 authentication in accordance with RFC2104 is required.

csnp-authentication

Syntax 
[no] csnp-authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables authentication of individual ISIS packets of complete sequence number PDUs (CSNP) type for the VPRN instance.

default-route-tag

Syntax 
default-route-tag tag
no default-route-tag
Context 
config>service>vprn>isis
Description 

This command configures the route tag for default route for the router or VPRN service.

Parameters 
tag—
assigns a default tag
Values—
1 — 4294967295

export

Syntax 
[no] export policy-name [policy-name...up to 5 max]
Context 
config>service>vprn>isis
Description 

This command configures export routing policies that determine the routes exported from the routing table to IS-IS.

If no export policy is defined, non IS-IS routes are not exported from the routing table manager to IS-IS.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered overrides the previous command. A maximum of five policy names can be specified.

If an aggregate command is also configured in the config>router context, then the aggregation is applied before the export policy is applied.

Routing policies are created in the config>router>policy-options context.

The no form of the command removes the specified policy-name or all policies from the configuration if no policy-name is specified.

Default 

no export — No export policy name is specified.

Parameters 
policy-name—
The export policy name. Up to five policy-name arguments can be specified.

export-limit

Syntax 
export-limit number [log percentage]
no export-limit
Context 
config>service>vprn>isis
Description 

This command configures the maximum number of routes (prefixes) that can be exported into IS-IS from the route table for the VPRN instance.

The no form of the command removes the parameters from the configuration.

Default 

no export-limit - The export limit for routes or prefixes is disabled.

Parameters 
number—
specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table
Values—
1 to 4294967295
log percentage
specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent
Values—
1 to 100

graceful-restart

Syntax 
[no] graceful-restart
Context 
config>service>vprn>isis
Description 

This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.

The no form of the command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.

Default 

no graceful-restart

helper-disable

Syntax 
[no] helper-disable
Context 
config>service>vprn>isis>graceful-restart
Description 

This command disables helper support for IS-IS graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (meaning that the router is helping a neighbor to restart), a restarting router, or both. The router only supports helper mode. It will not act as a restarting router, because the high availability feature set already preserves IS-IS forwarding information such that this functionality is not needed. This command is a historical command and should not be disabled. Configuring helper-disable has the effect of disabling graceful restart, because the router only supports helper mode.

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default 

no helper-disable

hello-authentication

Syntax 
[no] hello-authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>interface
config>service>vprn>isis>level
Description 

This command enables authentication of individual IS-IS Hello packets for the VPRN instance.

The no form of the command suppresses authentication of Hello packets.

hello-padding

Syntax 
[no] hello-padding {none | adaptive | loose | strict}
Context 
config>service>vprn>isis
config>service>vprn>isis>level
config>service>vprn>isis>interface
config>service>vprn>isis>interface>level
Description 

This command enables the IS-IS Hello (IIH) message padding to ensure that IS-IS LSPs can traverse the link. When this option is enabled, IS-IS Hello messages are padded to the maximum LSP MTU value, which can be set with the lsp-mtu-size command.

The no form of the command disables IS-IS Hello message padding.

Default 

no hello-padding — Hello message padding is not configured

Parameters 
adaptive—
specifies the adaptive padding option; this option is able to detect MTU asymmetry from one side of the connection but uses more overhead than loose padding
  1. point-to-point interface—Hello PDUs are padded until the sender declares an adjacency on the link to be in the state up. If the implementation supports RFC 3373/5303, Three-Way Handshake for IS-IS Point-to-Point Adjacencies, then this is when the three-way state is up. If the implementation uses the “classic” algorithm described in ISO 10589, this is when the adjacency state is up. If the neighbor does not support the adjacency state TLV, then padding continues.
  2. broadcast interface—padding starts until at least one adjacency is up on the interface
loose—
specifies the loose padding option; the loose padding may not be able to detect certain conditions such as asymmetrical MTUs between the routing devices
  1. point-to-point interface—the Hello packet is padded from the initial detection of a new neighbor until the adjacency transitions to the INIT state
  2. broadcast interface—padding starts until at least one adjacency (bcast only has up/down) is up on the interface
none—
specifies that the hello message padding is not enabled at this level even if it is configured at one of the parent levels
strict—
specifies the strict padding option
  1. point-to-point interface—padding is done for all adjacency states, and is continuous. Strict padding has the most overhead but detects MTU issues on both sides of a link
  2. broadcast interface—padding is done for all adjacency states, and is continuous. Strict padding has the most overhead but detects MTU issues on both sides of a link

ignore-lsp-errors

Syntax 
[no] ignore-lsp-errors
Context 
config>service>vprn>isis
Description 

This command specifies that for this VPRN instance, ISIS will ignore LSP packets with errors. When enabled, IS-IS LSP errors will be ignored and the associated record will not be purged.

This command enables ISIS to ignore the ATT bit and therefore suppress the installation of default routes.

The no form of the command specifies that ISIS will not ignore LSP errors.

iid-tlv-enable

Syntax 
[no] iid-tlv-enable
Context 
config>service>vprn>isis
Description 

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

Default 

no iid-tlv-enable

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>isis
Description 

This command creates the context to configure an IS-IS interface.

When an area is defined, the interfaces belong to that area. Interfaces cannot belong to separate areas.

When the interface is a POS channel, the OSINCP is enabled when the interface is created and removed when the interface is deleted.

The no form of the command removes IS-IS from the interface.

The shutdown command in the config>router>isis>interface context administratively disables IS-IS on the interface without affecting the IS-IS configuration.

Default 

no interface — No IS-IS interfaces are defined.

Parameters 
ip-int-name—
Identify the IP interface name created in the config>router>interface context. The IP interface name must already exist.

bfd-enable

Syntax 
[no] bfd-enable {ipv4 | ipv6} [include-bfd-tlv]
Context 
config>service>vprn>interface
Description 

This command enables the use of bi-directional forwarding (BFD) to control IPv4 adjacencies. By enabling BFD on an IPv4 or IPv6 protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set by the BFD command under the IP interface. This command must be given separately to enable/disable BFD for both IPv4 and IPv6.

The no form of this command removes BFD from the associated adjacency.

Default 

no bfd-enable ipv4

csnp-interval

Syntax 
csnp-interval seconds
no csnp-interval
Context 
config>service>vprn>isis>interface
Description 

This command configures the time interval, in seconds, to send complete sequence number (CSN) PDUs from the interface. IS-IS must send CSN PDUs periodically.

The no form of the command reverts to the default value.

Default 

csnp-interval 10 — CSN PDUs are sent every 10 seconds for LAN interfaces.

csnp-interval 5 — CSN PDUs are sent every 5 seconds for point-to-point interfaces.

Parameters 
seconds—
the time interval, in seconds between successive CSN PDUs sent from this interface expressed as a decimal integer

1 to 65535

default-instance

Syntax 
[no] default-instance
Context 
config>service>vprn>isis>interface
Description 

This command enables a non-MI capable router to establish an adjacency and operate with an SR OS in a non-zero instance. If the router does not receive IID-TLVs, it will establish an adjacency in a single instance. Instead of establishing an adjacency in the standard instance 0, the router will establish an adjacency in the configured non-zero instance. The router will then operate in the configured non-zero instance so that it appears to be in the standard instance 0 to its neighbor. This feature is supported on point-to-point interfaces, broadcast interfaces are not supported.

The no form of the command disables the functionality so that the router can only establish adjacencies in the standard instance 0.

Default 

no default-instance

hello-auth-keychain

Syntax 
hello-auth-keychain name
Context 
config>service>vprn>isis>interface
config>service>vprn>isis>interface>level
Description 

This command configures an authentication keychain to use for the protocol interface. The keychain allows the rollover of authentication keys during the lifetime of a session.

Default 

no hello-auth-keychain

Parameters 
name —
specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions

hello-authentication-key

Syntax 
hello-authentication-key [authentication-key | hash-key] [hash | hash2]
no hello-authentication-key
Context 
config>service>vprn>isis>interrface
config>service>vprn>isis>interface>level
Description 

This command configures the authentication key (password) for hello PDUs. Neighboring routers use the password to verify the authenticity of hello PDUs sent from this interface. Both the hello authentication key and the hello authentication type on a segment must match. The hello-authentication-type must be specified.

To configure the hello authentication key in the interface context use the hello-authentication-key in the config>router>isis>interface context.

To configure or override the hello authentication key for a specific level, configure the hello-authentication-key in the config>router>isis>interface>level context.

If both IS-IS and hello-authentication are configured, Hello messages are validated using hello authentication. If only IS-IS authentication is configured, it will be used to authenticate all IS-IS (including hello) protocol PDUs.

When the hello authentication key is configured in the config>router>isis>interface context, it applies to all levels configured for the interface.

The no form of the command removes the authentication-key from the configuration.

Default 

no hello-authentication-key — No hello authentication key is configured.

Parameters 
authentication-key—
The hello authentication key (password). The key can be any combination of ASCII characters up to 254 characters in length (un-encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

hello-authentication-type

Syntax 
hello-authentication-type {password | message-digest}
no hello-authentication-type
Context 
config>service>vprn>isis>interface
config>service>vprn>isis>interface>level
Description 

This command enables hello authentication at either the interface or level context. Both the hello authentication key and the hello authentication type on a segment must match. The hello authentication-key statement must also be included.

To configure the hello authentication type at the interface context, use hello-authentication-type in the config>router>isis>interface context.

To configure or override the hello authentication setting for a given level, configure the hello-authentication-type in the config>router>isis>interface>level context.

The no form of the command disables hello authentication.

Default 

no hello-authentication-type — hello authentication is disabled

Parameters 
password—
specifies simple password (plain text) authentication is required
message-digest—
specifies MD5 authentication in accordance with RFC2104 (HMAC: Keyed-Hashing for Message Authentication) is required

interface-type

Syntax 
interface-type {broadcast | point-to-point}
no interface-type
Context 
config>service>vprn>isis>interface
Description 

This command configures the IS-IS interface type as either broadcast or point-to-point.

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the designated IS-IS overhead if the link is used as a point-to-point.

If the interface type is not known at the time the interface is added to IS-IS and subsequently the IP interface is bound (or moved) to a different interface type, then this command must be entered manually.

The no form of the command reverts to the default value.

Default 

point-to-point — For IP interfaces on SONET channels.

broadcast — For IP interfaces on Ethernet or unknown type physical interfaces.

Special Cases 
SONET—
Interfaces on SONET channels default to the point-to-point type.
Ethernet or Unknown—
Physical interfaces that are Ethernet or unknown default to the broadcast type.
Parameters 
broadcast—
configures the interface to maintain this link as a broadcast network
point-to-point—
configures the interface to maintain this link as a point-to-point link

ipv4-multicast-disable

Syntax 
[no] ipv4-multicast-disable
Context 
config>service>vprn>isis>interface
Description 

This command administratively disables/enables ISIS operation for IPv4.

Default 

no ipv4-multicast-disable

ipv6-unicast-disable

Syntax 
[no] ipv6-unicast-disable
Context 
config>router>isis>if
config>service>vprn>isis>interface
Description 

This command disables IS-IS IPv6 unicast routing for the interface.

By default IPv6 unicast on all interfaces is enabled. However, IPv6 unicast routing on IS-IS is in effect when the config>router>isis>ipv6-routing mt command is configured.

The no form of the command enables IS-IS IPv6 unicast routing for the interface.

hello-interval

Syntax 
hello-interval seconds
no hello-interval
Context 
config>router>isis>if>level level-number
config>service>vprn>isis>interface>level
Description 

This command configures the interval in seconds between Hello messages issued on this interface at this level.

The no form of the command to reverts to the default value.

Default 

3 — Hello interval default for the designated intersystem

9 — Hello interval default for non-designated intersystems

Parameters 
seconds—
the hello interval in seconds expressed as a decimal integer
Values—
1 to 20000

hello-multiplier

Syntax 
hello-multiplier multiplier
no hello-multiplier
Context 
config>router>isis>if>level level-number
config>service>vprn>isis>interface>level
Description 

This command configures the number of missing hello PDUs from a neighbor after the router declares the adjacency down.

The no form of the command reverts to the default value.

Default 

3 — The router can miss up to 3 Hello messages before declaring the adjacency down.

Parameters 
multiplier—
the multiplier for the hello interval expressed as a decimal integer
Values—
2 to 100

ipv4-multicast-metric

Syntax 
ipv4-mulicast-metric metric
no ipv4-multicast-metric
Context 
config>service>vprn>isis>interface>level
Description 

This command configures IS-IS interface metric for IPv4 multicast for the VPRN instance.

The no form of this command removes the metric from the configuration.

Parameters 
metric—
specifies the IS-IS interface metric for IPv4 multicast
Values—
1 to 16777215

ipv6-unicast-metric

Syntax 
ipv6-unicast-metric metric
no ipv6-unicast-metric
Context 
config>service>vprn>isis>interface>level
Description 

This command configures IS-IS interface metric for IPv6 unicast.

The no form of this command removes the metric from the configuration.

Parameters 
metric—
specifies the IS-IS interface metric for IPv6 unicast
Values—
1 to 16777215

metric

Syntax 
metric metric
no metric
Context 
config>service>vprn>isis>interface>level
Description 

This command configures the metric used for the level on the interface.

In order to calculate the lowest cost to reach a given destination, each configured level on each interface must have a cost. The costs for each level on an interface may be different.

If the metric is not configured, the default of 10 is used unless reference bandwidth is configured.

The no form of the command reverts to the default value.

Default 

10 — A metric of 10 for the level on the interface is used.

Parameters 
metric—
the metric assigned for this level on this interface
Values—
1 to 16777215

passive

Syntax 
[no] passive
Context 
config>service>vprn>isis>interface
config>service>vprn>isis>interface>level
Description 

This command adds the passive attribute which causes the interface to be advertised as an IS-IS interface without running the IS-IS protocol. Normally, only interface addresses that are configured for IS-IS are advertised as IS-IS interfaces at the level that they are configured.

When the passive mode is enabled, the interface or the interface at the level ignores ingress IS-IS protocol PDUs and will not transmit IS-IS protocol PDUs.

The no form of the command removes the passive attribute.

Default 

passive — Service interfaces are passive. no passive — All other interfaces are not passive.

Special Cases 
Service Interfaces—
service interfaces (defined using the service-prefix command in config>router) are passive by default
All other Interfaces—
all other interfaces are not passive by default

priority

Syntax 
priority number
no priority
Context 
config>service>vprn>isis>interface>level
Description 

This command configures the priority of the IS-IS router interface for designated router election on a multi-access network.

This priority is included in hello PDUs transmitted by the interface on a multi-access network. The router with the highest priority is the preferred designated router. The designated router is responsible for sending LSPs with regard to this network and the routers that are attached to it.

The no form of the command reverts to the default value.

Default 

64

Parameters 
number—
the priority for this interface at this level
Values—
0 to 127

sd-offset

Syntax 
sd-offset offset-value
no sd-offset
Context 
config>service>vprn>isis>interface>level
Description 

If the pre-FEC error rate of the associated DWDM port crosses the configured sd-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sd-threshold value is configured under that port.

The no form of the command reverts the offset value to 0.

Default 

no sd-offset

Parameters 
offset-value—
specifies the amount the interface metric is increased by if the sd-threshold is crossed
Values—
0 to 16777215

sf-offset

Syntax 
sf-offset offset-value
no sf-offset
Context 
config>service>vprn>isis>interface>level
Description 

If the pre-FEC error rate of the associated DWDM port crosses the configured sf-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sf-threshold value is configured under that port.

The no form of the command reverts the offset value to 0.

Default 

no sf-offset

Parameters 
offset-value—
specifies the amount the interface metric is increased by if the sf-threshold is crossed
Values—
0 to 16777215

lfa-policy-map

Syntax 
lfa-policy-map route-nh-template template-name
no lfa-policy-map
Context 
config>service>vprn>isis>interface
Description 

This command applies a route next-hop policy template to the IS-IS interface for the VPRN instance.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command will fail.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it will result in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Parameters 
template-name—
specifies the name of the template, up to 32 characters

loopfree-alternate-exclude

Syntax 
[no] loopfree-alternate-exclude
Context 
config>service>vprn>isis>interface
config>service>vprn>isis>level
Description 

This command instructs IGP to not include a specific interface or all interfaces participating in a specific IS-IS level or OSPF area in the SPF LFA computation. This provides a way of reducing the LFA SPF calculation where it is not needed.

When an interface is excluded from the LFA SPF in IS-IS, it is excluded in both level 1 and level 2. When it is excluded from the LFA SPF in OSPF, it is excluded in all areas. However, the above OSPF command can only be executed under the area in which the specified interface is primary and once enabled, the interface is excluded in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command will fail.

The no form of this command re-instates the default value for this command.

Default 

no loopfree-alternate-exclude

load-balancing-weight

Syntax 
load-balancing-weight weight
no load-balancing-weight
Context 
config>service>vprn>isis>interface
Description 

This command configures the weighted ECMP load-balancing weight for an IS-IS interface of the VPRN. If the interface becomes an ECMP next-hop for IPv4 or IPv6 route and all the other ECMP next-hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the weights. In other words, the interface with the largest load-balancing-weight should receive the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface and, therefore, effectively disables weighted ECMP for any IP prefix that has this interface as a next-hop.

Default 

no load-balancing-weight

Parameters 
weight—
specifies the weight
Values—
0 to 4294967295

lsp-pacing-interval

Syntax 
lsp-pacing-interval milli-seconds
no lsp-pacing-interval
Context 
config>service>vprn>isis>interface
Description 

This command configures the interval during which LSPs are sent from the interface.To avoid overwhelming neighbors that have less CPU processing power with LSPs, the pacing interval can be configured to limit how many LSPs are sent during an interval. LSPs may be sent in bursts during the interval up to the configured limit. If a value of 0 is configured, no LSPs are sent from the interface.

The no form of the command reverts to the default value.

Default 

100 — LSPs are sent in 100 millisecond intervals.

Parameters 
milli-seconds—
the interval in milliseconds during which IS-IS LSPs are sent from the interface expressed as a decimal integer
Values—
0 to 65535

mesh-group

Syntax 
mesh-group {value | blocked}
no mesh-group
Context 
config>service>vprn>isis>interface
Description 

This command assigns an interface to a mesh group. Mesh groups limit the amount of flooding that occurs when a new or changed LSP is advertised throughout an area.

All routers in a mesh group should be fully meshed. When LSPs need to be flooded, only a single copy is received rather than a copy per neighbor.

To create a mesh group, configure the same mesh group value for each interface that is part of the mesh group. All routers must have the same mesh group value configured for all interfaces that are part of the mesh group.

To prevent an interface from flooding LSPs, the optional blocked parameter can be specified. Configure mesh groups carefully. It is easy to created isolated islands that do not receive updates as (other) links fail.

The no form of the command removes the interface from the mesh group.

Default 

no mesh-group — the interface does not belong to a mesh group

Parameters 
value—
the unique decimal integer value distinguishes this mesh group from other mesh groups on this or any other router that is part of this mesh group
Values—
1 to 2000000000
blocked—
prevents an interface from flooding LSPs

retransmit-interval

Syntax 
retransmit-interval seconds
no retransmit-interval
Context 
config>service>vprn>isis>interface
Description 

This command configures the minimum time between LSP PDU retransmissions on a point-to-point interface.

The no form of the command reverts to the default value.

Default 

100

Parameters 
seconds—
the interval in seconds that IS-IS LSPs can be sent on the interface

1 to 65535

tag

Syntax 
tag tag
no tag
Context 
config>service>vprn>isis>interface
Description 

This command configures a route tag to the specified IP address of an interface.

Parameters 
tag—
[1 - 4294967295]

ipv4-multicast-routing

Syntax 
ipv4-multicast-routing {native | mt}
[no] ipv4-multicast-routing
Context 
config>service>vprn>isis
Description 

The multicast RTM is used for Reverse Path Forwarding checks. This command controls which IS-IS topology is used to populate the IPv4 multicast RTM.

The no ipv4-multicast-routing form of the command results in none of the IS-IS routes being populated in the IPv4 multicast RTM and would be used if multicast is configured to use the unicast RTM for the RPF check.

Default 

ipv4-multicast-routing native

Parameters 
native—
causes IPv4 routes from the MT0 topology to be added to the multicast RTM for RPF checks
mt—
causes IPv4 routes from the MT3 topology to be added to the multicast RTM for RPF checks

ipv4-routing

Syntax 
[no] ipv4-routing
Context 
config>service>vprn>isis
Description 

This command specifies whether this IS-IS instance supports IPv4.

The no form of the command disables IPv4 on the IS-IS instance.

Default 

ipv4-routing

ipv6-routing

Syntax 
[no] ipv6-routing {native | mt}
Context 
config>service>vprn>isis
Description 

This command enables IPv6 routing.

The no form of the command disables support for IS-IS IPv6 TLVs for IPv6 routing.

Default 

disabled

Parameters 
native—
enables IS-IS IPv6 TLVs for IPv6 routing and enables support for native IPv6 TLVs
mt—
Enables IS-IS multi-topology TLVs for IPv6 routing. When this parameter is specified, the support for native IPv6 TLVs is disabled.

level

Syntax 
level level-number
Context 
config>service>vprn>isis>
config>service>vprn>isis>interface
config>service>vprn>isis>link-group
Description 

This command creates the context to configure IS-IS Level 1 or Level 2 area attributes.

A router can be configured as a Level 1, Level 2, or Level 1-2 system. A Level 1 adjacency can be established if there is at least one area address shared by this router and a neighbor. A Level 2 adjacency cannot be established over this interface.

Level 1/2 adjacency is created if the neighbor is also configured as Level 1/2 router and has at least one area address in common. A Level 2 adjacency is established if there are no common area IDs.

A Level 2 adjacency is established if another router is configured as Level 2 or a Level 1/2 router with interfaces configured as Level 1/2 or Level 2. Level 1 adjacencies will not established over this interface.

To reset global and/or interface level parameters to the default, the following commands must be entered independently:

level> no hello-authentication-key level> no hello-authentication-type level> no hello-interval level> no hello-multiplier level> no metric level> no passive level> no priority

Default 

level 1 or level 2

Special Cases 
Global IS-IS Level—
The config>router>isis context configures default global parameters for both Level 1 and Level 2 interfaces.
IS-IS Interface Level—
The config>router>isis>interface context configures IS-IS operational characteristics of the interface at Level 1 and/or Level 2. A logical interface can be configured on one Level 1 and one Level 2. In this case, each level can be configured independently and parameters must be removed independently.

By default an interface operates in both Level 1 and Level 2 modes.

Parameters 
level-number—
the IS-IS level number
Values—
1, 2

default-ipv4-multicast-metric

Syntax 
default-ipv4-multicast-metric metric
no default-ipv4-multicast-metric
Context 
config>service>vprn>isis>level
Description 

This command configures the default metric to be used for the IS-IS interface in the IPv4 multicast topology (MT3).

The no form of this command deletes the specified default metric and reverts to using the system default of 10.

Default 

10

Parameters 
metric—
specifies the default metric for interfaces in the IPv4 multicast topology (MT3)
Values—
1 to 16777215

default-ipv6-multicast-metric

Syntax 
default-ipv6-multicast-metric metric
no default-ipv6-multicast-metric
Context 
config>service>vprn>isis>level
Description 

This command configures the default metric to be used for the IS-IS interface in the IPv6 multicast topology (MT4).

The no form of this command deletes the specified default metric and reverts to using the system default of 10.

Default 

10

Parameters 
metric—
specifies the default metric for interfaces in the IPv4 multicast topology (MT4)

1 to 16777215

default-ipv6-unicast-metric

Syntax 
default-ipv6-unicast-metric ipv6 metric
no default-ipv6-unicast-metric
Context 
config>service>vprn>isis>level
Description 

This command specifies the default metric for IPv6 unicast.

Default 

no default-ipv6-unicast-metric

Parameters 
ipv6-metric—
specifies the default metric for IPv6 unicast
Values—
1 to 16777215

default-metric

Syntax 
default-metric ipv4 metric
no default-metric
Context 
config>service>vprn>isis>level
Description 

This command specifies the configurable default metric used for all IS-IS interfaces on this level. This value is not used if a metric is configured for an interface.

Default 

10

Parameters 
ipv4 metric—
specifies the default metric for IPv4 unicast
Values—
1 to 16777215

external-preference

Syntax 
external-preference preference
no external-preference
Context 
config>service>vprn>isis>level
Description 

This command configures the external route preference for the IS-IS level.

The external-preference command configures the preference level of either IS-IS level 1 or IS-IS level 2 external routes. By default, the preferences are as listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference decides the route to use.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is dependent on the default preference table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of the route to use is determined by the configuration of the ecmp in the config>router context.

Default 

Default preferences are listed in Table 44.

Table 44:  Default Preferences 

Route Type

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

MPLS

7

OSPF internal routes

10

No

IS-IS Level 1 internal

15

Yes 1

IS-IS Level 2 internal

18

Yes 1

OSPF external

150

Yes

IS-IS Level 1 external

160

Yes

IS-IS Level 2 external

165

Yes

TMS

167

No

BGP

170

Yes

BGP

170

Yes

    Note:

  1. Internal preferences are changed using the preference command in the config>router>isis>level level-number context
Parameters 
preference—
the preference for external routes at this level as expressed
Values—
1 to 255

preference

Syntax 
preference preference
no preference
Context 
cconfig>service>vprn>isis>level
Description 

This command configures the preference level of either IS-IS Level 1 or IS-IS Level 2 internal routes. By default, the preferences are listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide to which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the table below. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision what route to use is determined by the configuration of the ecmp in the config>router context.

Default 

Default preferences are listed in Table 45

Table 45:  Default Preferences 

Route Type

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

MPLS

7

OSPF internal routes

10

No

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes 1

IS-IS level 2 external

165

Yes 1

BGP

170

Yes

    Note:

  1. External preferences are changed using the external-preference command in the config>router>isis>level level-number context.
Parameters 
preference—
the preference for external routes at this level expressed as a decimal integer
Values—
1 to 255

wide-metrics-only

Syntax 
[no] wide-metrics-only
Context 
config>service>vprn>isis>level
Description 

This command enables the exclusive use of wide metrics in the LSPs for the level number. Narrow metrics can have values between 1 and 63. IS-IS can generate two TLVs, one for the adjacency and one for the IP prefix. In order to support traffic engineering, wider metrics are required. When wide metrics are used, a second pair of TLVs are added, again, one for the adjacency and one for the IP prefix.

By default, both sets of TLVs are generated. When wide-metrics-only is configured, IS-IS only generates the pair of TLVs with wide metrics for that level.

The no form of the command reverts to the default value.

level-capability

Syntax 
level-capability {level-1 | level-2 | level-1/2}
no level-capability
Context 
config>service>vprn>isis
config>service>vprn>isis>interface
Description 

This command configures the routing level for an instance of the IS-IS routing process.

An IS-IS router and an IS-IS interface can operate at Level 1, Level 2 or both Level 1 and 2.

Table 46 displays configuration combinations and the potential adjacencies that can be formed.

Table 46:  Potential Adjacency Capabilities  

Global Level

Interface Level

Potential Adjacency

L 1/2

L 1/2

Level 1 and/or Level 2

L 1/2

L 1

Level 1 only

L 1/2

L 2

Level 2 only

L 2

L 1/2

Level 2 only

L 2

L 2

Level 2 only

L 2

L 1

none

L 1

L 1/2

Level 1 only

L 1

L 2

none

L 1

L 1

Level 1 only

The no form of the command removes the level capability from the configuration.

Default 

level-1/2

Special Cases 
IS-IS Router—
In the config>router>isis context, changing the level-capability performs a restart on the IS-IS protocol instance.
IS-IS Interface—
In the config>router>isis>interface context, changing the level-capability performs a restart of IS-IS on the interface.
Parameters 
level-1—
specifies the router/interface can operate at Level 1 only
level-2—
specifies the router/interface can operate at Level 2 only
level-1/2—
specifies the router/interface can operate at both Level 1 and Level 2

link-group

Syntax 
[no] link-group link-group-name
Context 
config>service>vprn>isis
Description 

This command configures a link-group for the router or VPRN instance.

The no form of the command removes the specified link-group.

Parameters 
link-group-name—
name of the link-group to be added or removed from the router or VPRN service

description

Syntax 
description string
no description
Context 
config>service>vprn>isis>link-group
Description 

This command adds a description string to the associated link-group. The string can be up to 256 characters long and can only contain printable characters. If the command is issued in the context of a link-group that already contains a description then the previous description string is replaced.

The no form of the command removes the description from the associated link-group.

Default 

revert-members oper-members

Parameters 
string—
character string to be associated with the associated link-group

ipv4-multicast-metric-offset

Syntax 
ipv4-multicast-metric-offset offset-value
no ipv4-multicast-metric-offset
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the offset value for the IPv4 multicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv4 multicast topology

The no form of the command reverts the offset value to 0.

Default 

no ipv4-multicast-metric-offset

Parameters 
offset-value—
specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold
Values—
0 to 6777215

ipv4-unicast-metric-offset

Syntax 
ipv4-unicast-metric-offset offset-value
no ipv4-unicast-metric-offset
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the offset value for the IPv4 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric.

The no form of the command reverts the offset value to 0.

Default 

no ipv4-unicast-metric-offset

Parameters 
offset-value—
specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold
Values—
0 to 6777215

ipv6-unicast-metric-offset

Syntax 
ipv6-unicast-metric-offset offset-value
no ipv6-unicast-metric-offset
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the offset value for the IPv6 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv6 topology.

The no form of the command reverts the offset value to 0.

Default 

no ipv6-unicast-metric-offset

Parameters 
offset-value—
specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold
Values—
0 to 6777215

member

Syntax 
[no] member interface-name
Context 
config>service>vprn>isis>link-group>level
Description 

This command adds or removes a links to the associated link-group. The interface name should already exist before it is added to a link-group.

The no form of the command removes the specified interface from the associated link-group.

Parameters 
interface-name—
name of the interface to be added or removed from the associated link-group

oper-members

Syntax 
oper-members oper-members
no oper-members
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the threshold for the minimum number of operational links for the associated link-group. If the number of operational links drops below this threshold, the configured offsets are applied. For example, oper-members=3. The metric of the member interfaces is increased when the number of interfaces is lower than 3.

The no form of the command reverts the oper-members limit to 1.

Default 

oper-members 0

Parameters 
oper-members—
specifies the number of operational members
Values—
0 to 8

revert-members

Syntax 
revert-members revert-members
no revert-members
Context 
config>router>isis>link-group
config>service>vprn>isis>link-group>level
Description 

This command sets the threshold for the minimum number of operational links to return the associated link-group to its normal operating state and remove the associated offsets to the IS-IS metrics. If the number of operational links is equal to or greater than the configured revert-member threshold then the configured offsets are removed.

The no form of the command reverts the revert-members threshold back to the default which is equal to the oper-member threshold value.

Parameters 
revert-members—
specifies the number of revert members
Values—
0 to 8

loopfree-alternate

Syntax 
[no] loopfree-alternate
Context 
config>service>vprn>isis
Description 

This command enables Loop-Free Alternate (LFA) computation by SPF under the IS-IS routing protocol level or under the OSPF routing protocol instance level.

When this command is enabled, it instructs the IGP SPF to attempt to pre-compute both a primary next-hop and an LFA next-hop for every learned prefix. When found, the LFA next-hop is populated into the routing table along with the primary next-hop for the prefix.

The no form of this command disables the LFA computation by IGP SPF.

Default 

no loopfree-alternate

loopfree-alternate-exclude

Syntax 
loopfree-alternate-exclude prefix-policy prefix-policy [prefix-policy... up to 5]
no loopfree-alternate-exclude
Context 
config>service>vprn>isis
Description 

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF. Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action of the loopfree-alternate-exclude command, when not explicitly specified by the user in the prefix policy, is a “reject”. Thus, regardless if the user did or did not explicitly add the statement “default-action reject” to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.

The no form deletes the exclude prefix policy.

Parameters 
prefix-policy prefix-policy—
specifies the name of the prefix policy, up to 32 characters. The specified name must have been already defined

lsp-lifetime

Syntax 
lsp-lifetime seconds
no lsp-lifetime
Context 
config>service>vprn>isis
Description 

This command sets the time, in seconds, the router wants the LSPs it originates to be considered valid by other routers in the domain.

Each LSP received is maintained in an LSP database until the lsp-lifetime expires unless the originating router refreshes the LSP. By default, each router refreshes its LSPs every 20 minutes (1200 seconds) so other routers will not age out the LSP.

The LSP refresh timer is derived from this formula: lsp-lifetime/2

The no form of the command reverts to the default value.

Default 

1200 — LSPs originated by the router should be valid for 1200 seconds (20 minutes).

Parameters 
seconds—
the time, in seconds, that the router wants the LSPs it originates to be considered valid by other routers in the domain
Values—
350 to 65535

lsp-mtu-size

Syntax 
lsp-mtu-size size
no lsp-mtu-size
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command configures the LSP MTU size. If the size value is changed from the default using CLI or SNMP, then ISIS must be restarted for the change to take effect. This can be done by performing a shutdown command and then a no shutdown command in the config>router>isis context.

Note:

Using the exec command to execute a configuration file to change the LSP MTU size from its default value will automatically restart IS-IS for the change to take effect.

The no form of the command reverts to the default value.

Default 

1492

Parameters 
size—
specifies the LSP MTU size
Values—
490 to 9190

lsp-refresh-interval

Syntax 
lsp-refresh-interval seconds
no lsp-refresh-interval
Context 
config>service>vprn>isis
Description 

This command configures the IS-IS LSP refresh timer interval for the VPRN instance. When configuring the LSP refresh interval, the value that is specified for lsp-lifetime must also be considered. The LSP refresh interval cannot be greater than 90% of the LSP lifetime.

The no form of the command reverts to the default (600 seconds), unless this value is greater than 90% of the LSP lifetime. For example, if the LSP lifetime is 400, then the no lsp-refresh-interval command will be rejected.

Default 

600

Parameters 
seconds—
specifies the refresh interval
Values—
150 to 65535

multi-topology

Syntax 
[no] multi-topology
Context 
config>service>vprn>isis
Description 

This command enables IS-IS multi-topology support.

Default 

disabled

ipv4-multicast

Syntax 
[no] ipv4-multicast
Context 
config>service>vprn>isis>multi-topology
Description 

This command enables support for the IPv4 topology (MT3) within the associate IS-IS instance.

The no form of this command disables support for the IPv4 topology (MT3) within the associated IS-IS instance.

Default 

no ipv4-multicast

ipv6-unicast

Syntax 
[no] ipv6-unicast
Context 
config>service>vprn>isis>milti-topology
Description 

This command enables multi-topology TLVs.

The no form of the command disables multi-topology TLVs.

multicast-import

Syntax 
[no] multicast-import
Context 
config>service>vprn>isis
Description 

This command enables ISIS to submit routes into the multicast Route Table Manager (RTM).

The no form of the command disables the submission of routes into the multicast RTM.

Default 

no multicast-import

overload

Syntax 
overload [timeout seconds] [max-metric]
no overload
Context 
config>service>vprn>isis
Description 

This command administratively sets the IS-IS router to operate in the overload state for a specific time period, in seconds, or indefinitely.

During normal operation, the router may be forced to enter an overload state due to a lack of resources. When in the overload state, the router is only used if the destination is reachable by the router and will not used for other transit traffic.

If a time period is specified, the overload state persists for the configured length of time. If no time is specified, the overload state operation is maintained indefinitely.

The overload command can be useful in circumstances where the router is overloaded or used prior to executing a shutdown command to divert traffic around the router.

The no form of the command causes the router to exit the overload state.

Default 

no overload

Parameters 
seconds—
the time, in seconds, that this router must operate in overload state
Values—
60 to 1800
Values—
infinity (overload state maintained indefinitely)
max-metric—
set the maximum metric in addition to overload

overload-on-boot

Syntax 
overload-on-boot [timeout seconds] [max-metric]
no overload-on-boot
Context 
config>service>vprn>isis
Description 

When the router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures the IGP upon bootup in the overload state until one of the following events occur:

  1. The timeout timer expires.
  2. A manual override of the current overload state is entered with the config>router>isis>no overload command.
    The no overload command does not affect the overload-on-boot function.

If no timeout is specified, IS-IS will go into overload indefinitely after a reboot. After the reboot, the IS-IS status will display a permanent overload state:

  1. L1 LSDB Overload : Manual on boot (Indefinitely in overload)
  2. L2 LSDB Overload : Manual on boot (Indefinitely in overload)

This state can be cleared with the config>router>isis>no overload command.

When specifying a timeout value, IS-IS will go into overload for the configured timeout after a reboot. After the reboot, the IS-IS status will display the remaining time the system stays in overload:

  1. L1 LSDB Overload : Manual on boot (Overload Time Left : 17)
  2. L2 LSDB Overload : Manual on boot (Overload Time Left : 17)

The overload state can be cleared before the timeout expires with the config>router>isis>no overload command.

The no form of the command removes the overload-on-boot functionality from the configuration.

Default 

no overload-on-boot

Use the show router isis status command to display the administrative and operational state as well as all timers.

Parameters 
timeout seconds
configure the timeout timer for overload-on-boot in seconds
Values—
60 to 1800
max-metric—
set the maximum metric in addition to overload

poi-tlv-enable

Syntax 
poi-tlv-enable
no poi-tlv-enable
Context 
config>service>vprn>isis
Description 

Enable use of Purge Originator Identification (POI) TLV for this IS-IS instance. The POI is added to purges and contains the system ID of the router that generated the purge, which simplifies troubleshooting and determining what caused the purge.

The no form of the command removes the POI functionality from the configuration.

Default 

no poi-tlv-enable

psnp-authentication

Syntax 
[no] psnp-authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables authentication of individual ISIS packets of partial sequence number PDU (PSNP) type.

The no form of the command suppresses authentication of PSNP packets.

prefix-limit

Syntax 
prefix-limit limit [log-only] [threshold percent] [overload-timeout {seconds | forever}]
no prefix-limit
Context 
config>service>vprn>isis
Description 

This command configures the maximum number of prefixes that IS-IS can learn, and use to protect the system from a router that has accidentally advertised a large number of prefixes. If the number of prefixes reaches the configured percentage of this limit, an SNMP trap is sent. If the limit is exceeded, IS-IS will go into overload.

The overload-timeout option controls the length of time that IS-IS is in the overload state when the prefix-limit is reached. The system automatically attempts to restart IS-IS at the end of this duration. If the overload-timeout forever option is used, IS-IS is not restarted automatically and stays in overload until the condition is manually cleared by the administrator. This is also the default behavior when the overload-timeout option is not configured.

The no form of the command removes the prefix-limit.

Default 

forever

Parameters 
log-only—
Enables a warning message to be sent at the specified threshold percentage and also when the limit is exceeded. However, overload is not set when this parameter is configured.
limit—
the number of prefixes that can be learned, expressed as a decimal integer
Values—
1 to 4294967296
percent—
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 to 100
seconds
the time in minutes before IS-IS is restarted
Values—
1 to 1800
forever—
specifies that IS-IS should be restarted only after the execution of the clear router isis overload prefix-limit command

reference-bandwidth

Syntax 
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
no reference-bandwidth
Context 
config>service>vprn>isis
Description 

This command configures the reference bandwidth that provides the basis of bandwidth relative costing.

In order to calculate the lowest cost to reach a specific destination, each configured level on each interface must have a cost. If the reference bandwidth is defined, then the cost is calculated using the following formula:

cost = reference – bandwidth ÷ bandwidth

If the reference bandwidth is configured as 10 Gigabits (10,000,000,000), a 100 M/bps interface has a default metric of 100. In order for metrics in excess of 63 to be configured, wide metrics must be deployed. (See wide-metrics-only in the config>router>isis context.)

If the reference bandwidth is not configured, then all interfaces have a default metric of 10.

The no form of the command reverts to the default value.

Default 

no reference-bandwidth — No reference bandwidth is defined. All interfaces have a metric of 10.

Parameters 
bandwidth-in-kbps—
the reference bandwidth in kilobits per second expressed as a decimal integer
Values—
1 to 1000000000
tbps Tera-bps—
the reference bandwidth in terabits per second expressed as a decimal integer
Values—
1 to 4
gbps Giga-bps
the reference bandwidth in gigabits per second expressed as a decimal integer
Values—
1 to 999
mbps Mega-bps
the reference bandwidth in megabits per second expressed as a decimal integer
Values—
1 to 999
kbps Kilo-bps
reference bandwidth in kilobits per second expressed as a decimal integer
Values—
1 to 999

rib-priority

Syntax 
rib-priority {high} prefix-list-name | tag tag-value
no rib-priority
Context 
config>service>vprn>isis
Description 

This command enabled RIB prioritization for the IS-IS protocol and specifies the prefix list or IS-IS tag value that will be used to select the specific routes that should be processed through the IS-IS route calculation process at a higher priority.

The no rib-priority form of command disables RIB prioritization.

Default 

no rib-priority

Parameters 
prefix-list-name—
specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process
tag tag-value—
specifies the tag value that is used to match IS-IS routes that are to be processed at a higher priority through the route calculation process
Values—
1 to 4294967295

router-id

Syntax 
router-id ip-address
no router-id
Context 
config>service>vprn>isis
Description 

This command sets the router ID for a specific VPRN context.

If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.

The no form of the command removes the router ID definition from the given VPRN context.

Default 

no router-id

Parameters 
ip-address—
the IP address must be given in dotted decimal notation

rsvp-shortcut

Syntax 
[no] rsvp-shortcut
Context 
config>service>vprn>isis
Description 

This command enables the use of an RSVP-TE shortcut for resolving IGP routes by IS-IS or OSPF routing protocols.

This command instructs IS-IS or OSPF to include RSVP LSPs originating on this node and terminating on the router-id of a remote node as direct links with a metric equal to the operational metric provided by MPLS. If the user enabled the relative-metric option for this LSP, IGP will apply the shortest IGP cost between the endpoints of the LSP plus the value of the offset, instead of the LSP operational metric, when computing the cost of a prefix which is resolved to the LSP.

When a prefix is resolved to a tunnel next-hop, the packet is sent labeled with the label stack corresponding to the NHLFE of the RSVP LSP. Any network event causing an RSVP LSP to go down will trigger a full SPF computation which may result in installing a new route over another RSVP LSP shortcut as tunnel next-hop or over a regular IP next-hop.

When rsvp-shortcut is enabled at the IGP instance level, all RSVP LSPs originating on this node are eligible by default as long as the destination address of the LSP, as configured in configure>router>mpls>lsp>to, corresponds to a router-id of a remote node. RSVP LSPs with a destination corresponding to an interface address or any other loopback interface address of a remote node are automatically not considered by IS-IS or OSPF. The user can, however, exclude a specific RSVP LSP from being used as a shortcut for resolving IGP routes by entering the config>router>mpls>lsp>no igp-shortcut command.

The SPF in OSPF or IS-IS will only use RSVP LSPs as forwarding adjacencies, IGP shortcuts, or as endpoints for LDP-over-RSVP. These applications of RSVP LSPs are mutually exclusive at the IGP instance level. If the user enabled two or more options in the same IGP instance, then forwarding adjacency takes precedence over the shortcut application, which takes precedence over the LDP-over-RSVP application.

When ECMP is enabled on the system and multiple equal-cost paths exist for a prefix, the following selection criteria are used to pick up the set of next-hops to program in the data path:

  1. for a destination = tunnel-endpoint (including external prefixes with tunnel-endpoint as the next-hop):
    1. select tunnel with lowest tunnel-index (ip next-hop is never used in this case)
  2. for a destination != tunnel-endpoint:
    1. exclude LSPs with metric higher than underlying IGP cost between the endpoint of the LSP
    2. prefer tunnel next-hop over ip next-hop
    3. within tunnel next-hops:
    4. i. select lowest endpoint to destination cost
    5. ii. if same endpoint to destination cost, select lowest endpoint node router-id
    6. iii. if same router-id, select lowest tunnel-index
    7. within ip next-hops:
    8. i. select lowest downstream router-id
    9. ii. if same downstream router-id, select lowest interface-index
  3. Although no ECMP is performed across both the IP and tunnel next-hops, the tunnel endpoint lies in one of the shortest IGP paths for that prefix. In that case, the tunnel next-hop is always selected as long as the prefix cost using the tunnel is equal or lower than the IGP cost.

The ingress IOM will spray the packets for this prefix over the set of tunnel next-hops and IP next-hops based on the hashing routine currently supported for IPv4 packets.

This feature provides IGP with the capability to populate the multicast RTM with the prefix IP next-hop when both the rsvp-shortcut and the multicast-import options are enabled in IGP. The unicast RTM can still make use of the tunnel next-hop for the same prefix. This change is made possible with the enhancement by which SPF keeps track of both the direct first hop and the tunneled first hop of a node which is added to the Dijkstra tree.

The resolution and forwarding of IPv6 prefixes to IPv4 IGP shortcuts is not supported.

The no form of this command disables the resolution of IGP routes using RSVP shortcuts.

Default 

no rsvp-shortcut

standard-multi-instance

Syntax 
[no] standard-multi-instance
Context 
config>service>vprn>isis
Description 

This command enables IS-IS multi-instance (MI) as described in draft-ginsberg-isis-mi-bis-01. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs. A single topology is supported in each instance, so the instance-specific topology identifier (ITID) is set to 0 and cannot be changed.

The standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) and iid-tlv-enable (based on draft-ietf-isis-mi-02) commands cannot be configured in the same instance, because the MAC addresses and PDUs from the two standards are incompatible.

The no form of the command removes the standard-multi-instance configuration.

Default 

no standard-multi-instance

timers

Syntax 
[no] timers
Context 
config>service>vprn>isis
Description 

This command configures the IS-IS timer values.

Default 

disabled

lsp-wait

Syntax 
lsp-wait lsp-wait [lsp-initial-wait initial-wait] [lsp-second-wait second-wait]
Context 
config>service>vprn>isis>timers
Description 

This command is used to customize LSP generation throttling. Timers that determine when to generate the first, second, and subsequent LSPs can be controlled with this command. Subsequent LSPs are generated at increasing intervals of the second lsp-wait timer until a maximum value is reached.

Parameters 
lsp-wait —
specifies the maximum interval, in milliseconds, between two consecutive occurrences of an LSP being generated
Values—
10 to 120000
Values—
50000
initial-wait —
specifies the initial LSP generation delay, in milliseconds
Values—
10 to 100000
Values—
10
second-wait —
specifies the hold time, in milliseconds, between the first and second LSP generation
Values—
10 to 100000
Values—
1000

spf-wait

Syntax 
[no] spf-wait spf-wait [spf-initial-wait initial-wait] [spf-second-wait second-wait]]
Context 
config>service>vprn>isis>timers
Description 

This command defines the maximum interval, in milliseconds, between two consecutive SPF calculations. Timers that determine when to initiate the first, second and subsequent SPF calculations after a topology change occurs can be controlled with this command. Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and the next SPF after that will run after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to the SPF initial-wait value.

Default 

no spf-wait

Parameters 
spf-wait —
specifies the maximum interval in milliseconds between two consecutive SPF calculations
Values—
10 to 120000
Values—
10000
initial-wait —
specifies the initial SPF calculation delay, in milliseconds, after a topology change
Values—
10 to 100000
Values—
1000
second-wait —
specifies the hold time, in milliseconds, between the first and second SPF calculation
Values—
10 to 100000
Values—
1000

strict-adjacency-check

Syntax 
[no] strict-adjacency-check
Context 
config>service>vprn>isis
Description 

This command enables strict checking of address families (IPv4 and IPv6) for IS-IS adjacencies. When enabled, adjacencies will not come up unless both routers have exactly the same address families configured. If there is an existing adjacency with unmatched address families, it will be torn down. This command is used to prevent black-holing traffic when IPv4 and IPv6 topologies are different. When disabled (no strict-adjacency-check) a BFD session failure for either IPv4 or Ipv6 will cause the routes for the other address family to be removed as well.

When disabled (no strict-adjacency-check), both routers only need to have one common address family to establish the adjacency.

Default 

no strict-adjacency-check

summary-address

Syntax 
summary-address {ip-prefix/mask | ip-prefix [netmask]} level [tag tag]
no summary-address {ip-prefix/mask | ip-prefix [netmask]}
Context 
config>service>vprn>isis
Description 

This command creates summary-addresses for the specified router or VPRN instance.

Default 

n/a

Parameters 
ip-prefix/mask—
specifies information for the specified IP prefix and mask length
Values—

ip-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

netmask—
the subnet mask in dotted decimal notation
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)
level—
specifies IS-IS level area attributes
Values—
level-1, level-2, level-1/2
tag tag
assigns a route tag to the summary address
Values—
1 to 4294967295

system-id

Syntax 
system-id isis-system-id
no system-id
Context 
config>service>vprn>isis
Description 

This command configures the IS-IS system ID. The system ID has a fixed length of 6 octets; it is determined using the following preference:

  1. configure>service>vprn>isis>system-id
  2. configure>service>vprn>isis>router-id
  3. configure>service>vprn>router-id
  4. configure>service>vprn>if>“system”>-address
  5. The default system ID 2550.0000.0000, based on the default router ID 255.0.0.0

The system ID is integral to IS-IS; therefore, for the system-id command to take effect, a shutdown and then no shutdown must be performed on the IS-IS instance. This will ensure that the configured and operational system ID are always the same.

The no form of the command removes the system ID from the configuration. The router ID is used when no system ID is specified.

Default 

no system-id

Parameters 
isis-system-id—
12 hexadecimal characters in dotted-quad notation
Values—
aaaa.bbbb.cccc, where aaaa, bbbb, and cccc are hexadecimal numbers

ignore-attached-bit

Syntax 
ignore-attached-bit
no ignore-attached-bit
Context 
config>service>vprn>isis
Description 

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

suppress-attached-bit

Syntax 
suppress-attached-bit
no suppress-attached-bit
Context 
config>service>vprn>isis
Description 

This command configures IS-IS to suppress setting the attached bit on originated Level 1 LSPs to prevent all L1 routers in the area from installing a default route to it.

import

Syntax 
import policy-name [policy-name ... (up to 5 max)]
no import
Context 
config>service>vprn>isis
Description 

This command applies one or more (up to 5) route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of the command removes all policies from the configuration.

Default 

no import

Parameters 
policy-name—
Identify the export route policy name. Allowed values are any string up to 32 characters long, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes. The specified name(s) must already be defined.

unicast-import-disable

Syntax 
[no] unicast-import-disable
Context 
config>service>vprn>isis
Description 

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM. Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured.

Default 

disabled

OSPF Commands

ospf

Syntax 
[no] ospf
Context 
config>service>vprn
Description 

This command enables access to the context to enable an OSPF protocol instance.

When an OSPF instance is created, the protocol is enabled. To start or suspend execution of the OSPF protocol without affecting the configuration, use the no shutdown command.

The no form of the command deletes the OSPF protocol instance removing all associated configuration parameters.

Default 

no ospf — The OSPF protocol is not enabled.

ospf3

Syntax 
ospf3 [instance-id] [router-id]
[no] ospf3 instance-id
Context 
config>service>vprn
Description 

This command creates an OSPFv3 routing instance and then enters the associated context to configure associated protocol parameters.

When an OSPFv3 instance is created, the protocol is enabled. To start or suspend execution of the OSPF.

The no form of the command deletes the OSPFv3 protocol instance, removing all associated configuration parameters.

Default 

no default

Parameters 
instance-id—
Specifies the instance ID for the OSPFv3 instance being created or modified. The instance ID must match the specified range based on the address family. For ipv6-unicast, the instance id must be between 0 and 31. For ipv4-unicast the instance id must be between 64-95.
Values—
0 to 31: IPV6 unicast
64to95: IPV4 unicast

advertise-router-capability

Syntax 
advertise-router-capability { link | area | as }
no advertise-router-capability
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A Router Information (RI) LSA as defined in RFC 4970 advertises the following capabilities:

  1. OSPF graceful restart capable: no
  2. OSPF graceful restart helper: yes, when enabled
  3. OSPF Stub Router support: yes
  4. OSPF Traffic Engineering support: yes, when enabled
  5. OSPF point-to-point over LAN: yes
  6. OSPF Experimental TE: no

The parameters (link, area & as) control the scope of the capabilities advertisements.

The no form of this command, disables this capability.

Default 

no advertise-router-capability

Parameters 
link—
capabilities are only advertised over local link and not flooded beyond
area—
capabilities are only advertised within the area of origin
as—
capabilities are only advertised throughout the entire autonomous system

area

Syntax 
[no] area area-id
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command creates the context to configure an OSPF area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted decimal notation or as a 32-bit decimal integer.

The no form of the command deletes the specified area from the configuration. Deleting the area also removes the OSPF configuration of all the interfaces, virtual-links, sham-links, and address-ranges etc., that are currently assigned to this area.

Default 

no area — No OSPF areas are defined.

Parameters 
area-id—
the OSPF area ID expressed in dotted decimal notation or as a 32-bit decimal integer
Values—
0.0.0.0 to 255.255.255.255 (dotted decimal)
0 to 4294967295 (decimal integer)

area-range

Syntax 
area-range ip-prefix/prefix-length [advertise | not-advertise]
no area-range ip-prefix/mask
area-range ipv6-prefix/prefix-length [advertise | not-advertise]
no area-range ip-prefix/mask
Context 
config>service>vprn>ospf>area
ospf>service>vprn>nssa
config>service>vprn>ospf3>area
Description 

This command creates ranges of addresses on an Area Border Router (ABR) for the purpose of route summarization or suppression. When a range is created, the range is configured to be advertised or not advertised into other areas. Multiple range commands may be used to summarize or hide different ranges. In the case of overlapping ranges, the most specific range command applies.

ABRs send summary link advertisements to describe routes to other areas. To minimize the number of advertisements that are flooded, you can summarize a range of IP addresses and send reachability information about these addresses in an LSA.

The no form of the command deletes the range (non) advertisement.

Default 

no area-range — No range of addresses are defined.

Special Cases 
NSSA Context—
In the NSSA context, the option specifies that the range applies to external routes (via type-7 LSAs) learned within the NSSA when the routes are advertised to other areas as type-5 LSAs.
Area Context—
If this command is not entered under the NSSA context, the range applies to summary LSAs even if the area is an NSSA.
Parameters 
ipv6-prefix/prefix-length—
the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area
Values—

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

mask—
the subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation
Values—
0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)
advertise | not-advertise—
Specifies whether or not to advertise the summarized range of addresses into other areas. The advertise keyword indicates the range will be advertised, and the keyword not-advertise indicates the range will not be advertised.

The default is advertise.

blackhole-aggregate

Syntax 
[no] blackhole-aggregate
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command installs a low priority blackhole route for the entire aggregate. Existing routes that make up the aggregate will have a higher priority and only the components of the range for which no route exists are blackholed.

It is possible that when performing area aggregation, addresses may be included in the range for which no actual route exists. This can cause routing loops. To avoid this problem configure the blackhole aggregate option.

The no form of this command removes this option.

Default 

blackhole-aggregate

interface

Syntax 
[no] interface ip-int-name [secondary]
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command creates a context to configure an OSPF interface.

By default interfaces are not activated in any interior gateway protocol such as OSPF unless explicitly configured.

The no form of the command deletes the OSPF interface configuration for this interface. The shutdown command in the config>router>ospf>interface context can be used to disable an interface without removing the configuration for the interface.

Default 

no interface — No OSPF interfaces are defined.

Parameters 
ip-int-name—
The IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

secondary—
allows multiple secondary adjacencies to be established over a single IP interface

sham-link

Syntax 
sham-link ip-int-name ip-address
Context 
config>service>vprn>ospf>area
Description 

This command is similar to a virtual link with the exception that metric must be included in order to distinguish the cost between the MPLS-VPRN link and the backdoor.

Parameters 
ip-int-name—
The local interface name used for the sham-link. This is a mandatory parameter and interface names must be unique within the group of defined IP interfaces for config>router>interface, config>service>ies>interface and config>service>vprn>interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters, the entire string must be enclosed between double quotes. If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.
ip-address—
The IP address of the SHAM-link neighbor in IP address dotted decimal notation. This parameter is the remote peer of the sham link’s IP address used to set up the SHAM link. This is a mandatory parameter and must be a valid IP address.

advertise-subnet

Syntax 
[no] advertise-subnet
Context 
config>service>vprn>ospf>area>if
Description 

This command enables advertising point-to-point interfaces as subnet routes (network number and mask). When disabled, point-to-point interfaces are advertised as host routes.

This command is not supported in the OSPF3 context.

The no form of the command disables advertising point-to-point interfaces as subnet routes meaning they are advertised as host routes.

Default 

advertise-subnet — Advertises point-to-point interfaces as subnet routes.

authentication

Syntax 
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
no authentication
Context 
config>service>vprn>ospf3>area>if
Description 

This command configures OPSFv3 confidentiality authentication.

The no form of the command removes the SA name from the configuration.

Parameters 
bidirectional sa-name
specifies the IPSec security association name in case the OSPFv3 traffic on the interface has to be authenticated
inbound sa-name
specifies the IPSec security association name in case the OSPFv3 traffic on the interface has to be authenticated
outbound sa-name
specifies the IPSec security association name in case the OSPFv3 traffic on the interface has to be authenticated

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the password used by the OSPF interface or virtual-link to send and receive OSPF protocol packets on the interface when simple password authentication is configured.

This command is not valid in the OSPF3 context.

All neighboring routers must use the same type of authentication and password for proper protocol communication. If the authentication-type is configured as password, then this key must be configured.

By default, no authentication key is configured.

This command is not supported in the OSPF context.

The no form of the command removes the authentication key.

Default 

no authentication-key — No authentication key is defined.

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

authentication-type

Syntax 
authentication-type {password | message-digest}
no authentication-type
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
Description 

This command enables authentication and specifies the type of authentication to be used on the OSPF interface, virtual-link, and sham-link.

This command is not valid in the OSPF3 context.

Both simple password and message-digest authentication are supported.

By default, authentication is not enabled on an interface.

The no form of the command disables authentication on the interface.

This command is not supported in the OSPF context.

Default 

no authentication — no authentication is enabled on an interface

Parameters 
password—
This keyword enables simple password (plain text) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
message-digest—
This keyword enables message digest MD5 authentication in accordance with RFC1321. If this option is configured, then at least one message-digest-key must be configured.

bfd-enable

Syntax 
bfd-enable [remain-down-on-failure]
no bfd-enable
Context 
config>service>vprn>ospf>interface>if
config>service>vprn>ospf3>area>if
Description 

This command enables the use of bi-directional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface.

The no form of this command removes BFD from the associated IGP protocol adjacency.

Default 

no bfd-enable

Parameters 
remain-down-on-failure—
forces adjacency down on BFD failure

dead-interval

Syntax 
dead-interval seconds
no dead-interval
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the time, in seconds, that OSPF waits before declaring a neighbor router down. If no hello packets are received from a neighbor for the duration of the dead interval, the router is assumed to be down. The minimum interval must be two times the hello interval.

The no form of the command reverts to the default value.

Default 

40

Special Cases 
OSPF Interface—
If the dead-interval configured applies to an interface, then all nodes on the subnet must have the same dead interval.
Virtual Link—
If the dead-interval configured applies to a virtual link, then the interval on both termination points of the virtual link must have the same dead interval.

Sham-link — If the dead-interval configured applies to a sham-link, then the interval on both endpoints of the sham-link must have the same dead interval.

Parameters 
seconds—
the dead interval expressed as a decimal integer
Values—
2 to 2147483647 seconds

graceful-restart

Syntax 
[no] graceful-restart
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables OSPF graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, then the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.

The no form of the command disables graceful restart and removes the graceful restart configuration from the OSPF instance.

Default 

no graceful-restart

helper-disable

Syntax 
[no] helper-disable
Context 
config>service>vprn>ospf>graceful-restart
config>service>vprn>ospf3>graceful-restart
Description 

This command disables helper support for OSPF graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (meaning that the router is helping a neighbor to restart), a restarting router, or both. The router only supports helper mode. It will not act as a restarting router, because the high availability feature set already preserves OSPF forwarding information such that this functionality is not needed. This command is a historical command and should not be disabled. Configuring helper-disable has the effect of disabling graceful restart, because the router only supports helper mode.

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default 

no helper-disable

strict-lsa-checking

Syntax 
[no] strict-lsa-checking
Context 
config>service>vprn>ospf>graceful-restart
config>service>vprn>ospf3>graceful-restart
Description 

This command indicates whether an OSPF restart helper should terminate graceful restart when there is a change to an LSA that would be flooded to the restarting router during the restart process.

The default OSPF behavior is to terminate a graceful restart if an LSA changes, which causes the OSPF neighbor to go down.

The no strict-lsa-checking command disables strict LSA checking.

Default 

strict-lsa-checking

ignore-dn-bit

Syntax 
[no] ignore-dn-bit
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command specifies whether to suppress the setting of the DN bit for OSPF or OSPF3 LSA packets generated by this instance of OSPF or OSPF3 on the router.

The no form of the command enables the OSPF or OSPF3 router to follow the normal procedure to determine whether to set the DN bit.

Default 

no ignore-dn-bit

import

Syntax 
import policy-name [ policy-name...(up to 5 max)]
no import
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command applies one or more (up to 5) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions. This command only applies to the 7750 SR.

Default 

If an OSPF route has the lowest preference value among all routes to a destination it is installed in the routing table.

Parameters 
policy-name—
The import route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

hello-interval

Syntax 
hello-interval seconds
no hello-interval
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the interval between OSPF hellos issued on the interface, virtual link, or sham-link.

The hello interval, in combination with the dead-interval, is used to establish and maintain the adjacency. Use this parameter to edit the frequency that hello packets are sent.

Reducing the interval, in combination with an appropriate reduction in the associated dead-interval, allows for faster detection of link and/or router failures at the cost of higher processing costs.

The no form of this command reverts to the default value.

Default 

hello-interval 10 — a 10-second hello interval

Special Cases 
OSPF Interface—
If the hello-interval configured applies to an interface, then all nodes on the subnet must have the same hello interval.
Virtual Link—
If the hello-interval configured applies to a virtual link, then the interval on both termination points of the virtual link must have the same hello interval.
Sham Link —
If the hello-interval configured applies to a sham-link, then the interval on both endpoints of the sham-link must have the same hello interval.
Parameters 
seconds—
the hello interval in seconds expressed as a decimal integer
Values—
1 to 65535

interface-type

Syntax 
interface-type {broadcast | point-to-point}
no interface-type
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the interface type to be either broadcast or point-to-point.

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead if the Ethernet link provided the link is used as a point-to-point.

If the interface type is not known at the time the interface is added to OSPF and subsequently the IP interface is bound (or moved) to a different interface type, this command must be entered manually.

The no form of the command reverts to the default value.

Default 

point-to-point — if the physical interface is SONET

broadcast — if the physical interface is Ethernet or unknown

Special Cases 
Virtual-Link—
a virtual link is always regarded as a point-to-point interface and not configurable
Parameters 
broadcast—
Configures the interface to maintain this link as a broadcast network. To significantly improve adjacency forming and network convergence, a network should be configured as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.
point-to-point—
configures the interface to maintain this link as a point-to-point link

loopfree-alternate-exclude

Syntax 
[no] loopfree-alternate-exclude
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description 

This command instructs IGP to not include a specific interface or all interfaces participating in a specific IS-IS level or OSPF area in the SPF LFA computation. This provides a way of reducing the LFA SPF calculation where it is not needed.

When an interface is excluded from the LFA SPF in IS-IS, it is excluded in both level 1 and level 2. When it is excluded from the LFA SPF in OSPF, it is excluded in all areas. However, the above OSPF command can only be executed under the area in which the specified interface is primary and once enabled, the interface is excluded in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command will fail.

The no form of this command re-instates the default value for this command.

Default 

no loopfree-alternate-exclude

lsa-filter-out

Syntax 
lsa-filter-out [all | except-own-rtrlsa | except-own-rtrlsa-and-defaults]
no lsa-filter-out
Context 
config>router>ospf>area>interface
config>router>ospf3>area>interface
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description 

This command enables filtering of outgoing OSPF LSAs on the selected OSPFv2 or OSPFv3 interface. Three filtering options are provided:

  1. Do not flood any LSAs out the interface. This option is suitable if the neighbor is simply-connected and has a statically configured default route with the address of this interface as next-hop.
  2. Flood the router’s own router-LSA out the interface and suppress all other flooded LSAs. This option is suitable if the neighbor is simply-connected and has a statically configured default route with a loopback or system interface address (contained in the router-LSA) as next-hop.
  3. Flood the router’s own router-LSA and all self-generated type-3, type-5 and type-7 LSAs advertising a default route (0/0) out the interface; suppress all other flooded LSAs. This option is suitable if the neighbor is simply-connected and does not have a statically configured default route.

The no form of this command disables OSPF LSA filtering (normal operation).

Default 

no lsa-filter-out

multicast-import

Syntax 
[no] multicast-import
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables the submission of routes into the multicast Route Table Manager (RTM) by OSPF.

The no form of the command disables the submission of routes into the multicast RTM.

Default 

no multicast-import

message-digest-key

Syntax 
message-digest-key keyid md5 [key | hash-key] [hash]
no message-digest-key keyid
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures a message digest key when MD5 authentication is enabled on the interface, virtual-link or sham-link. Multiple message digest keys can be configured.

This command is not valid in the OSPF3 context.

The no form of the command removes the message digest key identified by the key-id.

Default 

No message digest keys are defined.

Parameters 
keyid—
the keyid is expressed as a decimal integer
Values—
1 to 255
md5 key
The MD5 key. The key can be any alphanumeric string up to 16 characters in length.
md5 hash-key—
The MD5 hash key. The key can be any combination of ASCII characters up to 32 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.

metric

Syntax 
metric metric
no metric
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
config>service>vprn>ospf>area>sham-link
Description 

This command configures an explicit route cost metric for the OSPF interface that overrides the metrics calculated based on the speed of the underlying link.

The no form of the command deletes the manually configured interface metric, so the interface uses the computed metric based on the reference-bandwidth command setting and the speed of the underlying link.

Default 

no metric — the metric is based on reference-bandwidth setting and the link speed

Parameters 
metric—
the metric to be applied to the interface expressed as a decimal integer
Values—
1 to 65535

mtu

Syntax 
mtu bytes
no mtu
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the OSPF packet size used on this interface. If this parameter is not configured OSPF derives the MTU value from the MTU configured (default or explicitly) in the following contexts:

config>port>ethernet config>port>sonet-sdh>path config>port>tdm>t3-e3 config>port>tdm>t1-e1>channel-group

If this parameter is configured, the smaller value between the value configured here and the MTU configured (default or explicitly) in an above-mentioned context is used.

To determine the actual packet size add 14 bytes for an Ethernet packet and 18 bytes for a tagged Ethernet packet to the size of the OSPF (IP) packet MTU configured in this command.

Use the no form of this command to revert to default.

Default 

no mtu — Uses the value derived from the MTU configured in the config>port context.

Parameters 
bytes—
the MTU to be used by OSPF for this logical interface in bytes
Values—
512 to 9198 (9212-14) (Depends on the physical media)

passive

Syntax 
[no] passive
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command adds the passive property to the OSPF interface where passive interfaces are advertised as OSPF interfaces but do not run the OSPF protocol.

By default, only interface addresses that are configured for OSPF will be advertised as OSPF interfaces. The passive parameter allows an interface to be advertised as an OSPF interface without running the OSPF protocol.

While in passive mode, the interface will ignore ingress OSPF protocol packets and not transmit any OSPF protocol packets.

The no form of the command removes the passive property from the OSPF interface.

Default 

Service interfaces defined in config>router>service-prefix are passive.

All other interfaces are not passive.

priority

Syntax 
priority number
no priority
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the priority of the OSPF interface that is used an election of the designated router on on the subnet.

This parameter is only used if the interface is of type broadcast. The router with the highest priority interface becomes the designated router. A router with priority 0 is not eligible to be Designated Router or Backup Designated Router.

The no form of the command reverts the interface priority to the default value.

Default 

priority 1

Parameters 
number—
The interface priority expressed as a decimal integer. A value of 0 indicates the router is not eligible to be the Designated Router of Backup Designated Router on the interface subnet.
Values—
0 to 255

retransmit-interval

Syntax 
retransmit-interval seconds
no retransmit-interval
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command specifies the length of time, in seconds, that OSPF will wait before retransmitting an unacknowledged link state advertisement (LSA) to an OSPF neighbor.

The value should be longer than the expected round trip delay between any two routers on the attached network. Once the retransmit-interval expires and no acknowledgement has been received, the LSA will be retransmitted.

The no form of this command reverts to the default interval.

Default 

retransmit-interval 5

Parameters 
seconds—
the retransmit interval in seconds expressed as a decimal integer
Values—
1 to 3600

rib-priority

Syntax 
rib-priority {high} prefix-list-name
no rib-priority
Context 
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description 

This command enables RIB prioritization for the OSPF/OSPFv3 protocol. When enabled at the OSPF interface level, all routes learned through the associated OSPF interface will be processed through the OSPF route calculation process at a higher priority.

The no form of rib-priority command disables RIB prioritization at the associated level.

Default 

no rib-priority

Parameters 
prefix-list-name—
specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process

transit-delay

Syntax 
transit-delay seconds
no transit-delay
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the estimated time, in seconds, that it takes to transmit a link state advertisement (LSA) on the interface or virtual link or sham-link.

The no form of this command reverts to the default delay time.

Default 

transit-delay 1

Parameters 
seconds—
the transit delay in seconds expressed as a decimal integer
Values—
0 to 3600

key-rollover-interval

Syntax 
key-rollover-interval key-rollover-interval
Context 
config>service>vprn>ospf3>area
Description 

This command configures the key rollover interval.

The no form of the command reverts to the default.

Default 

10

Parameters 
key-rollover-interval—
specifies the time, in seconds, after which a key rollover will start
Values—
10 to 300

loopfree-alternate-exclude

Syntax 
[no] loopfree-alternate-exclude
Context 
config>service>vprn>ospf3>area
Description 

This command specifies whether or not the OSPF area should be excluded during LFA calculations. When enabled, the OSPF area is excluded from LFA calculations. When disabled (the default), the OSPF area is included in LFA calculations.

The no form of the command includes the OSPF area in LFA calculations.

Default 

disabled

nssa

Syntax 
[no] nssa
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command creates the context to configure an OSPF Not So Stubby Area (NSSA) and adds/removes the NSSA designation from the area.

NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF domain.

Existing virtual links of a non-stub or NSSA area will be removed when the designation is changed to NSSA or stub.

An area can be designated as stub or NSSA but never both at the same time.

By default, an area is not configured as an NSSA area.

The no form of the command removes the NSSA designation and configuration context from the area.

Default 

no nssa — The OSPF area is not an NSSA.

originate-default-route

Syntax 
originate-default-route [type-7] [no-adjacency-check]
no originate-default-route
Context 
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description 

This command enables the generation of a default route and its LSA type (3 or 7) into a Not So Stubby Area (NSSA) by an NSSA Area Border Router (ABR) or Autonomous System Border Router (ASBR).

When configuring an NSSA with no summaries, the ABR will inject a type 3 LSA default route into the NSSA area. Some older implementations expect a type 7 LSA default route.

The no form of the command disables origination of a default route.

Default 

no originate-default-route — A default route is not originated.

Parameters 
type-7—
Specifies that a type 7 LSA should be used for the default route.

Configure this parameter to inject a type 7 LSA default route into an NSSA configured with no summaries, instead of a type 3 LSA.

To revert to a type 3 LSA, execute the originate-default-route command without the type-7 parameter.

Values—
type 3 LSA default route
no-adjacency-check—
Specifies whether or not adjacency checks are performed before originating a default route. If this parameter is configured, then no area 0 adjacency is required for the ABR to advertise the default route.
Values—
Adjacency checks are performed, and an area 0 adjacency is required for the ABR to advertise the default route

redistribute-external

Syntax 
[no] redistribute-external
Context 
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description 

This command enables the redistribution of external routes into the Not So Stubby Area (NSSA) or an NSSA area border router (ABR) that is exporting the routes into non-NSSA areas.

NSSA or Not So Stubby Areas are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is that the NSSA has the capability to flood external routes that it learns (providing it is an ASBR) throughout its area and via an Area Border Router to the entire OSPF domain.

The no form of the command disables the default behavior to automatically redistribute external routes into the NSSA area from the NSSA ABR.

Default 

redistribute-external — External routes are redistributed into the NSSA.

summaries

Syntax 
[no] summaries
Context 
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf>area>stub
config>service>vprn>ospf3>area>nssa
Description 

This command enables sending summary (type 3) advertisements into a stub area or Not So Stubby Area (NSSA) on an Area Border Router (ABR). This parameter is particularly useful to reduce the size of the routing and Link State Database (LSDB) tables within the stub or nssa area. By default, summary route advertisements are sent into the stub area or NSSA.

The no form of the command disables sending summary route advertisements and, for stub areas, only the default route is advertised by the ABR.

Default 

summaries — Summary routes are advertised by the ABR into the stub area or NSSA.

stub

Syntax 
[no] stub
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command enables access to the context to configure an OSPF stub area and adds/removes the stub designation from the area. External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command. An OSPF area cannot be both an NSSA and a stub area. Existing virtual links of a non STUB or NSSA area will be removed when its designation is changed to NSSA or STUB.

By default, an area is not a stub area.

The no form of the command removes the stub designation and configuration context from the area.

Default 

no stub — The area is not configured as a stub area.

default-metric

Syntax 
default-metric metric
no default-metric
Context 
config>service>vprn>ospf>area>stub
config>service>vprn>ospf3>area>stub
Description 

This command configures the metric used by the area border router (ABR) for the default route into a stub area. The default metric should only be configured on an ABR of a stub area. An ABR generates a default route if the area is a stub area.

The no form of the command reverts to the default value.

Default 

default-metric 1

Parameters 
metric—
the metric expressed as a decimal integer for the default route cost to be advertised into the stub area
Values—
1 to 16777215

virtual-link

Syntax 
[no] virtual-link router-id transit-area area-id
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command configures a virtual link to connect area border routers to the backbone via a virtual link. The backbone area (area 0.0.0.0) must be contiguous and all other areas must be connected to the backbone area. If it is not practical to connect an area to the backbone (see area 0.0.0.2 in the picture below) then the area border routers (routers 1 and 2 in the picture below) must be connected via a virtual link. The two area border routers will form a point-to-point like adjacency across the transit area (area 0.0.0.1 in the picture below). A virtual link can only be configured while in the area 0.0.0.0 context.

The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or a Not So Stubby Area (NSSA).

The no form of the command deletes the virtual link.

Default 

No virtual link is defined.

Parameters 
router-id—
the router ID of the virtual neighbor in IP address dotted decimal notation
transit-area area-id
the area-id specified identifies the transit area that links the backbone area with the area that has no physical connection with the backbone

The OSPF backbone area, area 0.0.0.0, must be contiguous and all other areas must be connected to the backbone area. The backbone distributes routing information between areas. If it is not practical to connect an area to the backbone (see Area 0.0.0.5 in Figure 47) then the area border routers (such as routers Y and Z) must be connected via a virtual link. The two area border routers form a point-to-point-like adjacency across the transit area (see Area 0.0.0.4).

Figure 47:  OSPF Areas 

compatible-rfc1583

Syntax 
[no] compatible-rfc1583
Context 
config>service>vprn>ospf
Description 

This command enables OSPF summary and external route calculations in compliance with RFC1583 and earlier RFCs.

RFC1583 and earlier RFCs use a different method to calculate summary and external route costs. To avoid routing loops, all routers in an OSPF domain should perform the same calculation method.

Although it would be favorable to require all routers to run a more current compliancy level, this command allows the router to use obsolete methods of calculation.

This command is not supported in OSPF3.

The no form of the command enables the post-RFC1583 method of summary and external route calculation.

Default 

compatible-rfc1583 — RFC1583 compliance is enabled.

export

Syntax 
export policy-name [policy-name…]
no export
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command associates export route policies to determine which routes are exported from the route table to OSPF. Export polices are only in effect if OSPF is configured as an ASBR.

If no export policy is specified, non-OSPF routes are not exported from the routing table manager to OSPF.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default 

no export — No export route policies specified.

Parameters 
policy-name—
The export route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

external-db-overflow

Syntax 
external-db-overflow limit interval
no external-db-overflow
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables limits on the number of non-default AS-external-LSA entries that can be stored in the LSDB and specifies a wait timer before processing these after the limit is exceeded.

The limit value specifies the maximum number of non-default AS-external-LSA entries that can be stored in the link-state database (LSDB). Placing a limit on the non-default AS-external-LSAs in the LSDB protects the router from receiving an excessive number of external routes that consume excessive memory or CPU resources. If the number of routes reach or exceed the limit, the table is in an overflow state. When in an overflow state, the router will not originate any new AS-external-LSAs. In fact, it withdraws all the self-originated non-default external LSAs.

The interval specifies the amount of time to wait after an overflow state before regenerating and processing non-default AS-external-LSAs. The waiting period acts like a dampening period preventing the router from continuously running Shortest Path First (SPF) calculations caused by the excessive number of non-default AS-external LSAs.

The external-db-overflow must be set identically on all routers attached to any regular OSPF area. OSPF stub areas and not-so-stubby areas (NSSAs) are excluded.

The no form of the command disables limiting the number of non-default AS-external-LSA entries.

Default 

no external-db-overflow — No limit on non-default AS-external-LSA entries.

Parameters 
limit—
the maximum number of non-default AS-external-LSA entries that can be stored in the LSDB before going into an overflow state expressed as a decimal integer
Values—
-1 to 2147483647
interval—
the number of seconds after entering an overflow state before attempting to process non-default AS-external-LSAs expressed as a decimal integer
Values—
0 to 2147483647

external-preference

Syntax 
external-preference preference
no external-preference
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command configures the preference for OSPF external routes.

A route can be learned by the router from different protocols in which case the costs are not comparable; when this occurs the preference is used to decide which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the following table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of the command reverts to the default value.

Default 

external-preference 150 — OSPF external routes have a default preference of 150.

Parameters 
preference—
The preference for external routes expressed as a decimal integer.

Route Type

Preference

Configurable  

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes 1

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

    Note:

  1. Preference for OSPF internal routes is configured with the preference command
Values—
1 to 255

ignore-dn-bit

Syntax 
[no] ignore-dn-bit
Context 
config>service>vprn>ospf
Description 

This command specifies whether to ignore the DN bit for OSPF LSA packets for this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets will be ignored. When disabled, the DN bit will not be ignored for OSPF LSA packets.

loopfree-alternate

Syntax 
[no] loopfree-alternate
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables Loop-Free Alternate (LFA) computation by SPF under the IS-IS routing protocol level, or under the OSPF routing protocol instance level.

When this command is enabled, it instructs the IGP SPF to attempt to pre-compute both a primary next-hop and an LFA next-hop for every learned prefix. IS-IS computes the primary SPF first and then computes the LFA SPF. The LFA backup next-hop is only available after the LFA SPF is completed. When found, the LFA next-hop is populated into the routing table along with the primary next-hop for the prefix.

The no form of this command disables the LFA computation by IGP SPF.

Default 

no loopfree-alternate

overload

Syntax 
overload [timeout seconds]
no overload
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command changes the overload state of the local router so that it appears to be overloaded. When overload is enabled, the router can participate in OSPF routing, but is not used for transit traffic. Traffic destined to directly attached interfaces continue to reach the router.

To put the IGP in an overload state enter a timeout value. The IGP will enter the overload state until the timeout timer expires or a no overload command is executed.

If the overload command is encountered during the execution of an overload-on-boot command then this command takes precedence. This could occur as a result of a saved configuration file where both parameters are saved. When the file is saved by the system the overload-on-boot command is saved after the overload command.

Use the no form of this command to return to the default. When the no overload command is executed, the overload state is terminated regardless the reason the protocol entered overload state.

Default 

no overload

Parameters 
timeout seconds—
specifies the number of seconds to reset overloading
Values—
60 to1800
Values—
60

if-attribute

Syntax 
if-attribute
Context 
config>router
config>router>interface
config>service>ies>interface
config>service>vprn>interface
Description 

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

admin-group

Syntax 
admin-group group-name [group-name...(up to 5 max)]
no admin-group group-name [group-name...(up to 5 max)]
no admin-group
Context 
config>router>interface>if-attribute
config>service>ies>if>if-attribute
config>service>vprn>if>if-attribute
config>router>mpls>interface
Description 

This command configures the admin group membership of an interface. The user can apply admin groups to an IES, VPRN, network IP, or MPLS interface.

Each single operation of the admin-group command allows a maximum of five (5) groups to be specified at a time. However, a maximum of 32 groups can be added to a given interface through multiple operations. Once an admin group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured admin-group membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the admin groups bound to an MPLS interface are advertised in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the admin-group memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group with up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain.

srlg-group

Syntax 
srlg-group group-name [group-name...(up to 5 max)]
no srlg-group group-name [group-name...(up to 5 max)]
no srlg-group
Context 
config>router>interface>if-attribute
config>service>ies>if>if-attribute
config>service>vprn>if>if-attribute
config>router>mpls>interface
Description 

This command configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface.

An interface can belong to up to 64 SRLG groups. However, each single operation of the srlg-group command allows a maximum of five (5) groups to be specified at a time. Once an SRLG group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured SRLG membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the SRLGs bound to an MPLS interface are advertised in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the SRLG memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain.

lfa-policy-map

Syntax 
lfa-policy-map route-nh-template template-name
no lfa-policy-map
Context 
config>router>ospf>area>interface
config>router>ospf3>area>interface
config>router>isis>interface
config>service>vprn>ospf>area>interface
config>service>vprn>ospf3>area>interface
Description 

This command applies a route next-hop policy template to an OSPF or IS-IS interface.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command will fail.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it will result in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Parameters 
template-name—
specifies the name of the template, up to 32 characters

loopfree-alternate-exclude

Syntax 
loopfree-alternate-exclude prefix-policy prefix-policy [prefix-policy... up to 5]
no loopfree-alternate-exclude
Context 
config>router>ospf
config>router>ospf3
config>router>isis
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF. Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action of the loopfree-alternate-exclude command, when not explicitly specified by the user in the prefix policy, is a “reject”. Thus, regardless if the user did or did not explicitly add the statement “default-action reject” to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.

The no form deletes the exclude prefix policy.

Parameters 
prefix-policy prefix-policy—
Specifies the name of the prefix policy, up to 32 characters. The specified name must have been already defined.

overload-include-ext-2

Syntax 
[no] overload-include-ext-2
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command is used to to control if external type-2 routes should be re-advertised with a maximum metric value when the system goes into overload state for any reason. When this command is enabled and the router is in overload, all external type-2 routes will be advertised with the maximum metric.

Default 

no overload-include-ext-2

overload-include-stub

Syntax 
[no] overload-include-stub
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command is used to to determine if the OSPF stub networks should be advertised with a maximum metric value when the system goes into overload state for any reason. When enabled, the system uses the maximum metric value. When this command is enabled and the router is in overload, all stub interfaces, including loopback and system interfaces, will be advertised at the maximum metric.

Default 

no overload-include-stub

overload-on-boot

Syntax 
overload-on-boot [timeout seconds]
no overload
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

When the router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures the IGP upon bootup in the overload state until one of the following events occur:

  1. The timeout timer expires.
  2. A manual override of the current overload state is entered with the no overload command.

The no overload command does not affect the overload-on-boot function.

The no form of the command removes the overload-on-boot functionality from the configuration.

Default 

no overload-on-boot

Parameters 
timeout seconds—
Specifies the number of seconds to reset overloading.
Values—
60 to1800
Values—
60

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command configures the preference for OSPF internal routes.

A route can be learned by the router from different protocols in which case the costs are not comparable, when this occurs the preference is used to decide to which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the following table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of the command reverts to the default value.

Default 

preference 10 — OSPF internal routes have a preference of 10.

Parameters 
preference—
The preference for internal routes expressed as a decimal integer. Defaults for different route types are listed in the following table.

Route Type

Preference

Configurable

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes 1

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

    Note:

  1. Preference for OSPF internal routes is configured with the preference command
Values—
1 to 255

reference-bandwidth

Syntax 
reference-bandwidth reference-bandwidth
no reference-bandwidth
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command configures the reference bandwidth in kilobits per second (Kbps) that provides the reference for the default costing of interfaces based on their underlying link speed.

The default interface cost is calculated as follows:

cost = reference – bandwidth ÷ bandwidth

The default reference-bandwidth is 100,000,000 Kbps or 100 Gbps, so the default auto-cost metrics for various link speeds are as as follows:

  1. 10 Mbs link default cost of 10000
  2. 100 Mbs link default cost of 1000
  3. 1 Gbps link default cost of 100
  4. 10 Gbps link default cost of 10

The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on a particular interface, use the metric metric command in the config>router>ospf>area>interface ip-int-name context.

The no form of the command reverts the reference-bandwidth to the default value.

Default 

reference-bandwidth 100000000 — Reference bandwidth of 100 Gbps.

Parameters 
reference-bandwidth—
the reference bandwidth in kilobits per second expressed as a decimal integer
Values—
1 to 1000000000

rib-priority

Syntax 
rib-priority {high} prefix-list-name
no rib-priority
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enabled RIB prioritization for the OSPF protocol and specifies the prefix list that will be used to select the specific routes that should be processed through the OSPF route calculation process at a higher priority.

The no form of rib-priority command disables RIB prioritization at the associated level.

Default 

no rib-priority

Parameters 
prefix-list-name—
specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process

super-backbone

Syntax 
[no] super-backbone
Context 
config>service>vprn>ospf
Description 

This command specifies whether CE-PE functionality is required or not. The OSPF super backbone indicates the type of the LSA generated as a result of routes redistributed into OSPF. When enabled, the redistributed routes are injected as summary, external or NSSA LSAs. When disabled, the redistributed routes are injected as either external or NSSA LSAs only.

Default 

no super-backbone

suppress-dn-bit

Syntax 
[no] suppress-dn-bit
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command specifies whether to suppress the setting of the DN bit for OSPF LSA packets generated by this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets generated by this instance of the OSPF router will not be set. When disabled, this instance of the OSPF router will follow the normal proceedure to determine whether to set the DN bit.

Default 

no suppress-dn-bit

timers

Syntax 
timers
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables the context that allows for the configuration of OSPF timers. Timers control the delay between receipt of a link state advertisement (LSA) requiring a Dijkstra (Shortest Path First (SPF)) calculation and the minimum time between successive SPF calculations.

Changing the timers affect CPU utilization and network reconvergence times. Lower values reduce convergence time but increase CPU utilization. Higher values reduce CPU utilization but increase reconvergence time.

Default 

n/a

redistribute-delay

Syntax 
redistribute-delay redist-wait
no redistribute-delay
Context 
config>router>ospf>timers
config>router>ospf3>timers
Description 

This command sets the internal OSPF hold down timer for external routes being redistributed into OSPF.

Shorting this delay can speed up the advertisement of external routes into OSPF but can result in additional OSPF messages if that source route is not yet stable.

The no redistribute-delay form of the command resets the timer value back to the default value.

Default 

1000ms (1 second)

Parameters 
redist-wait—
Specifies the OSPF redistribution hold down timer for external routes being advertised into OSPF.
Values—
0 to 1000

spf-wait

Syntax 
spf-wait max-spf-wait [spf-initial-wait spf-initial-wait [spf-second-wait spf-second-wait]]
no spf-wait
Context 
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description 

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs can be controlled with this command. Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, etc., until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

The timer must be entered in increments of 100 milliseconds. Values entered that do not match this requirement will be rejected.

Use the no form of this command to return to the default.

Default 

no spf-wait

Parameters 
max-spf-wait—
specifies the maximum interval in milliseconds between two consecutive SPF calculations
Values—
10 to 120000
Values—
10000
spf-initial-wait —
specifies the initial SPF calculation delay in milliseconds after a topology change
Values—
10 to 100000
Values—
1000
spf-second-wait —
specifies the hold time in milliseconds between the first and second SPF calculation
Values—
10 to 100000
Values—
1000

unicast-import-disable

Syntax 
[no] unicast-import-disable
Context 
config>service>vprn>ospf
Description 

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM.

Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured

Default 

no unicast-import-disable

vpn-domain

Syntax 
vpn-domain [type {0005 | 0105 | 0205 | 8005}] id id
no vpn-domain
Context 
config>service>vprn>ospf
Description 

This command specifies type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance. The parameters are mandatory and can be entered in either order. This command is not applicable in the config>service>vprn>ospf3 context.

This command is not supported in OSPF3.

Default 

no vpn-domain

Parameters 
id—
Specifies the OSPF VPN domain in the “xxxx.xxxx.xxxx” format. This is exchanged using BGP in the extended community attribute associated with a prefix. This object applies to VPRN instances of OSPF only.
type—
specifies the type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID
Values—
0005, 0105, 0205, 8005

vpn-tag

Syntax 
vpn-tag vpn-tag
no vpn-tag
Context 
config>service>vprn>ospf
Description 

This command specifies the route tag for an OSPF VPN on a PE router. This field is set in the tag field of the OSPF external LSAs generated by the PE. This is mainly used to prevent routing loops. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance.

This command is not supported in OSPF3.

Default 

vpn-tag 0

incremental-spf-wait

Syntax 
incremental-spf-wait inc-spf-wait
no incremental-spf-wait
Context 
config>router>ospf>timers
config>router>ospf3>timers
Description 

This command sets the delay before an incremental SPF calculation is performed when LSA types 3, 4, 5, or 7 are received. This allows multiple updates to be processed in the same SPF calculation. Type 1 or type 2 LSAs are considered a topology change and will always trigger a full SPF calculation.

The no incremental-spf-wait form of the command resets the timer value back to the default value.

Default 

1000ms (1 second)

Parameters 
inc-spf-wait—
Specifies the OSPF incremental SPF calculation delay.
Values—
0 to 10000

lsa-accumulate

Syntax 
lsa-accumulate lsa-accum-time
no lsa-accumulate
Context 
config>router>ospf>timers
config>router>ospf3>timers
Description 

This commands sets the internal OSPF delay to allow for the accumulation of multiple LSA so OSPF messages can be sent as efficiently as possible.

Shorting this delay can speed up the advertisement of LSAs to OSPF neighbors but may increase the number of OSPF messages sent.

Default 

1000ms (1 second)

Parameters 
lsa-accum-time—
Specifies the LSA accumulation delay in milliseconds.
Values—
0 to 10000

lsa-arrival

Syntax 
lsa-arrival lsa-arrival-time
no lsa-arrival
Context 
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description 

This parameter defines the minimum delay that must pass between receipt of the same Link State Advertisements (LSAs) arriving from neighbors. It is recommended that the neighbor’s configured lsa-generate lsa-second-wait interval is equal to or greater than the lsa-arrival timer configured here.

Use the no form of this command to return to the default.

Default 

no lsa-arrival

Parameters 
lsa-arrival-time—
Specifies the timer in milliseconds. Values entered that do not match this requirement will be rejected.
Values—
0 to 600000

lsa-generate

Syntax 
lsa-generate max-lsa-wait [lsa-initial-wait lsa-initial-wait [lsa-second-wait lsa-second-wait]]
no lsa-generate-interval
Context 
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description 

This parameter customizes the throttling of OSPF LSA-generation. Timers that determine when to generate the first, second, and subsequent LSAs can be controlled with this command. Subsequent LSAs are generated at increasing intervals of the lsa-second-wait timer until a maximum value is reached. Configuring the lsa-arrival interval to equal or less than the lsa-second-wait interval configured in the lsa-generate command is recommended.

Use the no form of this command to return to the default.

Default 

no lsa-generate

Parameters 
max-lsa-wait—
Specifies the maximum interval, in milliseconds, between two consecutive occurrences of an LSA being generated.
Values—
10 to 600000
Values—
5000
lsa-initial-wait—
Specifies the first waiting period between link-state advertisements (LSA) originate(s), in milliseconds. When the LSA exceeds the lsa-initial-wait timer value and the topology changes, there is no wait period and the LSA is immediately generated.

When an LSA is generated, the initial wait period commences. If, within the specified lsa-initial-wait period and another topology change occurs, then the lsa-initial-wait timer applies.

Values—
10 to 600000
Values—
5000
lsa-second-wait—
Specifies the hold time in milliseconds between the first and second LSA generation. The next topology change is subject to this second wait period. With each subsequent topology change, the wait time doubles (this is 2x the previous wait time). This assumes that each failure occurs within the relevant wait period.
Values—
10 to 600000
Values—
5000

PIM Commands

pim

Syntax 
[no] pim
Context 
config>service>vprn
Description 

This command configures a Protocol Independent Multicast (PIM) instance in the VPRN service. When an PIM instance is created, the protocol is enabled. PIM is used for multicast routing within the network. Devices in the network can receive the multicast feed requested and non-participating routers can be pruned. The router supports PIM sparse mode (PIM-SM).

The no form of the command deletes the PIM protocol instance removing all associated configuration parameters.

Default 

n/a

apply-to

Syntax 
apply-to {all | none}
Context 
config>service>vprn>pim
Description 

This command creates a PIM interface with default parameters.

If a manually created interface or modified interface is deleted, the interface will be recreated when the apply-to command is executed. If PIM is not required on a specific interface, then execute a shutdown command.

The apply-to command is saved first in the PIM configuration structure, all subsequent commands either create new structures or modify the defaults as created by the apply-to command.

Default 

apply-to none

Parameters 
all—
specifies that all VPRN and non-VPRN interfaces are automatically applied in PIM
none—
No interfaces are automatically applied in PIM. PIM interfaces must be manually configured.

grt-extranet

Syntax 
[no] grt-extranet
Context 
config>service>vprn>pim
Description 

This command enables the context to configure GRT/VRF extranet for this MVPN instance.

group-prefix

Syntax 
group-prefix ip-address/mask [ip-address/mask...(up to 8 max)][starg]
group-prefix any
no group-prefix ip-address/mask
no group-prefix any
Context 
config>service>vprn>pim>rpf-select>grt-extranet
Description 

This command configures multicast group IPv4 prefixes for the multicast GRT/VRF with per group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored. Operator can either configure specific groups for extranet or specify all groups by using key-word any. The two options are mutually exclusive in configuration.

When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.

The no form of the command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.

Default 

n/a

Parameters 
ip-address/mask —
specifies the IPv4 multicast address prefix with mask

import

Syntax 
import {join-policy | register-policy} [policy-name [.. policy-name] policy-name]
no import {join-policy | register-policy}
Context 
config>service>vprn>pim
Description 

This command specifies the import route policy to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.

The no form of the command removes the policy association from the IGMP instance.

Default 

no import join-policy no import register-policy

Parameters 
join-policy—
Use this command to filter PIM join messages which prevents unwanted multicast streams from traversing the network.
register-policy—
This keyword filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.
policy-name—
The route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>pim
Description 

This command enables PIM on an interface and enables the context to configure interface-specific parameters. By default interfaces are activated in PIM based on the apply-to command, and do not have to be configured on an individual basis unless the default values must be changed.

The no form of the command deletes the PIM interface configuration for this interface. If the apply-to command parameter is configured, then the no interface form must be saved in the configuration to avoid automatic (re)creation after the next apply-to is executed as part of a reboot.

The shutdown command can be used to disable an interface without removing the configuration for the interface.

Default 

Interfaces are activated in PIM based on the apply-to command.

Parameters 
ip-int-name—
Specifies the interface name. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes

assert-period

Syntax 
assert-period assert-period
no assert-period
Context 
config>service>vprn>pim>if
Description 

This command configures the period in seconds for periodic refreshes of PIM Assert messages on an interface.

The no form of the command reverts to the default.

Default 

60

Parameters 
assert-period—
specifies the period, in seconds, for periodic refreshes of PIM Assert messages on an interface
Values—
1 to 300

bfd-enable

Syntax 
[no] bfd-enable [ipv4 | ipv6]
Context 
config>service>vprn>pim>if
Description 

This command enables the use of bi-directional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface.

The no form of this command removes BFD from the associated IGP protocol adjacency.

Default 

no bfd-enable

bsm-check-rtr-alert

Syntax 
[no] bsm-check-rtr-alert
Context 
config>service>vprn>pim>if
Description 

This command enables the checking of router alert option in the bootstrap messages received on this interface.

Default 

no bsm-check-rtr-alert

hello-interval

Syntax 
hello-interval hello-interval
no hello-interval
Context 
config>service>vprn>pim>if
Description 

This command configures the frequency at which PIM Hello messages are transmitted on this interface.

The no form of this command reverts to the default value.

Default 

30

Parameters 
hello-interval—
Specifies the hello interval in seconds. A 0 (zero) value disables the sending of Hello messages.
Values—
0 to 255 seconds

hello-multiplier

Syntax 
hello-multiplier deci-units
no hello-multiplier
Context 
config>service>vprn>pim>if
Description 

This command configures the multiplier to determine the hold time for a PIM neighbor.

The hello-multiplier in conjunction with the hello-interval determines the hold time for a PIM neighbor.

Parameters 
deci-units—
Specifies the value, specified in multiples of 0.1, for the formula used to calculate the hello-hold time based on the hello-multiplier:

(hello-interval * hello-multiplier) / 10

This allows the PIMv2 default timeout of 3.5 seconds to be supported.

Values—
20 to 100
Values—
35

improved-assert

Syntax 
[no] improved-assert
Context 
config>service>vprn>pim>if
Description 

This command enables improved assert processing on this interface. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes.

The assert process is started when data is received on an outgoing interface. This could impact performance if data is continuously received on an outgoing interface.

When enabled, the PIM assert process is done entirely on the control-plane with no interaction between the control and forwarding plane.

Default 

enabled

instant-prune-echo

Syntax 
[no] instant-prune-echo
Context 
config>service>vprn>pim>interface
Description 

This command enables PIM to send an instant prune echo when the router starts the prune pending timer for a group on the interface. All downstream routers will see the prune message immediately, and can send a join override if they are interested in receiving the group. Configuring instant-prune-echo is recommended on broadcast interfaces with more than one PIM neighbor to optimize multicast convergence.

The no form of the command disables instant Prune Echo on the PIM interface.

Default 

no instant-prune-echo

max-groups

Syntax 
max-groups value
no max-groups
Context 
config>service>vprn>pim>if
Description 

This command configures the maximum number of groups for which PIM can have downstream state based on received PIM Joins on this interface. This does not include IGMP local receivers on the interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed. When this object has a value of 0, there is no limit to the number of groups.

Parameters 
value—
specifies the maximum number of groups for this interface
Values—
1 to 16000

multicast-senders

Syntax 
multicast-senders {auto | always | never}
no multicast-senders
Context 
config>service>vprn>pim>if
Description 

This command configures the way subnet matching is done for incoming data packets on this interface. An IP multicast sender is an user entity to be authenticated in a receiving host.

Parameters 
auto—
subnet matching is automatically performed for incoming data packets on this interface
always—
subnet matching is always performed for incoming data packets on this interface
never—
subnet matching is never performed for incoming data packets on this interface

p2mp-ldp-tree-join

Syntax 
p2mp-ldp-tree-join
p2mp-ldp-tree-join ipv4
p2mp-ldp-tree-join ipv6
p2mp-ldp-tree-join ipv4 ipv6
no p2mp-ldp-tree-join [ipv4] [ipv6]
Context 
config>service>vprn>pim>if
Description 

This command configures the option to join P2MP LDP tree towards the multicast source for the VPRN service. If p2mp-ldp-tree-join is enabled, a PIM multicast join received on an interface is processed to join P2MP LDP LSP using the in-band signaled P2MP tree for the same multicast flow. LDP P2MP tree is setup towards the multicast source. Route to source of the multicast node is looked up from the RTM. The next-hop address for the route to source is set as the root of LDP P2MP tree.

The no form of command disables joining P2MP LDP tree for IPv4 or IPv6 or both (if both or none is specified).

Default 

no p2mp-ldp-tree-join

Parameters 
ipv4—
Enables dynamic mLDP in-band signaling for IPv4 PIM joins. IPv4 multicast must be enabled; see ipv4-multicast-disable. For backward compatibility p2mp-ldp-tree-join is equivalent to p2mp-ldp-tree-join ipv4.
ipv6—
Enables dynamic mLDP in-band signaling for IPv6 PIM joins. IPv6 multicast must be enabled; see ipv6-multicast-disable).

priority

Syntax 
priority dr-priority
no priority
Context 
config>service>vprn>pim>if
Description 

This command sets the priority value to become the rendezvous point (RP) that is included in bootstrap messages sent by the router. The RP is sometimes called the bootstrap router. The priority command indicates whether the router is eligible to be a bootstrap router.

The no form of the command disqualifies the router to participate in the bootstrap election.

Default 

1 (The router is the least likely to become the designated router.)

Parameters 
dr-priority—
Specifies the priority to become the designated router. The higher the value, the higher the priority.
Values—
1 to 4294967295

sticky-dr

Syntax 
sticky-dr [priority dr-priority]
no sticky-dr
Context 
config>service>vprn>pim>if
Description 

This command enables sticky-dr operation on this interface. When enabled, the priority in PIM hellos sent on this interface when elected as the designated router (DR) will be modified to the value configured in dr-priority. This is done to avoid the delays in forwarding caused by DR recovery, when switching back to the old DR on a LAN when it comes back up.

By enabling sticky-dr on this interface, it will continue to act as the DR for the LAN even after the old DR comes back up.

The no form of the command disables sticky-dr operation on this interface.

Default 

disabled

Parameters 
priority dr-priority
sets the DR priority to be sent in PIM Hello messages following the election of that interface as the DR, when sticky-dr operation is enabled
Values—
1 to 4294967295

three-way-hello

Syntax 
three-way-hello [compatibility-mode]
no three-way-hello
Context 
config>service>vprn>pim>if
Description 

This command configures the compatibility mode for enabling the three way hello.

Parameters 
compatibility-mode—
specifies to enable the three way hello

tracking-support

Syntax 
[no] tracking-support
Context 
config>service>vprn>pim>if
Description 

This command sets the the T bit in the LAN Prune Delay option of the Hello Message. This indicates the router's capability to disable Join message suppression.

Default 

no tracking-support

ipv4-multicast-disable

Syntax 
[no] ipv4-multicast-disable
Context 
config>service>vprn>pim
config>service>vprn>pim>interface
Description 

This command administratively disables/enables PIM operation for IPv4.

Default 

no ipv4-multicast-disable

ipv6-multicast-disable

Syntax 
ipv6-multicast-disable
Context 
config>service>vprn>pim
config>service>vprn>pim>interface
Description 

This command administratively disables/enables PIM operation for IPv6.

Default 

ipv6-multicast-disable

mc-ecmp-balance

Syntax 
[no] mc-ecmp-balance
Context 
config>service>vprn>pim
Description 

This command enables multicast balancing of traffic over ECMP links based on the number of (S, G) distributed over each link. When enabled, each new multicast stream that needs to be forwarded over an ECMP link is compared to the count of (S, G) already using each link, so that the link with the fewest (S, G) is chosen.

This command cannot be used together with the mc-ecmp-hashing-enabled command.

The no form of the command disables multicast ECMP balancing.

mc-ecmp-balance-hold

Syntax 
mc-ecmp-balance-hold minutes
no mc-ecmp-balance-hold
Context 
config>service>vprn>pim
Description 

This command configures the hold time for multicast balancing over ECMP links.

Parameters 
minutes—
specifies the hold time, in minutes, that applies after an interface has been added to the ECMP link

mc-ecmp-hashing-enabled

Syntax 
[no] mc-ecmp-hashing-enabled [rebalance]
Context 
config>service>vprn>pim
Description 

This command enables hash-based multicast balancing of traffic over ECMP links and causes PIM joins to be distributed over the multiple ECMP paths based on a hash of S and G (and possibly next-hop IP address). When a link in the ECMP set is removed, the multicast flows that were using that link are redistributed over the remaining ECMP links using the same hash algorithm. When a link is added to the ECMP set new joins may be allocated to the new link based on the hash algorithm, but existing multicast flows using the other ECMP links stay on those links until they are pruned.

Hash-based multicast balancing is supported for both IPv4 and IPv6.

This command cannot be used together with the mc-ecmp-balance command. Using this command and the lag-usage-optimization command on mixed port speed LAGs is not recommended, because some groups may be forwarded incorrectly.

The no form of the command disables the hash-based multicast balancing of traffic over ECMP links.

The no mc-ecmp-hashing-enabled form of the command means that the use of multiple ECMP paths if enabled at the config>router or config>service>vprn context is controlled by the existing implementation and CLI commands mc-ecmp-balance.

Default 

no mc-ecmp-hashing-enabled

Parameters 
rebalance—
specifies to rebalance flows to newly added links immediately, instead of waiting until they are pruned

non-dr-attract-traffic

Syntax 
[no] non-dr-attract-traffic
Context 
config>service>vprn>pim
Description 

This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.

An operator can configure an interface (router or IES or VPRN interfaces) to IGMP and PIM. The interface IGMP state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers a flag non-dr-attract-trafffic can be used in the PIM context to have the router ignore the DR state and attract traffic when not DR. While using this flag, the router may not send the stream down to the DSLAM while not DR.

When enabled, the designated router state is ignored. When disabled, no non-dr-attract-traffic, the designated router value is honored.

Default 

no non-dr-attract-traffic

rp

Syntax 
rp
Context 
config>service>vprn>pim
Description 

This command enables access to the context to configure the rendezvous point (RP) ) of a PIM protocol instance.

An Nokia PIM router acting as an RP must respond to a PIM register message specifying an SSM multicast group address by sending to the first hop router stop register message(s). It does not build an (S, G) shortest path tree toward the first hop router. An SSM multicast group address can be either from the SSM default range of 232/8 or from a multicast group address range that was explicitly configured for SSM.

Default 

rp enabled when PIM is enabled.

anycast

Syntax 
[no] anycast rp-ip-address
Context 
config>service>vprn>pim>rp
Description 

This command configures a PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.

The no form of the command removes the anycast instance from the configuration.

Default 

n/a

Parameters 
rp-ip-address—
Configure the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address will be replaced with the new address. If no ip-address is entered then the command is simply used to enter the anycast CLI level.
Values—
Any valid loopback address configured on the node.

rp-set-peer

Syntax 
[no] rp-set-peer ip-address
Context 
config>service>vprn>pim>rp>anycast
Description 

This command configures a peer in the anycast RP-set. The address identifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.

This is a manual procedure. Caution should be taken to produce a consistent configuration of an RP-set for a given multicast group address range. The priority should be identical on each node and be a higher value than any other configured RP candidate that is not a member of this RP-set.

Although there is no set maximum of addresses that can be configured in an RP-set, up to 15 multicast addresses is recommended.

The no form of the command removes an entry from the list.

Default 

n/a

Parameters 
ip-address—
specifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.

auto-rp-discovery

Syntax 
[no] auto-rp-discovery
Context 
config>service>vprn>pim>rp
Description 

This command enables auto-RP protocol in discovery mode. In discovery mode, RP-mapping and RP-candidate messages are received and forwarded to downstream nodes. RP-mapping messages are received locally to learn about availability of RP nodes present in the network.

Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together. bsr-candidate for IPv6 and auto-rp-discovery for IPv4 can be enabled together. auto-rp-discovery cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.

The no form of the command disables auto-RP.

Note:

Chassis mode D or higher must be enabled for auto-rp-discovery.

Default 

no auto-rp-discovery

bootstrap-export

Syntax 
bootstrap-export policy-name [policy-name... up to five]
no bootstrap-export
Context 
config>service>vprn>pim>rp
Description 

This command exports policies to control the flow of bootstrap messages from the RP. Up to five policies can be defined.

The no form of this command removes the specified policy names from the configuration.

Default 

n/a

Parameters 
policy-name—
Specifies the policy name. The policy statement must already be configured in the config>router>policy-options context.

bootstrap-import

Syntax 
bootstrap-import policy-name [policy-name... up to five]
no bootstrap-import policy-name [policy-name... up to five]
Context 
config>service>vprn>pim>rp
Description 

This command imports policies to control the flow of bootstrap messages into the RP. Up to five policies can be defined.

The no form of this command removes the specified policy names from the configuration.

Default 

n/a

Parameters 
policy-name—
Specifies the policy name. The policy statement must already be configured in the config>router>policy-options context.

bsr-candidate

Syntax 
bsr-candidate
Context 
config>service>vprn>pim>rp
config>service>vprn>pim>rp>ipv6
Description 

This command enables the context to configure Candidate Bootstrap (BSR) parameters.

Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together. bsr-candidate for IPv6 and auto-rp-discovery for IPv4 can be enabled together.

The no form of the command disables BSR.

Default 

no bsr-candidate

address

Syntax 
[no] address ip-address
Context 
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>rp-candidate
Description 

This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.

Use the no form of this command to remove the static RP from the configuration.

Default 

No IP address is specified.

Parameters 
ip-address—
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Values—
1.0.0.0 to 223.255.255.255

address

Syntax 
[no] address ipv6-address
Context 
config>service>vprn>pim>rp>ipv6>bsr-candidate
config>service>vprn>pim>rp>ipv6>rp-candidate
Description 

This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.

Use the no form of this command to remove the static RP from the configuration.

Default 

No IP address is specified.

Parameters 
ipv6-address—
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

hash-mask-len

Syntax 
hash-mask-len hash-mask-length
no hash-mask-len
Context 
config>service>vprn>pim>rp>bsr-candidate
Description 

This command is used to configure the length of a mask that is to be combined with the group address before the hash function is called. All groups with the same hash map to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

Default 

30

Parameters 
hash-mask-length—
the hash mask length
Values—
0 to 32

hash-mask-length

Syntax 
hash-mask-length hash-mask-length
no hash-mask-length
Context 
config>service>vprn>pim>rp>ipv6>bsr-candidate
Description 

This command is used to configure the length of a mask that is to be combined with the group address before the hash function is called. All groups with the same hash map to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

Default 

126

Parameters 
hash-mask-length—
the hash mask length
Values—
0 to 128

priority

Syntax 
priority bootstrap-priority
Context 
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>ipv6>bsr-candidate
Description 

This command defines the priority used to become the rendezvous point (RP). The higher the priority value the more likely that this router becomes the RP. If there is a tie, the router with the highest IP address is elected.

Parameters 
bootstrap-priority—
the priority to become the bootstrap router
Values—
0 to 255
Values—
0 (the router is not eligible to be the bootstrap router)

ipv6

Syntax 
ipv6
Context 
config>service>vprn>pim>rp
Description 

This command enables access to the context to configure the rendezvous point (RP) of a PIM IPv6 protocol instance.

A Nokia IPv6 PIM router acting as an RP must respond to an IPv6 PIM register message specifying an SSM multicast group address by sending to the first hop router stop register message(s). It does not build an (S, G) shortest path tree toward the first hop router. An SSM multicast group address can be either from the SSM default range or from a multicast group address range that was explicitly configured for SSM.

Default 

ipv6 RP enabled when IPv6 PIM is enabled.

anycast

Syntax 
anycast ipv6-address
no anycast ipv6-address
Context 
config>service>vprn>pim>rp>ipv6
Description 

This command configures an IPv6 PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.

The no form of the command removes the anycast instance from the configuration.

Default 

n/a

Parameters 
ipv6-address—
Configures the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address will be replaced with the new address. If no address is entered then the command is simply used to enter the anycast CLI context.
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

rp-set-peer

Syntax 
[no] rp-set-peer ipv6-address
Context 
config>service>vprn>pim>rp>ipv6>anycast
Description 

This command configures an IPv6 peer in the anycast rp-set. The address identifies the address used by the other node as the RP candidacy address for the same multicast group address range as configured on this node.

This is a manual procedure. Caution should be taken to produce a consistent configuration of an RP- set for a given multicast group address range. The priority should be identical on each node and be a higher value than any other configured RP candidate that is not a member of this rp-set.

Although there is no set maximum of addresses that can be configured in an rp-set, up to 15 multicast addresses is recommended.

The no form of the command removes an entry from the list.

Default 

n/a

Parameters 
ipv6-address—
specifies the address used by the other node as the RP candidacy address for the same multicast group address range as configured on this node
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

embedded-rp

Syntax 
embedded-rp
Context 
config>service>vprn>pim>rp>ipv6
Description 

This command enables context to configure IPv6 embedded RP parameters.

group-range

Syntax 
[no] group-range {ipv6-address/prefix-length}
Context 
config>service>vprn>pim>rp>ipv6>embedded-rp
config>service>vprn>pim>rp>ipv6>rp-candidate
Description 

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.

Default 

n/a

Parameters 
ipv6-address—
specifies the addresses or address ranges that this router can be an RP
prefix-length —
specifies the address prefix length
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[8 to 128] // for embedded-rp

prefix-length

[16 to 128] // for rp-candidate

group-prefix

Syntax 
[no] group-prefix grp-ipv6-address/prefix-length
Context 
config>service>vprn>pim>rp>ipv6>static
Description 

The group-prefix for a static-rp defines a range of multicast-ip-addresses for which this static RP is applicable.

The no form of the command removes the criterion.

Default 

n/a

Parameters 
grp-ipv6-address—
specifies the multicast IPv6 address
prefix-length —
specifies the address prefix length
Values—

grp-ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[8 to 128]

rp-candidate

Syntax 
rp-candidate
Context 
config>service>vprn>pim>rp
config>service>vprn>pim>rp>ipv6
Description 

This command enables the context to configure the candidate rendezvous point (RP) parameters.

Default 

enabled when PIM is enabled

group-range

Syntax 
[no] group-range {ip-prefix/mask | ip-prefix netmask}
Context 
config>service>vprn>pim>rp>rp-candidate
config>service>vprn>pim>ssm
Description 

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.

Default 

n/a

Parameters 
ip-prefix—
specifies the addresses or address ranges that this router can be an RP
Values—
ipv4-prefix - a.b.c.d ipv4-prefix-le - [0 to 32] ipv6-prefix - x:x:x:x:x:x:x:x (eight 16-bitpieces) x:x:x:x:x:x:d.d.d.d x - [0 to FFFF]H d - [0 to 255]D ipv6-prefix-le - [0 to 128]
mask—
specifies the address mask with the address to define a range of addresses
netmask—
specifies the subnet mask in dotted decimal notation
Values—
:a.b.c.d (network bits all 1 and host bits all 0)

holdtime

Syntax 
holdtime holdtime
no holdtime holdtime
Context 
config>service>vprn>pim>rp>rp-candidate
config>service>vprn>pim>rp>ipv6>rp-candidate
Description 

Use this command to define the length of time neighboring router consider this router to be up.

Use the no form of this command to revert to the default value.

Default 

150

Parameters 
holdtime—
specifies the length of time, in seconds, that neighbor should consider the sending router to be operational
Values—
0 to 255

priority

Syntax 
priority priority
no priority priority
Context 
config>router>pim>rp>local
config>service>vprn>pim>rp>rp-candidate
Description 

This command defines the priority used to become the rendezvous point (RP). The higher the priority value, the more likely that this router will become the RP.

Use the no form of this command to revert to the default value.

Default 

1

Parameters 
priority—
Specifies the priority to become the designated router. The higher the value the more likely the router will become the RP.
Values—
0 to 255

static

Syntax 
static
Context 
config>service>vprn>pim>rp
Description 

This command enables access to the context to configure a static rendezvous point (RP) of a PIM-SM protocol instance.

Default 

n/a

address

Syntax 
[no] address ip-address
Context 
config>service>vprn>pim>rp>static
Description 

This command configures the static rendezvous point (RP) address.

The no form of this command removes the static RP entry from the configuration.

Default 

n/a

group-prefix

Syntax 
[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}
Context 
config>service>vprn>pim>rp>static
Description 

The group-prefix for a static-rp defines a range of multicast-ip-addresses for which a certain RP is applicable.

The no form of the command removes the criterion.

Default 

n/a

Parameters 
grp-ip-address—
specifies the multicast IP address
mask—
defines the mask of the multicast-ip-address
Values—
4 to 32
netmask—
the subnet mask in dotted decimal notation
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

override

Syntax 
[no] override
Context 
config>service>vprn>pim>rp>static
Description 

This command changes the precedence of static RP over dyanamically learned Rendezvous Point (RP).

When enabled, the static group-to-RP mappings take precedence over the dynamically learned mappings.

Default 

no override

rpf-table

Syntax 
rpf-table {rtable-m | rtable-u | both}
no rpf-table
Context 
config>service>vprn>pim
config>router>msdp
Description 

This command configures the sequence of route tables used to find a Reverse Path Forwarding (RPF) interface for a particular multicast route.

By default, only the unicast route table is looked up to calculate RPF interface towards the source/rendezvous point. However, the operator can specify the following:

  1. use the unicast route table only
  2. use the multicast route table only
  3. use both the route tables
Default 

rtable-u

Parameters 
rtable-m—
Specifies that only the multicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by static routes, IS-IS and OSPF.
rtable-u—
Specifies only that the unicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by all the unicast routing protocols.
both—
Specifies that the multicast route table will be used first by the multicast protocol (PIM) for checks, and then the unicast route table will be used if the multicast route table lookup fails. rtable-m is checked before rtable-u.

spt-switchover-threshold

Syntax 
spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold
no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}
Context 
config>service>vprn>pim
Description 

This command configures a shortest path tree (SPT tree) switchover threshold for a group prefix.

Parameters 
grp-ip-address—
specifies the multicast group address
mask—
defines the mask of the multicast-ip-address
Values—
4 to 32
netmask—
the subnet mask in dotted decimal notation
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)
spt-threshold—
specifies the configured threshold in kilo-bits per second(kbps) for the group to which this (S,G) belongs. For a group G configured with a threshold, switchover to SPT for an (S,G) is attempted only if the (S,G)'s rate exceeds this configured threshold.

ssm-assert-compatible-mode

Syntax 
ssm-assert-compatible-mode [enable | disable]
Context 
config>service>vprn>pim
Description 

This command specifies whether SSM assert is enabled in compatibility mode for this PIM protocol instance. When enabled, for SSM groups, PIM will consider the SPT bit to be implicitly set to compute the value of CouldAssert (S,G,I) as defined in RFC 4601, Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised). When disabled, for SSM groups, PIM will not assume the SPT bit to be set. The SPT bit will be set by Update_SPTbit(S,G,iif) macro defined in RFC 4601.

Default 

ssm-assert-compatible-mode disable

Parameters 
enable—
enables SSM assert in compatibility mode for this PIM protocol instance
disable—
disabled SSM assert in compatibility mode for this PIM protocol instance

ssm-default-range-disable

Syntax 
ssm-default-range-disable ipv4
Context 
config>service>vprn>pim
Description 

This command specifies whether to disable the use of default range (232/8) for SSM so that it can be used by ASM to process (*,G). When enabled, the use of default range is disabled for SSM and it can be used by ASM. When disabled, the SSM default range is enabled.

Default 

ssm-default-range-disable

ssm-groups

Syntax 
[no] ssm-groups
Context 
config>service>vprn
Description 

This command enables access to the context to enable a source-specific multicast (SSM) configuration instance.

Default 

n/a

PPPoE Commands

Note:

The commands described in this section apply only to the 7450 ESS and 7750 SR.

pppoe

Syntax 
[no] pppoe
Context 
config>service>vprn>sub-if>grp-if
Description 

This command enables the context to configure PPPoE parameters.

dhcp-client

Syntax 
dhcp-client
Context 
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command enables the context to configure the PPPoE-to-DHCP options.

ccag-use-origin-sap

Syntax 
[no] ccag-use-origin-sap
Context 
config>service>vprn>sub-if>grp-if>pppoe>dhcp-client
Description 

This command enables the original VPLS SAP to be included in the circuit-id option to send to the DHCP server (in case this interface is connected to a VPLS by a CCA MDA).

The no form of the command disables the feature.

Default 

no ccag-use-origin-sap

pap-chap-user-db

Syntax 
pap-chap-user-db local-user-db-name
no pap-chap-user-db
Context 
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command configures the local user database to use for PPP Challenge-Handshake Authentication Protocol/Password Authentication Protocol (PAP/CHAP) authentication.

If an authentication policy is also configured, pppoe-access-method must be set to none in this authentication policy to use the local user database (in that case RADIUS authentication will not be used for PPPoE hosts).

Parameters 
local-user-db-name—
specifies the local user database to use for authentication

pppoe-policy

Syntax 
pppoe-policy pppoe-policy-name
no pppoe-policy
Context 
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command associates a PPPoE policy on this interface.

Default 

default

Parameters 
pppoe-policy-name—
specifies a a PPPoE policy up to 32 characters in length on this interface

sap-session-limit

Syntax 
sap-session-limit sap-session-limit
no sap-session-limit
Context 
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command specifies the number of PPPoE hosts per SAP allowed for this group-interface.

Default 

1

Parameters 
sap-session-limit—
specifies the number of PPPoE hosts per SAP allowed
Values—
1 to 20000

session-limit

Syntax 
session-limit session-limit
no session-limit
Context 
config>service>vprn>sub-if>grp-if>pppoe
Description 

This command specifies the number of PPPoE hosts allowed for this group interface.

Default 

1

Parameters 
session-limit—
Specifies the number of PPPoE hosts allowed
Values—
1 to 20000

MSDP Configuration Commands

msdp

Syntax 
[no] msdp
Context 
config>service>vprn
Description 

This command enables a Multicast Source Discovery Protocol (MSDP) instance. When an MSDP instance is created, the protocol is enabled. To start or suspend execution of the MSDP protocol without affecting the configuration, use the [no] shutdown command.

For the MSDP protocol to function, at least one peer must be configured.

When MSDP is configured and started, an appropriate event message should be generated.

When the no form of the command is executed, all sessions must be terminated and an appropriate event message should be generated.

When all peering sessions are terminated, an event message per peer is not required.

The no form of the command deletes the MSDP protocol instance, removing all associated configuration parameters.

Default 

no msdp

active-source-limit

Syntax 
active-source-limit number
no active-source-limit
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
config>service>vprn>msdp>source
Description 

This option controls the maximum number of active source messages that will be accepted by Multicast Source Discovery Protocol (MSDP), effectively controlling the number of active sources that can be stored on the system.

The no form of this command reverts the number of source message limit to default operation.

Default 

No limit is placed on the number of source active records.

Parameters 
number—
defines how many active sources can be maintained by MSDP
Values—
0 to 1000000

data-encapsulation

Syntax 
[no] data-encapsulation
Context 
config>service>vprn>msdp
Description 

This command configures a rendezvous point (RP) using Multicast Source Discovery Protocol (MSDP) to encapsulate multicast data received in MSDP register messages inside forwarded MSDP source-active messages.

Default 

data-encapsulation

export

Syntax 
export policy-name [policy-name...(up to 5 max)]
no export
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command specifies the policies to export source active state from the source active list into Multicast Source Discovery Protocol (MSDP).

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default 

No export policies are applied and all SA entries are announced.

Parameters 
policy-name—
Specifies the export policy name, up to 32 characters. Up to five policy-name arguments can be specified.

If you configure an export policy at the global level, each individual peer inherits the global policy. If you configure an export policy at the group level, each individual peer in a group inherits the group’s policy. If you configure an export policy at the peer level, then policy only applies to the peer where it is configured.

group

Syntax 
[no] group group-name
Context 
config>service>vprn>msdp
Description 

This command enables access to the context to create or modify a Multicast Source Discovery Protocol (MSDP) group. To configure multiple MSDP groups, include multiple group statements.

By default, the group’s options are inherited from the global MSDP options. To override these global options, group-specific options within the group statement can be configured.

If the group name provided is already configured then this command only provides the context to configure the options pertaining to this group.

If the group name provided is not already configured, then the group name must be created and the context to configure the parameters pertaining to the group should be provided. In this case, the $ prompt to indicate that a new entity (group) is being created should be used.

For a group to be of use, at least one peer must be configured.

Default 

no group

Parameters 
group-name—
specifies a unique name for the MSDP group

import

Syntax 
import policy-name [policy-name...(up to 5 max)]
no import
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command specifies the policies to import source active state from Multicast Source Discovery Protocol (MSDP) into source active list.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

If you configure an import policy at the global level, each individual peer inherits the global policy.

If you configure an import policy at the group level, each individual peer in a group inherits the group’s policy.

If you configure an import policy at the peer level, then policy only applies to the peer where it is configured.

The no form of the command removes all policies from the configuration.

Default 

No import policies are applied and all source active messages are allowed.

Parameters 
policy-name—
Specifies the import policy name. Up to five policy-name arguments can be specified.

local-address

Syntax 
local-address address
no local-address
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command configures the local end of a Multicast Source Discovery Protocol (MSDP) session. For MSDP to function, at least one peer must be configured. When configuring a peer, you must include this local-address command to configure the local end of the MSDP session. This address must be present on the node and is used to validate incoming connections to the peer and to establish connections to the remote peer.

If the user enters this command, then the address provided is validated and will be used as the local address for MSDP peers from that point. If a subsequent local-address command is entered, it will replace the existing configuration and existing sessions will be terminated.

Similarly, when the no form of this command is entered, the existing local-address will be removed from the configuration and the existing sessions will be terminated.

Whenever a session is terminated, all information pertaining to and learned from that peer will be removed.

Whenever a new peering session is created or a peering session is lost, an event message should be generated.

The no form of this command removes the local-address from the configuration.

Default 

No local address is configured.

Parameters 
address—
specifies an existing address on the node

mode

Syntax 
mode {mesh-group | standard}
Context 
config>service>vprn>msdp>group
Description 

This command configures groups of peers in a full mesh topology to limit excessive flooding of source-active messages to neighboring peers.

Multicast Source Discovery Protocol (MSDP) peers can be configured grouped in a full-mesh topology that prevents excessive flooding of source-active messages to neighboring peers.

In a meshed configuration, all members of the group must have a peer connection with every other mesh group member. If this rule is not adhered to, then unpredictable results may occur.

Default 

mode standard (non-meshed)

Parameters 
mesh-group—
Specifies that source-active message received from a mesh group member are always accepted but are not flooded to other members of the same mesh group. These source-active messages are only flooded to non-mesh group peers or members of other mesh groups.
standard—
specifies a non-meshed mode

peer

Syntax 
[no] peer peer-address
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
Description 

This command configures peer parameters. Multicast Source Discovery Protocol (MSDP) must have at least one peer configured. A peer is defined by configuring a local-address that can be used by this node to set up a peering session and the address of a remote MSDP router, It is the address of this remote peer that is configured in this command and it identifies the remote MSDP router address.

After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. It may be required to have multiple peering sessions in which case multiple peer statements should be included in the configurations.

By default, the options applied to a peer are inherited from the global or group-level. To override these inherited options, include peer-specific options within the peer statement.

If the peer address provided is already a configured peer, then this command only provides the context to configure the parameters pertaining to this peer.

If the peer address provided is not already a configured peer, then the peer instance must be created and the context to configure the parameters pertaining to this peer should be provided. In this case, the $ prompt to indicate that a new entity (peer) is being created should be used.

The peer address provided will be validated and, if valid, will be used as the remote address for an MSDP peering session.

When the no form of this command is entered, the existing peering address will be removed from the configuration and the existing session will be terminated. Whenever a session is terminated, all source active information pertaining to and learned from that peer will be removed. Whenever a new peering session is created or a peering session is lost, an event message should be generated.

At least one peer must be configured for MSDP to function.

Default 

n/a

Parameters 
peer-address—
the address configured in this statement must identify the remote MSDP router that the peering session must be established with

receive-msdp-msg-rate

Syntax 
receive-msdp-msg-rate number interval seconds [threshold number]
no receive-msdp-msg-rate
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command limits the number of Multicast Source Discovery Protocol (MSDP) messages that are read from the TCP session. It is possible that an MSDP/ RP router may receive a large number of MSDP protocol message packets in a particular source active message.

After the number of MSDP packets (including source active messages) defined in the threshold have been processed, the rate of all other MSDP packets is rate limited by no longer accepting messages from the TCP session until the time (seconds) has elapsed.

The no form of this command reverts this active-source limit to default operation.

Default 

No limit is placed on the number of MSDP and source active limit messages will be accepted.

Parameters 
number—
defines the number of MSDP messages (including source active messages) that are read from the TCP session per the number of seconds
Values—
10 to 10000
Values—
0
interval seconds
defines the time that, together with the number parameter, defines the number of MSDP messages (including source active messages) that are read from the TCP session within the configured number of seconds
Values—
1 to 600
Values—
0
threshold number—
the number of MSDP messages can be processed before the MSDP message rate limiting function described above is activated; this is particularly of use during at system startup and initialization
Values—
1 to 1000000
Values—
0

rpf-table

Syntax 
rpf-table {rtable-m | rtable-u | both}
no rpf-table
Context 
config>service>vprn>msdp
Description 

This command configures the sequence of route tables used to find a Reverse Path Forwarding (RPF) interface for a particular multicast route.

By default, only the unicast route table is looked up to calculate RPF interface towards the source/rendezvous point. However, the operator can specify the following:

  1. use the unicast route table only
  2. use the multicast route table only or
  3. use both the route tables
Default 

rtable-u

Parameters 
rtable6-m—
Specifies that only the multicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by static routes, ISIS and OSPF.
rtable6-u—
Specifies only that the unicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by all the unicast routing protocols.
both—
Will always look up first in the multicast route table and, if there is a route, it will use it. If PIM does not find a route in the first lookup, it will try to find it in the unicast route table. Rtable-m is checked before rtable6-u.

sa-timeout

Syntax 
sa-timeout seconds
no sa-timeout
Context 
config>service>vprn>msdp
Description 

This command configures the value for the SA entries in the cache. If these entries are not refreshed within the timeout value, they are removed from the cache. Normally, the entries are refreshed at least once a minute. But under high load with many of MSDP peers, the refresh cycle could be incomplete. A higher timeout value (more then 90) could be useful to prevent instabilities in the MSDP cache.

Default 

90

Parameters 
seconds—
specifies the time, in seconds, to wait for a response from the peer before declaring the peer unavailable
Values—
90 to 600

source

Syntax 
[no] source ip-prefix/mask
Context 
config>service>vprn>msdp
Description 

This command limits the number of active source messages the router accepts from sources in the specified address range.

If the prefix and mask provided is already a configured then this command only provides the context to configure the parameters pertaining to this active source-message filter.

If the prefix and mask provided is not already a configured, then the source node instance must be created and the context to configure the parameters pertaining to this node should be provided. In this case, the $ prompt to indicate that a new entity (source) is being created should be used.

The no form of this message removes the source active rate limiter for this source address range.

Default 

n/a. The source active msdp messages are not rate limited based on the source address range.

Parameters 
ip-prefix—
the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area
Values—
ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0)
mask—
the subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation
Values—
0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command configures a Message Digest 5 (MD5) authentication key to be used with a specific Multicast Source Discovery Protocol (MSDP) peering session. The authentication key must be configured per peer as such no global or group configuration is possible.

Default 

Authentication-key. All MSDP messages are accepted and the MD5 signature option authentication key is disabled.

Parameters 
authentication-key—
The authentication key. Allowed values are any string up to 256 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 451 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

default-peer

Syntax 
default-peer
no default-peer
Context 
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

Using the default peer mechanism, a peer can be selected as the default Multicast Source Discovery Protocol (MSDP) peer. As a result, all source-active messages from the peer will be accepted without the usual peer-reverse-path-forwarding (RPF) check.

The MSDP peer-RPF check is different from the normal multicast RPF checks. The peer-RPF check is used to stop source-active messages from looping. A router validates source-active messages originated from other routers in a deterministic fashion.

A set of rules is applied in order to validate received source-active messages, and the first rule that applies determines the peer-RPF neighbor. All source-active messages from other routers are rejected. The rules applied to source-active messages originating at Router S received at Router R from Router N are as follows:

  1. If Router N and router S are one and the same, then the message is originated by a direct peer-RPF neighbor and will be accepted.
  2. If Router N is a configured peer, or a member of the Router R mesh group then its source-active messages are accepted.
  3. If Router N is the Border Gateway Protocol (BGP) next hop of the active multicast RPF route toward Router S then Router N is the peer-RPF neighbor and its source-active messages are accepted.
  4. If Router N is an external BGP peer of Router R and the last autonomous system (AS) number in the BGP AS-path to Router S is the same as Router N’s AS number, then Router N is the peer-RPF neighbor, and its source-active messages are accepted.
  5. If Router N uses the same next hop as the next hop to Router S, then Router N is the peer-RPF neighbor, and its source-active messages are accepted.
  6. If Router N fits none of the above rules, then Router N is not a peer-RPF neighbor, and its source-active messages are rejected.
Default 

No default peer is established and all active source messages must be RPF checked.

MLD Configuration Commands

mld

Syntax 
[no] mld
Context 
config>service>vprn
Description 

This command enables the context to configure Multicast Listener Discovery (MLD) parameters.

The no form of the command disables MLD.

Default 

no mld

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>mld
Description 

This command enables the context to configure an Multicast Listener Discovery (MLD) interface. The interface is a local identifier of the network interface on which reception of the specified multicast address is to be enabled or disabled.

The no form of the command deletes the MLD interface. The shutdown command in the config>router>mld>interface context can be used to disable an interface without removing the configuration for the interface.

Default 

no interface — No interfaces are defined.

Parameters 
ip-int-name—
The IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

disable-router-alert-check

Syntax 
[no] disable-router-alert-check
Context 
config>service>vprn>mld>interface
Description 

This command enables router alert checking for MLD messages received on this interface.

The no form of the command disables the router alert checking.

Default 

n/a

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>mld>interface
Description 

This command specifies the import route policy to be used for determining which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of the command removes the policy association from the MLD instance.

Default 

no import — No import policy specified.

Parameters 
policy-name—
The route policy name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

max-groups

Syntax 
max-groups value
no max-groups
Context 
config>service>vprn>mld>interface
Description 

This command specifies the maximum number of groups for which MLD can have local receiver information based on received MLD reports on this interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed.

Default 

0, no limit to the number of groups.

Parameters 
value—
specifies the maximum number of groups for this interface
Values—
1 to 16000

query-interval

Syntax 
query-interval seconds
no query-interval
Context 
config>service>vprn>mld>interface
Description 

This command specifies the frequency that the querier router transmits general host-query messages. The host-query messages solicit group membership information and are sent to the all-systems multicast group address, 224.0.0.1.

Default 

125

Parameters 
seconds—
the time frequency, in seconds, that the router transmits general host-query messages
Values—
2 to 1024

query-last-member-interval

Syntax 
query-last-member-interval seconds
Context 
config>service>vprn>mld>interface
Description 

This command configures the frequency at which the querier sends group-specific query messages including messages sent in response to leave-group messages. The lower the interval, the faster the detection of the loss of the last member of a group.

Default 

1

Parameters 
seconds—
specifies the frequency, in seconds, at which query messages are sent
Values—
1 to 1024

query-response-interval

Syntax 
query-response-interval seconds
Context 
config>service>vprn>mld>interface
Description 

This command specifies how long the querier router waits to receive a response to a host-query message from a host.

Default 

10

Parameters 
seconds—
specifies the length of time to wait to receive a response to the host-query message from the host
Values—
1 to 1023

static

Syntax 
static
Context 
config>service>vprn>mld>interface
Description 

This command tests multicast forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

Default 

n/a

group

Syntax 
[no] group grp-ipv6-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
Context 
config>service>vprn>mld>interface>static
Description 

This command enables the context to add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.

The no form of the command removes the IPv6 address from the configuration.

Default 

n/a

Parameters 
grp-ipv6-address—
Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.
Values—
ipv6-address:
  1. x:x:x:x:x:x:x:x (eight 16-bit pieces)
  2. x:x:x:x:x:x:d.d.d.d
  3. x: [0 to FFFF]H
  4. d: [0 to 255]D
start grp-ipv6-address
specifies the start multicast group address
Values—
ipv6-address:
  1. x:x:x:x:x:x:x:x (eight 16-bit pieces)
  2. x:x:x:x:x:x:d.d.d.d
  3. x: [0 to FFFF]H
  4. d: [0 to 255]D
end grp-ipv6-address
specifies the end multicast group address
Values—
ipv6-address:
  1. x:x:x:x:x:x:x:x (eight 16-bit pieces)
  2. x:x:x:x:x:x:d.d.d.d
  3. x: [0 to FFFF]H
  4. d: [0 to 255]D
step ipv6-address
specifies the step increment

source

Syntax 
[no] source src-ipv6-address
Context 
config>service>vprn>mld>interface>static>group
Description 

This command specifies an IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command, in combination with the group, is used to create a specific (S,G) static group entry.

The no form of the command removes the source from the configuration.

Default 

n/a

Parameters 
src-ipv6-address—
specifies the IPv6 unicast address

starg

Syntax 
[no] starg
Context 
config>service>vprn>mld>interface>static>group
Description 

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

Use the no form of the command to remove the starg entry from the configuration.

Default 

n/a

version

Syntax 
version version
no version
Context 
config>service>vprn>mld>interface
Description 

This command specifies the MLD version. If routers run different versions, they will negotiate the lowest common version of MLD that is supported by hosts on their subnet and operate in that version. For MLD to function correctly, all routers on a LAN should be configured to run the same version of MLD on that LAN.

Default 

1

Parameters 
version—
specifies the MLD version number
Values—
1, 2

robust-count

Syntax 
robust-count robust-count
no robust-count
Context 
config>service>vprn>mld
Description 

This command configures the robust count. The robust-count variable allows tuning for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count variable can be increased.

Default 

2

Parameters 
robust-count—
specifies the robust count value
Values—
2 to 10

ssm-translate

Syntax 
ssm-translate
Context 
config>service>vprn>mld
Description 

This command enables the context to configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

grp-range

Syntax 
[no] grp-range start end
Context 
config>service>vprn>mld>ssm-translate
Description 

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters 
start—
an IP address that specifies the start of the group range
end—
An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

source

Syntax 
[no] source ip-address
Context 
config>service>vprn>mld>ssm-translate>grp-range
Description 

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters 
ip-address—
specifies the IP address that will be sending data

RIP Commands

rip

Syntax 
[no] rip
Context 
config>service>vprn
Description 

This command enables the RIP protocol on the given VPRN IP interface.

The no form of the command disables the RIP protocol from the given VPRN IP interface.

Default 

no rip

ripng

Syntax 
[no] ripng
Context 
config>router
Description 

This command creates the context to configure the RIPng protocol instance.

When a RIPng instance is created, the protocol is enabled by default. To start or suspend execution of the RIP protocol without affecting the configuration, use the [no] shutdown command.

The no form of the command deletes the RIP protocol instance removing all associated configuration parameters.

Default 

no ripng — No RIPng protocol instance defined.

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2]
no authentication-key
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description 

This command sets the authentication password to be passed between RIP neighbors.

The authentication type and authentication key must match exactly for the RIP message to be considered authentic and processed.

The no form of the command removes the authentication password from the configuration and disables authentication.

Default 

no authentication-key — Authentication is disabled and the authentication password is empty.

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 16 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 33 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

authentication-type

Syntax 
authentication-type {none | password | message-digest}
no authentication-type
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description 

This command defines the type of authentication to be used between RIP neighbors. The type and password must match exactly for the RIP message to be considered authentic and processed.

The no form of the command removes the authentication type from the configuration and effectively disables authentication.

Default 

no authentication-type

Parameters 
none—
no authentication is used
simple —
a simple clear-text password is sent
md5 —
MD5 authentication is used

check-zero

Syntax 
check-zero {enable | disable}
no check-zero
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The no form of the command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

Default 

no check-zero

Parameters 
enable—
enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting non-compliant RIP messages
disable—
disables the checking and allows the receipt of RIP messages even if the mandatory zero fields are non-zero

split-horizon

Syntax 
split-horizon {enable | disable}
no split-horizon
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command enables the use of split-horizon. RIP uses split-horizon with poison-reverse to protect from such problems as “counting to infinity”. Split-horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

The split-horizon disable command enables split horizon without poison reverse. This allows the routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.

This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no split-horizon), the setting from the less specific level is inherited by the lower level.

The no form of the command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default 

enabled

export

Syntax 
export policy-name [policy-name...(up to 5 max)]
no export
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command specifies the export route policies used to determine which routes are exported to RIP. If no export policy is specified, non-RIP routes will not be exported from the routing table manager to RIP; RIP-learned routes will be exported to RIP neighbors.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default 

no export — No export route policies specified.

Parameters 
policy-name —
The export route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the string must be enclosed between double quotes. The specified names must already be defined.

export-limit

Syntax 
export-limit number [log percentage]
no export-limit
Context 
config>service>vprn>rip
config>service>vprn>ripng
Description 

This command configures the maximum number of routes (prefixes) that can be exported into RIP from the route table.

The no form of the command removes the parameters from the configuration.

Default 

no export-limit

Parameters 
number—
specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table
Values—
1 to 4294967295
log percentage
specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent
Values—
1 to 100

import

Syntax 
import policy-name [policy-name...(up to 5 max)]
no import
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command configures import route policies to determine routes that will be accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order that they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of the command removes all policies from the configuration.

Default 

no import — No import route policies specified.

Parameters 
policy-name —
The import route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes. The specified names must already be defined.

message-size

Syntax 
message-size max-num-of-routes
no message-size
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the maximum number of routes per RIP update message.

The no form of the command resets the maximum number of routes back to the default of 25.

Default 

no message-size

Parameters 
size —
Integer
Values—
25 to 255
Values—
25

metric-in

Syntax 
metric-in metric
no metric-in
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the metric added to routes that were received from a RIP neighbor.

The no form of the command reverts the metric value back to the default.

Default 

no metric-in

Parameters 
metric—
the value added to the metric of routes received from a RIP neighbor, expressed as a decimal integer
Values—
1 to 16

metric-out

Syntax 
metric-out metric
no metric-out
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the metric added to routes that were exported into RIP and advertised to RIP neighbors.

The no form of the command removes the command from the config and resets the metric-in value back to the default.

Default 

no metric-out

Parameters 
metric—
the value added to the metric for routes exported into RIP and advertised to RIP neighbors, expressed as a decimal integer
Values—
1 to 16

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the route preference assigned to RIP routes. This value can be overridden by route policies.

The no form of the command resets the preference to the default.

Default 

no preference

Parameters 
preference—
an integer
Values—
1 to 255
Values—
100

propagate-metric

Syntax 
[no] propagate-metric
Context 
config>service>vprn>rip
config>service>vprn>ripng
Description 

This command enables the BGP MED to be used to configure the RIP metric at the BGP to RIP transition on egress routers. BGP always configures the BGP MED to the RIP metric at the ingress router. When propagate-metric is configured, the RIP metric at egress routers is configured as the BGP MED attribute added to the optional value configured with the metric-out command.

Default 

no propagate-metric

The RIP metric is configured to the optional value configured with the metric-out command plus 1.

receive

Syntax 
receive {both | none | version-1 | version-2}
no receive
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command configures the type(s) of RIP updates that will be accepted and processed.

If both or version-2 is specified, the RIP instance listens for and accepts packets sent to the broadcast and multicast (224.0.0.9) addresses.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

This control can be issued at the global, group or interface level. The default behavior accepts and processes both RIPv1 and RIPv2 messages.

The no form of the command resets the type of messages accepted to both.

Default 

no receive — Accepts both formats.

Parameters 
both—
receive RIP updates in either Version 1 or Version 2 format
none—
do not accept and RIP updates
version-1—
router should only accept RIP updates in Version 1 format
version-2—
router should only accept RIP updates in Version 2 format

send

Syntax 
send {broadcast | multicast | none | version-1 | both}
no send
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command specifies the type of RIP messages sent to RIP neighbors. This control can be issued at the global, group or interface level. The default behavior sends RIPv2 messages with the multicast (224.0.0.9) destination address.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

The no form of this command resets the type of messages sent back to the default value.

Default 

no send — sends RIPv2 to the broadcast address

Parameters 
broadcast—
send RIPv2 formatted messages to the broadcast address
multicast—
send RIPv2 formatted messages to the multicast address
none—
do not send any RIP messages (i.e. silent listener)
version-1—
send RIPv1 formatted messages to the broadcast address
both—
send both RIP v1 & RIP v2 updates to the broadcast address

timers

Syntax 
timers update timeout flush
no timers
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the values for the update, timeout, and flush timers.

  1. Update timer — Determines how often RIP updates are sent.
  2. Timeout timer — If a router is not updated by the time the timer expires, the route is declared invalid, but maintained in the RIP database.
  3. Flush timer — Determines how long a route is maintained in the RIP database, after it has been declared invalid. Once this timer expires it is flushed from the RIP database completely.

The no form of the command resets all timers to their default values of 30, 180, and 120 seconds respectively.

Default 

no timers

Parameters 
update—
the RIP update timer value in seconds
Values—
1 to 600
Values—
30
timeout—
the RIP timeout timer value in seconds
Values—
1 to 1200
Values—
180
flush—
the RIP flush timer value in seconds
Values—
1 to 1200
Values—
120

unicast-address

Syntax 
[no] unicast-address ipv6-address
Context 
config>service>vprn>ripng>group>neighbor
Description 

This command configures the unicast IPv6 address, RIPng updates messages will be sent to if the RIPng send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv6 address.

The no form of the command deletes the specified IPv6 unicast address from the configuration.

Default 

ipv6-address — IPv6 unicast address to which unicast RIPng updates should be sent.

group

Syntax 
[no] group group-name
Context 
config>service>vprn>rip
config>service>vprn>ripng
Description 

This command creates a context for configuring a RIP group of neighbors. RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

The no form of the command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.

Default 

no group — No group of RIP neighbor interfaces defined

Parameters 
group-name—
The RIP group name. Allowed values are any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

neighbor

Syntax 
[no] neighbor ip-int-name
Context 
config>service>vprn>rip>group
config>service>vprn>ripng>group
Description 

This command creates a context for configuring a RIP neighbor interface.

By default, interfaces are not activated in any interior gateway protocol such as RIP unless explicitly configured.

The no form of the command deletes the RIP interface configuration for this interface. The shutdown command in the config>router>rip>group group-name>neighbor ip-int-name context can be used to disable an interface without removing the configuration for the interface.

Default 

no neighbor — No RIP interfaces defined.

Parameters 
ip-int-name—
The IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters long composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

SDP Commands

spoke-sdp

Syntax 
[no] spoke-sdp sdp-id
Context 
config>service>vprn
Description 

This command binds a service to an existing Service Distribution Point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPRN service. If the SDP-ID is not already configured, an error message is generated. If the SDP-ID does exist, a binding between that SDP-ID and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default 

No SDP-ID is bound to a service.

Special Cases 
VPRN—
Several SDPs can be bound to a VPRN service. Each SDP must be destined to a different router. If two SDP-ID bindings terminate on the same router, an error occurs and the second SDP binding is rejected.
Parameters 
sdp-id—
The SDP identifier. Allowed values are integers in the range of 1 and 17407 for existing SDPs.
vc-id—
the virtual circuit identifier
Values—
1 to 4294967295

control-channel-status

Syntax 
[no] control-channel-status
Context 
config>service>vprn>spoke-sdp
Description 

This command enables the configuration of static pseudowire status signaling on a spoke-SDP for which signaling for its SDP is set to OFF.

A control-channel-status no shutdown is allowed only if all of the following are true:

  1. The system is using network chassis mode D
  2. SDP signaling is off.
  3. The control-word is enabled (the control-word is disabled by default)
  4. The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN
  5. Mate SDP signaling is off (in vc-switched services)
  6. The pw-path-id is configured for this spoke-SDP.

The no form of this command removes control channel status signaling from a spoke-SDP. It can only be removed if control channel status is shut down.

Default 

no control-channel-status

acknowledgment

Syntax 
[no] acknowledgment
Context 
config>service>vprn>spoke-sdp>control-channel-status
Description 

This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.

refresh-timer

Syntax 
refresh-timer value
no refresh-timer
Context 
config>service>vprn>spoke-sdp>control-channel-status
Description 

This command configures the refresh timer for control channel status signaling packets. By default, no refresh packets are sent.

Default 

no refresh-timer

Parameters 
value—
specifies the refresh timer value
Values—
10 to 65535 seconds
Values—
0 (off)

request-timer

Syntax 
request-timer timer1 retry-timer timer2 timeout-multiplier multiplier
no request-timer
Context 
config>service>vprn>spoke-sdp>control-channel-status
Description 

This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478. This command is mutually exclusive with a non-zero refresh-timer value.

Parameters 
timer1—
specifies the interval at which pseudowire status messages, including a reliable delivery TLV, with the “request” bit set, are sent
Values—
10 to 65535 seconds
retry-timer timer2
specifies the timeout interval if no response to a pseudowire status request is received. This parameter must be configured. A value of zero (0) disables retries.
Values—
0, 3 to 60 seconds
timeout-multiplier multiplier
If a requesting node does not receive a valid response to a pseudowire status request within this multiplier times the retry timer, then it will assume the pseudowire is down. This parameter is optional.
Values—
3 to 20 seconds

control-word

Syntax 
[no] control-word
Context 
config>service>vprn>spoke-sdp
Description 

The control word command provides the option to add a control word as part of the packet encapsulation for pseudowire types for which the control word is optional. These are Ethernet pseudowires (Epipe). ATM N:1 cell mode pseudowires (apipe vc-types atm-vcc and atm-vpc) and VT pseudowire (apipe vc-type atm-cell).

The configuration for the two directions of the pseudowire must match because the control word negotiation procedures described in Section 6.2 of RFC 4447 are not supported. The C-bit in the pseudowire FEC sent in the label mapping message is set to 1 when the control word is enabled. Otherwise, it is set to 0.

The service will only come up if the same C-bit value is signaled in both directions. If a spoke-sdp is configured to use the control word but the node receives a label mapping message with a C-bit clear, the node releases the label with the an “Illegal C-bit” status code as per Section 6.1 of RFC 4447. As soon as the user also enabled the control the remote peer, the remote peer will withdraw its original label and will send a label mapping with the C-bit set to 1 and the VLL service will be up in both nodes. The control word must be enabled to allow MPLS-TP OAM to be used on a static spoke-sdp in a apipe, epipe and cpipe service.

pw-path-id

Syntax 
[no] pw-path-id
Context 
config>service>vprn>spoke-sdp
Description 

This command enables the context to configure an MPLS-TP Pseudowire Path Identifier for a spoke-sdp. All elements of the PW path ID must be configured in order to enable a spoke-sdp with a PW path ID.

For an IES or VPRN spoke-sdp, the pw-path-id is only valid for ethernet spoke-sdps.

The pw-path-id is only configurable if all of the following is true:

  1. The system is using network chassis mode D
  2. SDP signaling is off
  3. control-word is enabled (control-word is disabled by default)
  4. the service type is epipe, vpls, cpipe, apipe, or IES/VPRN interface
  5. mate SDP signaling is off for vc-switched services

The no form of the command deletes the PW path ID.

Default 

no pw-path-id

agi

Syntax 
agi agi
no agi
Context 
config>service>vprn>spoke-sdp>pw-path-id
Description 

This command configures the attachment group identifier for an MPLS-TP PW.

Parameters 
agi—
specifies the attachment group identifier
Values—
0 to 4294967295

saii-type2

Syntax 
saii-type2 global-id:node-id:ac-id
no saii-type2
Context 
config>service>vprn>spoke-sdp>pw-path-id
Description 

This command configures the source individual attachment identifier (SAII) for an MPLS-TP spoke-sdp. If this is configured on a spoke-sdp for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the taii-type2 of the mate spoke-sdp.

Parameters 
global-id—
specifies the global ID at the source PE or T-PE for the MPLS-TP PW for a spoke-SDP
Values—
0 to 4294967295
node-id—
specifies the node ID at the source PE or T-PE for the MPLS-TP PW for a spoke-SDP
Values—
a.b.c.d or 0 to 4294967295
ac-id—
Specifies the attachment circuit ID at the source PE or T-PE for the MPLS-TP PW for a spoke-SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value
Values—
1 to 4294967295

taii-type2

Syntax 
taii-type2 global-id:node-id:ac-id
no taii-type2
Context 
config>service>vprn>spoke-sdp>pw-path-id
Description 

This command configures the target individual attachment identifier (TAII) for an MPLS-TP spoke-sdp. If this is configured on a spoke-sdp for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the saii-type2 of the mate spoke-sdp.

Parameters 
global-id—
specifies the global ID at the target PE or T-PE for the MPLS-TP PW for a spoke-SDP
Values—
0 to 4294967295
node-id—
specifies the node ID at the target PE or T-PE for the MPLS-TP PW for a spoke-SDP
Values—
a.b.c.d or 0 to 4294967295
ac-id—
Specifies the attachment circuit ID at the target PE or T-PE for the MPLS-TP PW for a spoke-SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.
Values—
1 to 4294967295

spoke-sdp

Syntax 
spoke-sdp sdp-id [:vc-id] vc-type {ether | ipipe} [create]
no spoke-sdp sdp-id [:vc-id] vc-type {ether | ipipe} [create]
Context 
config>service>vprn>if
Description 

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a service. If the SDP-ID is not already configured, an error message is generated. If the SDP-ID does exist, a binding between that SDP-ID and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN services. All packets are forwarded over the default LSP.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default 

n/a

Special Cases 
VPRN—
Several SDPs can be bound to a VPRN service. Each SDP must be destined to a different 7750 SR OS. If two SDP-ID bindings terminate on the same 7750 SR, an error occurs and the second SDP is binding is rejected.
Parameters 
sdp-id—
the SDP identifier
Values—
1 to 17407
vc-id—
the virtual circuit identifier
Values—
1 to 4294967295
vc-type—
the encapsulation and pseudowire type for the spoke SDP
Values—
ether—Ethernet pseudowire.
ipipe—IP pseudowire.
Values—
ether

egress

Syntax 
egress
Context 
config>service>vprn>if>spoke-sdp
config>service>vprn>red-if>spoke-sdp
Description 

This command configures an SDP context.

entropy-label

Syntax 
[no] entropy-label
Context 
config>service>vprn
config>service>vprn>if>spoke-sdp
Description 

This command enables or disables the use of entropy labels for spoke SDPs on a VPRN.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP type, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and the hash label features are mutually exclusive. The entropy label cannot be configured on a spoke-sdp or service where the hash label feature has already been configured.

Default 

no entropy-label

hash-label

Syntax 
[no] hash-label
Context 
config>service>vprn
config>service>vprn>spoke-sdp
config>service>vprn>if>spoke-sdp
Description 

This command enables the use of the hash label on a VLL, VPLS, or VPRN service bound to any MPLS-type encapsulated SDP as well as to a VPRN service using auto-bind-tunnel with the resolution-filter configured as any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option.

When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to 1 to indicate that.

In order to allow for applications whereby the egress LER infers the presence of the Hash Label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the Hash Label. This means that the value of the hash label will always be in the range [524,288 - 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.

The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. For VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL pseudowire packets.

Packets that are generated in CPM and forwarded labeled within the context of a service (for example, OAM packets) must also include a Hash Label at the BoS and set the S-bit accordingly.

The TTL of the hash label is set to a value of 0.

The no form of this command disables the use of the hash label.

Default 

no hash-label

ingress

Syntax 
ingress
Context 
config>service>vprn>if>spoke-sdp
config>service>vprn>red-if>spoke-sdp
Description 

This command configures the SDP context.

qos

Syntax 
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
no qos
Context 
config>service>vprn>if>spoke-sdp>ingress
Description 

This command is used to redirect pseudowire packets to an ingress forwarding plane queue-group for the purpose of rate-limiting.

The ingress pseudowire rate-limiting feature uses a policer in queue-group provisioning model. This model allows the mapping of one or more pseudowires to the same instance of policers, which are defined in a queue-group template.

Operationally, the provisioning model in the case of the ingress pseudowire shaping feature consists of the following steps:

  1. Create an ingress queue-group template and configure policers for each FC that needs to be redirected and optionally, for each traffic type (unicast, broadcast, unknown, or multicast).
  2. Apply the queue-group template to the network ingress forwarding plane where there exists a network IP interface to which the pseudowire packets can be received. This creates one instance of the template on the ingress of the FP. One or more instances of the same template can be created.
  3. Configure FC-to-policer mappings together with the policer redirect to a queue-group in the ingress context of a network QoS policy. No queue-group name is specified in this step, which means the same network QoS policy can redirect different pseudowires to different queue-group templates.
  4. Apply this network QoS policy to the ingress context of a spoke-SDP inside a service, or to the ingress context of a pseudowire template, and specify the redirect queue-group name.
  5. One or more spoke-SDPs can have their FCs redirected to use policers in the same policer queue-group instance.

The following are the constraints and rules of this provisioning model when used in the ingress pseudowire rate-limiting feature:

  1. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name does not exist, the association is failed at the time the user associates the ingress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.
  2. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name exists but the policer-id is not defined in the queue-group template, the association is failed at the time the user associates the ingress context of a spoke-SPD to the named queue-group. In such a case, the pseudowire packet will feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.
  3. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name exists and the policer-id is defined in the queue-group template, it is not required to check that an instance of that queue-group exists in all ingress FPs which have network IP interfaces. The handling of this is dealt with in the data path as follows:
    1. When a pseudowire packet for that FC is received and an instance of the referenced queue-group name exists on that FP, the packet is processed by the policer and will then feed the per-FP ingress shared queues referred to as policer-output-queues.
    2. When a pseudowire packet for that FC is received and an instance of the referenced queue-group name does not exist on that FP, the pseudowire packets will be fed directly into the corresponding ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.
  4. If a network QoS policy is applied to the ingress context of a pseudowire, any pseudowire FC which is not explicitly redirected in the network QoS policy will have the corresponding packets feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the MDA/FP.
  5. If no network QoS policy is applied to the ingress context of the pseudowire, all packets of the pseudowire will feed:
    1. the ingress network shared queue for the packet FC defined in the network-queue policy applied to the ingress of the MDA/FP. This is the default behavior.
    2. a queue-group policer followed by the per-FP ingress shared queues referred to as policer-output-queues if the ingress context of the network IP interface from which the packet is received is redirected to a queue-group (csc-policing). The only exceptions to this behavior are for packets received from a IES/VPRN spoke interface and from an R-VPLS spoke-SPD, which is forwarded to the R-VPLS IP interface. In these two cases, the ingress network shared queue for the packet FC defined in the network-queue policy applied to the ingress of the MDA/FP is used.

When a pseudowire is redirected to use a policer queue-group, the classification of the packet for the purpose of FC and profile determination is performed according to default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the pseudowire. This is true regardless of whether an instance of the named policer queue-group exists on the ingress FP on which the pseudowire packet is received. The user can apply a QoS filter matching the dot1p in the VLAN tag corresponding to the Ethernet port encapsulation, the EXP in the outer label when the tunnel is an LSP, the DSCP in the IP header if the tunnel encapsulation is GRE, and the DSCP in the payload IP header if the user enabled the ler-use-dscp option and the pseudowire terminates in IES or VPRN service (spoke-interface).

When the policer queue-group name the pseudowire is redirected does not exist, the redirection command is failed. In this case, the packet classification is performed according to default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the network IP interface on which the pseudowire packet is received.

The no version of this command removes the redirection of the pseudowire to the queue-group.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535
fp- redirect-group queue-group-name
Specifies the name of the queue group template up to 32 characters in length.
ingress-instance instance-id
Specifies the identification of a specific instance of the queue-group.
Values—
1 to 16384

vc-label

Syntax 
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context 
config>service>vprn>if>spoke-sdp>egress
config>service>vprn>red-if>spoke-sdp>egress
Description 

This command configures the egress VC label.

Parameters 
vc-label—
a VC egress value that indicates a specific connection
Values—
16 to 1048575

vc-label

Syntax 
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context 
config>service>vprn>if>spoke-sdp>ingress
config>service>vprn>red-if>spoke-sdp>ingress
Description 

This command configures the ingress VC label.

Parameters 
vc-label—
a VC ingress value that indicates a specific connection
Values—
2048 to 18431

egress

Syntax 
egress
Context 
config>service>vprn>network-interface
Description 

This command enables the context to configure egress network filter policies for the interface.

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
Context 
config>service>vprn>nw-if>egress
config>service>vprn>if>spoke-sdp>egress
config>service>vprn>if>spoke-sdp>ingress
config>service>vprn>red-if>spoke-sdp>ingress
config>service>vprn>red-if>spoke-sdp>egress
config>service>vprn>nw-if>egress
Description 

This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface. An IP filter policy can be associated with spoke SDPs. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.

The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress SAP. The ip-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation will fail and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters 
ip ip-filter-id
Specifies IP filter policy. The filter ID must already exist within the created IP filters.
Values—
1 to 65535

qos

Syntax 
qos network-policy-id port-redirect-group queue-group-name [instance instance-id]
no qos [network-policy-id]
Context 
config>service>apipe>spoke-sdp>egress
config>service>cpipe>spoke-sdp>egress
config>service>epipe>spoke-sdp>egress
config>service>fpipe>spoke-sdp>egress
config>service>ipipe>spoke-sdp>egress
config>service>vpls>spoke-sdp>egress
config>service>vpls>mesh-sdp>egress
config>service>pw-template>egress
config>service>vprn>if>spoke-sdp>egress
config>service>ies>if>spoke-sdp>egress
Description 

This command is used to redirect pseudowire packets to an egress port queue-group for the purpose of shaping.

The egress pseudowire shaping provisioning model allows the mapping of one ore more pseudowires to the same instance of queues, or policers and queues, which are defined in the queue-group template.

Operationally, the provisioning model consists of the following steps:

  1. Create an egress queue-group template and configure queues only or policers and queues for each FC that needs to be redirected.
  2. Apply the queue-group template to the network egress context of all ports where there exists a network IP interface on which the pseudowire packets can be forwarded. This creates one instance of the template on the egress of the port. One or more instances of the same template can be created.
  3. Configure FC-to-policer or FC-to-queue mappings together with the redirect to a queue-group in the egress context of a network QoS policy. No queue-group name is specified in this step, which means the same network QoS policy can redirect different pseudowires to different queue-group templates.
  4. Apply this network QoS policy to the egress context of a spoke-SPD inside a service or to the egress context of a pseudowire template and specify the redirect queue-group name.

One or more spoke-SPDs can have their FCs redirected to use queues only or queues and policers in the same queue-group instance.

The following are the constraints and rules of this provisioning model:

  1. When a pseudowire FC is redirected to use a queue or a policer and a queue in a queue-group and the queue-group name does not exist, the association is failed at the time the user associates the egress context of a spoke-SPD to the named queue-group. In such a case, the pseudowire packet will be fed directly to the corresponding egress queue for that FC used by the IP network interface on which the pseudowire packet is forwarded. This queue can be a queue-group queue, or the egress shared queue for that FC defined in the network-queue policy applied to the egress of this port. This is the existing implementation and default behavior for a pseudowire packet.
  2. When a pseudowire FC is redirected to use a queue or a policer, and a queue in a queue-group and the queue-group name exists, but the policer-id and/or the queue-id is not defined in the queue-group template, the association is failed at the time the user associates the egress context of a spoke-SPD to the named queue-group. In such a case, the pseudowire packet will be fed directly to the corresponding egress queue for that FC used by the IP network interface the pseudowire packet is forwarded on.
  3. When a pseudowire FC is redirected to use a queue, or a policer and a queue in a queue-group, and the queue-group name exists and the policer-id or policer-id plus queue-id exist, it is not required to check that an instance of that queue-group exists in all egress network ports which have network IP interfaces. The handling of this is dealt with in the data path as follows:
    1. When a pseudowire packet for that FC is forwarded and an instance of the referenced queue-group name exists on that egress port, the packet is processed by the queue-group policer and will then be fed to the queue-group queue.
    2. When a pseudowire packet for that FC is forwarded and an instance of the referenced queue-group name does not exist on that egress port, the pseudowire packet will be fed directly to the corresponding egress shared queue for that FC defined in the network-queue policy applied to the egress of this port.
  4. If a network QoS policy is applied to the egress context of a pseudowire, any pseudowire FC, which is not explicitly redirected in the network QoS policy, will have the corresponding packets feed directly the corresponding the egress shared queue for that FC defined in the network-queue policy applied to the egress of this port.

When the queue-group name the pseudowire is redirected to exists and the redirection succeeds, the marking of the packet DEI/dot1p/DSCP and the tunnel DEI/dot1p/DSCP/EXP is performed; according to the relevant mappings of the (FC, profile) in the egress context of the network QoS policy applied to the pseudowire. This is true regardless, whether an instance of the queue-group exists or not on the egress port to which the pseudowire packet is forwarded. If the packet profile value changed due to egress child policer CIR profiling, the new profile value is used to mark the packet DEI/dot1p and the tunnel DEI/dot1p/EXP, and the DSCP/prec will be remarked if enable-dscp-prec-marking is enabled under the policer.

When the queue-group name the pseudowire is redirected does not exist, the redirection command is failed. In this case, the marking of the packet DEI/dot1p/DSCP and the tunnel DEI/dot1p/DSCP/EXP fields is performed according to the relevant commands in the egress context of the network QoS policy applied to the network IP interface to which the pseudowire packet is forwarded.

The no version of this command removes the redirection of the pseudowire to the queue-group.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535
port-redirect-group queue-group-name
This optional parameter specifies that the queue-group-name will be used for all egress forwarding class redirections within the network QoS policy ID. The specified queue-group-name must exist as a port egress queue group on the port associated with the IP interface.
egress-instance instance-id
specifies the identification of a specific instance of the queue-group
Values—
1 to 16384

Threat Management Service Interface Commands

tms-interface

Syntax 
tms-interface interface-name [create] [off-ramp-vprn off-ramp-svc] [mgmt-vprn mgmt-svc]
no tms-interface interface-name
Context 
config>service>vprn
Description 

This command configure a Threat Management Service interface.

The no form of the command removes the interface name from the configuration.

Parameters 
interface-name—
specifies the interface name up to 22 characters in length
create—
Creates the interface name. The create keyword requirement can be enabled/disabled in the environment>create context.
off-ramp-svc
specifies the service ID or service name for the off-ramp VPRN
Values—
service-id: 1 to 2148007978 svc-name: an existing service name up to 64 characters in length
mgmt-svc
specifies the service ID or service name for management VPRN

service-id: 1 to 2148007978 svc-name: an existing service name up to 64 characters in length

address

Syntax 
address {ip-address/mask | ip-address netmask}
no address
Context 
config>service>vprn>tms-if
Description 

This command assigns an IP address/IP subnet/broadcast address to the TMS instance for communications between Arbor CP collectors/managers and the TMS instance operating within the Service Router.

The no form of the command removes the IP address information from the interface configuration.

Parameters 
ip-address/mask ip-address netmask—
specifies IP address information
Values—

ip-address[/mask]

ip-address a.b.c.d

mask

32

netmask

a.b.c.d (all 1 bits)

description

Syntax 
description long-description-string
no description
Context 
config>service>vprn>tms-if
Description 

This command configures a description for the interface.

The no form of the command removes the description from the interface configuration.

ipv6

Syntax 
[no] ipv6
Context 
config>service>vprn>tms-if
Description 

This command configures IPv6 for a threat-management service interface.

The no form of the command removes the IP address information from the interface configuration.

password

Syntax 
password [password]
no password
Context 
config>service>vprn>tms-if
Description 

This command configures a password for the user.

The no form of the command removes the password.

Parameters 
password—
specifies the password for the TMS configuration
Values—

password

key1 delimvalue1 key2 delim value2 ...

delim is one of the following:

'=' value is unencrypted and remain unencrypted

':' value is unencrypted and to be encrypted

'%' value is encrypted and remain encrypted

port

Syntax 
port mda-id
no port
Context 
config>service>vprn>tms-if
Description 

This command specifies a chassis slot and MDA to bind the interface to a physical port.

The no form of the command removes the MDA ID from the interface configuration.

Parameters 
mda-id—
specifies the chassis slot and MDA
Values—

<slot>/<mda>

slot

[1 to 10]

mda

[1 to 2]

RADIUS Proxy Commands

radius-proxy

Syntax 
radius-proxy
Context 
config>service>vprn
Description 

This command enables the context to configure RADIUS proxy commands.

server

Syntax 
server server-name [create] [purpose {[accounting][authentication]}]
no server server-name
Context 
config>service>vprn>radius-proxy
Description 

This command configures the name of this RADIUS proxy server.

Parameters 
purpose accounting—
specifies that this RADIUS proxy server will be used for accounting purposes
purpose authentication—
specifies that this RADIUS proxy server will be used for authentication purposes

cache

Syntax 
cache
Context 
config>service>vprn>radius-proxy>server
Description 

This command enables the context to configure caching parameters.

The no form of the command disables caching.

key

Syntax 
key packet-type {accept | request} attribute-type attribute-type [vendor-id vendor-id]
no key
Context 
config>service>vprn>radius-proxy>server>cache
Description 

This command configures cache key parameters.

The no form of the command removes the parameters from the configuration.

Default 

no key

Parameters 
packet-type —
specifies the packet type of the RADIUS messages to use to generate the key for the cache of this RADIUS proxy server

In order to generate the key associated with a RADIUS Access-Accept message, the system uses the attribute of the type specified by the value of tmnxRadProxSrvCacheKeyAttrType, within the associated RADIUS message of the type specified by the value of tmnxRadProxSrvCacheKeyPktType.

Values—
accept, request
attribute-type attribute-type
specifies the RADIUS attribute type to cache for this RADIUS Proxy server

In order to generate the key associated with a RADIUS Access-Accept message, the system uses the attribute of the type specified by the value of tmnxRadProxSrvCacheKeyAttrType, within the associated RADIUS message of the type specified by the value of tmnxRadProxSrvCacheKeyPktType.

Values—
1 to 255
vendor-id vendor-id
specifies the RADIUS Vendor-Id

If the value of tmnxRadProxSrvCacheKeyVendorId is equal to zero, the attribute type specified by tmnxRadProxSrvCacheKeyAttrType must be used if it appears outside of a Vendor-Specific attribute.

If the value of tmnxRadProxSrvCacheKeyVendorId is not equal to zero, the attribute type specified by tmnxRadProxSrvCacheKeyAttrType must be used if it appears as a sub-attribute within a Vendor-Specific attribute with Vendor-Id equal to the value of tmnxRadProxSrvCacheKeyVendorId.

Values—
1 to 16777215, alu

timeout

Syntax 
timeout [hrs hours] [min minutes] [sec seconds]
no timeout
Context 
config>service>vprn>radius-proxy>server>cache
Description 

This command configures the timeout, in seconds, after which an entry in the cache will expire.

The no form of the command reverts to the default.

Default 

300

Parameters 
timeout—
configures the timeout
Values—
hours: 1 to 1
minutes: 1 to 59
seconds: 1 to 59

track-accounting

Syntax 
track-accounting [start] [stop] [interim-update]
no track-accounting
Context 
config>service>vprn>radius-proxy>server>cache
Description 

This command specifies which RADIUS accounting packets have impact on the cache of this RADIUS proxy server. Use it to configure what RADIUS accounting packets have impact on the cache.

The no form of the command reverts to the default.

Default 

no track-accounting

default-accounting-server-policy

Syntax 
default-accounting-server-policy policy-name
no default-accounting-server-policy
Context 
config>service>vprn>radius-proxy>server
Description 

This command configures the name of the default RADIUS server policy associated with this RADIUS proxy server for accounting purposes.

This default policy is used if no policy can be derived from the user name.

The no form of the command removes the policy from the configuration.

Parameters 
policy-name—
specifies the default accounting RADIUS server policy up to 32 characters in length

default-authentication-server-policy

Syntax 
default-authentication-server-policy policy-name
no default-authentication-server-policy
Context 
config>service>vprn>radius-proxy>server
Description 

This command configures the name of the default RADIUS server policy associated with this RADIUS proxy server for authentication purposes.

This default policy is used if no policy can be derived from the user name.

The no form of the command removes the policy from the configuration.

Parameters 
policy-name—
specifies the default authentication RADIUS server policy up to 32 characters in length

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>radius-proxy>server
Description 

This command associates an interface to the proxy server.

The no form of the command removes the interface name from the proxy server configuration.

Default 

n/a

Parameters 
ip-int-name —
specifies the name of the IP interface. If the string contains special characters (#, $, spaces, etc.), the entire string must be enclosed between double quotes

load-balance-key

Syntax 
load-balance-key vendor vendor-id [vendor-id...(up to 5 max)] attribute-type attribute-type [attribute-type...(up to 5 max)]
load-balance-key source-ip-udp
no load-balance-key
Context 
config>service>vprn>radius-proxy>server
Description 

This command configures how to construct the key for load-balancing RADIUS messages between RADIUS servers.

Default 

load-balance-key

Parameters 
vendor vendor-id
specifies the RADIUS Vendor-Id
Values—
0 to 16777215
attribute-type attribute-type
specifies a RADIUS attribute that must be used to construct the key for load-balancing RADIUS messages between RADIUS servers
Values—
1 to 255

python-policy

Syntax 
python-policy name
no python-policy
Context 
config>service>vprn>radius-proxy>server
config>service>vprn>radius-server>server
Description 

This common specifies a python policy. Python policies are configured in the config>python> python-policy name context.

Parameters 
name—
specifies the name of an existing python script up to 32 characters in length

secret

Syntax 
secret secret [hash | hash2]
no secret
Context 
config>service>vprn>radius-proxy>server
Description 

This command configures the secret key associated with the RADIUS server.

The no form of the command removes the key from the configuration.

Parameters 
secret —
The secret key (password) to access the RADIUS server. This secret key must match the password on the RADIUS server.
Values—
Up to 32 characters in length.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

send-accounting-response

Syntax 
[no] send-accounting-response
Context 
config>service>vprn>radius-proxy>server
Description 

This command specifies if this RADIUS proxy server itself responds with an Accounting-Response message to each received Accounting-Request instead of proxying them to a configured RADIUS server.

The no form of the command disables the accounting response messages.

Default 

disabled

username

Syntax 
username user-name prefix-string [128 chars max] [accounting-server-policy policy-name] [authentication-server-policy policy-name]
no username [1 to 32]
Context 
config>service>vprn>radius-proxy>server
Description 

This command configures username-to-RADIUS-server-policy associations.

The no form of the command removes the associations from the configuration.

Default 

n/a

Parameters 
username—
specifies the user name
Values—
1 to 32
prefix-string—
specifies the prefix-string for the association
Values—
128 characters, maximum
accounting-server-policy policy-name
specifies the default accounting RADIUS server policy up to 32 characters in length
authentication-server-policy policy-name
specifies the default authentication RADIUS server policy up to 32 characters in length

radius-server

Syntax 
radius-server
Context 
config>service>vprn
Description 

This command enables the context to configure RADIUS server parameters.

server

Syntax 
server server-name [address ip-address] [secret key ] [hash | hash2] [port port] [create]
no server server-name
Context 
config>service>vprn>radius-server
Description 

This command configures RADIUS server parameters.

The no form of the command removes the parameters from the configuration.

Parameters 
server-name—
specifies the name of this RADIUS server
address ip-address
specifies the IP address of the RADIUS server
secret key
Specifies the secret key (password) to access the RADIUS server. This secret key must match the password on the RADIUS server.
Values—
Up to 32 characters in length.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
port port
specifies the UDP port number on which to contact the RADIUS server

accept-coa

Syntax 
[no] accept-coa
Context 
config>service>vprn>radius-server
Description 

This command specifies if this RADIUS server is allowed to process Change of Authorization messages.

coa-script-policy

Syntax 
coa-script-policy script-policy-name
no coa-script-policy
Context 
config>service>vprn>radius-server
Description 

This command specifies the RADIUS script policy used to change the RADIUS attributes of the Change-of-Authorization messages.

The no form of the command removes the script policy from the configuration.

Default 

n/a

Parameters 
script-policy-name—
specifies a Python script policy to modify Change-of-Authorization messages

pending-requests-limit

Syntax 
pending-requests-limit limit
no pending-requests-limit
Context 
config>router
config>service>vprn>radius-server>server
Description 

This command specifies the limit of the number of pending RADIUS authentication requests.

Default 

4096

Parameters 
limit—
configure the limit of the number of pending RADIUS requests
Values—
1 to 4096

wpp

Syntax 
[no] wpp
Context 
config>router
config>service>vprn
Description 

This command enters the configuration context of web portal protocol (WPP) under router or vprn.

The no form of this command removes configuration under wpp.

Default 

no wpp

portals

Syntax 
portals
Context 
config>router>wpp
config>service>vprn>wpp
Description 

This command enters the configuration context of web portal server.

portal

Syntax 
portal name address ip-address [create]
portal name
no portal name
Context 
config>router>wpp>portals
config>service>vprn>wpp>portals
Description 

This command either creates a new web portal server or enters an existing web portal server.

Default 

no portal

Parameters 
name—
specifies the name of the web portal server
ip-address—
specifies IPv4 address of the web portal server

shutdown

Syntax 
[no] shutdown
Context 
config>router>wpp>portals>portal
config>service>vprn>wpp>portals>portal
Description 

This command cause system stops receiving web portal protocol packet from the web portal server.

Default 

shutdown

shutdown

Syntax 
[no] shutdown
Context 
config>router>wpp
config>service>vprn>wpp
Description 

This command cause system stops receiving web portal protocol packet from all web portal servers defined in the routing instance.

Default 

shutdown

wpp

Syntax 
[no] wpp
Context 
config>service>ies>sub-if>grp-if>
config>service>vprn>sub-if>grp-if>
Description 

This command enters the configuration context of web portal protocol (WPP) under group-interface.

The no form of this command removes configuration under WPP.

Default 

no wpp

initial-app-profile

Syntax 
initial-app-profile profile-name
no initial-app-profile
Context 
config>service>ies>sub-if>grp-if>wpp
config>service>vprn>sub-if>grp-if>wppp
Description 

This command specifies the initial app-profile for the hosts created on the group-interface. This initial app-profile is replaced after hosts pass the web portal authentication.

Default 

no initial-app-profile

Parameters 
profile-name—
specifies the name of app-profile

initial-sla-profile

Syntax 
initial-sla-profile profile-name
no initial-sla-profile
Context 
config>router>wpp
config>service>vprn>wpp
Description 

This command specifies the initial sla-profile for the hosts created on the group-interface. This initial sla-profile is replaced after hosts pass the web portal authentication.

Default 

no initial-sla-profile

Parameters 
profile-name—
specifies the name of sla-profile

initial-sub-profile

Syntax 
initial-sub-profile profile-name
no initial-sub-profile
Context 
config>service>ies>sub-if>grp-if>wpp
config>service>vprn>sub-if>grp-if>wpp
Description 

This command specifies the initial sub-profile for the hosts created on the group-interface. This initial sub-profile will be replaced after hosts pass web portal authentication.

Default 

no initial-sub-profile

Parameters 
profile-name—
specifies the name of sub-profile

portal

Syntax 
portal router router-instance name wpp-portal-name
no portal
Context 
config>service>ies>sub-if>grp-if>wpp
config>service>vprn>sub-if>grp-if>wpp
Description 

This command specifies the web portal server that system talks to for the hosts on the group-interface.

Default 

no portal

Parameters 
router-instance—
specifies the routing-instance that web portal server is defined
profile-name—
specifies the name of the web portal server

restore-disconnected

Syntax 
[no] restore-disconnected
Context 
config>service>ies>sub-if>grp-if>wpp
config>service>vprn>sub-if>grp-if>wpp
Description 

This command enable the behavior that system will restore the initial-sla-profile/initial-sub-profile/initial-aa-profile when hosts disconnects instead of removing them.

Default 

restore-disconnected

shutdown

Syntax 
[no] shutdown
Context 
config>service>ies>sub-if>grp-if>wpp
config>service>vprn>sub-if>grp-if>wpp
Description 

This command disables web port protocol for the group-interface.

Default 

shutdown