3.8.  VPRN Service Configuration Commands

3.8.1. Command Hierarchies

Note:

  1. For DHCP command trees and descriptions, refer to the 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide.
  1. VPRN Service Configuration Commands
  2. AAA Remote Server Commands
  3. AARP Interface Commands
  4. BGP Configuration Commands
  5. BGP Group Configuration Commands
  6. BGP Group Neighbor Configuration Commands
  7. GSMP Commands
  8. IGMP Commands
  9. Interface Commands
  10. Interface SAP Commands
  11. Interface Spoke SDP Commands
  12. Interface VPLS Commands
  13. Interface VRRP Commands
  14. IS-IS Configuration Commands
  15. L2TP Commands
  16. Log Commands
  17. Management Commands
  18. MLD Configuration Commands
  19. MSDP Configuration Commands
  20. Multicast VPN Commands
  21. NAT Commands
  22. Network Ingress Commands
  23. Network Interface Commands
  24. NTP Commands
  25. OSPF Configuration Commands
  26. PIM Configuration Commands
  27. Redundant Interface Commands
  28. RIP Configuration Commands
  29. Router Advertisement Commands

3.8.1.1. VPRN Service Configuration Commands

Refer to the 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide for VPRN DHCP CLI commands and descriptions.

config
— service
vprn service-id [name name] [customer customer-id] [create]
— no vprn service-id
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [black-hole [generate-icmp]] [community comm-id [comm-id]] [local-preference local-pref] [description description] [tunnel-group tunnel-group-id]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [community comm-id [comm-id]] [indirect ip-address] [local-preference local-pref] [description description] [tunnel-group tunnel-group-id]
— no aggregate ip-prefix/ip-prefix-length
[no] allow-export-bgp-vpn
auto-bind-tunnel
ecmp max-ecmp-routes
— no ecmp
[no] enforce-strict-tunnel-tagging
resolution {any | filter | disabled}
resolution-filter
[no] bgp
[no] gre
[no] ldp
[no] mpls-fwd-policy
[no] rib-api
[no] rsvp
[no] sr-isis
[no] sr-ospf
[no] sr-ospf3
[no] sr-policy
[no] sr-te
[no] udp
[no] weighted-ecmp
autonomous-system as-number
— no autonomous-system
[no] carrier-carrier-vpn
[no] class-forwarding
confederation confed-as-num [members as-number [as-number]]
— no confederation confed-as-num members as-number [as-number]
— no confederation
description description-string
— no description [description-string]
[no] disable-selective-fib
[no] dns
default-domain dns-name
— no default-domain
ipv4-source-address ipv4-address
— no ipv4-source-address
ipv6-source-address ipv6-address
— no ipv6-source-address
primary-dns ip-address
— no primary-dns
secondary-dns ip-address
— no secondary-dns
[no] shutdown
tertiary-dns ip-address
— no tertiary-dns
ecmp max-ecmp-routes
— no ecmp
[no] ecmp-unequal-cost
enable-bgp-vpn-backup [ipv4] [ipv6]
— no enable-bgp-vpn-backup
[no] entropy-label
eth-cfm
tunnel-fault [accept | ignore]
[no] export-inactive-bgp
fib-priority {high | standard}
flowspec
filter-cam-type {normal | packet-length}
ip-filter-max-size {value | default}
ipv6-filter-max-size {value | default}
grt-lookup
[no] enable-grt
[no] allow-local-management
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no export-grt
export-limit num-routes
— no export-limit
export-v6-limit
— no export-v6-limit
import-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no import-grt
[no] hash-label
[no] ipv6
reachable-time seconds
— no reachable-time
stale-time seconds
— no stale-time
label-mode {vrf | next-hop}
— no label-mode
[no] ignore-nh-metric
maximum-ipv6-routes number [log-only] [threshold percent]
— no maximum-ipv6-routes
maximum-routes number [log-only] [threshold percent]
— no maximum-routes
mc-maximum-routes number [log-only] [threshold percent]
— no mc-maximum-routes
multicast-info-policy policy-name
— no multicast-info-policy
mvpn
network
ingress
filter {ip ip-filter-id | ipv6 ipv6-filter-id}
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
[no] urpf-check
[no] ptp
peer a.b.c.d [create]
— no peer a.b.c.d
local-priority local-priority
log-sync-interval log-interval
— no log-sync-interval
[no] shutdown
peer-limit limit
— no peer-limit
[no] shutdown
reassembly-group nat-group-id [to-base-network]
route-distinguisher [ip-address:number1 | asn:number2 | auto-rd]
route-distinguisher auto-rd
— no route-distinguisher
router-id ip-address
— no router-id
sgt-qos
application dscp-app-name dscp {dscp-value | dscp-name}
application dot1p-app-name dot1p dot1p-priority
— no application {dscp-app-name | dot1p-app-name}
dscp dscp-name fc fc-name
— no dscp dscp-name
[no] shutdown
single-sfm-overload [holdoff-time holdoff-time]
— no single-sfm-overload
snmp
[no] access
community community-name [hash | hash2 | custom] [access-permissions] [version SNMP-version] [src-access-list list-name]
— no community community-name [hash | hash2 | custom]
source-address
application app [ip-int-name | ip-address]
— no application app
application6 app ipv6-address
spoke-sdp sdp-id[:vc-id] [create]
— no spoke-sdp sdp-id[:vc-id]
description description-string
— no description
[no] static-route-entry ip-prefix/prefix-length [mcast]
[no] black-hole
community comm-id
— no community [comm-id]
description description-string
— no description [description-string]
[no] generate-icmp
metric metric-value
— no metric [metric-value]
preference preference-value
— no preference
prefix-list name [{all | none | any}]
— no prefix-list [name] [{all | none | any}]
[no] shutdown
tag tag-value
— no tag [tag-value]
community comm-id [comm-id]
— no community [comm-id [comm-id]]
[no] grt
description description-string
— no description [description-string]
metric metric-value
— no metric [metric-value]
preference preference-value
— no preference
[no] shutdown
[no] indirect ip-address
community comm-id
— no community [comm-id]
cpe-check cpe-ip-address
— no cpe-check [cpe-ip-address]
drop-count count
— no drop-count
interval seconds
— no interval
[no] log
padding-size padding-size
— no padding-size
description description-string
— no description [description-string]
destination-class dest-index
— no destination-class [dest-index]
forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc}
— no forwarding-class [{be | l2 | af | l1 | h2 | ef | h1 | nc}]
priority {low | high}
— no priority [{low | high}]
metric metric-value
— no metric [metric-value]
preference preference-value
— no preference
prefix-list name [{all | none | any}]
— no prefix-list [name] [{all | none | any}]
[no] shutdown
source-class source-index
— no source-class [source-index]
tag tag-value
— no tag [tag-value]
ipsec-tunnel ipsec-tunnel-name
— no ipsec-tunnel [ipsec-tunnel-name]
community comm-id
— no community [comm-id]
description description-string
— no description [description-string]
destination-class dest-index
— no destination-class [dest-index]
forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc}
— no forwarding-class [{be | l2 | af | l1 | h2 | ef | h1 | nc}]
priority {low | high}
— no priority [{low | high}]
metric metric-value
— no metric [metric-value]
preference preference-value
— no preference
[no] shutdown
source-class source-index
— no source-class [source-index]
tag tag-value
— no tag [tag-value]
[no] next-hop {ip-address | ip-int-name | ipv6 address}
[no] bfd-enable
community comm-id
— no community [comm-id]
cpe-check cpe-ip-address
— no cpe-check [cpe-ip-address]
drop-count count
— no drop-count
interval seconds
— no interval
[no] log
padding-size padding-size
— no padding-size
description description-string
— no description [description-string]
destination-class dest-index
— no destination-class [dest-index]
forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc}
— no forwarding-class [{be | l2 | af | l1 | h2 | ef | h1 | nc}]
priority {low | high}
— no priority [{low | high}]
load-balancing-weight value
— no load-balancing-weight [value]
metric metric-value
— no metric [metric-value]
preference preference-value
— no preference
prefix-list name [{all | none | any}]
— no prefix-list [name] [{all | none | any}]
[no] shutdown
source-class source-index
— no source-class [source-index]
tag tag-value
— no tag [tag-value]
[no] validate-next-hop
tag tag
— no tag [tag]
ttl-propagate
local [inherit | none | vc-only | all]
transit [inherit | none | vc-only | all]
type {hub | spoke | subscriber-split-horizon}
— no type
vrf-export plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no vrf-export
vrf-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
— no vrf-import
vrf-target {ext-comm | export ext-comm | import ext-comm}
— no vrf-target
weighted-ecmp [strict]
— no weighted-ecmp

3.8.1.2. AAA Remote Server Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
aaa
remote-servers
radius [create]
— no radius
access-algorithm {direct | round-robin}
— no access-algorithm
[no] accounting
accounting-port port
— no accounting-port
[no] authorization
[no] interactive-authentication
port port
— no port
retry count
— no retry
server server-index address ip-address secret key [{hash | hash2 | custom}]
— no server server-index
[no] shutdown
timeout seconds
— no timeout
[no] use-default-template
tacplus [create]
— no tacplus
accounting [record-type {start-stop | stop-only}]
— no accounting
authorization [use-priv-lvl]
— no authorization
[no] interactive-authentication
[no] priv-lvl-map
priv-lvl priv-lvl user-profile-name
— no priv-lvl priv-lvl
server index address ip-address secret key [{hash | hash2 | custom}] [port port]
— no server index
[no] shutdown
timeout seconds
— no timeout
[no] use-default-template

3.8.1.3. AARP Interface Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
aarp-interface arp-int-name [create]
— no aarp-interface arp-int-name
description long-description-string
— no description
ip-mtu octets
— no ip-mtu
[no] shutdown
spoke-sdp sdp-id:vc-id [create]
— no spoke-sdp sdp-id:vc-id
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
— no aarp
description description-string
— no description
egress
filter ip ip-filter-id
— no filter
vc-label vc-label
— no vc-label [vc-label]
ingress
filter ip ip-filter-id
— no filter
vc-label vc-label
— no vc-label [vc-label]
[no] shutdown

3.8.1.4. BGP Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] bgp
[no] advertise-inactive
advertise-ipv6-next-hops [ipv4]
— no advertise-ipv6-next-hops
[no] aggregator-id-zero
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
[no] backup-path [ipv4] [label-ipv4] [ipv6]
best-path-selection
always-compare-med [zero | infinity]
always-compare-med strict-as {zero | infinity}
— no always-compare-med
as-path-ignore [ipv4] [label-ipv4] [ipv6]
— no as-path-ignore
[no] compare-origin-validation-state
[no] deterministic-med
ebgp-ibgp-equal [ipv4] [label-ipv4] [ipv6]
— no ebgp-ibgp-equal
[no] ignore-nh-metric
[no] ignore-router-id
[no] origin-invalid-unusable
[no] bfd-enable
cluster cluster-id
— no cluster
connect-retry seconds
— no connect-retry
convergence
family family
max-wait-to-advertise seconds
— no max-wait-to-advertise
min-wait-to-advertise seconds
— no min-wait-to-advertise
damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
default-label-preference [ebgp ebgp label preference] [ibgp ibgp label preference]
— no default-label-preference
default-preference [ebgp ebgp preference] [ibgp ibgp preference]
— no default-preference
description description-string
— no description
[no] disable-4byte-asn
[no] disable-client-reflect
disable-communities [standard] [extended] [large]
— no disable-communities
[no] disable-fast-external-failover
dynamic-neighbor-limit peers
— no dynamic-neighbor-limit
ebgp-default-reject-policy [import] [export]
— no ebgp-default-reject-policy
[no] eibgp-loadbalance
[no] enable-peer-tracking
[no] enforce-first-as
error-handling
[no] update-fault-tolerance
export plcy-or-long-expr [plcy-or-expr]
— no export
extended-nh-encoding [ipv4]
— no extended-nh-encoding
family [ipv4] [ipv6] [mcast-ipv4] [flow-ipv6] [flow-ipv4] [mcast-ipv6] [label-ipv4]
— no family
flowspec
[no] validate-dest-prefix
[no] validate-redirect-ip
[no] graceful-restart
[no] enable-notification
[no] long-lived
advertise-stale-to-all-neighbors [without-no-export]
— no advertise-stale-to-all-neighbors
advertised-stale-time seconds
— no advertised-stale-time
[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}
advertised-stale-time seconds
— no advertised-stale-time
helper-override-stale-time seconds
— no helper-override-stale-time
forwarding-bits-set {all | non-fwd}
— no forwarding-bits-set
helper-override-restart-time seconds
— no helper-override-restart-time
helper-override-stale-time seconds
— no helper-override-stale-time
restart-time seconds
— no restart-time
stale-routes-time time
— no stale-routes-time
hold-time seconds [min seconds2]
— no hold-time
[no] ibgp-multipath
import plcy-or-long-expr [plcy-or-expr]
— no import
[no] initial-send-delay-zero
keepalive seconds
— no keepalive
label-preference value
— no label-preference
local-as as-number [private] [no-prepend-global-as]
— no local-as
local-preference local-preference
— no local-preference
loop-detect {drop-peer | discard-route | ignore-loop| off}
— no loop-detect
loop-detect-threshold loop-detect-threshold
— no loop-detect-threshold
med-out {number | igp-cost}
— no med-out
min-route-advertisement seconds
— no min-route-advertisement
multihop ttl-value
— no multihop
multi-path
ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
— no ipv4
ipv6 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
— no ipv6
label-ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
— no label-ipv4
label-ipv6 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
— no label-ipv6
maximum-paths max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
— no maximum-paths
next-hop-resolution
policy policy-name
— no policy
[no] use-bgp-routes
peer-tracking-policy policy-name
— no peer-tracking-policy
preference preference
— no preference
[no] rapid-withdrawal
remove-private [limited] [skip-peer-as] [replace]
— no remove-private
rib-management
— ipv4
leak-import plcy-or-long-expr [plcy-or-expr]
— no leak-import
route-table-import policy-name
— no route-table-import
— ipv6
leak-import plcy-or-long-expr [plcy-or-expr]
— no leak-import
route-table-import policy-name
— no route-table-import
— label-ipv4
leak-import plcy-or-long-expr [plcy-or-expr]
— no leak-import
route-table-import policy-name
— no route-table-import
router-id ip-address
— no router-id
[no] shutdown
[no] split-horizon
[no] third-party-nexthop
[no] bgp-shared-queue

3.8.1.5. BGP Group Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] bgp
group name [esm-dynamic-peer]
— no group name
[no] advertise-inactive
advertise-ipv6-next-hops [ipv4]
— no advertise-ipv6-next-hops
[no] aggregator-id-zero
[no] as-override
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
[no] bfd-enable
cluster cluster-id
— no cluster
connect-retry seconds
— no connect-retry
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
default-label-preference [ebgp ebgp label preference] [ibgp ibgp label preference]
— no default-label-preference
default-preference [ebgp ebgp preference] [ibgp ibgp preference]
— no default-preference
description description-string
— no description
[no] disable-4byte-asn
[no] disable-capability-negotiation
[no] disable-client-reflect
disable-communities [standard] [extended] [large]
— no disable-communities
[no] disable-fast-external-failover 
dynamic-neighbor
match
[no] prefix ip-prefix/ip-prefix-length
[no] allowed-peer-as min-as-number [max max-as-number]
dynamic-neighbor-limit peers
— no dynamic-neighbor-limit
ebgp-default-reject-policy [import] [export]
— no ebgp-default-reject-policy
enable-origin-validation [ipv4] [ipv6] [label-ipv4]
— no enable-origin-validation
[no] enable-peer-tracking
[no] enforce-first-as
error-handling
[no] update-fault-tolerance
export policy-name [policy-name]
— no export
extended-nh-encoding [ipv4]
— no extended-nh-encoding
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv6] [flow-ipv4] [mcast-ipv6]
— no family
[no] graceful-restart
[no] enable-notification
[no] long-lived
advertise-stale-to-all-neighbors [without-no-export]
— no advertise-stale-to-all-neighbors
advertised-stale-time seconds
— no advertised-stale-time
[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}
advertised-stale-time seconds
— no advertised-stale-time
helper-override-stale-time seconds
— no helper-override-stale-time
forwarding-bits-set {all | non-fwd}
— no forwarding-bits-set
helper-override-restart-time seconds
— no helper-override-restart-time
helper-override-stale-time seconds
— no helper-override-stale-time
restart-time seconds
— no restart-time
stale-routes-time time
— no stale-routes-time
hold-time seconds [min seconds2]
— no hold-time
import policy-name [policy-name]
— no import
[no] initial-send-delay-zero
keepalive seconds
— no keepalive
label-preference value
— no label-preference
link-bandwidth
accept-from-ebgp family [family]
— no accept-from-ebgp
add-to-received-ebgp family [family]
— no add-to-received-ebgp
aggregate-used-paths family [family]
— no aggregate-used-paths
send-to-ebgp family [family]
— no send-to-ebgp
local-address ip-address
— no local-address
local-as as-number [private] [no-prepend-global-as]
— no local-as
local-preference local-preference
— no local-preference
loop-detect {drop-peer | discard-route | ignore-loop | off}
— no loop-detect
loop-detect-threshold loop-detect-threshold
— no loop-detect-threshold
med-out {number | igp-cost}
— no med-out
min-route-advertisement seconds
— no min-route-advertisement
multihop ttl-value
— no multihop
[no] multipath-eligible
[no] next-hop-self
[no] passive
peer-as as-number
— no peer-as
preference preference
— no preference
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
— no prefix-limit family
remove-private [limited] [skip-peer-as] [replace]
— no remove-private
[no] shutdown
[no] split-horizon
[no] third-party-nexthop
ttl-security min-ttl-value
— no ttl-security
type {internal | external}
— no type
[no] updated-error-handling

3.8.1.6. BGP Group Neighbor Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] bgp
group name [esm-dynamic-peer]
— no group name
[no] neighbor ip-address
[no] advertise-inactive
advertise-ipv6-next-hops [ipv4]
— no advertise-ipv6-next-hops
[no] aggregator-id-zero
[no] as-override
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom ]
— no authentication-key
[no] bfd-enable
cluster cluster-id
— no cluster
connect-retry seconds
— no connect-retry
[no] damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
[no] damping
default-label-preference [ebgp ebgp label preference] [ibgp ibgp label preference]
— no default-label-preference
default-preference [ebgp ebgp preference] [ibgp ibgp preference]
— no default-preference
description description-string
— no description
[no] disable-4byte-asn
[no] disable-capability-negotiation
[no] disable-client-reflect
disable-communities [standard] [extended] [large]
— no disable-communities
[no] disable-fast-external-failover
ebgp-default-reject-policy [import] [export]
— no ebgp-default-reject-policy
enable-origin-validation [ipv4] [ipv6] [label-ipv4]
— no enable-origin-validation
[no] enable-peer-tracking
[no] enforce-first-as
error-handling
[no] update-fault-tolerance
export policy-name [policy-name]
— no export
extended-nh-encoding [ipv4]
— no extended-nh-encoding
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv6] [flow-ipv4] [mcast-ipv6]
— no family
[no] graceful-restart
[no] enable-notification
[no] long-lived
advertise-stale-to-all-neighbors [without-no-export]
— no advertise-stale-to-all-neighbors
advertised-stale-time seconds
— no advertised-stale-time
[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}
advertised-stale-time seconds
— no advertised-stale-time
helper-override-stale-time seconds
— no helper-override-stale-time
forwarding-bits-set {all | non-fwd}
— no forwarding-bits-set
helper-override-restart-time seconds
— no helper-override-restart-time
helper-override-stale-time seconds
— no helper-override-stale-time
restart-time seconds
— no restart-time
stale-routes-time time
— no stale-routes-time
hold-time seconds [min seconds2]
— no hold-time
import policy-name [policy-name]
— no import
[no] initial-send-delay-zero
keepalive seconds
— no keepalive
label-preference value
— no label-preference
link-bandwidth
accept-from-ebgp family [family]
— no accept-from-ebgp
add-to-received-ebgp family [family]
— no add-to-received-ebgp
aggregate-used-paths family [family]
— no aggregate-used-paths
send-to-ebgp family [family]
— no send-to-ebgp
local-address ip-address
— no local-address
local-as as-number [private] [no-prepend-global-as]
— no local-as
local-preference local-preference
— no local-preference
loop-detect {drop-peer | discard-route | ignore-loop | off}
— no loop-detect
loop-detect-threshold loop-detect-threshold
— no loop-detect-threshold
med-out {number | igp-cost}
— no med-out
min-route-advertisement seconds
— no min-route-advertisement
multihop ttl-value
— no multihop
[no] multipath-eligible
[no] next-hop-self
[no] passive
peer-as as-number
— no peer-as
preference preference
— no preference
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
— no prefix-limit family
remove-private [limited] [skip-peer-as] [replace]
— no remove-private
[no] shutdown
[no] split-horizon
[no] third-party-nexthop
ttl-security min-ttl-value
— no ttl-security
type {internal | external}
— no type
[no] updated-error-handling

3.8.1.7. GSMP Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
gsmp
[no] group name [create]
ancp
[no] dynamic-topology-discover
[no] oam
description description-string
— no description
hold-multiplier multiplier
— no hold-multiplier
[no] idle-filter
keepalive seconds
— no keepalive
neighbor ip-address [create]
— no neighbor ip-address
description description-string
— no description
local-address ip-address
— no local-address
priority-marking dscp dscp-name
priority-marking prec ip-prec-value
— no priority-marking
[no] shutdown
[no] persistency-database
[no] shutdown
[no] shutdown

3.8.1.8. IGMP Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] igmp
[no] group-interface ip-int-name
[no] group-interface fwd-service service-id ip-int-name
[no] disable-router-alert-check
import policy-name
— no import
max-groups max-groups
— no max-groups
max-grp-sources max-group-sources
— no max-grp-sources
max-sources max-sources
— no max-sources
mcac
if-policy if-policy-name
— no if-policy
mc-constraints
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
query-interval seconds
— no query-interval
query-last-member-interval seconds
— no query-last-member-interval
query-response-interval seconds
— no query-response-interval
query-src-ip ip-address
— no query-src-ip
[no] shutdown
[no] sub-hosts-only
[no] subnet-check
version version
— no version
grp-if-query-src-ip ip-address
— no grp-if-query-src-ip
[no] interface ip-int-name
[no] disable-router-alert-check
import policy-name
— no import
max-groups max-group
— no max-groups
max-grp-sources max-grp-sources
— no max-grp-sources
max-sources max-sources
— no max-sources
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
level level-id bw bandwidth
— no level level-id
number-down number-lag-port-down level level-id
— no number-down number-lag-port-down
[no] shutdown
[no] use-lag-port-weight
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
query-interval seconds
— no query-interval
[no] query-last-member-interval
query-last-member-interval seconds
[no] query-response-interval
query-response-interval seconds
[no] shutdown
ssm-translate
[no] grp-range start end
[no] source ip-address
static
[no] group grp-ip-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
[no] source ip-address
[no] starg
[no] subnet-check
version version
— no version
query-interval seconds
— no query-interval
query-last-member-interval seconds
— no query-last-member-interval
query-response-interval seconds
— no query-response-interval
robust-count robust-count
— no robust-count
[no] shutdown
ssm-translate
[no] grp-range start end
[no] source ip-address
igmp-host-tracking
expiry-time expiry-time
— no expiry-time
[no] shutdown

3.8.1.9. Interface Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
interface ip-int-name [create]
interface ip-int-name [create] [tunnel]
— no interface ip-int-name
[no] active-cpm-protocols
address ip-address[/mask] [netmask] [broadcast {all-ones | host-ones}] [track-srrp srrp-instance]
— no address [ip-address[/mask]] [netmask] [broadcast {all-ones | host-ones}]
[no] allow-directed-broadcasts
arp-host-route
populate {static | dynamic | evpn} [route-tag route-tag]
— no populate {static | dynamic | evpn}
[no] arp-learn-unsolicited
arp-limit limit [log-only] [threshold percent]
— no arp-limit
[no] arp-populate
[no] arp-proactive-refresh
arp-retry-timer timer-multiple
— no arp-retry-timer
arp-timeout seconds
— no arp-timeout [seconds]
authentication-policy name
— no authentication-policy
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
cflowd-parameters
— no cflowd-parameters
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}] [sample-profile [profile-id]]
— no sampling {unicast | multicast}
cpu-protection policy-id
— no cpu-protection
description long-description-string
— no description [long-description-string]
dynamic-tunnel-redundant-next-hop ip-address
— no dynamic-tunnel-redundant-next-hop
[no] enable-ingress-stats
[no] enable-mac-accounting
hold-time
down ip seconds [init-only]
— no down ip
down ipv6 seconds [init-only]
— no down ipv6
up ip seconds
— no up ip
up ipv6 seconds
— no up ipv6
host-connectivity-verify [source {vrrp | interface}] [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count]
icmp
[no] mask-reply
param-problem number seconds
— no param-problem [number seconds]
redirects number seconds
— no redirects [number seconds]
ttl-expired number seconds
— no ttl-expired [number seconds]
unreachables number seconds
— no unreachables [number seconds]
if-attribute
[no] admin-group group-name [group-name]
srlg-group group-name [group-name]
— no srlg-group
ingress
[no] destination-class-lookup
policy-accounting template-name
— no policy-accounting
ip-helper-address gateway-address
— no ip-helper-address
ip-mtu octets
— no ip-mtu
ipcp
dns ip-address [secondary ip-address]
dns secondary ip-address
— no dns [ip-address] [secondary ip-address]
peer-ip-address ip-address
— no peer-ip-address
[no] ipv6
address ipv6-address/prefix-length [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
— no address ipv6-address/prefix-length
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
[no] dad-disable
[no] forward-ipv4-packets
icmp6
packet-too-big [number seconds]
— no packet-too-big
param-problem [number seconds]
— no param-problem
redirects [number seconds]
— no redirects
time-exceeded [number seconds]
— no time-exceeded
unreachables number seconds
— no unreachables
link-local-address ipv6-address [dad-disable]
— no link-local-address
[no] local-proxy-nd
nd-host-route
populate {static | dynamic | evpn} [route-tag route-tag]
— no populate {static | dynamic | evpn}
nd-learn-unsolicited {global | link-local | both}
— no nd-learn-unsolicited
nd-proactive-refresh {global | link-local | both}
— no nd-proactive-refresh
neighbor ipv6-address mac-address
— no neighbor ipv6-address
neighbor-limit limit [log-only] [threshold percent]
— no neighbor-limit
proxy-nd-policy policy-name [policy-name]
— no proxy-nd-policy
python-policy policy-name
— no python-policy
[no] qos-route-lookup
reachable-time seconds
— no reachable-time
stale-time seconds
— no stale-time
[no] secure-nd
[no] allow-unsecured-msgs
link-local-modifier modifier
— no link-local-modifier
public-key-min-bits bits
— no public-key-min-bits
security-parameter sec
— no security-parameter
[no] shutdown
tcp-mss mss-value
[no] tcp-mss
[no] urpf-check
mode {strict | loose | strict-no-ecmp}}
— no mode
load-balancing
egr-ip-load-balancing {source | destination | inner-ip}
— no egr-ip-load-balancing
[no] spi-load-balancing
[no] teid-load-balancing
[no] local-proxy-arp
[no] loopback
mac ieee-address
— no mac [ieee-address]
monitor-oper-group name
— no monitor-oper-group
[no] proxy-arp-policy
[no] ptp-hw-assist
qos-route-lookup [source | destination]
— no qos-route-lookup
[no] remote-proxy-arp
secondary ip-address[/mask] [netmask] [broadcast {all-ones | host-ones}] [igp-inhibit] [track-srrp srrp-instance]
— no secondary ip-address[/mask]
shcv-policy-ipv4 policy-name
— no shcv-policy-ipv4
[no] shutdown
static-arp ip-address ieee-address
— no static-arp ip-address [ieee-address]
static-tunnel-redundant-next-hop ip-address
— no static-tunnel-redundant-next-hop
tcp-mss mss-value
[no] tcp-mss
tos-marking-state {trusted | untrusted}
— no tos-marking-state
unnumbered [ip-int-name | ip-address]
— no unnumbered
[no] urpf-check
mode {strict | loose | strict-no-ecmp}}
— no mode
vas-if-type {to-from-access | to-from-network | to-from-both}
— no vas-if-type
vpls service-name
— no vpls
egress
reclassify-using-qos policy-id
— no reclassify-using-qos
v4-routed-override-filter ipv4-filter-id
— no v4-routed-override-filter
v6-routed-override-filter ipv6-filter-id
— no v6-routed-override-filter
ingress
v4-routed-override-filter ipv4-filter-id
— no v4-routed-override-filter
v6-routed-override-filter ipv6-filter-id
— no v6-routed-override-filter

3.8.1.10. Interface SAP Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id[create]
interface ip-int-name
interface ip-int-name [create] [tunnel]
— no interface ip-int-name
sap sap-id [create]
— no sap sap-id
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy [acct-policy-id]
anti-spoof {ip | mac | ip-mac}
— no anti-spoof
app-profile app-profile-name
— no app-profile
atm
egress
traffic-desc traffic-desc-profile-id
— no traffic-desc
encapsulation atm-encap-type
ingress
traffic-desc traffic-desc-profile-id
— no traffic-desc
oam
[no] alarm-cells
[no] periodic-loopback
bandwidth bandwidth
— no bandwidth
calling-station-id calling-station-id
— no calling-station-id
[no] collect-stats
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]] | [ip-src-monitoring]
— no cpu-protection
description long-description-string
— no description
dist-cpu-protection policy-name
— no dist-cpu-protection
egress
[no] agg-rate
[no] limit-unused-bandwidth
[no] queue-frame-based-accounting
rate kilobits-per-second
— no rate
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
[no] hsmda-queue-override
packet-byte-offset {add add-bytes | subtract sub-bytes}
— no packet-byte-offset
queue queue-id [create]
— no queue queue-id
mbs {[0..2625] [kilobytes] | [0..2688000] bytes | default }
— no mbs
rate pir-rate
— no rate
slope-policy hsmda-slope-policy-name
— no slope-policy
wrr-weight weight
— no wrr-weight
secondary-shaper secondary-shaper-name
— no secondary-shaper
wrr-policy hsmda-wrr-policy-name
— no wrr-policy
policer-control-override [create]
— no policer-control-override
max-rate {rate | max}
priority-mbs-thresholds
min-thresh-separation size [{bytes | kilobytes}]
[no] priority level
mbs-contribution size [{bytes | kilobytes}]
policer-control-policy policy-name
— no policer-control-policy
[no] policer-override
policer policer-id [create]
— no policer policer-id
cbs size [{bytes | kilobytes}]
— no cbs
mbs size [{bytes | kilobytes}]
— no mbs
packet-byte-offset {add add-bytes | subtract sub-bytes}
— no packet-byte-offset
percent-rate pir-percent [cir cir-percent]
— no percent-rate
rate {rate | max} [cir {max | rate}]
stat-mode stat-mode
— no stat-mode
[no] qinq-mark-top-only
qos policy-id [port-redirect-group queue-group-name instance instance-id]
— no qos [policy-id]
queue-group-redirect-list redirect-list-name
— no queue-group-redirect-list
[no] queue-override
hs-secondary-shaper policy-name
— no hs-secondary-shaper
hs-wrr-group group-id [create]
— no hs-wrr-group group-id
class-weight weight
— no class-weight
percent-rate percent
— no percent-rate
rate rate
— no rate
queue queue-id [create]
— no queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]adaptation-ruleavg-frame-overhead percentage
— no avg-frame-overhead
burst-limit size [bytes | kilobytes]
— no burst-limit
cbs size-in-kbytes
— no cbs
drop-tail low
percent-reduction-from-mbs percent
— no percent-reduction-from-mbs
hs-class-weight weight
— no hs-class-weight
hs-wred-queue policy slope-policy-name
— no hs-wred-queue
hs-wrr-weight weight
— no hs-wrr-weight
mbs size [{bytes | kilobytes}]
— no mbs
[no] monitor-depth
parent [weight weight] [cir-weight cir-weight]
— no parent
percent-rate pir-percent [cir cir-percent]
— no percent-rate
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler-override
scheduler scheduler-name [create]
— no scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
— no scheduler-policy
eth-cfm
collect-lmm-fc-stats
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
— no fc-in-profile
[no] collect-lmm-stats
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] interface-support-enable
alarm-notification
fng-alarm-time time
fng-reset-time time
[no] ccm-enable
ccm-ltm-priority priority
— no ccm-ltm-priority
ccm-padding-size ccm-padding
— no ccm-padding-size
[no] csf-enable
multiplier multiplier-value
— no multiplier
description description-string
— no description
[no] eth-test-enable
bit-error-threshold bit-errors
test-pattern {all-zeros | all-ones} [crc-enable]
— no test-pattern
fault-propagation-enable {use-if-tlv | suspend-ccm}
— no fault-propagation-enable
grace
eth-ed
max-rx-defect-window seconds
— no max-rx-defect-window
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
eth-vsm-grace
[no] rx-eth-vsm-grace
[no] tx-eth-vsm-grace
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
mac-address mac-address
— no mac-address
one-way-delay-threshold seconds
[no] shutdown
squelch-ingress-levels [md-level [md-level]]
— no squelch-ingress-levels
tunnel-fault [accept | ignore]
frame-relay
[no] frf-12
ete-fragment-threshold threshold
— no ete-fragment-threshold
[no] interleave
scheduling-class class-id
— no scheduling-class
fwd-wholesale
pppoe service-id
— no pppoe
host-lockout-policy policy-name
— no host-lockout-policy
[no] host-shutdown
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
match-qinq-dot1p {top | bottom}
— no match-qinq-dot1p
policer-control-override [create]
— no policer-control-override
max-rate {rate | max}
priority-mbs-thresholds
min-thresh-separation size [{bytes | kilobytes}]
[no] priority level
mbs-contribution size [{bytes | kilobytes}]
policer-control-policy policy-name
— no policer-control-policy
[no] policer-override
policer policer-id [create]
— no policer policer-id
cbs size [{bytes | kilobytes}]
— no cbs
mbs size [{bytes | kilobytes}]
— no mbs
packet-byte-offset add add-bytes
packet-byte-offset subtract sub-bytes
— no packet-byte-offset
percent-rate pir-percent [cir cir-percent]
— no percent-rate
rate {rate | max} [cir {max | rate}]
stat-mode stat-mode
— no stat-mode
qos policy-id [shared-queuing | multipoint-shared] [fp-redirect-group queue-group-name instance instance-id]
— no qos [policy-id]
queue-group-redirect-list redirect-list-name
— no queue-group-redirect-list
[no] queue-override
queue queue-id [create]
— no queue queue-id
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
cbs size-in-kbytes
— no cbs
drop-tail low
percent-reduction-from-mbs percent
— no percent-reduction-from-mbs
mbs size [{bytes | kilobytes}]
— no mbs
[no] monitor-depth
parent {[weight weight] [cir-weight cir-weight]
percent-rate pir-percent [cir cir-percent]
— no percent-rate
rate pir-rate [cir cir-rate]
— no rate
[no] scheduler-override
scheduler scheduler-name [create]
— no scheduler scheduler-name
parent [weight weight] [cir-weight cir-weight]
— no parent
rate pir-rate [cir cir-rate]
— no rate
scheduler-policy scheduler-policy-name
— no scheduler-policy
ip-tunnel name [create]
— no ip-tunnel name
backup-remote-ip ip-address
— no backup-remote-ip
[no] clear-df-bit
delivery-service service-id
delivery-service service-name
— no delivery-service
description description-string
— no description
[no] dest-ip ip-address
dscp dscp-name
— no dscp
encapsulated-ip-mtu octets
— no encapsulated-ip-mtu
gre-header
gre-header send-key send-key receive-key receive-key
— no gre-header
gre-header
icmp6-generation
packet-too-big
packet-too-big number [10..1000] seconds [1..60]
— no packet-too-big
ip-mtu octets
— no ip-mtu
private-tcp-mss-adjust octets
— no private-tcp-mss-adjust
public-tcp-mss-adjust auto
public-tcp-mss-adjust octets
— no public-tcp-mss-adjust
reassembly [wait-msecs]
— no reassembly
remote-ip ip-address
— no remote-ip
[no] shutdown
source ip-address
— no source
lag-link-map-profile lag-link-map-profile-id
— no lag-link-map-profile
lag-per-link-hash class {1 | 2 | 3} weight weight
— no lag-per-link-hash
multi-service-site customer-site-name
— no multi-service-site
[no] shutdown
static-host ip ip-address [mac ieee-address] [create]
static-host mac ieee-address [create]
— no static-host [ip ip-address] mac ieee-address
— no static-host all [force]
— no static-host ip ip-address
ancp-string ancp-string
— no ancp-string
app-profile app-profile-name
— no app-profile
inter-dest-id intermediate-destination-id
— no inter-dest-id
[no] shutdown
sla-profile sla-profile-name
— no sla-profile
sub-profile sub-profile-name
— no sub-profile
subscriber sub-ident
— no subscriber
[no] subscriber-sap-id
transit-policy {ip ip-aasub-policy-id | prefix prefix-aasub-policy-id}
— no transit-policy

3.8.1.11. Interface Spoke SDP Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] interface ip-int-name
spoke-sdp sdp-id :vc-id [vc-type vc-type] [create]
— no spoke-sdp sdp-id [:vc-id]
aarp aarpId type type
— no aarp
accounting-policy acct-policy-id
— no accounting-policy
app-profile app-profile-name
— no app-profile
[no] bfd-enable
bfd-template name
— no bfd-template
[no] collect-stats
[no] control-channel-status
[no] acknowledgment
refresh-timer value
— no refresh-timer
request-timer request-timer-secs retry-timer retry-timer-secs timeout-multiplier multiplier
— no request-timer
[no] shutdown
[no] control-word
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]] | [ip-src-monitoring]
— no cpu-protection
description description-string
— no description
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
qos network-policy-id port-redirect-group queue-group-name [instance instance-id]
— no qos [network-policy-id]
vc-label egress-vc-label
— no vc-label [egress-vc-label]
[no] entropy-label
eth-cfm
collect-lmm-fc-stats
fc fc-name [fc-name]
— no fc
fc-in-profile fc-name [fc-name]
— no fc-in-profile
[no] collect-lmm-stats
mep mep-id domain md-index association ma-index [direction {up | down}]
— no mep mep-id domain md-index association ma-index
[no] ais-enable
[no] interface-support-enable
alarm-notification
fng-alarm-time time
fng-reset-time time
[no] ccm-enable
ccm-ltm-priority priority
— no ccm-ltm-priority
ccm-padding-size ccm-padding
— no ccm-padding-size ccm-padding
[no] csf-enable
multiplier multiplier-value
— no multiplier
description description-string
— no description
[no] eth-test-enable
bit-error-threshold bit-errors
[no] test-pattern {all-zeros | all-ones} [crc-enable]
fault-propagation-enable {use-if-tlv | suspend-ccm}
— no fault-propagation-enable
grace
eth-ed
max-rx-defect-window seconds
— no max-rx-defect-window
priority priority
— no priority
[no] rx-eth-ed
[no] tx-eth-ed
eth-vsm-grace
[no] rx-eth-vsm-grace
[no] tx-eth-vsm-grace
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
mac-address mac-address
— no mac-address
one-way-delay-threshold seconds
[no] shutdown
squelch-ingress-levels [md-level [md-level]]
no squelch-ingress-levels
hash-label
hash-label signal-capability
— no hash-label
ingress {ip ip-filter-id}
filter ip ip-filter-id
filter ipv6 ipv6-filter-id}
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
qos
ingress network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] pw-path-id
agi attachment-group-identifier
— no agi
saii-type2 global-id:node-id:ac-id
— no saii-type2
taii-type2 global-id:node-id:ac-id
— no saii-type2
[no] shutdown
transit-policy ip ip-aasub-policy-id
transit-policy prefix prefix-aasub-policy-id
— no transit-policy

3.8.1.12. Interface VPLS Commands

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Layer 2 Services and EVPN Guide: VLL, VPLS, PBB, and EVPN for more information.

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
interface ip-interface-name [create]
— no interface ip-interface-name
vpls service-name
— no vpls
egress
reclassify-using-qos policy-id
— no reclassify-using-qos
v4-routed-override-filter ip-filter-id
— no v4-routed-override-filter
v6-routed-override-filter ipv6-filter-id
— no v6-routed-override-filter
ingress
v4-routed-override-filter ip-filter-id
— no v4-routed-override-filter
v6-routed-override-filter ipv6-filter-id
— no v6-routed-override-filter

3.8.1.13. Interface VRRP Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
interface ip-int-name
— ipv6
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
[no] backup ipv6-address
[no] bfd-enable interface interface-name dst-ip ip-address
[no] bfd-enable service-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name service-name
init-delay seconds
— no init-delay
mac mac-address
— no mac
[no] master-int-inherit
message-interval {[seconds] [milliseconds milliseconds]}
— no message-interval
[no] ntp-reply
oper-group group-name
— no oper-group
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] standby-forwarding
[no] telnet-reply
[no] traceroute-reply
vrrp virtual-router-id [owner] [passive]
— no vrrp virtual-router-id
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
— no authentication-key
[no] backup ip-address
[no] bfd-enable service-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name service-name
[no] bfd-enable interface interface-name dst-ip ip-address
init-delay seconds
— no init-delay
mac mac-address
— no mac
[no] master-int-inherit
message-interval {[seconds] [milliseconds milliseconds]}
— no message-interval
[no] ntp-reply
oper-group group-name
— no oper-group
[no] ping-reply
policy vrrp-policy-id
— no policy
[no] preempt
priority priority
— no priority
[no] shutdown
[no] ssh-reply
[no] standby-forwarding
[no] telnet-reply
[no] traceroute-reply

3.8.1.14. IS-IS Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] isis [isis-instance]
[no] advertise-passive-only
advertise-router-capability {area | as}
— no advertise-router-capability
all-l1isis ieee-address
— no all-l1isis
all-l2isis ieee-address
— no all-l2isis
[no] area-id area-address
auth-keychain name
[no] authentication-check
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
[no] csnp-authentication
default-route-tag tag
— no default-route-tag
export policy-name [policy-name]
— no export
export-limit number [log percentage]
— no export-limit
[no] graceful-restart
[no] helper-disable
[no] hello-authentication
hello-padding {none | adaptive | loose | strict}
— no hello-padding
[no] ignore-attached-bit
[no] ignore-lsp-errors
[no] ignore-narrow-metric
[no] iid-tlv-enable
import policy-name [policy-name]
— no import
[no] interface ip-int-name
bfd-enable {ipv4 | ipv6} [include-bfd-tlv]
— no bfd-enable
csnp-interval seconds
— no csnp-interval
[no] default-instance
hello-auth-keychain name
— no hello-auth-keychain
[no] hello-authentication
hello-authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
— no hello-authentication-key
hello-authentication-type {password | message-digest}
— no hello-authentication-type
hello-padding {none | adaptive | loose | strict}
— no hello-padding
interface-type {broadcast | point-to-point}
— no interface-type
[no] ipv4-multicast-disable
[no] ipv6-unicast-disable
level {1 | 2}
hello-auth-keychain name
— no hello-auth-keychain
hello-authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
— no hello-authentication-key
hello-authentication-type {password | message-digest}
— no hello-authentication-type
hello-interval seconds
— no hello-interval
hello-multiplier multiplier
— no hello-multiplier
hello-padding {none | adaptive | loose | strict}
— no hello-padding
ipv4-multicast-metric IPv4 multicast metric
— no ipv4-multicast-metric
ipv6-unicast-metric ipv6-metric
— no ipv6-unicast-metric
metric ipv4-metric
— no metric
[no] passive
priority number
— no priority
sd-offset sd-offset
— no sd-offset
sf-offset sf-offset
— no sf-offset
level-capability {level-1 | level-2 | level-1/2}
— no level-capability
lfa-policy-map route-nh-template template-name
— no lfa-policy-map
load-balancing-weight [weight]
— no load-balancing-weight
[no] loopfree-alternate-exclude
lsp-pacing-interval milliseconds
— no lsp-pacing-interval
mesh-group [value | blocked]
— no mesh-group
[no] passive
retransmit-interval seconds
— no retransmit-interval
[no] shutdown
tag tag
— no tag
ipv4-multicast-routing {native | mt}
— no ipv4-multicast-routing
[no] ipv4-routing
ipv6-routing {native | mt}
— no ipv6-routing
level level
[no] advertise-router-capability
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
[no] csnp-authentication
default-ipv4-multicast-metric ipv4 multicast metric
— no default-ipv4-multicast-metric
default-ipv6-multicast-metric
— no default-ipv6-multicast-metric
default-ipv6-unicast-metric ipv6 metric
— no default-ipv6-unicast-metric
default-metric ipv4 metric
— no default-metric
external-preference external-preference
— no external-preference
[no] hello-authentication
hello-padding {none | adaptive | loose | strict}
— no hello-padding
[no] loopfree-alternate-exclude
lsp-mtu-size size
— no lsp-mtu-size
[no] psnp-authentication
preference preference
— no preference
[no] wide-metrics-only
level-capability {level-1 | level-2 | level-1/2}
[no] link-group link-group name
description description-string
— no description
level {1 | 2}
ipv4-multicast-metric-offset offset-value
— no ipv4-multicast-metric-offset
ipv4-unicast-metric-offset offset-value
— no ipv4-unicast-metric-offset
ipv6-unicast-metric-offset offset-value
— no ipv6-unicast-metric-offset
[no] member interface-name
oper-members oper-members
— no oper-members
revert-members revert-members
— no revert-members
[no] loopfree-alternates
exclude
prefix-policy prefix-policy [prefix-policy]
— no prefix-policy
lsp-lifetime seconds
— no lsp-lifetime
lsp-minimum-remaining-lifetime seconds
— no lsp-minimum-remaining-lifetime
lsp-mtu-size size
— no lsp-mtu-size
lsp-refresh-interval [seconds] [half-lifetime {enable | disable}]
— no lsp-refresh-interval
[no] multi-topology
[no] ipv4-multicast
[no] ipv6-unicast
[no] multicast-import [ipv4]
overload [timeout seconds] [max-metric]
— no overload
[no] overload-export-external
[no] overload-export-interlevel
overload-on-boot [timeout seconds] [max-metric]
— no overload-on-boot
[no] poi-tlv-enable
[no] prefix-attributes-tlv
prefix-limit limit [log-only] [threshold percent] [overload-timeout {seconds | forever}]
[no] psnp-authentication
— no prefix-limit
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
— no reference-bandwidth
rib-priority high {prefix-list-name | tag tag}
— no rib-priority
router-id router-id
— no router-id
[no] shutdown
[no] standard-multi-instance
[no] strict-adjacency-check
summary-address {ip-prefix/mask | ip-prefix [netmask]} [level] [tag tag]
— no summary-address {ip-prefix/mask | ip-prefix [netmask]}
[no] suppress-attached-bit
system-id isis-system-id
— no system-id
[no] timers
lsp-wait lsp-wait [lsp-initial-wait initial-wait] [lsp-second-wait second wait]
— no lsp-wait
spf-wait spf-wait [spf-initial-wait initial-wait] [spf-second-wait second wait]
— no spf-wait
[no] unicast-import-disable [ipv4]
[no] unicast-import-disable [ipv6]
[no] unicast-import-disable [both]

3.8.1.15. L2TP Commands

Refer to the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide and 7450 ESS, 7750 SR, and VSR Triple Play Service Delivery Architecture Guide for more information.

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] l2tp
avp-hiding {sensitive | always}
— no avp-hiding
calling-number-format ascii-spec
— no calling-number-format
challenge {always}
— no challenge
cisco-nas-port [ethernet binary-spec] [atm binary-spec]
— no cisco-nas-port
destruct-timeout destruct-timeout
— no destruct-timeout
eth-tunnel
reconnect-timeout reconnect-timeout
— no reconnect-timeout
exclude-avps [calling-number] [initial-rx-lcp-conf-req]
— no exclude-avps
group tunnel-group-name [create]
group tunnel-group-name [create] [protocol protocol]
— no group tunnel-group-name
avp-hiding {sensitive | always | never}
— no avp-hiding
challenge {always | never}
— no challenge
description description-string
— no description
destruct-timeout destruct-timeout
— no destruct-timeout
eth-tunnel
reconnect-timeout reconnect-timeout
reconnect-timeout infinite
— no reconnect-timeout
hello-interval hello-interval
hello-interval infinite
— no hello-interval
idle-timeout idle-timeout
idle-timeout infinite
— no idle-timeout
l2tpv3
cookie-length {4 | 8 | default}
— no cookie-length
digest-type {default | md5 | sha1 | none}
— no digest-type
nonce-length {length | default}
— no nonce-length
password password [hash | hash2 | custom]
— no password
private-tcp-mss-adjust octets
private-tcp-mss-adjust default
— no private-tcp-mss-adjust
public-tcp-mss-adjust octets
public-tcp-mss-adjust default
— no public-tcp-mss-adjust
pw-cap-list {ethernet | ethernet-vlan} [{ethernet | ethernet-vlan}]
— no pw-cap-list
rem-router-id ip-addr
— no rem-router-id
[no] track-password-change
lns-group lns-group-id
— no lns-group
load-balance-method {per-session | per-tunnel}
— no load-balance-method
local-address ip-address
— no local-address
local-name host-name
— no local-name
max-retries-estab max-retries
— no max-retries-estab
max-retries-not-estab max-retries
— no max-retries-not-estab
password password [hash | hash2 | custom]
— no password
ppp
authentication {chap | pap | pref-chap | pref-pap}
authentication-policy auth-policy-name
— no authentication-policy
chap-challenge-length min length max length
— no chap-challenge-length
default-group-interface ip-int-name service-id service-id
default-group-interface ip-int-name service-name svc-name
— no default-group-interface
[no] ipcp-subnet-negotiation
keepalive seconds [hold-up-multiplier multiplier]
— no keepalive
[no] lcp-force-ack-accm
[no] lcp-ignore-magic-numbers
mtu mtu-bytes
— no mtu
[no] proxy-authentication
[no] proxy-lcp
[no] reject-disabled-ncp
user-db local-user-db-name
— no user-db
radius-accounting-policy policy-name
— no radius-accounting-policy
session-assign-method {existing-first | weighted | weighted-random}
— no session-assign-method
session-limit session-limit
session-limit unlimited
— no session-limit
tunnel tunnel-name [create]
— no tunnel tunnel-name
[no] auto-establish
avp-hiding {never | sensitive | always}
— no avp-hiding
challenge {always | never}
— no challenge
description description-string
— no description
destruct-timeout destruct-timeout
— no destruct-timeout
hello-interval hello-interval
hello-interval infinite
— no hello-interval
idle-timeout idle-timeout
idle-timeout infinite
— no idle-timeout
local-address ip-address
— no local-address
local-name host-name
— no local-name
max-retries-estab max-retries
— no max-retries-estab
max-retries-not-estab max-retries
— no max-retries-not-estab
password password [hash | hash2 | custom]
— no password
peer ip-address
— no peer
ppp
[no] ipcp-subnet-negotiation
[no] lcp-force-ack-accm
preference preference
— no preference
radius-accounting-policy policy-name
— no radius-accounting-policy
remote-name host-name
— no remote-name
session-limit session-limit
session-limit unlimited
— no session-limit
[no] shutdown
l2tpv3
cookie-length {4 | 8}
— no cookie-length
digest-type {md5 | sha1 | none}
— no digest-type
nonce-length length
— no nonce-length
password password [hash | hash2 | custom]
— no password
private-tcp-mss-adjust octets
— no private-tcp-mss-adjust
public-tcp-mss-adjust auto
public-tcp-mss-adjust octets
— no public-tcp-mss-adjust
transport-type ip
— no transport-type
peer-address-change-policy {accept | ignore | reject}
radius-accounting-policy policy-name
— no radius-accounting-policy
receive-window-size window-size
— no receive-window-size
rtm-debounce-time debounce-time
— no rtm-debounce-time
session-limit session-limit
session-limit unlimited
— no session-limit
[no] shutdown

3.8.1.16. Log Commands

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for information about configuring event and accounting logs.

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
log
[no] filter filter-id
default-action {drop | forward}
— no default-action
description description-string
— no description
[no] entry entry-id
action {drop | forward}
— no action
description description-string
— no description
[no] match
application {eq | neq} application-id
— no application
message {eq | neq} pattern pattern [regexp]
— no message
number {eq | neq | lt | lte | gt | gte} event-id
— no number
severity {eq | neq | lt | lte | gt | gte} severity-level
— no severity
subject {eq | neq} subject [regexp]
— no subject
[no] log-id log-id
description description-string
— no description
filter filter-id
— no filter
from [main] [security] [change] [debug-trace]
— no from
[no] shutdown
time-format {local | utc}
to snmp [size]
to syslog syslog-id
[no] snmp-trap-group log-id
description description-string
— no description
trap-target name address ip-address [port port] [snmpv1 | snmpv2c | snmpv3] notify-community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] [replay]
— no trap-target name
[no] syslog syslog-id
address ip-address
— no address
description description-string
— no description
facility syslog-facility
— no facility
level {emergency | alert | critical | error | warning | notice | info | debug}
log-prefix log-prefix-string
— no log-prefix
port port
— no port

3.8.1.17. Management Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
management [create]
— no management
[no] allow-ftp
[no] allow-grpc
[no] allow-netconf
[no] allow-ssh
[no] allow-telnet
[no] allow-telnet6

3.8.1.18. MLD Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] mld
[no] group-interface ip-int-name
mcac
if-policy if-policy-name
— no if-policy
mc-constraints
[no] shutdown
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
[no] interface ip-int-name
[no] disable-router-alert-check
import policy-name
— no import
max-groups [1..16000]
— no max-groups
max-grp-sources [1..32000]
— no max-grp-sources
max-sources [1..1000]
— no max-sources
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
level level-id bw bandwidth
— no level level-id
number-down number-lag-port-down level level-id
— no number-down
[no] shutdown
[no] use-lag-port-weight
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
query-interval seconds
— no query-interval
query-last-listener-interval seconds
— no query-last-listener-interval
query-response-interval seconds
— no query-response-interval
[no] shutdown
static
[no] group grp-ipv6-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
[no] source src-ipv6-address
[no] starg
version version
— no version
query-interval seconds
— no query-interval
query-last-listener-interval seconds
— no query-last-listener-interval
query-last-member-interval seconds
— no query-last-member-interval
query-response-interval seconds
— no query-response-interval
robust-count robust-count
— no robust-count
[no] shutdown
ssm-translate
[no] grp-range start end
[no] source src-ipv6-address

3.8.1.19. MSDP Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] msdp
active-source-limit number
— no active-source-limit
[no] data-encapsulation
export policy-name [policy-name]
— no export
[no] group group-name
active-source-limit number
— no active-source-limit
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
local-address address
— no local-address
mode {mesh-group | standard}
[no] peer peer-address
active-source-limit number
— no active-source-limit
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
— no authentication-key
[no] default-peer
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
local-address ip-address
— no local-address
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
[no] shutdown
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
[no] shutdown
import policy-name [policy-name]
— no import
local-address ip-address
— no local-address
[no] peer peer-address
active-source-limit number
— no active-source-limit
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
— no authentication-key
[no] default-peer
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
local-address address
— no local-address
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
[no] shutdown
receive-msdp-msg-rate number interval seconds [threshold number]
— no receive-msdp-msg-rate
rpf-table {rtable-m | rtable-u | both}
— no rpf-table
sa-timeout seconds
— no sa-timeout
[no] shutdown
[no] source unicast-ip-prefix/mask
active-source-limit number
— no active-source-limit

3.8.1.20. Multicast VPN Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
mvpn
[no] auto-discovery [default | mdt-safi] [source-address ip-address]
c-mcast-signaling {bgp | pim}
— no c-mcast-signaling
intersite-shared [persistent-type5-adv] [kat-type5-adv-withdraw]
— no intersite-shared
mdt-type {sender-receiver | sender-only | receiver-only}
— no mdt-type
provider-tunnel
inclusive
[no] bier
[no] shutdown
sub-domain sub-domain
— no sub-domain
bsr {unicast | spmsi}
— no bsr
[no] mldp
[no] shutdown
pim {asm | ssm} grp-ip-address
— no pim
hello-interval hello-interval
— no hello-interval
hello-multiplier deci-units
— no hello-multiplier
[no] improved-assert
[no] shutdown
[no] three-way-hello
[no] tracking-support
rsvp
[no] enable-bfd-leaf
enable-bfd-root transmit-interval [multiplier multiplier]
— no enable-bfd-root
lsp-template lsp-template
— no lsp-template
[no] shutdown
[no] wildcard-spmsi
selective
[no] auto-discovery-disable
[no] bier
[no] shutdown
sub-domain sub-domain
— no sub-domain
data-delay-interval value
— no data-delay-interval
data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
data-threshold c-grp-ipv6-addr/prefix-length s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
— no data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask}
— no data-threshold c-grp-ipv6-addr/prefix-length}
[no] enable-asm-mdt
[no] join-tlv-packing-disable
maximum-p2mp-spmsi range
— no maximum-p2mp-spmsi
[no] mldp
— no shutdown
multistream-spmsi index [create]
— no multistream-spmsi index
[no] group ip-address [/mask]
[no] source ip-address [/mask]
[no] source any
lsp-template lsp-template
— no lsp-template
mdt-pim mode {asm | ssm} group-address group-ip-address
— no mdt-pim
[no] shutdown
pim-ssm {grp-ip-address/mask | grp-ip-address netmask}
— no pim-asm
[no] rsvp
lsp-template lsp-template
— no lsp-template
— no shutdown
red-source-list
src-prefix ip-address/mask [ip-address/mask]
— no src-prefix ip-address/mask
ipv6
src-prefix ipv6-ip-address/prefix-length [ipv6-ip-address/prefix-length]
— no src-prefix ipv6-ip-address/prefix-length
rpf-select
[no] core-mvpn service-id
group-prefix ip-address/mask [ip-address/mask] [starg]
— no group-prefix ip-address/mask
umh-pe-backup
umh-pe ip-address standby ip-address
— no umh-pe ip-address
umh-selection {highest-ip| hash-based | tunnel-status | unicast-rt-pref}
— no umh-selection
vrf-export {unicast | policy-name [policy-name]}
— no vrf-export
vrf-import {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]}
— no vrf-import
vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}
— no vrf-target
export {unicast | ext-community}
import {unicast | ext-community}

3.8.1.21. Redundant Interface Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
redundant-interface ip-int-name [create]
— no redundant-interface ip-int-name
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
— no address
description long-description-string
— no description
hold-time
down ip seconds [init-only]
— no down ip
up ip seconds
— no up ip
ip-mtu octets
— no ip-mtu
[no] shutdown
spoke-sdp sdp-id:vc-id [create]
— no spoke-sdp sdp-id:vc-id
[no] control-channel-status
[no] acknowledgment
refresh-timer value
— no refresh-timer
request-timer timer1 retry-timer timer2 [timeout-multiplier multiplier]
— no request-timer
[no] shutdown
[no] control-word
description description-string
— no description
egress
filter [ip ip-filter-id]
— no filter
vc-label egress-vc-label
— no vc-label [egress-vc-label]
ingress
filter ip ip-filter-id
— no filter
vc-label ingress-vc-label
— no vc-label [ingress-vc-label]
[no] pw-path-id
agi agi
— no agi
saii-type2 global-id:node-id:ac-id
— no saii-type2
taii-type2 global-id:node-id:ac-id
— no saii-type2
[no] shutdown

3.8.1.22. RIP Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] rip
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
authentication-type {none | password | message-digest | message-digest-20}
— no authentication-type
[no] bfd-enable
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name]
— no export
export-limit number [log percentage]
— no export-limit
[no] group name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
authentication-type {none | password | message-digest | message-digest-20}
— no authentication-type
[no] bfd-enable
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
[no] neighbor ip-int-name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
authentication-type {none | password | message-digest | message-digest-20}
— no authentication-type
[no] bfd-enable
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
timers update timeout flush
— no timers
[no] unicast-address ip-address
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
timers update timeout flush
— no timers
import policy-name [policy-name]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
[no] propagate-metric
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
timers update timeout flush
— no timers
[no] ripng
[no] bfd-enable
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name]
— no export
export-limit number [log percentage]
— no export-limit
[no] group name
[no] bfd-enable
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
[no] neighbor ip-int-name
[no] bfd-enable
check-zero {enable | disable}
— no check-zero
description description-string
— no description
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
timers update timeout flush
— no timers
[no] unicast-address ipv6-address
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
timers update timeout flush
— no timers
import policy-name [policy-name]
— no import
message-size max-num-of-routes
— no message-size
metric-in metric
— no metric-in
metric-out metric
— no metric-out
preference preference
— no preference
receive receive-type
— no receive
send send-type
— no send
[no] shutdown
split-horizon {enable | disable}
— no split-horizon
timers update timeout flush
— no timers

3.8.1.23. Router Advertisement Commands

config
service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] router-advertisement
[no] dns-options
rdnss-lifetime {seconds | infinite}
— no rdnss-lifetime
server ipv6-address [ipv6-address]
— no server
[no] interface ip-int-name
current-hop-limit number
no current-hop-limit
[no] dns-options
[no] include-dns
rdnss-lifetime {seconds | infinite}
— no rdnss-lifetime
server ipv6-address [ipv6-address]
— no server
[no] managed-configuration
max-advertisement-interval seconds
no max-advertisement-interval
min-advertisement-interval seconds
no min-advertisement-interval
mtu mtu-bytes
no mtu
[no] other-stateful-configuration
[no] prefix ipv6-prefix/prefix-length
[no] autonomous
[no] on-link
preferred-lifetime {seconds | infinite}
no preferred-lifetime
valid-lifetime {seconds | infinite}
no valid-lifetime
reachable-time milli-seconds
no reachable-time
retransmit-time milli-seconds
no retransmit-time
router-lifetime seconds
no router-lifetime
[no] shutdown
[no] use-virtual-mac

3.8.1.24. NAT Commands

Refer to the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide for more information.

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] nat
inside
destination-prefix ip-prefix/length [nat-policy nat-policy-name]
no destination-prefix ip-prefix/length
dual-stack-lite
[no] address ipv6-address
tunnel-mtu mtu-bytes
— no tunnel-mtu
[no] shutdown
subscriber-prefix-length prefix-length
— no subscriber-prefix-length
l2-aware
[no] address ip-address/mask
nat-policy nat-policy-name
— no nat-policy
redundancy
peer ip-address
— no peer
steering-route ip-prefix/length
— no steering-route
outside
pool nat-pool-name [nat-group nat-group-id type pool-type [applications applications] [create]
— no pool nat-pool-name
address-range start-ip-addr end-ip-addr [create]
— no address-range start-ip-address end-ip-address
description description-string
— no description
[no] drain
description description-string
— no description
mode {auto | napt | one-to-one}
— no mode
port-forwarding-range range-end
— no port-forwarding-range
port-reservation blocks num-blocks
port-reservation ports num-ports
— no port-reservation
redundancy
export ip-prefix/length
— no export
follow router router-instance pool name
— no follow
monitor ip-prefix/length
— no monitor
[no] shutdown
subscriber-limit limit
— no subscriber-limit
watermarks high percentage-high low percentage-low
— no watermarks

3.8.1.25. Network Ingress Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
network
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
— no qos
[no] urpf-check

3.8.1.26. Network Interface Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
network-interface interface-name [create]
— no network-interface interface-name
address ip-address[/mask] [netmask] [broadcast {all-ones | host-ones}]
— no address
[no] allow-directed-broadcasts
arp-retry-timer timer-multiple
— no arp-retry-timer
arp-timeout seconds
— no arp-timeout
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
— no bfd
cflowd-parameters
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}] [sample-profile [profile-id]]
— no sampling {unicast | multicast}
cpu-protection policy-id
— no cpu-protection
description long-description-string
— no description
dist-cpu-protection policy-name
— no dist-cpu-protection
egress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
[no] enable-ingress-stats
hold-time
down ip seconds [init-only]
— no down ip
up ip seconds
— no up ip
icmp
[no] mask-reply
param-problem [number seconds]
— no param-problem
redirects [number seconds]
— no redirects
ttl-expired [number seconds]
— no ttl-expired
unreachables [number seconds]
— no unreachables
ingress
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
— no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
ip-mtu octets
— no ip-mtu
lag lag-id[:encap-val]
— no lag
lag-per-link-hash class {1 | 2 | 3} weight weight
— no lag-per-link-hash
load-balancing
egr-ip-load-balancing {source | destination | inner-ip}
— no egr-ip-load-balancing
lsr-load-balancing hashing-algorithm
— no lsr-load-balancing
[no] spi-load-balancing
[no] teid-load-balancing
[no] loopback
mac ieee-address
— no mac
qos network-policy-id
qos network-policy-id egress-port-redirect-group queue-group-name egress-instance instance-id ingress-fp-redirect-group queue-group-name ingress-instance instance-id
qos network-policy-id egress-port-redirect-group queue-group-name egress-instance instance-id
qos network-policy-id ingress-fp-redirect-group queue-group-name ingress-instance instance-id
— no qos
secondary {ip-address/mask | ip-address netmask} [broadcast all-ones | host-ones] [igp-inhibit]
— no secondary {ip-address/mask | ip-address netmask}
[no] shutdown
static-arp ip-address ieee-mac-address
— no static-arp ip-address
tcp-mss mss-value
— no tcp-mss
tos-marking-state {trusted | untrusted}
— no tos-marking-state
[no] urpf-check
mode {strict | loose | strict-no-ecmp}

3.8.1.27. NTP Commands

The ntp-server command is not supported in the vprn ntp context. When NTP is configured in a VPRN service, the NTP server mode is assumed and is not optional.

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] ntp
[no] authenticate
[no] authentication-check
authentication-key key-id key key [hash | hash2 | custom] type {des | message-digest}
— no authentication-key key-id
broadcast {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]
— no broadcast {interface ip-int-name}

3.8.1.28. OSPF Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
ospf [router-id]
— no ospf
advertise-router-capability {link | area | as}
— no advertise-router-capability
[no] area area-id
advertise-ne-profile name
— no advertise-ne-profile
[no] advertise-router-capability
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
[no] blackhole-aggregate
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
interface ip-int-name [secondary]
— no interface ip-int-name
[no] advertise-router-capability
[no] advertise-subnet
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
bfd-enable [remain-down-on-failure]
— no bfd-enable
dead-interval seconds
— no dead-interval
hello-interval seconds
— no hello-interval
interface-type {broadcast | point-to-point | non-broadcast}
— no interface-type
lfa-policy-map route-nh-template template-name
— no lfa-policy-map
load-balancing-weight [weight]
— no load-balancing-weight
[no] loopfree-alternate-exclude
lsa-filter-out [all | except-own-rtrlsa | except-own-rtrlsa-and-defaults]
— no lsa-filter-out
message-digest-key key-id md5 [key | hash-key | hash2-key | custom-key] [hash | hash2 | custom]
— no message-digest-key key-id
metric metric
— no metric
mtu bytes
— no mtu
[no] neighbor ipv4-address
[no] passive
poll-interval seconds
— no poll-interval
priority number
— no priority
retransmit-interval seconds
— no retransmit-interval
[no] rib-priority
[no] shutdown
transit-delay seconds
— no transit-delay
[no] loopfree-alternate-exclude
[no] nssa
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
originate-default-route [type-nssa] [adjacency-check]
— no originate-default-route
[no] redistribute-external
[no] summaries
[no] sham-link ip-int-name ip-address
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
dead-interval seconds
— no dead-interval
hello-interval seconds
— no hello-interval
message-digest-key key-id md5 {key | hash-key | hash2-key | custom-key} [hash | hash2 | custom]
— no message-digest-key key-id
metric metric
— no metric
retransmit-interval seconds
— no retransmit-interval
[no] shutdown
transit-delay seconds
— no transit-delay
[no] stub
default-metric metric
— no default-metric
[no] summaries
[no] virtual-link router-id transit-area area-id
auth-keychain name
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
— no authentication-key
authentication-type {password | message-digest}
— no authentication-type
dead-interval seconds
— no dead-interval
hello-interval seconds
— no hello-interval
message-digest-key key-id md5 {key | hash-key | hash2-key | custom-key} [hash | hash2 | custom]
— no message-digest-key key-id
retransmit-interval seconds
— no retransmit-interval
[no] shutdown
transit-delay seconds
— no transit-delay
[no] compatible-rfc1583
export policy-name [policy-name]
— no export
export-limit number [log percentage]
— no export-limit
external-db-overflow limit seconds
— no external-db-overflow
external-preference preference
— no external-preference
[no] graceful-restart
[no] helper-disable
[no] strict-lsa-checking
[no] ignore-dn-bit
import policy-name [policy-name]
— no import
[no] ignore-dn-bit
[no] loopfree-alternates
exclude
prefix-policy prefix-policy [prefix-policy]
— no prefix-policy
[no] loopfree-alternates
[no] multicast-import
overload [timeout seconds]
no overload
[no] overload-include-ext-1
[no] overload-include-ext-2
[no] overload-include-stub
overload-on-boot [timeout seconds]
no overload-on-boot
preference preference
— no preference
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
— no reference-bandwidth
rib-priority prefix-list-name
— no rib-priority
router-id ip-address
— no router-id
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent]
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout forever
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout seconds
— no rtr-adv-lsa-limit
[no] shutdown
[no] super-backbone
[no] suppress-dn-bit
timers
incremental-spf-wait incremental-spf-wait
— no incremental-spf-wait
lsa-accumulate lsa-accum-time
— no lsa-accumulate
lsa-arrival lsa-arrival-time
— no lsa-arrival
lsa-generate max-lsa-wait [lsa-initial-wait lsa-initial-wait [lsa-second-wait lsa-second-wait]]
— no lsa-generate
redistribute-delay redist-wait
— no redistribute-delay
spf-wait max-spf-wait [spf-initial-wait spf-initial-wait] [spf-second-wait spf-second-wait]
— no spf-wait
[no] unicast-import-disable
vpn-domain id {0005 | 0105 | 0205 | 8005}
— no vpn-domain
vpn-tag vpn-tag
— no vpn-tag
ospf3 [instance-id] [router-id]
[no] ospf3 instance-id
advertise-router-capability {link | area | as}
— no advertise-router-capability
[no] area area-id
[no] advertise-router-capability
area-range ip-prefix/mask [advertise | not-advertise]
— no area-range ip-prefix/mask
[no] blackhole-aggregate
export policy-name [policy-name]
— no export
import policy-name [policy-name]
— no import
interface ip-int-name [secondary]
— no interface ip-int-name
[no] advertise-router-capability
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
— no authentication
bfd-enable [remain-down-on-failure]
— no bfd-enable
dead-interval seconds
— no dead-interval
hello-interval seconds
— no hello-interval
interface-type {broadcast | point-to-point | non-broadcast}
— no interface-type
lfa-policy-map route-nh-template template-name
— no lfa-policy-map
load-balancing-weight [weight]
— no load-balancing-weight
[no] loopfree-alternate-exclude
lsa-filter-out [all | except-own-rtrlsa | except-own-rtrlsa-and-defaults]
— no lsa-filter-out
metric metric
— no metric
mtu mtu-bytes
— no mtu
[no] neighbor ipv6-address
[no] passive
poll-interval seconds
— no poll-interval
priority number
— no priority
retransmit-interval seconds
— no retransmit-interval
rib-priority prefix-list-name
— no rib-priority
[no] shutdown
transit-delay seconds
— no transit-delay
key-rollover-interval key-rollover-interval
[no] loopfree-alternate-exclude
[no] nssa
area-range [ip-prefix/mask | ipv6-prefix/prefix-length] [advertise | not-advertise]
— no area-range {ip-prefix/mask | ipv6-prefix/prefix-length}
originate-default-route [type-nssa] [adjacency-check]
— no originate-default-route
[no] redistribute-external
[no] summaries
[no] stub
default-metric metric
— no default-metric
[no] summaries
[no] virtual-link router-id transit-area area-id
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
— no authentication
dead-interval seconds
— no dead-interval
hello-interval seconds
— no hello-interval
retransmit-interval seconds
— no retransmit-interval
[no] shutdown
transit-delay seconds
— no transit-delay
export policy-name [policy-name]
— no export
export-limit number [log percentage]
— no export-limit
external-db-overflow limit seconds
— no external-db-overflow
external-preference preference
— no external-preference
[no] graceful-restart
[no] helper-disable
[no] strict-lsa-checking
[no] ignore-dn-bit
import policy-name [policy-name]
— no import
[no] loopfree-alternates
exclude
prefix-policy prefix-policy [prefix-policy]
— no prefix-policy
[no] multicast-import
overload [timeout seconds]
no overload
[no] overload-include-ext-1
[no] overload-include-ext-2
[no] overload-include-stub
overload-on-boot [timeout seconds]
no overload-on-boot
preference preference
— no preference
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
— no reference-bandwidth
rib-priority prefix-list-name
— no rib-priority
router-id ip-address
— no router-id
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent]
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout forever
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout seconds
— no rtr-adv-lsa-limit
[no] shutdown
[no] suppress-dn-bit
timers
incremental-spf-wait inc-spf-wait
— no incremental-spf-wait
lsa-accumulate lsa-accum-time
— no lsa-accumulate
lsa-arrival lsa-arrival-time
— no lsa-arrival
lsa-generate max-lsa-wait [lsa-initial-wait lsa-initial-wait [lsa-second-wait lsa-second-wait]]
— no lsa-generate
redistribute-delay redist-wait
— no redistribute-delay
spf-wait max-spf-wait [spf-initial-wait spf-initial-wait] [spf-second-wait spf-second-wait]
— no spf-wait
[no] unicast-import-disable

3.8.1.29. PIM Configuration Commands

config
— service
vprn service-id [customer customer-id] [create]
— no vprn service-id
[no] pim
[no] apply-bgp-nh-override
apply-to {all | none}
[no] grt-extranet
group-prefix ip-address/mask [ip-address/mask] [starg]
group-prefix any
— no group-prefix ip-address/mask
— no group-prefix any
import {join-policy | register-policy} policy-name [policy-name]
— no import {join-policy | register-policy}
[no] interface ip-int-name
assert-period assert-period
— no assert-period
[no] bfd-enable [ipv4 | ipv6]
[no] bsm-check-rtr-alert
hello-interval hello-interval
— no hello-interval
hello-multiplier deci-units
— no hello-multiplier
[no] improved-assert
[no] instant-prune-echo
[no] ipv4-multicast-disable
[no] ipv6-multicast-disable
max-groups value
— no max-groups
mcac
if-policy mcac-if-policy-name
— no if-policy
mc-constraints
level level-id bw bandwidth
— no level level-id
number-down number-lag-port-down level level-id
— no number-down number-lag-port-down
[no] shutdown
[no] use-lag-port-weight
policy policy-name
— no policy
unconstrained-bw bandwidth mandatory-bw mandatory-bw
— no unconstrained-bw
monitor-oper-group group-name family {ipv4 | ipv6} add [1..4294967295]
monitor-oper-group group-name family {ipv4 | ipv6} set [1..4294967295]
monitor-oper-group group-name family {ipv4 | ipv6} subtract [1..4294967295]
— no monitor-oper-group [family {ipv4 | ipv6}]
multicast-senders {auto | always | never}
— no multicast-senders
[no] p2mp-ldp-tree-join [ipv4] [ipv6]
priority dr-priority
— no priority
[no] shutdown
sticky-dr [priority dr-priority]
— no sticky-dr
[no] three-way-hello
[no] tracking-support
[no] ipv4-multicast-disable
[no] ipv6-multicast-disable
[no] mc-ecmp-balance
mc-ecmp-balance-hold minutes
— no mc-ecmp-balance-hold
mc-ecmp-hashing-enabled [rebalance]
— no mc-ecmp-hashing-enabled
mtu-over-head mtu-value
— no mtu-over-head
[no] non-dr-attract-traffic
rp
[no] anycast rp-ip-address
[no] rp-set-peer ip-address
[no] auto-rp-discovery
bootstrap-export policy-name [policy-name]
— no bootstrap-export
bootstrap-import policy-name [policy-name]
— no bootstrap-import
bsr-candidate
address ip-address
— no address
hash-mask-len hash-mask-length
— no hash-mask-len
priority bootstrap-priority
— no priority
[no] shutdown
ipv6
[no] anycast ipv6-address
[no] rp-set-peer ipv6-address
bsr-candidate
address ipv6-address
[no] address
hash-mask-len hash-mask-length
[no] hash-mask-len
priority bootstrap-priority
— no priority
[no] shutdown
[no] embedded-rp
[no] group-range grp-ipv6-address/prefix-length
[no] shutdown
rp-candidate
address ipv6-address
— no address
[no] group-range grp-ipv6-address/prefix-length
holdtime holdtime
— no holdtime 
priority priority
— no priority
[no] shutdown
static
[no] address ipv6-address
[no] group-prefix grp-ipv6-address/prefix-length
[no] override
rp-candidate
address ip-address
— no address
[no] group-range {grp-ip-address/mask | grp-ip-address [netmask]}
holdtime holdtime
— no holdtime 
priority priority
— no priority
[no] shutdown
static
[no] address ip-address
[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}
[no] override
rpf-table {rtable-m | rtable-u | both}
— no rpf-table
rpf6-table {rtable6-m | rtable6-u | both}
— no rpf6-table
[no] shutdown
spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold
spt-switchover-threshold grp-ipv6-addr/prefix-length spt-threshold
— no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}
— no spt-switchover-threshold grp-ipv6-addr/prefix-length
ssm-assert-compatible-mode [enable | disable]
ssm-default-range-disable ipv4
[no] ssm-groups
[no] group-range {grp-ip-address/mask | grp-ip-address netmask}

3.8.2. Command Descriptions

3.8.2.1. Generic Commands

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn
config>service>vprn>aaa>remote-servers>radius
config>service>vprn>aarp-interface
config>service>vprn>aarp-interface>spoke-sdp
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>gsmp
config>service>vprn>gsmp>group
config>service>vprn>gsmp>group>neighbor
config>service>vprn>igmp
config>service>vprn>igmp-trk
config>service>vprn>igmp>grp-if>mcac>mc-constraints
config>service>vprn>igmp>if
config>service>vprn>igmp>if>mcac
config>service>vprn>igmp>if>mcac>mc-constraints
config>service>vprn>if
config>service>vprn>if>ipv6>vrrp
config>service>vprn>if>sap
config>service>vprn>if>sap>static-host
config>service>vprn>if>sap>ipsec-tunnel
config>service>vprn>if>vrrp
config>service>vprn>isis
config>service>vprn>isis>if
config>service>vprn>l2tp
config>service>vprn>l2tp>tunnel
config>service>vprn>l2tpv3
config>service>vprn>log>log-id
config>service>vprn>mld>grp-if>mcac>mc-constraints
config>service>vprn>mld>if>mcac>mc-constraints
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
config>service>vprn>mvpn>provider-tunnel>inclusive>pim
config>service>vprn>ntp
config>service>vprn>nw-if
config>service>vprn>nw-if>eth-cfm>mep
config>service>vprn>ospf
config>service>vprn>ospf>area>if
config>service>vprn>ospf3
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf>area>sham-link
config>service>vprn>pim
config>service>vprn>pim>if
config>service>vprn>pim>if>mcac>mc-constraints
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>ipv6>bsr-candidate
config>service>vprn>pim>rp>ipv6>embedded-rp
config>service>vprn>pim>rp>ipv6>rp-candidate
config>service>vprn>red-if
config>service>vprn>red-if>spoke-sdp
config>service>vprn>red-if>spoke-sdp>control-channel-status
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>router-advert>if
Description 

This command administratively disables an entity. When disabled, an entity does not change, reset, or remove any configuration settings or statistics.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

Services are created in the administratively down (shutdown) state. When a no shutdown command is entered, the service becomes administratively up and then tries to enter the operationally up state. Default administrative states for services and service entities is described below in Special Cases.

The no form of this command places the entity into an administratively enabled state.

If the AS number was previously changed, the BGP AS number inherits the new value.

Special Cases 
Service Admin State—
Bindings to an SDP within the service will be put into the out-of-service state when the service is shutdown. While the service is shutdown, all customer packets are dropped and counted as discards for billing and debugging purposes.

A service is regarded as operational providing that one IP Interface SAP and one SDP is operational.

VPRN BGP and RIP—
This command disables the BGP or RIP instance on the given IP interface. Routes learned from a neighbor that is shutdown are immediately removed from the BGP or RIP database and RTM. If BGP or RIP is globally shutdown, then all RIP group and neighbor interfaces are shutdown operationally. If a BGP or RIP group is shutdown, all member neighbor interfaces are shutdown operationally. If a BGP or RIP neighbor is shutdown, just that neighbor interface is operationally shutdown.

description

Syntax 
description description-string
no description
Context 
config>service>vprn>aarp-interface>spoke-sdp
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
config>service>vprn>l2tp
config>service>vprn>red-if>spoke-sdp
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
config>service>vprn>spoke-sdp
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
string—
Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

description

Syntax 
description description-string
no description [description-string]
Context 
config>service>vprn
config>service>vprn>if>sap>ip-tunnel
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
string—
Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

description

Syntax 
description long-description-string
no description
Context 
config>service>vprn>aarp-interface
config>service>vprn>if
config>service>vprn>if>sap
config>service>vprn>nw-if
config>service>vprn>red-if
Description 

This command creates a text description stored in the configuration file for a configuration context.

The description command associates a text string with a configuration context to help identify the content in the configuration file.

The no form of this command removes the string from the configuration.

Default 

no description

Parameters 
string—
Specifies the description character string. Allowed values are any string up to 255 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

3.8.2.2. Global Commands

vprn

Syntax 
vprn service-id [name name] [customer customer-id] [create]
no vprn service-id
Context 
config>service
Description 

This command creates or edits a Virtual Private Routed Network (VPRN) service instance.

If the service-id does not exist, a context for the service is created. If the service-id exists, the context for editing the service is entered.

VPRN services allow the creation of customer-facing IP interfaces in the same routing instance used for service network core routing connectivity. VPRN services require that the IP addressing scheme used by the subscriber must be unique between it and other addressing schemes used by the provider and potentially the entire Internet.

IP interfaces defined within the context of an VPRN service ID must have a SAP created as the access point to the subscriber network.

When a service is created, the customer keyword and customer-id must be specified and associates the service with a customer. The customer-id must already exist having been created using the customer command in the service context. When a service is created with a customer association, it is not possible to edit the customer association. The service must be deleted and re-created with a new customer association.

When a service is created, the use of the customer customer-id is optional to navigate into the service configuration context. Attempting to edit a service with the incorrect customer-id results in an error.

Multiple VPRN services are created to separate customer-owned IP interfaces. More than one VPRN service can be created for a single customer ID. More than one IP interface can be created within a single VPRN service ID. All IP interfaces created within a VPRN service ID belong to the same customer.

The no form of this command deletes the VPRN service instance with the specified service-id. The service cannot be deleted until all the IP interfaces and all routing protocol configurations defined within the service ID have been shutdown and deleted.

Parameters 
service-id—
The unique service identification number or string identifying the service in the service domain. This ID must be unique to this service and may not be used for any other service of any type. The service-id must be the same number used for every 7750 SR on which this service is defined.
Values—

service-id:

1 to 2147483647

svc-name:

64 characters maximum

 

name name—
Configures an optional service name identifier, up to 64 characters, to a given service. This service name can then be used in configuration references, display, and show commands throughout the system. A defined service name can help the service provider or administrator to identify and manage services within the SR OS platforms.

To create a service, you must assign a service ID; however, after it is created, either the service ID or the service name can be used to identify and reference a service.

If a name is not specified at creation time, then SR OS assigns a string version of the service-id as the name.

Values—
name: 64 characters maximum

 

customer customer-id —
Specifies an existing customer identification number to be associated with the service. This parameter is required on service creation and optional for service editing or deleting.
Values—
1 to 2147483647

 

create—
Keyword used to create the interface.

aggregate

Syntax 
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [black-hole [generate-icmp]] [community comm-id [comm-id] [local-preference local-pref]] [description description] [tunnel-group tunnel-group-id]
aggregate ip-prefix/ip-prefix-length [summary-only] [as-set] [aggregator as-number:ip-address] [discard-component-communities] [community comm-id [comm-id]] [indirect ip-address] [local-preference local-pref]] [description description] [tunnel-group tunnel-group-id]
no aggregate ip-prefix/ip-prefix-length
Context 
config>service>vprn
Description 

This command creates an aggregate route. Use this command to automatically install an aggregate route in the routing table when there are one or more component routes. A component route is any route used for forwarding that is a more specific match of the aggregate.

The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers, leading to smaller routing table sizes.

Overlapping aggregate routes may be configured; in this case a route becomes a component of only the one aggregate route with the longest prefix match. For example if one aggregate is configured as 10.0.0.0/16 and another as 10.0.0.0/24, then route 10.0.128/17 would be aggregated into 10.0.0.0/16, and route 10.0.0.128/25 would be aggregated into 10.0.0.0/24. If multiple entries are made with the same prefix and the same mask the previous entry is overwritten.

A list of up to 12 BGP communities (any mix of standard, extended, and large communities) may be associated with an aggregate route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the aggregate route.

By default, aggregate routes are not installed in the forwarding table, however there are configuration options that allow an aggregate route to be installed with a black-hole next hop or with an indirect IP address as next hop.

Aggregate routes can be advertised via MP-BGP to other PEs within the network. Aggregate routes advertised using MP-BGP do not include aggregated BGP path attributes from the component routes which were used to activate the aggregate route. The aggregate route will be advertised with the minimal set of path attributes as if the aggregate was originated by the advertising routes. Export route policies should be used to control and modify the advertisement and path attributes of the aggregate routes.

The no form of this command removes the aggregate.

Default 

no aggregate

Parameters 
ip-prefix—
The destination address of the aggregate route in dotted decimal notation.
Values—

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

the ipv6-prefix and ipv6-prefix-length apply only to the 7750 SR and 7950 XRS
the mask associated with the network address expressed as a mask length
Values: 0 to 32

 

summary-only—
This optional parameter suppresses advertisement of more specific component routes for the aggregate.

To remove the summary-only option, enter the same aggregate command without the summary-only parameter.

as-set—
This optional parameter is only applicable to BGP and creates an aggregate where the path advertised for this route will be an AS_SET consisting of all elements contained in all paths that are being summarized. Use this feature carefully as it can increase the amount of route churn due to best path changes.
aggregator as-number:ip-address
This optional parameter specifies the BGP aggregator path attribute to the aggregate route. When configuring the aggregator, a two-octet AS number used to form the aggregate route must be entered, followed by the IP address of the BGP system that created the aggregate route.
discard-component-communities —
This optional keyword causes the aggregate to be advertised with only the configured BGP community set, none of the communities from the component routes activating the aggregate are included. (Component attributes are never included in aggregate routes advertised to other PE routers via MP-BGP).
black-hole—
This optional parameter installs the aggregate route, when activated, in the FIB with a black-hole next-hop, where packets matching this route are discarded.
generate-icmp—
This optional parameter keyword generates an ICMP.
community—
This configuration option associates a BGP community with the aggregate route. The community can be matched in route policies and is automatically added to BGP routes exported from the aggregate route.
comm-id—
Specifies a BGP community value, up to 72 characters.
Values—
[as-num:comm-val | well-known-comm | ext-comm | large-comm]
where:
  1. as-num — 0 to 65535
  2. comm-val — 0 to 65535
  3. well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole
  4. ext-comm — the extended community, defined as one of the following:
    1. {target | origin}:ip-address:comm-val
    2. {target | origin}:asnum:ext-comm-val
    3. {target | origin}:ext-asnum:comm-val
    4. bandwidth:asnum:val-in-mbps
    5. ext:4300:ovstate
    6. ext:value1:value2
    7. color:co-bits:color-value
    where:
    1. target — route target
    2. origin — route origin
    3. ip-address — a.b.c.d
    4. ext-comm-val — 0 to 4294967295
    5. ext-asnum — 0 to 4294967295
    6. val-in-mbps — 0 to 16777215
    7. ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)
    8. value1 — 0000 to FFFF
    9. value2 — 0 to FFFFFFFFFFFF
    10. co-bits — 00, 01, 10 or 11
    11. color-value — 0 to 4294967295
  5. large-commasn-or-ex:val-or-ex:val-or-ex

 

description
Specifies a text description stored in the configuration file for a configuration context.
local-preference
Specifies a BGP local-preference value with the aggregate route. The local-preference overrides the default local preference value of a BGP route originated by exporting the aggregate route.
Values—
0 to 4294967295

 

indirect ip-address
This configuration option specifies that the aggregate route should be installed in the FIB with a next-hop taken from the route used to forward packets to ip-address.
Values—

ipv4-prefix

a.b.c.d

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

The ipv6-prefix applies only to the 7750 SR and 7950 XRS.

 

tunnel-group-id—
Specifies that the MC-IPsec state of the specific tunnel-group is added to the aggregate route.
Values—
1 to 16

 

allow-export-bgp-vpn

Syntax 
[no] allow-export-bgp-vpn
Context 
config>service>vprn
Description 

This command allows routes leaked from another local VPRN service to be re-exported by this VPRN in the form of new VPN-IP routes. The service label, route targets, and BGP next-hop of the re-advertised routes are based on the configuration and default values of the re-exporting VPRN.

When re-exporting leaked routes, the following restrictions apply.

  1. The allow-export-bgp-vpn command is not configurable in combination with any of the following commands: carrier-carrier-vpn (CSC), label-mode next-hop (LPN), type {hub | spoke | subscriber-split-horizon}, redundant-interface, and export-inactive-bgp.
  2. Re-exported routes always have the per-VRF label of the exporting VPRN; label-per-prefix advertisement is not supported.
  3. The best-external (inactive BGP) routes leaked by another VPRN cannot be re-exported by a VPRN configured with allow-export-bgp-vpn.
Caution:

When a VPRN configured with allow-export-bgp-vpn advertises a leaked route, the split-horizon context is lost. A re-exported route can be easily advertised back to the sending peer unless this is blocked by BGP export policies. This can cause route flaps or other similar instability.

If the no form of this command is configured, leaked routes cannot be re-advertised as VPN-IP routes; they can only be re-advertised to PE-CE BGP peers of the VPRN.

Default 

no allow-export-bgp-vpn

auto-bind-tunnel

Syntax 
auto-bind-tunnel
Context 
config>service>vprn
Description 

This command enters the context to configure automatic binding of a VPRN service using tunnels to MP-BGP peers.

The auto-bind-tunnel node is simply a context to configure the binding of VPRN routes to tunnels. The user must configure the resolution option to enable auto-bind resolution to tunnels in TTM. If the resolution option is explicitly set to disabled, the auto-binding to tunnel is removed.

If resolution is set to any, any supported tunnel type in VPRN context will be selected following TTM preference. If one or more explicit tunnel types are specified using the resolution-filter option, then only these tunnel types will be selected again following the TTM preference.

The user must set resolution to filter to activate the list of tunnel-types configured under resolution-filter.

When an explicit SDP to a BGP next-hop is configured in a VPRN service (config>service>vprn>spoke-sdp), it overrides the auto-bind-tunnel selection for that BGP next-hop only. There is no support for reverting automatically to the auto-bind-tunnel selection if the explicit SDP goes down. The user must delete the explicit spoke-sdp in the VPRN service context to resume using the auto-bind-tunnel selection for the BGP next-hop.

ecmp

Syntax 
ecmp max-ecmp-routes
no ecmp
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the maximum number of tunnels that may be used as ECMP next-hops for the VPRN. This value overrides any values that have been configured using the config>service>vprn>ecmp command.

The no form of this command removes the configured overriding value, and the value configured using the config>service>vprn>ecmp command will be used.

Default 

no ecmp

Parameters 
max-ecmp-routes—
Specifies the maximum number of tunnels that may be used as ECMP next-hops for the VPRN.
Values—
1 to 32

 

Default—
1

enforce-strict-tunnel-tagging

Syntax 
[no] enforce-strict-tunnel-tagging
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command forces the system to only consider LSPs marked with an admin-tag for next hop resolution. Untagged LSPs are not be considered.

The no form of this command reverts to the default behavior. While tagged RSVP and SR-TE LSPs are considered first, the system can fall back to using untagged LSP of other types and not exclude them as per the auto-bind-tunnel configuration.

Default 

no enforce-strict-tunnel-tagging

resolution

Syntax 
resolution {any | filter | disabled}
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the resolution mode in the automatic binding of a VPRN service to tunnels to MP-BGP peers.

Parameters 
any—
Enables the binding to any supported tunnel type in VPRN context following TTM preference.
filter—
Enables the binding to the subset of tunnel types configured under resolution-filter.
disabled—
Disables the automatic binding of a VPRN service to tunnels to MP-BGP peers.

resolution-filter

Syntax 
resolution-filter
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command configures the subset of tunnel types that can be used in the resolution of VPRN prefixes within the automatic binding of VPRN service to tunnels to MP-BGP peers.

The following tunnel types are supported in a VPRN context in order of preference: RSVP, SR-TE, GRE, RIB-API, LDP, SR-ISIS, SR-OSPF, SR-policy, BGP, and UDP.

bgp

Syntax 
[no] bgp
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the BGP tunnel type for the auto bind tunnel.

The bgp value instructs BGP IP-VPN to search for a BGP LSP to the address of the BGP next hop. If the user does not enable the BGP tunnel type, inter-area or inter-as prefixes will not be resolved.

gre

Syntax 
[no] gre
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the tunnel type for the auto bind tunnel.

The gre encapsulation of the MPLS service packet uses the base 4-byte header as per RFC 2890. The optional fields Checksum (plus Reserved field), Key, and Sequence Number are not inserted.

ldp

Syntax 
[no] ldp
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the LDP type for the auto bind tunnel.

The ldp value instructs BGP to search for an LDP LSP with a FEC prefix corresponding to the address of the BGP next hop.

mpls-fwd-policy

Syntax 
[no] mpls-fwd-policy
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting MPLS forwarding policy for the auto bind tunnel

The mpls-fwd-policy value instructs BGP to use the MPLS forwarding policy tunnel type to resolve the next hop of BGP VPN-IPv4 and VPN-IPv6 prefixes.

rib-api

Syntax 
[no] rib-api
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the RIB-API tunnel type for the auto bind tunnel.

The rib-api value allows tunnels programmed using the RibApi gRPC service for use in resolving the next hops of VPN-IPv4 and VPN-IPv6 routes imported into the VPRN service.

rsvp

Syntax 
[no] rsvp
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the RSVP-TE type for the auto bind tunnel.

The rsvp value instructs BGP to search for the best metric RSVP LSP to the address of the BGP next hop. This address can correspond to the system interface or to another loopback interface used by the BGP instance on the remote node. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple RSVP LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

sr-isis

Syntax 
[no] sr-isis
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the Segment Routing (SR) tunnel type programed by an IS-IS instance in TTM.

When the sr-isis (or sr-ospf) value is enabled, an SR tunnel to the BGP next hop is selected in the TTM from the lowest-numbered IS-IS (OSPF) instance.

sr-ospf

Syntax 
[no] sr-ospf
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the SR-OSPF3 type for the auto bind tunnel.

When the sr-ospf (sr-isis) value is enabled, a SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered IS-IS (OSPF) instance.

sr-ospf3

Syntax 
[no] sr-ospf3
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the SR-OSPFv3 tunnel type for the auto bind tunnel.

When the sr-ospf3 value is enabled, a SR tunnel to the BGP next hop is selected in the TTM from the lowest numbered OSPFv3 instance.

sr-policy

Syntax 
[no] sr-policy
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the the SR policy tunnel type for the auto bind tunnel.

The sr-policy value instructs BGP to search for an SR policy with a non-null endpoint and color value that matches the BGP next hop and color extended community value, respectively, of the VPN-IP route.

sr-te

Syntax 
[no] sr-te
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the SR-TE tunnel type for the auto bind tunnel.

The sr-te value instructs the system to search for the best metric SR-TE LSP to the address of the BGP next hop. The LSP metric is provided by MPLS in the tunnel table. In the case of multiple SR-TE LSPs with the same lowest metric, BGP selects the LSP with the lowest tunnel-id.

udp

Syntax 
[no] udp
Context 
config>service>vprn>auto-bind-tunnel>resolution-filter
Description 

This command enables setting the the UDP tunnel type for the auto bind tunnel.

The udp value instructs BGP EVPN to search for a UDP LSP to the address of the BGP next hop.

weighted-ecmp

Syntax 
[no] weighted-ecmp
Context 
config>service>vprn>auto-bind-tunnel
Description 

This command enables weighted ECMP for packets using tunnels that a VPRN automatically binds to. When weighted ECMP is enabled, packets are sprayed across LSPs in the ECMP according to the outcome of the hash algorithm and the configured load-balancing-weight of each LSP.

The no form of this command disables weighted ECMP for next hop tunnel selection.

Default 

no weighted-ecmp

autonomous-system

Syntax 
autonomous-system as-number
no autonomous-system
Context 
config>service>vprn
Description 

This command defines the autonomous system (AS) to be used by this VPN routing/forwarding (VRF). This command defines the autonomous system to be used by this VPN routing

The no form of this command removes the defined AS from this VPRN context.

Default 

no autonomous-system

Parameters 
as-number —
Specifies the AS number for the VPRN service.
Values—
1 to 4294967295

 

backup-path

Syntax 
[no] backup-path [ipv4] [ipv6] [label-ipv4] [label-ipv6]
Context 
config>service>vprn>bgp
Description 

This command enables the computation and use of a backup path for IPv4 and/or IPv6 BGP-learned prefixes belonging to the base router or a particular VPRN. Multiple paths must be received for a prefix in order to take advantage of this feature. When a prefix has a backup path and its primary path(s) fail the affected traffic is rapidly diverted to the backup path without waiting for control plane re-convergence to occur. When many prefixes share the same primary path(s), and in some cases also the same backup path, the time to failover traffic to the backup path is independent of the number of prefixes.

By default, IPv4 and IPv6 prefixes do not have a backup path installed in the IOM.

Default 

no backup-path

Parameters 
ipv4 —
Enables the use of a backup path for BGP-learned unlabeled IPv4 prefixes.
ipv6 —
Enables the use of a backup path for BGP-learned unlabeled IPv6 prefixes.
label-ipv4 —
Enables the use of a backup path for BGP-learned labeled-IPv4 prefixes.
label-ipv6 —
Enables the use of a backup path for BGP-learned labeled-IPv6 prefixes. label-ipv6 is not supported within the config>service>vprn context.

carrier-carrier-vpn

Syntax 
[no] carrier-carrier-vpn
Context 
config>service>vprn
Description 

This command configures a VPRN service to support a Carrier Supporting Carrier model. It should be configured on a network provider’s CSC-PE device.

This command cannot be applied to a VPRN unless it has no SAP or spoke-SDP interfaces. Once this command has been entered one or more MPLS-capable CSC interfaces can be created in the VPRN.

The no form of this command removes the Carrier Supporting Carrier capability from a VPRN.

Default 

no carrier-carrier-vpn

class-forwarding

Syntax 
[no] class-forwarding
Context 
config>service>vprn
Description 

This command enables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.

The no form of this command disables the CBF for VPRN-v4/v6 prefixes resolved to RSVP-TE LSPs.

Default 

no class-forwarding

confederation

Syntax 
confederation confed-as-num [members as-number [as-number]]
no confederation confed-as-num members as-number [as-number]
no confederation
Context 
config>service>vprn
Description 

This command configures the VPRN BGP instance to participate in a BGP confederation. BGP confederations can be used to reduce the number of IBGP sessions required within an AS.

When a VPRN BGP instance is part of a confederation, it can form confederation-EBGP sessions with CE router peers in a different sub-autonomous systems of the same confederation as well as regular EBGP sessions with CE router peers outside the confederation. A VPRN BGP instance that is part of a confederation cannot import or export its routes to the base router instance (as VPN-IP routes).

The no form of this command deletes the specified member AS from the confederation. When members are not specified in the no statement, the entire list is removed and confederations is disabled. When the last member of the list is removed, confederations is disabled.

Default 

no confederation

Parameters 
confed-as-num—
The confederation AS number defined as a decimal value.
Values—
1 to 4294967295

 

members as-number
The AS number(s) that are members of the confederation, each expressed as a decimal integer. Configure up to 15 members per confed-as-num.
Values—
1 to 4294967295

 

disable-selective-fib

Syntax 
[no] disable-selective-fib
Context 
config>service>vprn
Description 

This command specifies whether the system level selective FIB setting is overridden on this instance.

The no form of this command enables the selective FIB.

Default 

no disable-selective-fib

dns

Syntax 
[no] dns
Context 
config>service>vprn
Description 

This command enters the context to configure domain name servers.

The no form of this command disables DNS for this service.

default-domain

Syntax 
default-domain dns-name
no default-domain
Context 
config>service>vprn>dns
Description 

This command configures the DNS domain name to be added in DNS retries when a DNS query is not replied or an empty DNS reply is received.

The no form of this command prevents DNS retries when the DNS query is not replied or an empty DNS reply is received.

Parameters 
dns-name—
Specifies the name of the default domain, up to 255 characters. Allowed values for characters are alphabetical (A-Z), numeric (0-9), the minus sign (-), and the period (.). For example, “3gpp-network.org”.

ipv4-source-address

Syntax 
ipv4-source-address ipv4-address
no ipv4-source-address
Context 
config>service>vprn>dns
Description 

This command configures the IPv4 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv4 DNS server address by other means, can use this for DNS name resolution.

The ipv4-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of this command reverts to the default.

Parameters 
ipv4-address—
Specifies the IPv4 address of the default secondary DNS server.
Values—
ipv4-address - a.b.c.d

 

ipv6-source-address

Syntax 
ipv6-source-address ipv6-address
no ipv6-source-address
Context 
config>service>vprn>dns
Description 

This command configures the IPv6 address of the default secondary DNS server for the subscribers using this interface. Subscribers that cannot obtain an IPv6 DNS server address by other means, can use this for DNS name resolution.

The ipv6-address value can only be set to a nonzero value if the value of VPRN type is set to subscriber-split-horizon.

The no form of this command reverts to the default.

Parameters 
ipv6-address—
Specifies the IPv6 address of the default secondary DNS server.
Values—
ipv6-address - a.b.c.d

 

primary-dns

Syntax 
primary-dns ip-address
no primary-dns
Context 
config>service>vprn>dns
Description 

This command configures the primary DNS server used for DNS name resolution. DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the primary DNS server from the configuration.

Default 

no primary-dns — No primary DNS server is configured.

Parameters 
ip-address—
The IP or IPv6 address of the primary DNS server.
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0..FFFF]H

d: [0..255]D

interface - 32 characters max, for link local addresses.

 

secondary-dns

Syntax 
secondary-dns ip-address
no secondary-dns
Context 
config>service>vprn>dns
Description 

This command configures the secondary DNS server for DNS name resolution. The secondary DNS server is used only if the primary DNS server does not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the secondary DNS server from the configuration.

Default 

no secondary-dns — No secondary DNS server is configured.

Parameters 
ip-address—
The IP or IPv6 address of the secondary DNS server.
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses.

 

tertiary-dns

Syntax 
tertiary-dns ip-address
no tertiary-dns
Context 
config>service>vprn>dns
Description 

This command configures the tertiary DNS server for DNS name resolution. The tertiary DNS server is used only if the primary DNS server and the secondary DNS server do not respond.

DNS name resolution can be used when executing ping, traceroute, and service-ping, and also when defining file URLs. DNS name resolution is not supported when DNS names are embedded in configuration files.

The no form of this command removes the tertiary DNS server from the configuration.

Default 

no tertiary-dns — No tertiary DNS server is configured.

Parameters 
ip-address—
The IP or IPv6 address of the tertiary DNS server.
Values—

ipv4-address -a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface - 32 characters max, for link local addresses.

 

ecmp

Syntax 
ecmp max-ecmp-routes
no ecmp
Context 
config>service>vprn
Description 

This command enables equal-cost multipath (ECMP) and configures the number of routes for path sharing. For example, the value of 2 means that 2 equal cost routes will be used for cost sharing.

ECMP groups form when the system routes to the same destination with equal cost values. Routing table entries can be entered manually (as static routes), or they can be formed when neighbors are discovered and routing table information is exchanged by routing protocols. The system can balance traffic across the groups with equal costs.

ECMP can only be used for routes learned with the same preference and same protocol. See the discussion on preferences in the application6 command.

When more ECMP routes are available at the best preference than configured by the max-ecmp-routes parameter, then the lowest next-hop IP address algorithm is used to select the number of routes configured.

The no form of this command disables ECMP path sharing. If ECMP is disabled and multiple routes are available at the best preference and equal cost, the newly updated route is used.

Default 

no ecmp

Parameters 
max-ecmp-routes —
Specifies the maximum number of routes for path sharing.
Values—
1 to 64

 

ecmp-unequal-cost

Syntax 
[no] ecmp-unequal-cost
Context 
config>service>vprn
Description 

This command relaxes the constraint that ECMP multipaths must have the same IGP cost to reach the BGP next-hop. When VPN routes for the same IP prefix are imported into a VPRN service, they are eligible to be used as multipaths. The resulting route is programmed as an ECMP IP route.

The BGP best path selection algorithm is the basis for choosing the set of imported VPN routes that can be combined to form an ECMP route. Normally (unless an ignore-nh-metric command is configured), the BGP decision process gives higher preference to VPN routes with a lower next-hop cost if other, more significant criteria, are tied. In these circumstances, a VPN route cannot be an eligible multipath if it does not have the same next-hop cost as the best VPN route. Configuring this command removes this restriction and allows the multipaths to have different (meaning lower) next-hop costs than the best route. This broadens the applicability of multipath and can result in better load balancing in the network.

This command applies only to the following types of routes imported by a VPRN.

  1. vpn-ipv4
  2. vpn-ipv6
  3. mcast-vpn-ipv4
  4. mcast-vpn-ipv6

The no form of this command restores the default behavior that requires next-hop costs of multipaths to be equal, unless the next-hop cost is completely removed from the BGP decision process.

Default 

ecmp-unequal-cost

export-inactive-bgp

Syntax 
[no] export-inactive-bgp
Context 
config>service>vprn
Description 

This command allows the best BGP route learned by a VPRN to be exported as a VPN-IP route even when that BGP route is inactive in the route table due to the presence of a preferred BGP-VPN route from another PE. In order for the BGP route to be exported, it must be accepted by the VRF export policy.

This “best-external” type of route advertisement is useful in active/standby multi-homing scenarios because it can ensure that all PEs have knowledge of the backup path provided by the standby PE.

By default, an inactive BGP route cannot be exported from a VPRN.

Default 

no export-inactive-bgp

fib-priority

Syntax 
fib-priority {high | standard}
Context 
config>service>vprn
Description 

This command specifies the FIB priority for VPRN BGP routes.

Parameters 
high—
Specifies high FIB priority for VPRN.
standard—
Specifies standard FIB priority for VPRN.

flowspec

Syntax 
flowspec
Context 
config>service>vprn
Description 

This command enters the context to configure FlowSpec related parameters for the specified routing instance.

filter-cam-type

Syntax 
filter-cam-type {normal | packet-length}
Context 
config>service>vprn>flowspec
Description 

This command specifies the filter type that is required to embed FlowSpec entries to this VPRN. The filter type defines the match criteria that are available in the filter policy.

Default 

normal

Parameters 
normal—
Specifies that the filter policy is of type normal.
packet-length—
Specifies that the filter policy is of type packet-length.

ip-filter-max-size

Syntax 
ip-filter-max-size {value | default}
Context 
config>service>vprn>flowspec
Description 

This command configures the maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy for a specified routing instance. FlowSpec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and “offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv4 filter that embeds IPv4 FlowSpec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv4 FlowSpec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by FlowSpec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default 

ip-filter-max-size default

Parameters 
value—
The maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy.
Values—
0 to 262143

 

default—
Configures the maximum size as 512.

ipv6-filter-max-size

Syntax 
ipv6-filter-max-size {value | default}
Context 
config>service>vprn>flowspec
Description 

This command configures the maximum number of IPv6 FlowSpec routes or rules that can be embedded into an ingress IPv6 filter policy for a specified routing instance. Flowspec filter entries embedded in a filter policy in this routing instance will use filter entries from the range between the embedding offset and “offset + ip-filter-max-size – 1”.

The sum of the ip-filter-max-size value parameter and the highest offset in any IPv6 filter that embeds IPv6 FlowSpec rules from this routing instance (excluding filters that embed at offset 262143) must not exceed 262143.

The ip-filter-max-size configuration can be adjusted up or down at any time. If the number of IPv6 FlowSpec rules that are currently installed is M, and the new limit is N, where N<M, then the last set of rules from N to M (by FlowSpec order) are immediately removed, but are retained in the BGP RIB. If the limit is increased, new rules are programmed only as they are received again in new BGP updates.

Default 

ipv6-filter-max-size default

Parameters 
value—
The maximum number of FlowSpec routes or rules that can be embedded into an ingress IP filter policy.
Values—
0 to 262143

 

default—
Configures the maximum size as 512.

grt-lookup

Syntax 
grt-lookup
Context 
config>service>vprn
Description 

This command provides the context under which all Global Route Table (GRT) leaking commands are configured. If all the supporting commands in the context are removed, this command will also be removed.

enable-grt

Syntax 
[no] enable-grt
Context 
config>service>vprn>grt-lookup
Description 

This command enables the functions required for looking up routes in the Global Route Table (GRT) when the lookup in the local VRF fails. If this command is enabled without the use of a static-route option (as subcommand to this parent), a lookup in the local VRF is preferred over the GRT. When the local VRF returns no route table lookup matches, the result from the GRT is preferred.

The no form of this command disables the lookup in the GRT when the lookup in the local VRF fails.

Default 

no enable-grt

allow-local-management

Syntax 
[no] allow-local-management
Context 
config>service>vprn>grt-lookup>enable-grt
Description 

Enables the support of specific management protocols over VPRN interfaces that terminate on Base routing context IPv4 and IPv6 interface addresses, including Base loopback and system addresses. Global Routing Table (GRT) leaking is used to enable visibility/access of the Base interface addresses in the VPRN. The supported protocols are Telnet, FTP, SNMP, and SSH (including applications that ride over SSH such as SCP and SFTP) and TACAS+.

Ping and traceroute responses from the Base router interfaces are supported and are not configurable.

The allow-local-management command does not control the support for management protocols terminating on VPRN interfaces directly. See Node Management Using VPRN for more information. Also, see the access command in the config>service>vprn>snmp context, and the commands in the config>service>vprn>management context.

export-grt

Syntax 
export-grt plcy-or-long-expr [plcy-or-expr [plcy-or-expr]
no export-grt
Context 
config>service>vprn>grt-lookup
Description 

This command uses route policy to determine which routes are exported from the VRF to the GRT along with all the forwarding information. These entries are marked as BGP-VPN routes in the GRT. Routes must be in the GRT in order for proper routing to occur from the GRT to the VRF.

Default 

no export-grt

Parameters 
plcy-or-long-expr—
Specifies the route policy name, up to 64 characters, or a policy logical expression, up to 255 characters.
plcy-or-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Up to 4 policy names or logical expressions can be specified in a single statement.

export-limit

Syntax 
export-limit num-routes
no export-limit
Context 
config>service>vprn>grt-lookup
config>service>vprn>ospf
config>service>vprn>ospf3
config>service>vprn>rip
Description 

This command provides the ability to limit the total number of routes exported from the VRF to the GRT. The value zero (0) provides an override that disables the maximum limit. Setting this value to zero (0) will not limit the number of routes exported from the VRF to the GRT. Configuring a range of one (1) to 1000 will limit the number of routes to the specified value.

The no form of this command sets the export-limit to a default of five (5).

Default 

export-limit 5

Parameters 
num-routes—
Specifies the maximum number of routes that can be exported.
Values—
0 to 1000

 

export-v6-limit

Syntax 
export-v6-limit num-routes
no export-v6-limit
Context 
config>service>vprn>grt-lookup
Description 

The export-limit range provides the ability to limit the total number of IPv6 routes exported from the VPRN to the GRT. The value “0” provides an override that disables the maximum limit. Setting this value to “0” will not limit the number of routes exported from the VPRN to the GRT. Configuring a range of 1-1000 will limit the number of routes to the specified value.

The no form of this command sets the export-limit to a default of 5.

Default 

export-v6-limit 5

Parameters 
num-routes—
Specifies maximum number of routes that can be exported.
Values—
0 to 1000

 

import-grt

Syntax 
import-grt plcy-or-long-expr [plcy-or-expr]
no import-grt
Context 
config>service>vprn>grt
Description 

This command associates policies to control the leaking of GRT routes into the associated VPRN.

The GRT route must have first been leaked by a leak-export policy defined under the config>router context. Then the route must match a route entry in the specified import-grt policy with an accept action. Refer to the IP Router Configuration Command Reference section in the 7750 SR Extensible Routing System Virtualized Service Router.

The no form of this command removes route leaking policy associations and disables the leaking of GRT routes into the local VPRN.

Parameters 
plcy-or-long-expr—
Specifies route policy names, up to 64 characters, or a policy logical expression, up to 255 characters.
Values—
plcy-or-long-expr: policy-name | long-expr
policy-name: up to 64 characters
long-expr: up to 255 characters

 

plcy-or-expr—
Specifies up to four route policy names, up to 64 characters, or a policy logical expression, up to 64 characters.
Values—
plcy-or-expr: policy-name | expr
policy-name: up to 64 characters
expr: up to 64 characters

 

label-mode

Syntax 
label-mode {vrf | next-hop}
no label-mode
Context 
config>service>vprn
Description 

This command controls the method by which service labels are allocated to routes exported by the VPRN as BGP-VPN routes. The vrf option selects service label per VRF mode while the next-hop option selects service label per next-hop mode.

The no form of this command sets the mode to the default mode of service label per VRF.

Default 

no label-mode

Parameters 
vrf—
Selects service label per VRF mode.
next-hop—
Selects service label per next-hop mode.

maximum-ipv6-routes

Syntax 
maximum-ipv6-routes number [log-only] [threshold percentage]
no maximum-ipv6-routes
Context 
config>service>vprn
Description 

This command specifies the maximum number of remote IPv6 routes that can be held within a VPN routing/ forwarding (VRF) context. The local, host, static and aggregate routes are not counted.

The VPRN service ID must be in a shutdown state in order to modify maximum-routes command parameters.

If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering will remain up but the exceeding BGP routes will not be added to the VRF.

The maximum route threshold can dynamically change to increase the number of supported routes even when the maximum has already been reached. Protocols will resubmit their routes which were initially rejected.

The no form of this command disables any limit on the number of routes within a VRF context. Issue the no form of this command only when the VPRN instance is shutdown.

Default 

0 or disabled — The threshold will not be raised.

Parameters 
number —
An integer that specifies the maximum number of routes to be held in a VRF context.
Values—
1 to 2147483647

 

log-only—
Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes.
threshold percentage —
The percentage at which a warning log message and SNMP trap should be set. There are two warnings, the first is a mid-level warning at the threshold value set and the second is a high-level warning at level between the maximum number of routes and the mid-level rate ([mid+max] / 2).
Values—
0 to 100

 

maximum-routes

Syntax 
maximum-routes number [log-only] [threshold percentage]
no maximum-routes
Context 
config>service>vprn
Description 

This command specifies the maximum number of remote routes that can be held within a VPN routing/ forwarding (VRF) context. The local, host, static and aggregate routes are not counted.

The VPRN service ID must be in a shutdown state in order to modify maximum-routes command parameters.

If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then the offending RIP peer (if applicable) is brought down (but the VPRN instance remains up). BGP peering will remain up but the exceeding BGP routes will not be added to the VRF.

The maximum route threshold can dynamically change to increase the number of supported routes even when the maximum has already been reached. Protocols will resubmit their routes which were initially rejected.

The no form of this command disables any limit on the number of routes within a VRF context. Issue the no form of this command only when the VPRN instance is shutdown.

Default 

0 or disabled — The threshold will not be raised.

Parameters 
number —
An integer that specifies the maximum number of routes to be held in a VRF context.
Values—
1 to 2147483647

 

log-only—
Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes.
threshold percentage —
The percentage at which a warning log message and SNMP trap should be set. There are two warnings, the first is a mid-level warning at the threshold value set and the second is a high-level warning at level between the maximum number of routes and the mid-level rate ([mid+max] / 2).
Values—
0 to 100

 

multicast-info-policy

Syntax 
multicast-info-policy policy-name
no multicast-info-policy
Context 
config>service>vprn
Description 

This command configures multicast information policy.

Parameters 
policy-name—
Specifies the policy name, up to 32 characters.

mc-maximum-routes

Syntax 
mc-maximum-routes number [log-only] [threshold threshold]
Context 
config>service>vprn
Description 

This command specifies the maximum number of multicast routes that can be held in the form of this command in a VPN routing or forwarding (VRF) context. When this limit is reached, a log and SNMP trap are sent. If the log-only parameter is not specified and the maximum-routes value is set below the existing number of routes in a VRF, then no new joins are processed.

The no form of this command disables the limit of multicast routes within a VRF context. Issue the no form of this command only when the VPRN instance is shutdown.

Default 

no mc-maximum-routes

Parameters 
number—
Specifies the maximum number of routes to be held in a VRF context.
Values—
1 to 2147483647

 

log-only—
Specifies that if the maximum limit is reached, only log the event. log-only does not disable the learning of new routes.
threshold
Specifies the percentage at which a warning log message and SNMP trap should be sent.
Values—
0 to 100

 

Default—
10

network

Syntax 
network
Context 
config>service>vprn
Description 

This command enters the context to configure network parameters for the VPRN service.

ingress

Syntax 
ingress
Context 
config>service>vprn>network
Description 

This command enters the context to configure network ingress parameters for the VPRN service.

ptp

Syntax 
[no] ptp
Context 
config>service>vprn
Description 

This command enables the context to configure PTP parameters for the VPRN service.

peer

Syntax 
peer a.b.c.d [create]
Context 
config>system>ptp
config>service>vprn>ptp
Description 

This command configures a remote PTP peer. It provides the context to configure parameters for the remote PTP peer.

Up to 20 remote PTP peers may be configured.

The no form of this command deletes the specified peer.

If the clock-type is ordinary slave or boundary, and PTP is no shutdown, the last peer cannot be deleted. This prevents the user from having PTP enabled without any peer configured and enabled.

Peers are created within the routing instance associated with the context of this command. All configured PTP peers must use the same routing instance.

Parameters 
a.b.c.d—
Specifies the IP address of the remote peer.
Values—
ipv4-address a.b.c.d

 

create—
Keyword used to create the peer.

peer-limit

Syntax 
peer-limit limit
no peer-limit
Context 
config>service>vprn>ptp
Description 

This command specifies an upper limit to the number of discovered peers permitted within the routing instance. This command can ensure that a routing instance does not consume all the possible discovered peers and blocking discovered peers in other routing instances.

If it is desired to reserve a fixed number of discovered peers per router instance, then all router instances supporting PTP should have values specified with this command and the sum of all the peer-limit values must not exceed the maximum number of discovered peers supported by the system.

If the user attempts to specify a peer-limit, and there are already more discovered peers in the routing instance than the new limit being specified, the configuration is not accepted.

The no form of this command removes the limit from the configuration.

Default 

no limit

Parameters 
limit—
Specifies the maximum number of discovered peers allowed in the routing instance.
Values—
0 to 50

 

Default—
0 (The maximum number of discovered peers supported by the system).

local-priority

Syntax 
local-priority local-priority
Context 
config>service>vprn>ptp>peer
Description 

This command configures the local priority used to choose between PTP masters in the best master clock algorithm (BMCA). This setting is relevant when the profile is set to either g8265dot1-2010 or g8275dot1-2014. The parameter is ignored when any other profile is selected.

The value 1 is the highest priority and 255 is the lowest priority. The priority of a peer cannot be configured if the PTP profile is ieee1588-2008.

For g8265dot1-2010, this parameter configures the priority used to choose between master clocks with the same quality (see G.8265.1 for more information).

For g8275dot1-2014, this parameter sets the value of the localPriority associated with the Announce messages received from external clocks (ptp>peer or ptp>port), or the local clock (ptp). See G.8275.1 for more information.

Default 

local-priority 128

Parameters 
local-priority—
Specifies the value of the local priority.
Values—
1 to 255

 

log-sync-interval

Syntax 
log-sync-interval log-interval
no log-sync-interval
Context 
config>service>vprn>ptp>peer
Description 

This command configures the message interval used for unicast event messages. It defines the message interval for both Sync and Delay_Resp messages that are requested during unicast negotiation to the specific peer. This controls the Sync and Delay_Resp message rate sent from remote peers to the local node. It does not affect the Sync or Delay_Resp packet rate that may be sent from the local node to remote peers. Remote peers may request a Sync or Delay_Resp packet rate anywhere within the acceptable grant range.

The log-sync-interval cannot be changed unless the peer is shutdown.

This command only applies to the 7450 ESS and 7750 SR.

Default 

-6 (64 packets per second) for 1588-2008 or

-6 (64 packets per second) for g8265dot1-2010 or

-4 (16 packets per second) for g8275dot1-2014

Parameters 
log-interval—
Specifies the sync message interval, in log form.
Values—
-6 to 0

 

3.8.2.3. AAA Remote Server Commands

aaa

Syntax 
aaa
Context 
config>service>vprn
Description 

This command enters the context to configure AAA on the VPRN.

remote-servers

Syntax 
remote-servers
Context 
config>service>vprn>aaa
Description 

This command enters the context to configure AAA remote servers on the VPRN.

radius

Syntax 
radius [create]
no radius
Context 
config>service>vprn>aaa>remote-servers
Description 

This command creates the context to configure RADIUS authentication on the VPRN.

Implement redundancy by configuring multiple server addresses for each VPRN.

The no form of this command removes the RADIUS configuration.

Parameters 
create—
Keyword used to create the RADIUS context.

access-algorithm

Syntax 
access-algorithm {direct | round-robin}
no access-algorithm
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command indicates the algorithm used to access the set of RADIUS servers.

Default 

access-algorithm direct

Parameters 
direct—
The first server will be used as primary server for all requests, the second as secondary and so on.
round-robin—
The first server will be used as primary server for the first request, the second server as primary for the second request, and so on. If the router gets to the end of the list, it starts again with the first server.

accounting

Syntax 
[no] accounting
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command enables RADIUS accounting.

The no form of this command disables RADIUS accounting.

Default 

no accounting

accounting-port

Syntax 
accounting-port port
no accounting-port
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command specifies a UDP port number on which to contact the RADIUS server for accounting requests.

Default 

accounting-port 1813

Parameters 
port—
Specifies the UDP port number.
Values—
1 to 65535

 

Default—
1813

authorization

Syntax 
[no] authorization
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command configures RADIUS authorization parameters for the system.

Default 

no authorization

interactive-authentication

Syntax 
[no] interactive-authentication
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command enables RADIUS interactive authentication for the system. Enabling interactive-authentication forces RADIUS to fall into challenge/response mode.

Default 

no interactive-authentication

port

Syntax 
port port
no port
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command configures the UDP port number to contact the RADIUS server.

The no form of this command reverts to the default value.

Default 

port 1812 (as specified in RFC 2865, Remote Authentication Dial In User Service (RADIUS))

Parameters 
port—
Specifies the UDP port number to contact the RADIUS server.
Values—
1 to 65535

 

retry

Syntax 
retry count
no retry
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command configures the number of times the router attempts to contact the RADIUS server for authentication if there are problems communicating with the server.

The no form of this command reverts to the default value.

Default 

retry 3

Parameters 
count—
Specifies the retry count.
Values—
1 to 10

 

server

Syntax 
server index address ip-address secret key [hash | hash2 | custom]
no server index
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command adds a RADIUS server and configures the RADIUS server IP address, index, and key values.

Up to five RADIUS servers can be configured at any one time. RADIUS servers are accessed in order from lowest to highest index for authentication requests until a response from a server is received. A higher indexed server is only queried if no response is received from a lower indexed server (which implies that the server is not available). If a response from a server is received, no other RADIUS servers are queried. It is assumed that there are multiple identical servers configured as backups and that the servers do not have redundant data.

The no form of this command removes the server from the configuration.

Default 

no server

Parameters 
index—
Specifies the index for the RADIUS server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from lowest to highest index.
Values—
1 to 5

 

ip-address
Specifies the IP address of the RADIUS server. Two RADIUS servers cannot have the same IP address. An error message is generated if the server address is a duplicate.
Values—

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

 

key
Specifies the secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.
Values—
Up to 64 characters in length.

 

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

timeout

Syntax 
timeout seconds
no timeout
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command configures the number of seconds the router waits for a response from a RADIUS server.

The no form of this command reverts to the default value.

Default 

timeout 3

Parameters 
seconds—
Specifies the number of seconds the router waits for a response from a RADIUS server, expressed as a decimal integer.
Values—
1 to 90

 

use-default-template

Syntax 
[no] use-default-template
Context 
config>service>vprn>aaa>remote-servers>radius
Description 

This command specifies whether the RADIUS default user template is actively applied to the RADIUS user if no VSAs are returned with the auth-accept from the RADIUS server. When enabled, the radius_default user-template is actively applied if no VSAs are returned with the auth-accept from the RADIUS server and radius authorization is enabled.

The no form of this command disables the use of the RADIUS default template.

Default 

no use-default-template

tacplus

Syntax 
no tacplus
tacplus create
Context 
config>service>vprn>aaa>remote-servers
Description 

This command creates the context to configure TACACS+ authentication on the VPRN.

Configure multiple server addresses for each router for redundancy.

The no form of this command removes the TACACS+ configuration.

accounting

Syntax 
accounting [record-type {start-stop | stop-only}]
no accounting
Context 
config>service>vprn>aaa>remote-servers>tacplus
Description 

This command configures the type of accounting record packet that is to be sent to the TACACS+ server. The record-type parameter indicates whether TACACS+ accounting start and stop packets be sent or just stop packets be sent.

Default 

no accounting

Parameters 
record-type start-stop—
Specifies that a TACACS+ start packet is sent whenever the user executes a command and a TACACS+ stop packet when command execution is complete.
record-type stop-only—
Specifies that only a TACACS+ stop packet is sent whenever the command execution is complete.

authorization

Syntax 
authorization [use-priv-lvl]
no authorization
Context 
config>service>vprn>aaa>remote-servers>tacplus
Description 

This command configures TACACS+ authorization parameters for the VPRN.

Default 

no authorization

Parameters 
use-priv-lvl—
Automatically performs a single authorization request to the TACACS+ server for cmd* (all commands) immediately after login, and then use the local profile associated (via the priv-lvl-map) with the priv-lvl returned by the TACACS+ server for all subsequent authorization (except enable-admin). After the initial authorization for cmd*, no further authorization requests will be sent to the TACACS+ server (except enable-admin).

interactive-authentication

Syntax 
[no] interactive-authentication
Context 
config>service>vprn>aaa>remote-servers>tacplus
Description 

This configuration instructs the SR OS to send no username nor password in the TACACS+ start message, and to display the server_msg in the GETUSER and GETPASS response from the TACACS+ server. Interactive authentication can be used to support a One Time Password scheme (such as an S/Key). An example flow (such as with a telnet connection) is as follows:

  1. The SR OS sends an authentication start request to the TACACS+ server with no username nor password.
  2. TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETUSER and a server_msg.
  3. The SR OS displays the server_msg, and collects the username.
  4. The SR OS sends a continue message with the username.
  5. TACACS+ server replies with TAC_PLUS_AUTHEN_STATUS_GETPASS and a server_msg.
  6. The SR OS displays the server_msg (which may contain, for example, an S/Key for One Time Password operation), and collects the password.
  7. The SR OS sends a continue message with the password.
  8. TACACS+ server replies with PASS or FAIL.

When interactive-authentication is disabled the SR OS will send the username and password in the tacplus start message. An example flow (e.g. with a telnet connection) is as follows:

  1. TAC_PLUS_AUTHEN_TYPE_ASCII.
    1. the login username in the “user” field.
    2. the password in the user_msg field (while this is non-standard, it does not cause interoperability problems).
  2. TACACS+ server ignores the password and replies with TAC_PLUS_AUTHEN_STATUS_GETPASS.
  3. The SR OS sends a continue packet with the password in the user_msg field.
  4. TACACS+ server replies with PASS or FAIL.

When interactive-authentication is enabled, tacplus must be the first method specified in the authentication-order configuration.

Default 

no interactive-authentication

priv-lvl-map

Syntax 
[no] priv-lvl-map
Context 
config>service>vprn>aaa>remote-servers>tacplus
Description 

This command enables the context to specify a series of mappings between TACACS+ priv-lvl and locally configured profiles for authorization. These mappings are used when the use-priv-lvl option is specified for tacplus authorization.

The no form of this command reverts to the default.

Default 

priv-lvl-map

priv-lvl

Syntax 
priv-lvl priv-lvl user-profile-name
no priv-lvl priv-lvl
Context 
config>service>vprn>aaa>remote-servers>tacplus>priv-lvl-map
Description 

This command maps a specific TACACS+ priv-lvl to a locally configured profile for authorization. This mapping is used when the use-priv-lvl option is specified for TACPLUS authorization.

Parameters 
priv-lvl—
Specifies the privilege level used when sending a TACACS+ ENABLE request.
Values—
0 to 15

 

user-profile-name—
Specifies the user profile for this mapping.

server

Syntax 
server index address ip-address secret key [{hash | hash2 | custom}] [port port]
no server index
Context 
config>service>vprn>aaa>remote-servers>tacplus
Description 

This command adds a TACACS+ server and configures the TACACS+ server IP address, index, and key values.

Up to five TACACS+ servers can be configured at any one time. TACACS+ servers are accessed in order from lowest index to the highest index for authentication requests.

The no form of this command removes the server from the configuration.

Default 

No TACACS+ servers are configured.

Parameters 
index—
Specifies the index for the TACACS+ server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from the lowest index to the highest index.
Values—
1 to 5

 

ip-address
Specifies the IP address of the TACACS+ server. Two TACACS+ servers cannot have the same IP address. An error message is generated if the server address is a duplicate.
Values—

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0..FFFF]H

d: [0..255]D

 

secret key
Specifies the secret key to access the RADIUS server. This secret key must match the password on the RADIUS server.
Values—
Up to 128 characters in length.

 

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.
port
Specifies the port ID.
Values—
0 to 65535

 

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>aaa>remote-servers>tacplus
Description 

This command administratively disables the TACACS+ protocol operation. Shutting down the protocol does not remove or change the configuration other than the administrative state.

The operational state of the entity is disabled as well as the operational state of any entities contained within. Many objects must be shut down before they may be deleted.

The no form of this command administratively enables the protocol which is the default state.

Default 

no shutdown

timeout

Syntax 
timeout seconds
no timeout
Context 
config>service>vprn>aaa>remote-servers>tacplus
Description 

This command configures the number of seconds the router waits for a response from a TACACS+ server.

The no form of this command reverts to the default value.

Default 

timeout 3

Parameters 
seconds—
Specifies the number of seconds the router waits for a response from a TACACS+ server, expressed as a decimal integer.
Values—
1 to 90

 

use-default-template

Syntax 
[no] use-default-template
Context 
config>system>security>tacplus
Description 

This command specifies whether the tacplus_default user-template is actively applied to the TACACS+ user. When enabled, the tacplus_default user-template is actively applied if tacplus authorization is enabled (without the use-priv-lvl option).

The no form of this command disables the feature.

Default 

use-default-template

3.8.2.4. AARP Interface Commands

aarp-interface

Syntax 
aarp-interface aarp-interface-name [create]
no aarp-interface aarp-interface-name
Context 
config>service>vprn
Description 

This command creates an AARP interface for connecting a service to a peer node AARP service. This instance is paired with the same AARP interface in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP.

The no form of this command deletes the interface.

Default 

no aarp-interface

Parameters 
aarp-interface-name—
Specifies the AARP interface name.
create—
Keyword used to create the AARP interface.

ip-mtu

Syntax 
ip-mtu octets
no up-mtu
Context 
config>service>vprn>aarp-interface
Description 

This command configures the IP maximum transmit unit (packet) for this interface.

The no form of this command returns the default value. By default (for Ethernet network interface) if no ip-mtu is configured it is (1568 - 14) = 1554.

Default 

no ip-mtu

Parameters 
octets—
Specifies the maximum number of octets that can be transmitted.
Values—
512 to 9786

 

spoke-sdp

Syntax 
spoke-sdp sdp-id:vc-id [create]
no spoke-sdp sdp-id:vc-id
Context 
config>service>vprn>aarp-interface
Description 

This command binds a service to an existing SDP. A spoke SDP is treated like the equivalent of a traditional bridge port where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Default 

no spoke-sdp

Parameters 
sdp-id—
— Specifies the SDP identifier.
Values—
1 to 17407

 

vc-id—
The virtual circuit identifier. The VC-ID is not used with L2TPv3 SDPs, however it must be configured.
Values—
1 to 4294967295

 

create—
Keyword used to create the spoke SDP.

aarp

Syntax 
aarp aarp-id type {subscriber-side-shunt | network-side-shunt}
no aarp
Context 
config>service>vprn>aarp-interface>spoke-sdp
Description 

This command associates an AARP instance to an AARP interface spoke SDP. This instance is paired with the same aarp-id in a peer node as part of a configuration to provide flow and packet asymmetry removal for traffic for a multi-homed SAP or spoke SDP. The type parameter specifies the role of this service point in the AARP instance.

The no form of this command removes the association.

Default 

no aarp

Parameters 
aarp-id —
An integer that identifies an AARP instance.
Values—
1 to 65535

 

subscriber-side-shunt—
Specifies that the AARP type is an inter-chassis shunt service for subscriber-side traffic.
network-side-shunt—
Specifies that the AARP type is an inter-chassis shunt service for network-side traffic.

egress

Syntax 
egress
Context 
config>service>vprn>aarp-interface>spoke-sdp
Description 

This command enters the egress context for a spoke SDP.

filter

Syntax 
filter ip ip-filter-id
no filter
Context 
config>service>vprn>aarp-interface>spoke-sdp>egress
config>service>vprn>aarp-interface>spoke-sdp>ingress
Description 

This command associates an IP filter policy with an ingress or egress IP interface. Filter policies control the forwarding and dropping of packets based on IP matching criteria.

The filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

IP filters apply only to RFC 2427-routed IP packets. Frames that do not contain IP packets will not be subject to the filter and will always be passed, even if the filter's default action is to drop.

The no form of this command removes any configured filter ID association with the IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local.

Parameters 
ip-filter-id—
Specifies the filter policy. The filter ID must already exist within the created IP filters.
Values—
1 to 65535 or a string up to 64 characters

 

vc-label

Syntax 
vc-label vc-label
no vc-label [vc-label]
Context 
config>service>vprn>aarp-interface>spoke-sdp>egress
config>service>vprn>aarp-interface>spoke-sdp>ingress
Description 

This command configures the egress and ingress VC label.

The no version of this command removes the VC label.

Parameters 
vc-label—
A VC egress value that indicates a specific connection.
Values—
egress: 16 to 1048575
ingress: 32 to 18431

 

ingress

Syntax 
ingress
Context 
config>service>vprn>aarp-interface>spoke-sdp
Description 

This command enters the ingress context for a spoke SDP.

3.8.2.5. BGP Commands

bgp

Syntax 
[no] bgp
Context 
service>vprn
Description 

This command enables the BGP protocol with the VPRN service.

The no form of this command disables the BGP protocol from the given VPRN service.

Default 

no bgp

bgp-shared-queue

Syntax 
bgp-shared-queue [cir rate] [pir rate]
no bgp-shared-queue
Context 
config>service>vprn
Description 

This command enables all BGP peers within a VPRN instance to share a single CPM queue. This command takes effect on new BGP connections established; already established BGP peers continue to use their own CPM queue. Any changes to PIR/CIR of the shared queue takes effect only after BGP connections are re-established.

Parameters 
cir rate
Specifies the CIR rate for the shared queue.
pir rate
Specifies the PIR rate for the shared queue.

advertise-inactive

Syntax 
[no] advertise-inactive
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables or disables the advertising of inactive BGP routers to other BGP peers.

By default, BGP only advertises BGP routes to other BGP peers if a given BGP route is chosen by the route table manager as the most preferred route within the system and is active in the forwarding plane. This command allows system administrators to advertise a BGP route even though it is not the most preferred route within the system for a given destination.

When the BGP advertise-inactive command is configured so that it applies to a BGP session it has the following effect on the IPv4, IPv6, mcast-ipv4, mcast-ipv6, label-IPv4 and label-IPv6 routes advertised to that peer:

  1. If the active route for the IP prefix is a BGP route then that route is advertised.
  2. If the active route for the IP prefix is a non-BGP route and there is at least one valid but inactive BGP route for the same destination then the best of the inactive and valid BGP routes is advertised unless the non-BGP active route is matched and accepted by an export policy applied to the session.
  3. If the active route for the IP prefix is a non-BGP route and there are no (valid) BGP routes for the same destination then no route is advertised for the prefix unless the non-BGP active route is matched and accepted by an export policy applied to the session.
Default 

no advertise-inactive

advertise-ipv6-next-hops

Syntax 
advertise-ipv6-next-hops [ipv4]
no advertise-ipv6-next-hops
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

When this command is configured, with the IPv4 option, so that it applies to a BGP session established on top of IPv6 transport, IPv4 BGP routes can be advertised with a true IPv6 address when originated or when next-hop-self (configured or automatic) is applied.

If an IPv4 route must originate or be advertised with a next-hop-self and the corresponding advertise-ipv6-next-hops command option does not apply to the session or if an appropriate extended-nh-encoding capability was not received from the remote peer, then the route is advertised with the IPv4 system address as the BGP next-hop.

If an IPv4 route is matched by a BGP export policy entry that tries to change the next hop to an IPv6 address and the corresponding advertise-ipv6-next-hops command option does not apply to the session or if an appropriate extended-nh-encoding capability was not received from the remote peer, then the route is handled as though it was rejected by the policy entry.

This command has no effect on sessions established over IPv4 transport.

The no form of this command reverts to the default.

Default 

no advertise-ipv6-next-hops

Parameters 
ipv4—
Allows IPv4 unicast routes to be advertised to IPv6-transport peers with an IPv6 address as the BGP next-hop in cases of route origination or next-hop-self (configured or automatic). It also allows export policies to change the BGP next-hop of an IPv4 route to an IPv6 address. All of these cases require the remote peer to advertise the necessary extended NH encoding capability. It may be necessary to configure the forward-ipv4-packets command under the appropriate interface>ipv6 contexts in order to enable datapath support for these control plane exchanges.

aggregator-id-zero

Syntax 
[no] aggregator-id-zero
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command is used to set the router ID in the BGP aggregator path attribute to zero when BGP aggregates routes. This prevents different routers within an AS from creating aggregate routes that contain different AS paths.

When BGP is aggregating routes, it adds the aggregator path attribute to the BGP update messages. By default, BGP adds the AS number and router ID to the aggregator path attribute.

When this command is enabled, BGP adds the router ID to the aggregator path attribute. This command is used at the group level to revert to the value defined under the global level, while this command is used at the neighbor level to revert to the value defined under the group level.

The no form of this command used at the global level reverts to default where BGP adds the AS number and router ID to the aggregator path attribute.

The no form of this command used at the group level reverts to the value defined at the group level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no aggregator-id-zero — BGP adds the AS number and router ID to the aggregator path attribute.

always-compare-med

Syntax 
always-compare-med {zero | infinity}
no always-compare-med strict-as {zero | infinity}
no always-compare-med
Context 
config>router>bgp>best-path-selection
Description 

This command configures the comparison of BGP routes based on the MED attribute. The default behavior of SR OS (equivalent to the no form of this command) is to only compare two routes on the basis of MED if they have the same neighbor AS (the first non-confed AS in the received AS_PATH attribute). Also by default, a route without a MED attribute is handled the same as though it had a MED attribute with the value 0. The always-compare-med command without the strict-as keyword allows MED to be compared even if the paths have a different neighbor AS; in this case, if neither zero nor infinity is specified, the zero option is inferred, meaning a route without a MED is handled the same as though it had a MED attribute with the value 0. When the strict-as keyword is present, MED is only compared between paths from the same neighbor AS, and in this case, zero or infinity is mandatory and tells BGP how to interpret paths without a MED attribute.

Default 

no always-compare-med

Parameters 
zero—
Specifies that for routes learned without a MED attribute that a zero (0) value is used in the MED comparison. The routes with the lowest metric are the most preferred.
infinity—
Specifies for routes learned without a MED attribute that a value of infinity (2^32-1) is used in the MED comparison. This in effect makes these routes the least desirable.
strict-as—
Specifies BGP paths to be compared even with different neighbor AS.

as-path-ignore

Syntax 
as-path-ignore [ipv4] [ipv6] [label-ipv4]
no as-path-ignore
Context 
config>service>vprn>bgp
Description 

This command configures whether AS path length is considered in the selection of the best BGP route for a prefix.

If an address family is listed in this command, then the length of AS paths is not a factor in the route selection process for routes of that address family.

The no form of this command removes the parameter from the configuration.

Default 

no as-path-ignore

Parameters 
ipv4—
Specifies that the AS-path length is ignored for all unlabeled unicast IPv4 routes.
ipv6—
Specifies that the AS-path length is ignored for all unlabeled unicast IPv6 routes.
label-ipv4—
Specifies that the AS-path length is ignored for all labeled-unicast IPv4 routes.

compare-origin-validation-state

Syntax 
[no] compare-origin-validation-state
Context 
config>service>vprn>bgp>best-path-selection
Description 

This command enables the comparison of origin validation states during the BGP decision process. When this command is configured, a new step is inserted in the BGP decision process after the removal of invalid routes and before the comparison of Local Preference. This step compares the origin validation state so a BGP route with a “Valid” state is preferred over a BGP route with a “Not-Found” state. A BGP route with a “Not-Found” state is preferred over a BGP route with an “Invalid” state assuming that these routes are considered “usable”.

This comparison only applies to BGP routes learned from VPRN BGP peers. It does not apply to any comparison involving BGP-VPN routes that have been imported into the VPRN.

The no form of this command causes the new step to be skipped during the BGP decision process.

Default 

no compare-origin-validation-state

deterministic-med

Syntax 
[no] deterministic-med
Context 
config>service>vprn>bgp>best-path-selection
Description 

This command controls how the BGP decision process compares routes on the basis of MED. When deterministic-med is configured, BGP groups paths that are equal up to the MED comparison step based on neighbor AS, and then compares the best path from each group to arrive at the overall best path. This change to the BGP decision process makes best path selection completely deterministic in all cases. Without deterministic-med, the overall best path selection is sometimes dependent on the order of the route arrival because of the rule that MED cannot be compared in routes from different neighbor AS.

Default 

no deterministic-med

ebgp-ibgp-equal

Syntax 
ebgp-ibgp-equal [ipv4] [ipv6] [label-ipv4]
no ebgp-ibgp-equal
Context 
config>service>vprn>bgp>best-path-selection
Description 

This command instructs the BGP decision process to ignore the difference between EBGP and IBGP routes in selecting the best path and eligible multipaths (if multipath and ECMP are enabled). The result is a form of EIBGP load-balancing in a multipath scenario.

By default (with the no form of this command), the BGP decision process prefers an EBGP learned route over an IBGP learned route.

The behavior can be applied selectively to only certain types of routes by specifying one or more address family names in the command. If no families are specified, the command applies to IPv4 and IPv6 routes, and VPN-IPv4 and VPN-IPv6 routes.

Default 

no ebgp-ibgp-equal

Parameters 
ipv4—
Specifies that the command should be applied to unlabeled unicast IPv4 routes.
ipv6—
Specifies that the command should be applied to unlabeled unicast IPv6 routes.
label-ipv4—
Specifies that the command should be applied to labeled IPv4 routes.

as-override

Syntax 
[no] as-override
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command replaces all instances of the peer's AS number with the local AS number in a BGP route's AS_PATH.

This command breaks BGP's loop detection mechanism. It should be used carefully.

Default 

no as-override

authentication-key

Syntax 
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP authentication key.

Authentication is performed between neighboring routers before setting up the BGP session by verifying the password. Authentication is performed using the MD-5 message-based digest. The authentication key can be any combination of letters or numbers from 1 to 16.

The no form of this command removes the authentication password from the configuration and effectively disables authentication.

Default 

no authentication-key

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 255 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

auth-keychain

Syntax 
auth-keychain name
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP authentication key for all peers.

The keychain allows the rollover of authentication keys during the lifetime of a session.

Default 

no auth-keychain

Parameters 
name
Specifies the name of an existing keychain, up to 32 characters, to use for the specified TCP session or sessions.

best-path-selection

Syntax 
best-path-selection
Context 
config>service>vprn>bgp
Description 

This command enables path selection configuration.

ignore-nh-metric

Syntax 
[no] ignore-nh-metric
Context 
config>router>bgp>best-path-selection
config>service>vprn
config>service>vprn>bgp>best-path-selection
Description 

This command instructs BGP to disregard the resolved distance to the BGP next-hop in its decision process for selecting the best route to a destination. When configured in the config>router>bgp>best-path-selection context, this command applies to the comparison of two BGP routes with the same NLRI learned from base router BGP peers. When configured in the config>service>vprn context, this command applies to the comparison of two BGP-VPN routes for the same IP prefix imported into the VPRN from the base router BGP instance. When configured in the config>service>vprn>bgp>best-path-selection context, this command applies to the comparison of two BGP routes for the same IP prefix learned from VPRN BGP peers.

The no form of this command (no ignore-nh-metric) restores the default behavior whereby BGP factors distance to the next-hop into its decision process.

Default 

no ignore-nh-metric

ignore-router-id

Syntax 
[no] ignore-router-id
Context 
config>router>bgp>best-path-selection
config>service>vprn>bgp>best-path-selection
Description 

When the ignore-router-id command is present and the current best path to a destination was learned from EBGP peer X with BGP identifier x and a new path is received from EBGP peer Y with BGP identifier y the best path remains unchanged if the new path is equivalent to the current best path up to the BGP identifier comparison – even if y is less than x. The no form of this command restores the default behavior of selecting the route with the lowest BGP identifier (y) as best.

Default 

no ignore-router-id

compare-origin-validation-state

Syntax 
[no] compare-origin-validation-state
Context 
config>service>vprn>bgp>best-path-selection
Description 

When this command is configured, a new step is inserted in the BGP decision process after removal of invalid routes and before the comparison of Local Preference. This step compares the origin validation state so that a BGP route with a “Valid” state is preferred over a BGP route with a “Not-Found” state, and a BGP route with a “Not-Found” state is preferred over a BGP route with an ‘Invalid’ state assuming that these routes are considered usable.

This comparison only applies to BGP routes learned from VPRN BGP peers. It does not apply to any comparison involving BGP-VPN routes that have been imported into the VPRN.

This step is skipped when no compare-origin-validation-state is configured.

Default 

no compare-origin-validation-state

origin-invalid-unusable

Syntax 
[no] origin-invalid-unusable
Context 
config>service>vprn>bgp>best-path-selection
Description 

When this command is configured, all VPRN BGP routes that have an origin validation state of “Invalid” are considered unusable by the best path selection algorithm, meaning they are not used for forwarding, not advertised to BGP peers, and not eligible for export as a VPN-IP route.

With the default value, VPRN BGP routes with an origin validation state of “Invalid” are usable if they are selected.

Default 

no origin-invalid-unusable

enable-origin-validation

Syntax 
enable-origin-validation [ipv4] [ipv6] [label-ipv4]
no enable-origin-validation
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

When this command is added to the configuration of a group or neighbor, it causes every inbound IPv4, IPv6, and label-IPv4 route from that peer to be marked with one of the following origin validation states:

  1. Valid (0)
  2. Not-Found (1)
  3. Invalid (2)

By default (when no family parameter is present in the command) or when all the family options are specified, all unicast IPv4 (AFI1/SAFI1), label-IPv4 (AFI1/SAFI4), and unicast IPv6 (AFI2/SAFI1) routes are evaluated to determine their origin validation states. When only a subset of the family options are present, then only the corresponding address family routes are evaluated.

This command applies to all types of VPRN BGP peers, generally, it should only be applied to EBGP peers and groups that contain only EBGP peers.

The no form of this command disables the inspection of received routes from the peer to determine origin validation state.

Default 

no enable-origin-validation

Parameters 
ipv4—
Enables origin validation processing for unlabeled unicast IPv4 routes.
ipv6—
Enables origin validation processing for unlabeled unicast IPv6 routes.
label-ipv4—
Enables origin validation processing for labeled IPv4 routes.

bfd-enable

Syntax 
[no] bfd-enable
Context 
config>router>bgp
config>router>bgp>group
config>router>bgp>group>neighbor
Description 

This command enables the use of bi-directional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface.

The no form of this command removes BFD from the associated BGP protocol peering.

Default 

no bfd-enable

cluster

Syntax 
cluster cluster-id
no cluster
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the cluster ID for a route reflector server.

Route reflectors are used to reduce the number of IBGP sessions required within an AS. Normally, all BGP speakers within an AS must have a BGP peering with every other BGP speaker in an AS. A route reflector and its clients form a cluster. Peers that are not part of the cluster are considered to be non-clients.

When a route reflector receives a route, first it must select the best path from all the paths received. If the route was received from a non-client peer, then the route reflector sends the route to all clients in the cluster. If the route came from a client peer, the route reflector sends the route to all non-client peers and to all client peers except the originator.

For redundancy, a cluster can have multiple route reflectors.

Confederations can also be used to remove the full IBGP mesh requirement within an AS.

The no form of this command deletes the cluster ID and effectively disables the Route Reflection for the given group.

Default 

no cluster — No cluster ID is defined.

Parameters 
cluster-id—
The route reflector cluster ID is expressed in dot decimal notation.
Values—
Any 32 bit number in dot decimal notation. (0.0.0.1 to 255.255.255.255)

 

connect-retry

Syntax 
connect-retry seconds
no connect-retry
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP connect retry timer value in seconds.

When this timer expires, BGP tries to reconnect to the configured peer. This configuration parameter can be set at three levels: global level (applies to all peers), peer-group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

120 seconds

Parameters 
seconds—
Specifies the BGP connect retry timer value in seconds, expressed as a decimal integer.
Values—
1 to 65535

 

convergence

Syntax 
convergence
Context 
config>service>vprn>bgp
Description 

This command enables the context to configure route convergence delay.

family

Syntax 
family family
Context 
config>service>vprn>bgp>convergence
Description 

This command specifies the convergence family used for route convergence.

Parameters 
family—
Specifies the convergence family used for route convergence
Values—
ipv4, ipv6

 

max-wait-to-advertise

Syntax 
max-wait-to-advertise seconds
no max-wait-to-advertise
Context 
config>service>vprn>bgp>convergence>family
Description 

This command configures the maximum amount of time that BGP waits until it starts advertising IPv4-unicast or IPv6-unicast routes to its BGP peers. For IPv4-unicast routes, seconds is measured from the time when the first peer that supports the IPv4-unicast address family comes up. For IPv6-unicast routes seconds is measured from the time when the first peer that negotiates the IPv6-unicast address family comes up.

The time limit configured by this command should allow sufficient time for all important peers to re-establish their sessions with the restarting router and advertise their complete set of IPv4-unicast or IPv6-unicast routes (followed by the applicable End of RIB marker).

The no form of this command implements the default value, which is three times the value of the min-wait-to-advertise time limit.

Default 

no max-wait-to-advertise

Parameters 
seconds—
Specifies the maximum amount of time, in seconds, that BGP waits until IPv4-unicast or IPv6-unicast routes are advertised to peers.
Values—
0 to 3600

 

min-wait-to-advertise

Syntax 
min-wait-to-advertise seconds
no min-wait-to-advertise
Context 
config>service>vprn>bgp>convergence
Description 

This command configures the minimum amount of time that BGP waits, after the first session establishment following a restart of the BGP instance, until it can start advertising IPv4-unicast and IPv6-unicast routes to its BGP peers, to allow time for re-convergence.

The time limit configured by this command should allow sufficient time for all important peers to re-establish their sessions with the restarting router.

The no form of this command implements the default time limit of 0 seconds, which disables all forms of delayed route advertisement. In other words, it causes IPv4-unicast and IPv6-unicast routes to be re-advertised as soon as possible after BGP instance restart.

Default 

no min-wait-to-advertise

Parameters 
seconds—
Specifies the minimum amount of time, in seconds, that BGP waits until IPv4-unicast and IPv6-unicast routes can be advertised to peers.
Values—
0 to 3600

 

damp-peer-oscillations

Syntax 
damp-peer-oscillations [idle-hold-time initial-wait second-wait max-wait] [error-interval minutes]
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command controls how long a BGP peer session remains in the idle-state after some type of error causes the session to reset. In the idle state, BGP does not initiate or respond to attempts to establish a new session. Repeated errors that occur a short while after each session reset cause longer and longer hold times in the idle state. This command supports the DampPeerOscillations FSM behavior described in section 8.1 of RFC 4271, A Border Gateway Protocol 4 (BGP-4).

The default behavior, which applies when no damp-peer-oscillations is configured, is to immediately transition out of the idle-state after every reset.

Default 

no damp-peer-oscillations

Parameters 
initial-wait—
Specifies the amount of time, in minutes, that a session remains in the idle-state after it has been stable for a while.
Values—
0 to 2048

 

Default—
0
second-wait—
Specifies the period of time, in minutes, that is doubled after each repeated session failure that occurs within a relatively short span of time.
Values—
0 to 2048

 

Default—
5
max-wait—
Specifies the maximum amount of time, in minutes, that a session remains in the idle-state after it has experienced repeated instability.
Values—
0 to 2048

 

Default—
60
minutes —
Specifies the interval of time, in minutes after a session reset, during which the session must be error-free in order to reset the penalty counter and return to idle-hold-time to initial-wait.
Values—
0 to 2048

 

Default—
30

damping

Syntax 
[no] damping
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables BGP route damping for learned routes which are defined within the route policy. Use damping to reduce the number of update messages sent between BGP peers and reduce the load on peers without affecting the route convergence time for stable routes. Damping parameters are set via route policy definition.

The no form of this command used at the global level disables route damping.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

When damping is enabled and the route policy does not specify a damping profile, the default damping profile is used. This profile is always present and consists of the following parameters:

Half-life: 15 minutes

Max-suppress: 60 minutes

Suppress-threshold: 3000

Reuse-threshold: 750

Default 

no damping — Learned route damping is disabled.

default-label-preference

Syntax 
default-label-preference [ebgp ebgp label preference] [ibgp ibgp label preference]
no default-label-preference
Context 
config>router>bgp
config>router>bgp>group
config>router>bgp>group>neighbor
Description 

This command specifies a route-table preference value to use for EBGP or IBGP routes carrying labeled-unicast prefixes and received from peers covered by the context of the command. Route-table preference comes into play when the route-table has multiple routes for the same IP prefix. In this case the route with the numerically lowest preference value is usually the route that is activated and installed into the IP FIB. By default all BGP routes have a route-table preference value of 170.

This command overrides the preference value assigned by the label-preference command; that other command does not distinguish between EBGP and IBGP routes. Overriding happens even when the default-label-preference value is inherited from a higher level of configuration and competes with an explicitly configured label-preference value at a lower level of configuration in the BGP hierarchy.

Note:

The preference value assigned by the default-label-preference command can always be overwritten by a route policy entry that accepts the route with a preference command in the action.

The no form of the command lets BGP route-table preference for labeled-unicast routes to be controlled by other means.

Default 

no default-label-preference

Parameters 
ebgp label preference—
Specifies the EBGP default preference label value.
Values—
0 to 255

 

ibgp label preference—
Specifies the IBGP default preference label value.
Values—
0 to 255

 

default-preference

Syntax 
default-preference [ebgp ebgp preference] [ibgp ibgp preference]
no default-preference
Context 
config>router>bgp
config>router>bgp>group
config>router>bgp>group>neighbor
Description 

This command specifies a route-table preference value to use for EBGP or IBGP routes carrying unlabeled prefixes and received from peers covered by the context of the command. Route-table preference comes into play when the route-table has multiple routes for the same IP prefix. In this case, the route with the numerically lowest preference value is usually the route that is activated and installed into the IP FIB. By default all BGP routes have a route-table preference value of 170.

This command overrides the preference value assigned by the preference command; that other command does not distinguish between EBGP and IBGP routes. Overriding happens even when the default-preference value is inherited from a higher level of configuration and competes with an explicitly configured preference value at a lower level of configuration in the BGP hierarchy.

Note:

The preference value assigned by the default-preference command can always be overwritten by a route policy entry that accepts the route with a preference command in the action.

The no form of the command lets BGP route-table preference to be controlled by other means.

Default 

no default-preference

Parameters 
ebgp preference—
Specifies the EBGP default preference value.
Values—
0 to 255

 

ibgp preference—
Specifies the IBGP default preference value.
Values—
0 to 255

 

disable-4byte-asn

Syntax 
[no] disable-4byte-asn
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command disables the use of 4-byte ASNs. It can be configured at all 3 level of the hierarchy so it can be specified down to the per peer basis.

If this command is enabled 4-byte ASN support should not be negotiated with the associated remote peer(s).

The no form of this command resets the behavior to the default which is to enable the use of 4-byte ASN.

disable-capability-negotiation

Syntax 
[no] disable-capability-negotiation
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command disables the exchange of capabilities. When command is enabled and after the peering is flapped, any new capabilities are not negotiated and strictly supports IPv4 routing exchanges with that peer.

The no form of this command removes this command from the configuration and restores the normal behavior.

Default 

no disable-capability-negotiation

disable-client-reflect

Syntax 
[no] disable-client-reflect
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command disables the reflection of routes by the route reflector to the group or neighbor. This only disables the reflection of routes from other client peers. Routes learned from non-client peers are still reflected to all clients.

The no form re-enables client reflection of routes.

Default 

no disable-client-reflect

disable-communities

Syntax 
disable-communities [standard] [extended] [large]
no disable-communities
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures BGP to disable sending standard, extended, or large communities to specific peers.

By default, all communities that are attached to a BGP route (any address family) are not stripped from the route when it is advertised to any type of peer: IBGP, EBGP or confed-EBGP.

Default 

no disable-communities

Parameters 
standard—
Specifies that standard 4-byte communities should be removed.
extended—
Specifies that 8-byte extended communities (of all types) should be removed.
large—
Specifies that 12-byte large communities should be removed.

disable-fast-external-failover

Syntax 
[no] disable-fast-external-failover
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures BGP fast external failover.

dynamic-neighbor-limit

Syntax 
dynamic-neighbor-limit peers
no dynamic-neighbor-limit
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
Description 

This command configures the maximum number of dynamic BGP sessions that are accepted from remote peers associated with the entire BGP instance or a specific peer group. If accepting a new dynamic session would cause either the group limit or the instance limit to be exceeded, then the new session attempt is rejected and a Notification message is sent back to the remote peer.

The no form of this command removes the limit on the number of dynamic sessions.

Default 

no dynamic-neighbor-limit

Parameters 
peers—
Specifies the maximum number of dynamic BGP sessions.
Values—
1 to 8192

 

ebgp-default-reject-policy

Syntax 
ebgp-default-reject-policy [import] [export]
no ebgp-default-reject-policy
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the default import and export policy behavior for EBGP neighbors.

The no form of this command removes the default import and export policy behavior.

Default 

no ebgp-default-reject-policy

Parameters 
import—
Specifies the default reject import policy for EBGP neighbors.
export—
Specifies the default reject export policy for EBGP neighbors.

enable-origin-validation

Syntax 
enable-origin-validation [ipv4] [ipv6] [label-ipv4]
no enable-origin-validation
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

When the enable-origin-validation command is added to the configuration of a group or neighbor, it causes every inbound IPv4, IPv6, and label-IPv4 route from that peer to be marked with one of the three following origin validation states:

  1. Valid (0)
  2. Not-Found (1)
  3. Invalid (2)

By default (when no family parameter is present in the command) or when all the family options are specified, all unicast IPv4 (AFI1/SAFI1), label-IPv4 (AFI1/SAFI4) and unicast IPv6 (AFI2/SAFI1) routes are evaluated to determine their origin validation states. Only when a subset of the family options are present, the corresponding address family routes are evaluated.

The enable-origin-validation command applies to all types of VPRN BGP peers, but generally, it should only be applied to EBGP peers and groups that contain only EBGP peers.

The no form of the command disables the inspection of received routes from the peer to determine origin validation state.

Default 

no enable-origin-validation

Parameters 
ipv4—
Enables origin validation processing for unlabeled unicast IPv4 routes.
ipv6—
Enables origin validation processing for unlabeled unicast IPv6 routes.
label-ipv4—
Enables origin validation processing for labeled IPv4 routes.

dynamic-neighbor

Syntax 
dynamic-neighbor
Context 
config>service>vprn>bgp>group
Description 

This command enters the context to configure dynamic BGP sessions for a peer group.

match

Syntax 
match
Context 
config>service>vprn>bgp>group>dynamic-neighbor
Description 

This command configures match conditions for the dynamic neighbors.

prefix

Syntax 
[no] prefix ip-prefix/prefix-length
Context 
config>service>vprn>bgp>group>dynamic-neighbor>match
Description 

This command configures a prefix to accept dynamic BGP sessions (sessions from source IP addresses not matching any configured neighbor addresses). A dynamic session is associated with the group having the longest match prefix entry for the source IP address of the peer. The group association determines local parameters that apply to the session, including the local AS, the local IP address, the MP-BGP families, the import and export policies, and so on.

The no form of this command removes a prefix entry.

Parameters 
ip-prefix/prefix-length—
Specifies a prefix from which to accept dynamic BGP sessions.
Values—
ipv4-prefix — a.b.c.d (host bits must be 0)
ipv4-prefix-length — 0 to 32
ipv6-prefix — x:x:x:x:x:x:x:x (eight 16-bit pieces)
                        x:x:x:x:x:x:d.d.d.d
                        x — [0 to FFFF]H
                        d — [0 to 255]D
ipv6-prefix-length — 0 to 128

 

allowed-peer-as

Syntax 
[no] allowed-peer-as min-as-number [max max-as-number]
Context 
config>service>vprn>bgp>group>dynamic-neighbor>match>prefix
Description 

This command configures a single peer AS value or a contiguous range of peer AS values to associate with a prefix from which dynamic BGP sessions can be accepted.

If an incoming dynamic BGP session is associated with the prefix then the peer’s AS, as reported in the OPEN message, is checked against the list of allowed-peer-as values. If the peer AS is not contained in one of the allowed-peer-as commands, then the connection is rejected with a Bad_Peer_AS error. If there is no allowed-peer-as configuration in the matched prefix, then the ASN in the peer’s OPEN message, is checked against the group level peer-as.

The no form of this command removes an allowed-peer-as entry.

Default 

no allowed-peer-as

Parameters 
min-as-number—
Specifies an allowed peer AS value as well as the start of an allowed range if the max-as-number value is also configured.
Values—
1 to 4294967295

 

max-as-number—
Specifies the end of an allowed range.
Values—
1 to 4294967295

 

eibgp-loadbalance

Syntax 
[no] eibgp-loadbalance
Context 
config>service>vprn>bgp
Description 

This command enables eiBGP load sharing so routes with both MP-BGP and IPv4 next-hops can be used simultaneously.

In order for this command to be effective, the ecmp and multipath commands for the associated VPRN instance must also be configured to allow for multiple routes to the same destination.

The no form of this command used at the global level reverts to default values.

Default 

no eibgp-loadbalance

enable-bgp-vpn-backup

Syntax 
enable-bgp-vpn-backup [ipv4] [ipv6]
no enable-bgp-vpn-backup
Context 
config>service>vprn
Description 

This command allows BGP-VPN routes imported into the VPRN to be used as backup paths for IPv4 and/or IPv6 BGP-learned prefixes.

Parameters 
ipv4—
Allows BGP-VPN routes to be used as backup paths for IPv4 prefixes.
ipv6—
Allows BGP-VPN routes to be used as backup paths for IPv6 prefixes.

enable-peer-tracking

Syntax 
[no] enable-peer-tracking
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables BGP peer tracking.

Default 

no enable-peer-tracking

graceful-restart

Syntax 
[no] graceful-restart
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables BGP graceful restart helper procedures (the “receiving router” role defined in the standard) for address families included in the GR capabilities of both peers. In a VPRN, SR OS can support GR helper functionality for IPv4, IPv6, label-ipv4, flow-ipv4 (IPv4 FlowSpec) and flow-ipv6 (IPv6 FlowSpec) routes.

When a neighbor covered by the GR helper mode restarts its control plane, forwarding can continue uninterrupted while the session is re-established and routes are re-learned.

The no form of this command disables graceful restart.

enable-notification

Syntax 
enable-notification
no enable-notification
Context 
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description 

When this command is present, the graceful restart capability sent by this router indicates support for NOTIFICATION messages. If the peer also supports this capability then the session can be restarted gracefully (while preserving forwarding) if either peer needs to sends a NOTIFICATION message due to some type of event or error.

Default 

no enable-notification

long-lived

Syntax 
[no] long-lived
Context 
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description 

This command enables the context to configure BGP Long-Lived Graceful-Restart (LLGR) procedures.

LLGR, known informally as BGP persistence, is an extension of BGP graceful restart that allows a session to stay down for a longer period of time. During this time, learned routes are marked and re-advertised as stale but they can continue to be used as routes of last resort.

The LLGR handling of a session failure can be invoked immediately or it can be delayed until the end of the traditional GR restart window.

Default 

no long-lived

advertise-stale-to-all-neighbors

Syntax 
advertise-stale-to-all-neighbors [without-no-export]
no advertise-stale-to-all-neighbors
Context 
config>service>vprn>bgp>graceful-restart>long-lived
config>service>vprn>bgp>group>graceful-restart>long-lived
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived
Description 

This command allows BGP routes marked as LLGR stale to be advertised to BGP peers that did not advertise the LLGR capability when the session was opened. The no version of this command causes advertisement behavior to follow the rule that stale routes cannot be advertised to a peer that does not understand or implement the LLGR capability. Stale routes are withdrawn towards such peers.

When this command is configured with the without-no-export option, LLGR stales routes can be advertised to any peer (EBGP or IBGP) that did not signal the LLGR capability. Towards IBGP and confederation-EBGP peers that did not advertise the LLGR capability, the LOCAL_PREFERENCE attribute in the advertised stale routes is automatically set to zero.

When this command is configured without the without-no-export option, LLGR stale routes are not advertised to any EBGP peer that did not signal the LLGR capability. Towards IBGP and confederation-EBGP peers that did not advertise the LLGR capability the LOCAL_PREFERENCE attribute in the advertised stale routes is automatically set to zero and a NO_EXPORT standard community is automatically added to the routes.

Default 

no advertise-stale-to-all-neighbors

Parameters 
without-no-export—
Allows LLGR stale routes to be advertised to all peers, such that they can exit the local AS.

advertised-stale-time

Syntax 
advertised-stale-time seconds
no advertised-stale-time
Context 
config>service>vprn>bgp>graceful-restart>long-lived
config>service>vprn>bgp>graceful-restart>long-lived>family
config>service>vprn>bgp>group>graceful-restart>long-lived
config>service>vprn>bgp>group>graceful-restart>long-lived>family
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived>family
Description 

This command sets the value of the long-lived stale time that is advertised by the router in its LLGR capability. When configured in the long-lived configuration context, advertised-stale-time applies to all AFI/SAFI in the advertised LLGR capability except for any AFI/SAFI with a family-specific override. A family-specific override is configured with the advertised-stale-time command in a family context.

The no version of this command sets the advertised-stale-time value to 24 hours (86400 seconds).

Default 

no advertised-stale-time

Parameters 
seconds—
Specifies the advertised long-lived stale time in seconds.
Values—
0 to 16777215

 

family

Syntax 
[no] family {ipv4 | ipv6 | label-ipv4 | flow-ipv4 | flow-ipv6}
Context 
config>service>vprn>bgp>graceful-restart>long-lived
config>service>vprn>bgp>group>graceful-restart>long-lived
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived
Description 

This command configures family-specific LLGR parameters for BGP peers.

Default 

no family

Parameters 
ipv4—
Specifies the IPv4 family.
ipv6—
Specifies the IPv6 family.
label-ipv4—
Specifies the label IPv4 family.
flow-ipv4—
Specifies the flow IPv4 family.
flow-ipv6—
Specifies the flow IPv6 family.

helper-override-stale-time

Syntax 
helper-override-stale-time seconds
no helper-override-stale-time
Context 
config>service>vprn>bgp>graceful-restart>long-lived
config>service>vprn>bgp>graceful-restart>long-lived>family
config>service>vprn>bgp>group>graceful-restart>long-lived
config>service>vprn>bgp>group>graceful-restart>long-lived>family
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived>family
Description 

This command overrides the LLGR stale-time advertised by a peer (in its LLGR capability) with a locally-configured value. When configured in the long-lived configuration context, helper-override-stale-time applies to all AFI/SAFI in the advertised LLGR capability except for any AFI/SAFI with a family-specific override. A family-specific override is configured with the helper-override-stale-time command in a family context.

By default, the LLGR stale-time for an AFI/SAFI is the value signaled by the peer in the corresponding AFI/SAFI part of the LLGR capability.

Default 

no helper-override-stale-time

Parameters 
seconds—
Specifies the locally imposed LLGR stale time in seconds.
Values—
0 to 16777215

 

forwarding-bits-set

Syntax 
forwarding-bits-set {all | non-fwd}
no forwarding-bits-set
Context 
config>service>vprn>bgp>graceful-restart>long-lived
config>service>vprn>bgp>group>graceful-restart>long-lived
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived
Description 

This command determines the setting of the F bits in the GR and LLGR capabilities advertised by the router. When the F bit is set for an AFI/SAFI, it indicates that the advertising router was able to preserve forwarding state for the routes of that AFI/SAFI across the last restart. If a router restarts and does not set F=1, then when the session with a peer is re-established, the peer immediately deletes all LLGR stale routes it was preserving on behalf of the restarting router for the corresponding AFI/SAFI.

This command allows the F bits for all advertised AFI/SAFI to be set to 1, or only the F bits for non-forwarding AFI/SAFI to be set to 1. Non-forwarding AFI/SAFI are the following configuration-related address families: L2-VPN, route-target, flow-IPv4, and flow-IPv6.

Default 

no forwarding-bits-set

Parameters 
all—
Specifies that the F bit for all AFI/SAFI should be set to 1.
non-fwd—
Specifies that the F bit for only non-forwarding AFI/SAFI should be set to 1. These AFI/SAFI correspond to the following families: L2-VPN, route-target, flow-IPv4, and flow-IPv6.

helper-override-restart-time

Syntax 
helper-override-restart-time seconds
no helper-override-restart-time
Context 
config>service>vprn>bgp>graceful-restart>long-lived
config>service>vprn>bgp>group>graceful-restart>long-lived
config>service>vprn>bgp>group>neighbor>graceful-restart>long-lived
Description 

This command overrides the restart-time advertised by a peer (in its GR capability) with a locally-configured value. This override applies only to AFI/SAFI that were included in the GR capability of the peer. The restart-time is always zero for AFI/SAFI not included in the GR capability. This command is useful if the local router wants to force LLGR phase to begin after a set time for all protected AFI/SAFI.

By default, the restart time for all AFI/SAFI in the GR capability is the value signaled by the peer.

Default 

no helper-override-restart-time

Parameters 
seconds—
The locally-imposed restart time for all AFI/SAFI included in the peer’s GR capability.
Values—
0 to 4095

 

restart-time

Syntax 
restart-time seconds
no restart-time
Context 
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description 

This command sets the value of the restart-time that is advertised in the router’s graceful-restart capability. If this command is not configured, the default is 300.

Default 

no restart-time

Parameters 
seconds—
Specifies the restart-time that is advertised in the router’s graceful-restart capability.
Values—
0 to 4095 seconds

 

Default—
300

stale-routes-time

Syntax 
[no] stale-routes-time time
Context 
config>service>vprn>bgp>graceful-restart
config>service>vprn>bgp>group>graceful-restart
config>service>vprn>bgp>group>neighbor>graceful-restart
Description 

This command configures the time period to keep stale routes before the END-OF-RIB message is received from the restarting router.

Default 

360 seconds

Parameters 
time—
1 to 3600 seconds

enforce-first-as

Syntax 
enforce-first-as
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

When this command is configured so that it applies to an EBGP session, all routes (belonging to all address families) that are received from the EBGP peer are checked to ensure that the most recent autonomous system number (ASN) in the AS_PATH attribute of each route matches the configured peer-as of the session; if it does not match, then either the session is reset (if update-fault-tolerance is not enabled) or the session is left up but the route is treated as withdrawn (if update-fault-tolerance is enabled).

Enabling or disabling this command on a session that is already up does not flap the session. When enforce-first-as is enabled, previously received routes are not checked for compliance with the rule. Enforcement applies only to routes received after the command is enabled and stops when the command is disabled.

error-handling

Syntax 
error-handling
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command specifies whether the error handling mechanism for optional transitive path attributes is enabled for this peer group.

update-fault-tolerance

Syntax 
[no] update-fault-tolerance
Context 
config>service>vprn>bgp>error-handling
config>service>vprn>bgp>group>error-handling
config>service>vprn>bgp>group>neighbor>error-handling
Description 

This command enables treat-as-withdraw and other similarly non-disruptive approaches for handling a wide range of UPDATE message errors, as long as there are no length errors that prevent all of the NLRI fields from being correctly identified and parsed.

Default 

no update-fault-tolerance

export

Syntax 
export plcy-or-long-expr [plcy-or-expr]
no export
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command is used to specify route policies that control how outbound routes transmitted to certain peers are handled. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used.

The export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the export command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple export commands are issued, the last command entered overrides the previous command.

When an export policy is not specified, BGP-learned routes are advertised by default; non-BGP routes are not advertised.

The no form of this command removes the policy association.

Default 

no export

Parameters 
plcy-or-long-expr—
Specifies the route policy name, up to 64 characters in length, or a policy logical expression, up to 255 characters in length.
plcy-or-expr—
Specifies the route policy name, up to 64 characters in length, or a policy logical expression, up to 255 characters in length.

extended-nh-encoding

Syntax 
extended-nh-encoding [ipv4]
no extended-nh-encoding
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures BGP to advertise (at session OPEN) the capability to receive IPv4 routes with IPv6 next-hops from the VPRN BGP peers included in the scope of the command. These peers should not send these routes unless they receive the capability. If the SR OS router receives an IPv4 route from a peer to which it did not advertise the necessary capability, the UPDATE message will be considered malformed and causes either a session reset or treat as withdraw behavior depending on the error handling settings.

The no form of this command causes the sending of an extended NH encoding BGP capability to the associated BGP peers to be inherited from a higher configuration level or disabled (if configured at the BGP level).

Default 

no extended-nh-encoding

Parameters 
ipv4—
Specifies that the command should be applied to unlabeled unicast IPv4 routes.

family

Syntax 
family [ipv4] [label-ipv4] [ipv6] [mcast-ipv4] [flow-ipv4] [mcast-ipv6] [flow-ipv6]
no family
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the set of BGP address families (AFI plus SAFI) to be supported by the applicable VPRN BGP sessions.

The no form of this command restores the default, which corresponds to unlabeled IPv4 unicast routes (AFI 1, SAFI 1) only.

Default 

family ipv4

Parameters 
ipv4—
Adds support for the IPv4 unicast (unlabeled) address family.
label-ipv4—
Adds support for the IPv4 unicast (labeled) address family.
ipv6—
Adds support for the IPv6 unicast (unlabeled) address family.
mcast-ipv4—
Adds support for the IPv4 multicast SAFI address family.
flow-ipv4—
Adds support for the IPv4 FlowSpec address family.
mcast-ipv6—
Adds support for the IPv6 multicast SAFI address family.
flow-ipv6—
Adds support for the IPv6 FlowSpec address family.

flowspec

Syntax 
flowspec
Context 
config>service>vprn>bgp
Description 

The context to enable and disable FlowSpec validations.

validate-dest-prefix

Syntax 
validate-dest-prefix
no validate-dest-prefix
Context 
config>service>vprn>bgp>flowspec
Description 

This command enables or disables validation of received IPv4 and IPv6 FlowSpec routes that contain a destination-prefix subcomponent.

A FlowSpec route with a destination-prefix subcomponent is considered invalid if both of the following are true:

  1. it was originated outside the local AS of the receiving BGP router
  2. the neighbor AS of the FlowSpec route does not match the neighbor AS of the best match BGP (unicast) route for the destination prefix or the neighbor AS of any longer match BGP (unicast) route for the destination prefix

An invalid route is retained in the BGP but it is not used for filtering traffic or propagated to other BGP routers.

The no form of this command disables the validation procedure based on destination-prefix.

Default 

no validate-dest-prefix

validate-redirect-ip

Syntax 
validate-redirect-ip
no validate-redirect-ip
Context 
config>service>vprn>bgp>flowspec
Description 

This command enables procedures to validate the redirect-to-IPv4 action attached to FlowSpec-IPv4 routes received by the BGP instance.

The SR OS FlowSpec implementation supports the redirect-to-IPv4 action encoded as an IPv4-address-specific BGP extended community.

When this command is configured, a FlowSpec-IPv4 route is considered invalid and not installed as a filter rule if the FlowSpec-IPv4 route is deemed to have originated in a different AS than the IP route that resolves the redirection IPv4 address. The originating AS of a flow-spec route is determined from its AS path.

The no form of this command disables the check described above.

Default 

no validate-redirect-ip

group

Syntax 
group name [esm-dynamic-peer]
no group name
Context 
config>service>vprn>bgp
Description 

This command creates a context to configure a BGP peer group.

The no form of this command deletes the specified peer group and all configurations associated with the peer group. The group must be shut down before it can be deleted.

Parameters 
name —
Specifies the peer group name. Allowed values is a string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
esm-dynamic-peer —
Specifies that the given BGP group is used by BGP peers created dynamically based on subscriber-hosts pointing to corresponding BGP peering policy. There can be only one BGP group with this flag set in any given VPRN. No BGP neighbors can be manually configured in a BGP group with this flag set.
Default—
disabled

neighbor

Syntax 
[no] neighbor ip-address
Context 
config>service>vprn>bgp>group
Description 

This command creates a BGP peer/neighbor instance within the context of the BGP group.

This command can be issued repeatedly to create multiple peers and their associated configuration.

The no form of this command is used to remove the specified neighbor and the entire configuration associated with the neighbor. The neighbor must be administratively shutdown before attempting to delete it. If the neighbor is not shut down, the command will not result in any action except a warning message on the console indicating that neighbor is still administratively up.

Parameters 
ip-address—
The IP address of the BGP peer router in dotted decimal notation.
Values—

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR only.

 

family

Syntax 
family [ipv4] [ipv6] [mcast-ipv4]
no family
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command specifies the address family or families to be supported over BGP peerings in the base router. This command is additive so issuing the family command adds the specified address family to the list.

The no form of this command removes the specified address family from the associated BGP peerings. If an address family is not specified, then reset the supported address family back to the default.

Default 

family ipv4

Parameters 
ipv4—
Provisions support for IPv4 routing information.
ipv6—
Exchange IPv6 routing information (applies to the 7750 SR only).
mcast-ipv4 —
Provisions Multicast IPv4 support.

hold-time

Syntax 
hold-time seconds [min seconds2]
no hold-time
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP hold time, expressed in seconds.

The BGP hold time specifies the maximum time BGP waits between successive messages (either keepalive or update) from its peer, before closing the connection. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in group) or neighbor level (only applies to specified peer). The most specific value is used.

Even though the router OS implementation allows setting the keepalive time separately, the configured keepalive timer is overridden by the hold-time value under the following circumstances:

  1. If the specified hold-time is less than the configured keepalive time, then the operational keepalive time is set to a third of the hold-time; the configured keepalive time is not changed.
  2. If the hold-time is set to zero, then the operational value of the keepalive time is set to zero; the configured keepalive time is not changed. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

hold-time 90

Parameters 
seconds—
Specifies the hold-time, in seconds, expressed as a decimal integer. A value of 0 indicates the connection to the peer is up permanently.
Values—
0, 3 to 65535

 

seconds2
Specifies the minimum hold-time that is accepted for the session. If the peer proposes a hold-time lower than this value the session attempt is rejected.

ibgp-multipath

Syntax 
[no] ibgp-multipath
Context 
config>service>vprn>bgp
Description 

This command defines the type of IBGP multipath to use when adding BGP routes to the route table if the route resolving the BGP nexthop offers multiple next-hops.

The no form of this command disables the IBGP multipath load balancing feature.

import

Syntax 
import plcy-or-long-expr [plcy-or-expr]
no import
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command is used to specify route policies that control the handling of inbound routes received from certain peers. Route policies are configured in the config>router>policy-options context.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in a peer-group) or neighbor level (only applies to the specified peer). The most specific level is used

The import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine the modifications of each route and the final action to accept or reject the route.

Only one of the 15 objects referenced by the import command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple import commands are issued, the last command entered overrides the previous command.

When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association.

Default 

no import

Parameters 
plcy-or-long-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).
plcy-or-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

initial-send-delay-zero

Syntax 
[no] initial-send-delay-zero
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures BGP to send UPDATE messages announcing reachability information to a peer or set of peers immediately after the sessions come up (become established) with these peers.

The default behavior, provided by the no form of this command, is to wait for min-route-advertisement time after each session is established before sending the first set of UPDATE messages.

keepalive

Syntax 
keepalive seconds
no keepalive
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the BGP keepalive timer. A keepalive message is sent every time this timer expires. The seconds parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The keepalive value is generally one-third of the hold-time interval. Even though the OS implementation allows the keepalive value and the hold-time interval to be independently set, under the following circumstances, the configured keepalive value is overridden by the hold-time value:

If the specified keepalive value is greater than the configured hold-time, then the specified value is ignored, and the keepalive is set to one third of the current hold-time value.

If the specified hold-time interval is less than the configured hold-time value, then the keepalive value is reset to one third of the specified hold-time interval.

If the hold-time interval is set to zero, then the configured value of the keepalive value is ignored. This means that the connection with the peer is up permanently and no keepalive packets are sent to the peer.

The no form of this command used at the global level reverts to the default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

keepalive 30

Parameters 
seconds—
The keepalive timer in seconds, expressed as a decimal integer.
Values—
0 to 21845

 

label-preference

Syntax 
label-preference value
no label-preference
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the route preference for routes learned from labeled-unicast peers.

This command can be configured at three levels:

  1. Global level — applies to all peers
  2. Group level — applies to all peers in the peer-group
  3. Neighbor level — applies only to the specified peer

The most specific value is used.

The lower the preference, the higher the chance of the route being the active route.

The no form of this command used at the global level reverts to the default value of 170.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no label-preference

Parameters 
value—
Specifies the route preference value.
Values—
1 to 255

 

link-bandwidth

Syntax 
link-bandwidth
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables the configuration context for handling the link-bandwidth extended community attached to specific BGP routes.

When all used multipaths of an IP prefix correspond to BGP routes with a link-bandwidth extended community, the datapath is programmed to do weighted ECMP across the BGP next-hops in proportion to the bandwidth values.

accept-from-ebgp

Syntax 
accept-from-ebgp family [family]
no accept-from-ebgp
Context 
config>service>vprn>bgp>group>link-bandwidth
config>service>vprn>bgp>group>neighbor>link-bandwidth
Description 

This command configures BGP to accept and use the link-bandwidth extended community attached to any route received from any EBGP peer in the scope of the command, as long as that route belongs to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to three families may be configured.

The no form of this command restores the default behavior of discarding the link-bandwidth extended community in any route received from an EBGP peer.

Default 

no accept-from-ebgp

Parameters 
family—
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Values—
ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.
label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.
ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

 

add-to-received-ebgp

Syntax 
add-to-received-ebgp family [family]
no add-to-received-ebgp
Context 
config>service>vprn>bgp>group>link-bandwidth
config>service>vprn>bgp>group>neighbor>link-bandwidth
Description 

This command configures BGP to automatically add a link-bandwidth extended community to every route received from a directly connected (single-hop) EBGP peer within the scope of the command, as long as that route belongs to one of the listed address families.

The link-bandwidth extended community added by this command encodes the local-AS number of receiving BGP instance and the bandwidth of the interface to the directly connected EBGP peer.

Up to three families may be configured.

The no form of this command removes the link-bandwidth extended community added to received BGP routes.

Default 

no add-to-received-ebgp

Parameters 
family—
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Values—
ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.
label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.
ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

 

aggregate-used-paths

Syntax 
aggregate-used-paths family [family]
no aggregate-used-paths
Context 
config>service>vprn>bgp>group>link-bandwidth
config>service>vprn>bgp>group>neighbor>link-bandwidth
Description 

This command configures BGP to aggregate the bandwidth values from the link-bandwidth extended communities of the used multipaths towards an IP prefix when it is re-advertising a route with next-hop-self towards peers within the scope of the command, as long as the route belongs to one of the listed address families.

Aggregation is not supported unless all of the used multipaths (up to the configured ECMP limit) correspond to received BGP routes with a link-bandwidth extended community. If add-path is also enabled toward the peer, then all of the add-paths advertised to the peer encode the aggregated bandwidth in a link-bandwidth extended community.

Up to three families may be configured.

The no form of this command disables aggregation in a next-hop-self scenario and the link-bandwidth extended community in the advertised route is a copy of the link-bandwidth extended community in the received route (which may have been added by import policy or by the effect of the add-to-received-ebgp command).

Default 

no aggregate-used-paths

Parameters 
family—
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Values—
ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.
label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.
ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

 

send-to-ebgp

Syntax 
send-to-ebgp family [family]
no send-to-ebgp
Context 
config>service>vprn>bgp>group>link-bandwidth
config>service>vprn>bgp>group>neighbor>link-bandwidth
Description 

This command configures BGP to allow link-bandwidth extended community to be sent in routes advertised to EBGP peers in the scope of the command, as long the routes belong to one of the listed address families.

The link-bandwidth extended community is encoded as a non-transitive type. This means that by default it should not be attached to any route advertised to an EBGP peer and it should be discarded when received in any route from an EBGP peer. This command overrides the standard behavior.

Up to three families may be configured.

The no form of this command restores the default behavior of stripping the link-bandwidth extended community from any route advertised to an EBGP peer.

Default 

no send-to-ebgp

Parameters 
family—
Specifies the address families for which receiving the link-bandwidth extended community from EBGP peers should be supported.
Values—
ipv4 — Adds a link-bandwidth extended community to unlabeled unicast IPv4 routes.
label-ipv4 — Adds a link-bandwidth extended community to labeled-unicast IPv4 routes.
ipv6 — Adds a link-bandwidth extended community to unlabeled unicast IPv6 routes.

 

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

Configures the local IP address used by the group or neighbor when communicating with BGP peers.

Outgoing connections use the local-address as the source of the TCP connection when initiating connections with a peer.

When a local address is not specified, the OS uses the system IP address when communicating with IBGP peers and uses the interface address for directly connected EBGP peers. This command is used at the neighbor level to revert to the value defined under the group level.

The no form of this command removes the configured local-address for BGP.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Parameters 
no local-address —
The router ID is used when communicating with IBGP peers and the interface address is used for directly connected EBGP peers.
ip-address—
The local address expressed in dotted decimal notation. Allowed values are a valid routable IP address on the router, either an interface or system IP address.

local-as

Syntax 
local-as as-number [private] [no-prepend-global-as]
no local-as
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures a BGP virtual autonomous system (AS) number.

In addition to the global AS number configured for BGP in the config>router>autonomous-system context, a virtual (local) AS number can be configured to support various AS number migration scenarios. The local AS number is added to the to the beginning the as-path attribute ahead of the router’s AS number.

This configuration parameter can be set at three levels: global level (applies to all EBGP peers), group level (applies to all EBGP peers in peer-group) or neighbor level (only applies to EBGP specified peer). Thus, by specifying this at each neighbor level, it is possible to have a separate local-as per EBGP session. The local-as command is not supported for IBGP sessions. When the optional private keyword is specified in the command the local-as number is not added to inbound routes from the EBGP peer that has local-as in effect.

When a command is entered multiple times for the same AS, the last command entered is used in the configuration. The private attribute can be added or removed dynamically by reissuing the command.

Changing the local AS at the global level in an active BGP instance causes the BGP instance to restart with the new local AS number. Changing the local AS at the global level in an active BGP instance causes BGP to re-establish the peer relationships with all peers in the group with the new local AS number. Changing the local AS at the neighbor level in an active BGP instance causes BGP to re-establish the peer relationship with the new local AS number.

This is an optional command and can be used in the following circumstance:

Provider router P is moved from AS1 to AS2. The customer router that is connected to P, however, is configured to belong to AS1. To avoid reconfiguring the customer router, the local-as value on router P can be set to AS1. Thus, router P adds AS1 to the as-path message for routes it advertises to the customer router.

The no form of this command used at the global level removes any virtual AS number configured.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no local-as

Parameters 
as-number—
The virtual autonomous system number, expressed as a decimal integer.
Values—
1 to 65535

 

private—
Specifies the local-as is hidden in paths learned from the peering.
no-prepend-global-as—
Specifies that the global-as is hidden in paths announced to the EBGP peer.

local-preference

Syntax 
local-preference local-preference
no local-preference
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables setting the BGP local-preference attribute in incoming routes if not specified and configures the default value for the attribute. This value is used if the BGP route arrives from a BGP peer without the local-preference integer set.

The specified value can be overridden by any value set via a route policy. This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of this command at the global level specifies that incoming routes with local-preference set are not overridden and routes arriving without local-preference set are interpreted as if the route had local-preference value of 100.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no local-preference - Does not override the local-preference value set in arriving routes and analyze routes without local preference with value of 100.

Parameters 
local-preference—
The local preference value to be used as the override value, expressed as a decimal integer.
Values—
0 to 4294967295

 

loop-detect

Syntax 
loop-detect {drop-peer | discard-route | ignore-loop | off}
no loop-detect
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures how the BGP peer session handles loop detection in the AS path.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

Dynamic configuration changes of loop-detect are not recognized.

The no form of this command used at the global level reverts to default, which is loop-detect ignore-loop.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

loop-detect ignore-loop

Parameters 
drop-peer—
Sends a notification to the remote peer and drops the session.
discard-route—
Discards routes received with loops in the AS path.
ignore-loop—
ignores routes with loops in the AS path but maintains peering.
off—
Disables loop detection.

loop-detect-threshold

Syntax 
loop-detect-threshold loop-detect-threshold
no loop-detect-threshold
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command provides additional control over the behavior enabled by the loop-detect command. If this command specifies a threshold value of n, then a route received by the local BGP speaker with an AS path that contains up to n occurrences of the local speaker's AS number is considered valid and not treated as an AS path loop. An AS loop is considered to occur only when the received AS path has more than n occurrences of the local speaker's AS number.

The no form of this command removes the configuration and sets the value to 0. One or more occurrence of the local speaker's AS number in the received AS path triggers the loop-detect behavior.

Default 

no loop-detect-threshold

Parameters 
loop-detect-threshold—
The maximum number of occurrences of the local speaker's AS number in the received AS path before the AS path is considered to be a loop.
Values—
0 to 15

 

Default—
0

med-out

Syntax 
med-out {number | igp-cost}
no med-out
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables advertising the Multi-Exit Discriminator (MED) and assigns the value used for the path attribute for the MED advertised to BGP peers if the MED is not already set.

The specified value can be overridden by any value set via a route policy.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of this command used at the global level reverts to default where the MED is not advertised.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no med-out

Parameters 
number—
Specifies the MED path attribute value, expressed as a decimal integer.
Values—
0 to 4294967295

 

igp-cost—
Specifies the MED is set to the IGP cost of the given IP prefix.

min-route-advertisement

Syntax 
min-route-advertisement seconds
no min-route-advertisement
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the minimum interval, in seconds, at which a prefix can be advertised to a peer.

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The no form of this command reverts to default values.

Default 

min-route-advertisement 30

Parameters 
seconds—
Specifies the minimum route advertising interval, in seconds, expressed as a decimal integer.
Values—
1 to 255

 

multihop

Syntax 
multihop ttl-value
no multihop
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the time to live (TTL) value entered in the IP header of packets sent to an EBGP peer multiple hops away.

This parameter is meaningful only when configuring EBGP peers. It is ignored if set for an IBGP peer.

The no form of this command is used to convey to the BGP instance that the EBGP peers are directly connected.

The no form of this command reverts to default values.

Default 

multihop 1 (EBGP peers are directly connected)

multihop 64 (IBGP)

Parameters 
ttl-value—
Specifies the TTL value, expressed as a decimal integer.
Values—
1 to 255

 

multi-path

Syntax 
multi-path
Context 
config>service>vprn>bgp
Description 

This command configures ECMP multipath parameters to apply to address families that support BGP multipath.

ipv4

Syntax 
ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
no ipv4
Context 
config>service>vprn>bgp>multi-path
Description 

This command sets ECMP multipath parameters that apply only to the (unlabeled) IPv4 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

To qualify as a multipath, a non-best route must meet the following criteria (some criteria are controlled by this command):

  1. The multi-path route must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method).
  2. The multi-path route must be tied with the best path for all criteria of greater significance than next-hop cost, except for criteria that are configured to be ignored.
  3. If the best path selection reaches the next-hop cost comparison, the multi-path route must have the same next-hop cost as the best route unless the unequal-cost option is configured.
  4. The multi-path route must not have the same BGP next-hop as the best path or any other multi-path route.
  5. The multi-path route must not cause the ECMP limit of the routing instance to be exceeded (configured using the ecmp command with a value in the range 1 to 64).
  6. The multi-path route must not cause the applicable max-paths limit to be exceeded. If the best path is an EBGP learned route and the ebgp option is used, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP-learned route and the ibgp option is used, the ibgp-max-paths limit overrides the max-paths limit. All path limits are configurable up to a maximum of 64. Multi-path is effectively disabled if a value is set to 1.
  7. The multi-path route must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured. By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multi-path.
  8. The route must have the same AS path as the best path if the restrict exact-as-path option is configured. By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multi-path.

The no form of this command removes IPv4-specific overrides.

Default 

no ipv4

Parameters 
max-paths—
Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.
Values—
1 to 64

 

egp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.
Values—
1 to 64

 

ibgp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.
Values—
1 to 64

 

restrict same-neighbor-as—
Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.
restrict exact-as-path-as—
Specifies that the non-best path must have the same AS path as the best path.
unequal-cost—
Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

ipv6

Syntax 
ipv6 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
no ipv6
Context 
config>service>vprn>bgp>multi-path
Description 

This command sets ECMP multipath parameters that apply only to the (unlabeled) IPv6 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

To qualify as a multipath, a non-best route must meet the following criteria (some criteria are controlled by this command):

  1. The multi-path route must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method).
  2. The multi-path route must be tied with the best path for all criteria of greater significance than next-hop cost, except for criteria that are configured to be ignored.
  3. If the best path selection reaches the next-hop cost comparison, the multi-path route must have the same next-hop cost as the best route unless the unequal-cost option is configured.
  4. The multi-path route must not have the same BGP next-hop as the best path or any other multi-path route.
  5. The multi-path route must not cause the ECMP limit of the routing instance to be exceeded (configured using the ecmp command with a value in the range 1 to 64)
  6. The multi-path route must not cause the applicable max-paths limit to be exceeded. If the best path is an EBGP learned route and the ebgp option is used, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP-learned route and the ibgp option is used, the ibgp-max-paths limit overrides the max-paths limit. All path limits are configurable up to a maximum of 64. Multi-path is effectively disabled if a value is set to 1.
  7. The multi-path route must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured. By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multi-path.
  8. The route must have the same AS path as the best path if the restrict exact-as-path option is configured. By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multi-path.

The no form of this command removes IPv6-specific overrides.

Default 

no ipv6

Parameters 
max-paths—
Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.
Values—
1 to 64

 

egp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.
Values—
1 to 64

 

ibgp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.
Values—
1 to 64

 

restrict same-neighbor-as—
Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.
restrict exact-as-path-as—
Specifies that the non-best path must have the same AS path as the best path.
unequal-cost—
Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

label-ipv4

Syntax 
label-ipv4 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
no label-ipv4
Context 
config>service>vprn>bgp>multi-path
Description 

This command sets ECMP multipath parameters that apply only to the label IPv4 unicast address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

To qualify as a multipath, a non-best route must meet the following criteria (some criteria are controlled by this command):

  1. The multi-path route must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method).
  2. The multi-path route must be tied with the best path for all criteria of greater significance than next-hop cost, except for criteria that are configured to be ignored.
  3. If the best path selection reaches the next-hop cost comparison, the multi-path route must have the same next-hop cost as the best route unless the unequal-cost option is configured.
  4. The multi-path route must not have the same BGP next-hop as the best path or any other multi-path route.
  5. The multi-path route must not cause the ECMP limit of the routing instance to be exceeded (configured using the ecmp command with a value in the range 1 to 64).
  6. The multi-path route must not cause the applicable max-paths limit to be exceeded. If the best path is an EBGP learned route and the ebgp option is used, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP-learned route and the ibgp option is used, the ibgp-max-paths limit overrides the max-paths limit. All path limits are configurable up to a maximum of 64. Multi-path is effectively disabled if a value is set to 1.
  7. The multi-path route must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured. By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multi-path.
  8. The route must have the same AS path as the best path if the restrict exact-as-path option is configured. By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multi-path.

The no form of this command removes label-IPv4-specific overrides.

Default 

no label-ipv4

Parameters 
max-paths—
Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.
Values—
1 to 64

 

egp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.
Values—
1 to 64

 

ibgp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.
Values—
1 to 64

 

restrict same-neighbor-as—
Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.
restrict exact-as-path-as—
Specifies that the non-best path must have the same AS path as the best path.
unequal-cost—
Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

label-ipv6

Syntax 
label-ipv6 max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
no label-ipv6
Context 
config>service>vprn>bgp>multi-path
Description 

This command sets ECMP multipath parameters that apply only to the label unicast IPv6 address family. These settings override the values set by the maximum-paths command.

When multipath is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

To qualify as a multipath, a non-best route must meet the following criteria (some criteria are controlled by this command):

  1. The multi-path route must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method).
  2. The multi-path route must be tied with the best path for all criteria of greater significance than next-hop cost, except for criteria that are configured to be ignored.
  3. If the best path selection reaches the next-hop cost comparison, the multi-path route must have the same next-hop cost as the best route unless the unequal-cost option is configured.
  4. The multi-path route must not have the same BGP next-hop as the best path or any other multi-path route.
  5. The multi-path route must not cause the ECMP limit of the routing instance to be exceeded (configured using the ecmp command with a value in the range 1 to 64)
  6. The multi-path route must not cause the applicable max-paths limit to be exceeded. If the best path is an EBGP learned route and the ebgp option is used, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP-learned route and the ibgp option is used, the ibgp-max-paths limit overrides the max-paths limit. All path limits are configurable up to a maximum of 64. Multi-path is effectively disabled if a value is set to 1.
  7. The multi-path route must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured. By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multi-path.
  8. The route must have the same AS path as the best path if the restrict exact-as-path option is configured. By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multi-path.

The no form of this command removes label-IPv6-specific overrides.

Default 

no label-ipv6

Parameters 
max-paths—
Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.
Values—
1 to 64

 

egp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.
Values—
1 to 64

 

ibgp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.
Values—
1 to 64

 

restrict same-neighbor-as—
Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.
restrict exact-as-path-as—
Specifies that the non-best path must have the same AS path as the best path.
unequal-cost—
Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

maximum-paths

Syntax 
maximum-paths max-paths [ebgp ebgp-max-paths] [ibgp ibgp-max-paths] [restrict {same-neighbor-as | exact-as-path}] [unequal-cost]
no maximum-paths
Context 
config>service>vprn>bgp>multi-path
Description 

This command sets ECMP multi-path parameters that apply to all address families for that BGP multi-path. For some address families it is possible to override these settings on a per address family basis.

When multi-path is enabled, traffic to the destination is load-shared across a set of paths (BGP routes) that the BGP decision process considers equal to the best path. The actual distribution of traffic over the multiple paths may be equal or unequal (that is, based on weights derived from the Link Bandwidth Extended Community).

To qualify as a multi-path, a non-best route must meet the following criteria (some criteria are controlled by this command):

  1. The multi-path route must be the same type of route as the best path (same AFI/SAFI and, in some cases, same next-hop resolution method).
  2. The multi-path route must be tied with the best path for all criteria of greater significance than next-hop cost, except for criteria that are configured to be ignored.
  3. If the best path selection reaches the next-hop cost comparison, the multi-path route must have the same next-hop cost as the best route unless the unequal-cost option is configured.
  4. The multi-path route must not have the same BGP next-hop as the best path or any other multi-path route.
  5. The multi-path route must not cause the ECMP limit of the routing instance to be exceeded (configured using the ecmp command with a value in the range 1 to 64).
  6. The multi-path route must not cause the applicable max-paths limit to be exceeded. If the best path is an EBGP learned route and the ebgp option is used, the ebgp-max-paths limit overrides the max-paths limit. If the best path is an IBGP-learned route and the ibgp option is used, the ibgp-max-paths limit overrides the max-paths limit. All path limits are configurable up to a maximum of 64. Multi-path is effectively disabled if a value is set to 1.
  7. The multi-path route must have the same neighbor AS in its AS path as the best path if the restrict same-neighbor-as option is configured. By default, any path with the same AS path length as the best path (regardless of neighbor AS) is eligible for multi-path.
  8. The route must have the same AS path as the best path if the restrict exact-as-path option is configured. By default, any path with the same AS path length as the best path (regardless of the actual AS numbers) is eligible for multi-path.

The no form of this command disables BGP multi-path.

Default 

no maximum-paths

Parameters 
max-paths—
Specifies the maximum number of multipaths per prefix/NLRI if ebgp-max-paths or ibgp-max-paths does not apply.
Values—
1 to 64

 

egp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an EBGP learned route.
Values—
1 to 64

 

ibgp-max-paths
Specifies the maximum number of multipaths per prefix or NLRI when the best path is an IBGP learned route.
Values—
1 to 64

 

restrict same-neighbor-as—
Specifies that the non-best path must have the same neighbor AS in its AS path as the best path.
restrict exact-as-path-as—
Specifies that the non-best path must have the same AS path as the best path.
unequal-cost—
Instructs BGP to ignore differences in the next-hop cost only when determining eligible multipaths.

multipath-eligible

Syntax 
[no] multipath-eligible
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>neighbor
Description 

This command specifies that a BGP neighbor or the set of BGP neighbors in a peer group should be part of a selective multipath set. Selective multipaths are only supported by the ipv4, label-ipv4, ipv6, and label-ipv6 address families.

If no candidate multipath route for an IP prefix came from a multipath-eligible peer then multipaths are selected without further constraints.

If the best route for an IP prefix is received from a neighbor marked as multipath-eligible, then other routes for the same prefix are not eligible to be used as multipaths unless they also came from peers marked as multipath-eligible.

If the best route for an IP prefix did not come from a multipath-eligible peer but there is at least one candidate multipath route for the same prefix from a multipath-eligible peer then multipath is not used.

The no form of this command marks a neighbor or group as non-multipath eligible. The effect of this depends on whether other neighbors and groups are marked as multipath eligible.

Default 

no multipath-eligible

next-hop-resolution

Syntax 
next-hop-resolution
Context 
config>service>vprn>bgp
Description 

This command enters the context to configure next-hop resolution parameters.

next-hop-self

Syntax 
[no] next-hop-self
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the group or neighbor to always set the NEXTHOP path attribute to its own physical interface when advertising to a peer.

This is primarily used to avoid third-party route advertisements when connected to a multi-access network.

The no form of this command used at the group level allows third-party route advertisements in a multi-access network.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no next-hop-self — Third-party route advertisements are allowed.

passive

Syntax 
[no] passive
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables passive mode for the BGP group or neighbor.

When in passive mode, BGP will not attempt to actively connect to the configured BGP peers but responds only when it receives a connect open request from the peer.

The no form of this command used at the group level disables passive mode where BGP actively attempts to connect to its peers.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no passive — BGP will actively try to connect to all the configured peers.

peer-as

Syntax 
peer-as as-number
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the autonomous system number for the remote peer. The peer AS number must be configured for each configured peer.

For EBGP peers, the peer AS number configured must be different from the autonomous system number configured for this router under the global level since the peer will be in a different autonomous system than this router

For IBGP peers, the peer AS number must be the same as the autonomous system number of this router configured under the global level.

This is a required command for each configured peer. This may be configured under the group level for all neighbors in a particular group.

Default 

No AS numbers are defined.

Parameters 
as-number—
The autonomous system number, expressed as a decimal integer.
Values—
1 to 65535

 

policy

Syntax 
policy policy-name
no policy
Context 
config>service>vprn>bgp>next-hop-res
Description 

This command specifies the name of a policy statement to use with the BGP next-hop resolution process. The policy controls which IP routes in RTM are eligible to resolve the BGP next-hop addresses of IPv4 and IPv6 routes. The policy has no effect on the resolution of BGP next-hops to MPLS tunnels. If a BGP next-hop of an IPv4 or IPv6 route R is resolved in RTM and the longest matching route for the next-hop address is an IP route N that is rejected by the policy then route R is unresolved; if the route N is accepted by the policy then it becomes the resolving route for R.

The default next-hop resolution policy (when the no policy command is configured) is to use the longest matching active route in RTM that is not a BGP route (unless use-bgp-routes is configured), an aggregate route or a subscriber management route.

Default 

no policy

Parameters 
policy-name—
Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

use-bgp-routes

Syntax 
[no] use-bgp-routes
Context 
config>service>vprn>bgp>next-hop-res
Description 

This command enables the use of BGP routes to resolve BGP next hops. When this command is enabled, any unlabeled IPv4 or IPv6 BGP route received from a VPRN BGP peer becomes resolvable by up to four other BGP routes in order to resolve the route to a VPRN IP interface.

This command also allows unlabeled IPv4 or IPv6 BGP routes leaked from the GRT with unresolved next hops (in the GRT) to be resolvable by BGP-VPN routes (of the VPRN).

By default, a VPRN BGP route is not resolvable by another VPRN BGP route or by a BGP-VPN route.

The no form of this command provides the default behavior.

Default 

no use-bgp-routes

peer-tracking-policy

Syntax 
peer-tracking-policy policy-name
no peer-tracking-policy
Context 
config>service>vprn>bgp
Description 

This command specifies the name of a policy statement to use with the BGP peer-tracking function on the BGP sessions where this is enabled. The policy controls which IP routes in RTM are eligible to indicate reachability of IPv4 and IPv6 BGP neighbor addresses. If the longest matching route in RTM for a BGP neighbor address is an IP route that is rejected by the policy, or it is a BGP route accepted by the policy, or if there is no matching route, the neighbor is considered unreachable and BGP tears down the peering session and holds it in the idle state until a valid route is once again available and accepted by the policy.

The default peer-tracking policy (when the no peer-tracking-policy command is configured) is to use the longest matching active route in RTM that is not an LDP shortcut route or an aggregate route.

Note:

When peer-tracking is configured, the peer-tracking policy should only permit one of direct-interface or direct routes to be advertised to a BGP peer. Advertising both routes will cause the best route to oscillate.

Default 

no peer-tracking-policy

Parameters 
policy-name—
Specifies the route policy name. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

preference

Syntax 
[no] preference preference
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
Description 

This command configures the route preference for routes learned from the configured peer(s).

This configuration parameter can be set at three levels: global level (applies to all peers), group level (applies to all peers in peer-group) or neighbor level (only applies to specified peer). The most specific value is used.

The lower the preference the higher the chance of the route being the active route. The OS assigns BGP routes highest default preference compared to routes that are direct, static or learned via MPLS or OSPF.

The no form of this command, if used at the global level, reverts to default value.

The no form of this command used at the group level reverts to the value defined at the global level.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

preference 170

Parameters 
preference—
Specifies the route preference, expressed as a decimal integer.
Values—
1 to 255

 

prefix-limit

Syntax 
prefix-limit family limit [log-only] [threshold percentage] [idle-timeout {minutes | forever}] [log-only] [post-import]
no prefix-limit family
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command configures the maximum number of BGP routes that can be received from a peer before administrative action is taken. The administrative action can be the generation of a log event or taking down the session. If a session is taken down, then it can be brought back up automatically after an idle-timeout period, or else it can be configured to stay down ('forever') until the operator performs a reset.

The prefix-limit command allows each address family to have its own limit; a set of address family limits can be applied to one neighbor or to all neighbors in a group.

The no form of this command removes the prefix-limit.

Default 

No prefix limits for any address family.

Parameters 
percent—
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
1 to 100

 

family—
The address family to which the limit applies.
Values—
ipv4, label-ipv4, ipv6, mcast-ipv4, flow-ipv4, flow-ipv6, mcast-ipv6

 

limit—
The number of routes that can be learned from a peer expressed as a decimal integer.
Values—
1 to 4294967295

 

minutes—
Specifies duration in minutes before automatically re-establishing a session.
Values—
1 to 1024

 

forever—
Specifies that the session is reestablished only after clear router bgp command is executed.
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is reached. However, the BGP session is not taken down.
post-import—
Specifies that the limit should be applied only to the number of routes that are accepted by import policies.

rapid-withdrawal

Syntax 
[no] rapid-withdrawal
Context 
config>service>vprn>bgp
Description 

This command disables the delay (Minimum Route Advertisement) on sending BGP withdrawals. Normal route withdrawals may be delayed up to the minimum route advertisement to allow for efficient packing of BGP updates.

The no form of this command removes this command from the configuration and returns withdrawal processing to the normal behavior.

Default 

no rapid-withdrawal

remove-private

Syntax 
remove-private [limited] [skip-peer-as] [replace]
no remove-private
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

When this command is configured private AS numbers are removed or replaced when they are found inside the AS path of BGP routes advertised to peers within the scope of the command.

The set of AS numbers that are defined by IANA as private are in the range of 64512 to 65534, and 4200000000 to 4294967294, inclusive. In SR OS, this command also removes ASN 65535 and ASN 4294967295, which are reserved values.

The no form of this command (at the BGP instance level) implements the default behavior, private AS numbers are allowed without restriction or modification in routes advertised to peers.

Default 

no remove-private

Parameters 
limited—
This keyword instructs BGP to process private ASNs only up to the first public ASN encountered. Private ASNs beyond that first public AS will not be stripped or replaced.
skip-peer-as—
This keyword instructs BGP to not strip or replace a private ASN from the AS-Path if that ASN is the same as the BGP peer AS number.
replace—
When this keyword is configured, private ASNs are not stripped. Each occurrence is replaced by the ASN of the advertising BGP router (the ASN the router advertised to its peer in its OPEN message). When the replace keyword is not configured, private ASNs are stripped, subject to influence by the other keyword options. This generally results in a shortening of AS_PATH length.

rib-management

Syntax 
rib-management
Context 
config>service>vprn>bgp
Description 

This command enters the context to configure RIB management parameters.

leak-import

Syntax 
leak-import plcy-or-long-expr [plcy-or-expr]
no leak-import
Context 
config>service>vprn>bgp>rib-management>ipv4
config>service>vprn>bgp>rib-management>label-ipv4
config>service>vprn>bgp>rib-management>ipv6
Description 

This command is used to specify route policies that control the importation of leak-eligible routes from the BGP RIB of another routing instance into the unlabeled-IPv4, unlabeled-IPv6, or labeled-IPv4 RIB of the base router. To leak a route from one routing instance to another, the origin and destination RIB types must be the same; for example, it is not possible to leak a route from an unlabeled-IPv4 RIB of a VPRN into the labeled-IPv4 RIB of the base router.

The leak-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 15 objects referenced by the leak-import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple leak-import commands are issued, the last command entered overrides the previous command.

When a leak-import policy is not specified, no BGP routes from other routing instances are leaked into the VPRN BGP RIB.

The no form of this command removes the policy association.

Parameters 
plcy-or-long-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 255 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
plcy-or-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

route-table-import

Syntax 
route-table-import policy-name
no route-table-import
Context 
config>service>vprn>bgp>rib-management>ipv4
config>service>vprn>bgp>rib-management>label-ipv4
config>service>vprn>bgp>rib-management>ipv6
Description 

This command specifies the name of a route policy to control the importation of active routes from the IP route table into one of the BGP RIBs.

If the route-table-import command is not configured, or if the command refers to an empty policy, all non-BGP routes from the IP route table are imported into the applicable RIB.

If the route-table-import command is configured, then routes dropped or rejected by the configured policy are not installed in the associated RIB. Rejected routes cannot be advertised to BGP peers associated with the RIB, but they can still be used to resolve BGP next-hops of routes in that RIB. If the active route for a prefix is rejected by the route-table-import policy, then the best BGP route for that prefix in the BGP RIB can be advertised to peers as though it is used.

Aggregate routes are always imported into each RIB, independent of the route-table-import policy.

Route modifications specified in the actions of a route-table-import policy are ignored and have no effect on the imported routes.

Default 

no route-table-import

Parameters 
policy-name—
Specifies the name of a policy-statement (up to 64 characters).

split-horizon

Syntax 
split-horizon
no split-horizon
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command enables the use of split-horizon. When applied globally, to a group, or a specific peer, split-horizon prevents routes from being reflected back to a peer that sends the best route. It applies to routes of all address families and to any type of sending peer; confed-EBGP, EBGP and IBGP.

The configuration default is no split-horizon, meaning that no effort is taken to prevent a best route from being reflected back to the sending peer.

Caution:

Use of the split-horizon command may have a detrimental impact on peer and route scaling and therefore operators are encouraged to use it only when absolutely needed.

The no form of this command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default 

no split-horizon

third-party-nexthop

Syntax 
third-party-nexthop
no third-party-nexthop
Context 
config>service>vprn>bgp
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

Use this command to enable the router to send third-party next-hop to EBGP peers in the same subnet as the source peer, as described in RFC 4271. If enabled when an IPv4 or IPv6 route is received from one EBGP peer and advertised to another EBGP peer in the same IP subnet, the BGP next-hop is left unchanged. Third-party next-hop is not done if the address family of the transport does not match the address family of the route.

The no form of this command prevents BGP from performing any third party next-hop processing toward any single-hop EBGP peers within the scope of the command. No third-party next-hop means the next-hop will always carry the IP address of the interface used to establish the TCP connection to the peer.

Default 

no third-party-nexthop

type

Syntax 
[no] type {internal | external}
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command designates the BGP peer as type internal or external.

The type of internal indicates the peer is an IBGP peer while the type of external indicates that the peer is an EBGP peer.

By default, the OS derives the type of neighbor based on the local AS specified. If the local AS specified is the same as the AS of the router, the peer is considered internal. If the local AS is different, then the peer is considered external.

The no form of this command used at the group level reverts to the default value.

The no form of this command used at the neighbor level reverts to the value defined at the group level.

Default 

no type

Parameters 
internal—
Configures the peer as internal.
external—
Configures the peer as external.
no type —
Type of neighbor is derived on the local AS specified.

updated-error-handling

Syntax 
[no] updated-error-handling
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

This command controls whether SR OS utilizes the new neighbor-complete bit when processing optional transitive path attributes and advertising them to the associated BGP neighbor.

This command also control if SR OS utilizes the error handling mechanism for optional-transitive path attributes.

Default 

no updated-error-handling

ttl-security

Syntax 
ttl-security min-ttl-value
no ttl-security
Context 
config>service>vprn>bgp>group
config>service>vprn>bgp>group>neighbor
Description 

Configure TTL security parameters for incoming packets.

Parameters 
min-ttl-value—
Specifies the minimum TTL value for an incoming BGP packet.
Values—
1 to 255

 

Default—
1

3.8.2.6. GSMP Commands

gsmp

Syntax 
gsmp
Context 
config>service>vprn
Description 

This command enables the context to configure GSMP connections maintained in this service.

group

Syntax 
group name [create]
no group name
Context 
config>service>vprn>gsmp
Description 

This command specifies a GSMP name. A GSMP group name is unique only within the scope of the service in which it is defined.

The no form of this command removes the GSMP group name from the configuration.

Parameters 
name—
Specifies the group name up, to 32 characters.
create—
This keyword is mandatory when creating a GSMP group name. The create keyword requirement can be enabled/disabled in the environment>create context.

ancp

Syntax 
[no] ancp
Context 
config>service>vprn>gsmp>group
Description 

This command enables the context to configure ANCP parameters for this GSMP group.

The no form of this command disables the ANCP parameters configured in this context.

dynamic-topology-discover

Syntax 
[no] dynamic-topology-discover
Context 
config>service>vprn>gsmp>group>ancp
Description 

This command enables the ANCP dynamic topology discovery capability.

The no form of this command disables dynamic topology discovery.

oam

Syntax 
[no] oam
Context 
config>service>vprn>gsmp>group>ancp
Description 

This command enables the GSMP ANCP OAM capability to be negotiated at the startup of the GSMP connection.

The no form of this command disables the feature.

hold-multiplier

Syntax 
hold-multiplier multiplier
no hold-multiplier
Context 
config>service>vprn>gsmp>group
Description 

This command configures the hold-multiplier for the GSMP connections in this group.

The no form of this command removes the multiplier value from the configuration

Default 

no hold-multiplier

Parameters 
multiplier—
Specifies the GSMP hold multiplier value.
Values—
1 to 100

 

idle-filter

Syntax 
idle-filter
no idle-filter
Context 
config>service>vprn>gsmp
Description 

This command when applied will filter out new subscriber’s ANCP messages from subscriber with “DSL-line-state” IDLE.

Default 

no idle-filter

keepalive

Syntax 
keepalive seconds
no keepalive
Context 
config>service>vprn>gsmp>group
Description 

This command configures keepalive values for the GSMP connections in this group.

The no form of this command reverts to the default.

Default 

no keepalive

Parameters 
seconds—
Specifies the GSMP keepalive timer value in seconds.
Values—
1 to 25

 

neighbor

Syntax 
[no] neighbor ip-address [create]
Context 
config>service>vprn>gsmp>group
Description 

This command adds a neighbor in the GSMP group.

The no form of this command removes the neighbor from the GSMP group.

Parameters 
ip-address—
Specifies the IP address in dotted decimal notation.
create—
This keyword is mandatory when creating a GSMP group name. The create keyword requirement can be enabled/disabled in the environment>create context.

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>gsmp>group>neighbor
Description 

This command configures the source IP address used in the connection towards the neighbor.

The no form of this command removes the local address from the configuration.

Default 

no local-address

Parameters 
ip-address—
Specifies the IP address in dotted decimal notation.

priority-marking

Syntax 
priority-marking dscp dscp-name
priority-marking prec ip-prec-value
no priority-marking
Context 
config>service>vprn>gsmp>group>neighbor
Description 

This command configures the type of priority marking to be used.

The no form of this command reverts to the default.

Default 

no priority-marking

Parameters 
dscp dscp-name—
Specifies the DSCP code-point to be used.
Values—
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

 

prec ip-prec-value—
Specifies the precedence value to be used.
Values—
0 to 7

 

persistency-database

Syntax 
[no] persistency-database
Context 
config>service>vprn>gsmp
Description 

This command enables the system to store DSL line information in memory. If the GSMP connection terminates, the DSL line information remains in memory and accessible for RADIUS authentication and accounting.

The no form of this command reverts to the default.

Default 

no persistency-database

3.8.2.7. IGMP Commands

igmp

Syntax 
[no] igmp
Context 
config>service>vprn
Description 

This command enters the context to configure IGMP parameters.

The no form of this command disables IGMP.

Default 

no imgp

group-interface

Syntax 
[no] group-interface ip-int-name
[no] group-interface fwd-service service-id ip-int-name
Context 
config>service>vprn>igmp
Description 

This command configures IGMP group interfaces.

The no form of this command reverts to the default.

Parameters 
ip-int-name —
Specifies the name of the IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
fwd-service service-id
Specifies the service ID. This is only configured in the retailer VRF. This construct references the wholesaler service under which the group-interface (and the subscriber) is actually defined.
Values—
1 to 2147483650, svc-name up to 64 characters

 

disable-router-alert-check

Syntax 
[no] disable-router-alert-check
Context 
config>service>ies>sub-if>grp-if>sap>igmp-host-tracking
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command disables the IGMP router alert check option.

The no form of this command enables the router alert check.

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command specifies the policy that is to be applied on this interface.

Parameters 
policy-name—
Specifies the policy to filter IGMP packets.

max-groups

Syntax 
max-groups max-groups
no max-groups
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command configures the maximum number of groups for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed.

The no form of this command removes the value.

Parameters 
max-groups—
Specifies the maximum number of groups for this interface.
Values—
1 to 16000

 

max-sources

Syntax 
max-sources max-sources
no max-sources
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
config>service>vprn>mld>interface
Description 

This command specifies the maximum number of sources for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than currently accepted number of sources, the sources that are already accepted are not deleted. Only new sources will not be allowed.

Parameters 
sources—
Specifies the maximum number of sources for this interface.
Values—
1 to 1000

 

max-grp-sources

Syntax 
max-grp-sources max-group-sources
no max-grp-sources
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
config>service>vprn>mld>interface
Description 

This command configures the maximum number of group sources for which IGMP can have local receiver information based on received IGMP reports on this interface. When this configuration is changed dynamically to a value lower than currently accepted number of group sources, the group sources that are already accepted are not deleted. Only new group sources will not be allowed.

The no form of this command reverts to the default.

Default 

max-grp-sources 0

Parameters 
max-grp-sources
Specifies the maximum number of group source.
Values—
1 to 32000

 

mcac

Syntax 
mcac
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
config>service>vprn>mld>grp-if
config>service>vprn>mld>if
config>service>vprn>pim>if
Description 

This command configures multicast CAC policy and constraints for this interface.

if-policy

Syntax 
if-policy if-policy-name
no if-policy
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>if>mcac
config>service>vprn>mld>grp-if>mcac
config>service>vprn>mld>if>mcac
config>service>vprn>pim>if>mcac
Description 

This command assigns existing an MCAC interface policy to this interface.

The no form of this command removes the MCAC interface policy association.

Default 

no if-policy

Parameters 
if-policy-name—
Specifies an existing MCAC interface policy, up to 32 characters.

mc-constraints

Syntax 
mc-constraints
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>if>mcac
config>service>vprn>mld>grp-if>mcac
config>service>vprn>mld>if>mcac
config>service>vprn>pim>if>mcac
Description 

This command enables the context to configure multicast CAC constraints.

level

Syntax 
level level-id bw bandwidth
no level level-id
Context 
config>service>vprn>igmp>if>mcac>mc-constraints
config>service>vprn>mld>if>mcac>mc-constraints
config>service>vprn>pim>if>mcac>mc-constraints
Description 

This command configures interface levels and associated bandwidth for multicast CAC policy.

The no form of this command removes the values from the configuration.

Parameters 
level-id—
Specifies an entry for the multicast CAC policy constraint level configured on this system.
Values—
1 to 8

 

bandwidth —
Specifies the bandwidth in kb/s for the level.
Values—
1 to 2147483647

 

number-down

Syntax 
number-down number-lag-port-down level level-id
no number-down
Context 
config>service>vprn>igmp>if>mcac>mc-constraints
config>service>vprn>mld>if>mcac>mc-constraints
config>service>vprn>pim>if>mcac>mc-constraints
Description 

This command configures the number of ports down and level for interface’s multicast CAC policy.

The no form of this command removes the values from the configuration.

Default 

not enabled

Parameters 
number-lag-port-down—
If the number of ports available in the LAG is reduced by the number of ports configured in this command here then bandwidth allowed for bundle and/or interface will be as per the levels configured in this context.
Values—
1 to 64 (for 64-link LAG)
1 to 32 (for other LAGs)

 

level-id—
Specifies an entry for the multicast CAC policy constraint level configured on this system.
Values—
1 to 8

 

use-lag-port-weight

Syntax 
[no] use-lag-port-weight
Context 
config>service>vprn>igmp>if>mcac>mc-constraints
config>service>vprn>mld>if>mcac>mc-constraints
config>service>vprn>pim>if>mcac>mc-constraints
Description 

This command enables the port weight to be used when determining available bandwidth per level when LAG ports go down or come up. This command is required for proper operation on mixed port-speed LAGs and can also be used for non-mixed port-speed LAGs. The port number is used when determining available the bandwidth per level when LAG ports go down or come up.

Default 

no use-lag-port-weight

policy

Syntax 
policy policy-name
no policy
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>if>mcac
config>service>vprn>mld>grp-if>mcac
Description 

This command references the global channel bandwidth definition policy that is used for HMCAC and HQoS Adjust.

HQoS Adjustment is supported with redirection enabled or per-host-replication disabled. In other words, the policy from the redirected interface is used for HQoS Adjustment.

Hierarchical MCAC (HMCAC) is supported with redirection enabled or per-host-replication disabled. In HMCAC, the subscriber is checked first against its bandwidth limits followed by the check on the redirected interface against the bandwidth limits defined under the redirected interface. In the HMCAC case, the channel definition policy must be referenced under the redirected interface level.

Parameters 
policy-name—
Specifies the name of the global MCAC channel definition policy defined under the hierarchy config>router>mcac>policy.

policy

Syntax 
policy policy-name
no policy
Context 
config>service>vprn>igmp>if>mcac
config>service>vprn>pim>if>mcac
Description 

This command configures the multicast CAC policy name.

Parameters 
policy-name—
Specifies the multicast CAC policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

unconstrained-bw

Syntax 
unconstrained-bw bandwidth mandatory-bw mandatory-bw
no unconstrained-bw
Context 
config>service>vprn>igmp>grp-if>mcac
config>service>vprn>igmp>if>mcac
config>service>vprn>mld>grp-if>mcac
config>service>vprn>mld>if>mcac
config>service>vprn>pim>if>mcac
Description 

This command configures the bandwidth for the interface's multicast CAC policy traffic. When disabled (no unconstrained-bw) there will be no checking of bandwidth constraints on the interface level. When enabled and a policy is defined, enforcement is performed. The allocated bandwidth for optional channels should not exceed the unconstrained-bw minus the mandatory-bw and the mandatory channels have to stay below the specified value for the mandatory-bw. After this interface check, the bundle checks are performed.

Parameters 
bandwidth—
The bandwidth assigned for the interface’s MCAC policy traffic in kb/s.
Values—
0 to 2147483647

 

mandatory-bw mandatory-bw
Specifies the bandwidth pre-reserved for all the mandatory channels on a given interface, in kb/s.

If the bandwidth value is 0, no mandatory channels are allowed. If bandwidth is not configured, then all mandatory and optional channels are allowed.

If the value of mandatory-bw is equal to the value of bandwidth, then all the unconstrained bandwidth on a given interface is allocated to mandatory channels configured through multicast CAC policy on that interface and no optional groups (channels) are allowed.

The value of mandatory-bw should always be less than or equal to that of bandwidth, An attempt to set the value of mandatory-bw greater than that of bandwidth, will result in inconsistent value error.

Values—
0 to 2147483647

 

query-interval

Syntax 
query-interval seconds
no query-interval
Context 
config>service>vprn>igmp
config>service>vprn>igmp>grp-if
Description 

This command specifies the frequency that the querier router transmits general host-query messages. The host-query messages solicit group membership information and are sent to the all-systems multicast group address, 224.0.0.1.

Default 

query-interval 125

Parameters 
seconds—
The time frequency, in seconds, that the router transmits general host-query messages.
Values—
2 to 1024

 

query-src-ip

Syntax 
query-src-ip ip-address
no query-src-ip
Context 
config>service>vprn>igmp>grp-if
Description 

This command configures the query source IP address for the group interface. This IP address overrides the source IP address configured at the router level.

The no form of this command removes the IP address.

Parameters 
ip-address—
Sets the source IPv4 address for all subscriber’s IGMP queries.

query-last-member-interval

Syntax 
query-last-member-interval seconds
Context 
config>service>vprn>igmp
config>service>vprn>igmp>grp-if
Description 

This command configures the frequency at which the querier sends group-specific query messages including messages sent in response to leave-group messages. The lower the interval, the faster the detection of the loss of the last member of a group.

Default 

query-last-member-interval 1

Parameters 
seconds—
Specifies the frequency, in seconds, at which query messages are sent.
Values—
1 to 1023

 

query-response-interval

Syntax 
query-response-interval seconds
Context 
config>service>vprn>igmp
config>service>vprn>igmp>grp-if
Description 

This command specifies the time querier router waits to receive a response to a host-query message from a host.

Default 

query-response-interval 10

Parameters 
seconds—
Specifies the length of time to wait, in seconds, to receive a response to the host-query message from the host.
Values—
1 to 1023

 

grp-if-query-src-ip

Syntax 
grp-if-query-src-ip ip-address
no grp-if-query-src-ip
Context 
config>service>vprn>igmp
Description 

This command configures the query source IP address for all group interfaces.

The no form of this command removes the IP address.

sub-hosts-only

Syntax 
[no] sub-hosts-only
Context 
config>service>vprn>igmp>grp-if
Description 

This command enables the IGMP traffic from known hosts only.

The no form of this command disable the IGMP traffic from known hosts only

subnet-check

Syntax 
[no] subnet-check
Context 
config>service>vprn>igmp>grp-if
config>service>vprn>igmp>if
Description 

This command enables local subnet checking for IGMP.

The no form of this command disables local subnet checking for IGMP.

version

Syntax 
version version
no version
Context 
config>service>vprn>igmp>grp-if
Description 

This command configures the version of IGMP.

The no form of this command removes the version.

Parameters 
version—
Specifies the IGMP version.
Values—
1, 2, or 3

 

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>igmp
Description 

This command enters the context to configure interface parameters.

Parameters 
ip-int-name—
Specifies the name of the IP interface, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>igmp>if
Description 

This command imports a policy to filter IGMP packets.

The no form of this command removes the policy association from the IGMP instance.

Default 

no import — No import policy specified.

Parameters 
policy-name—
Specifies the import route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

ssm-translate

Syntax 
ssm-translate
Context 
config>service>vprn>igmp
config>service>vprn>igmp>if
Description 

This command enters the context to configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

grp-range

Syntax 
[no] grp-range start end
Context 
config>service>vprn>igmp>ssm-translate
Description 

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters 
start—
An IP address that specifies the start of the group range.
end—
An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

source

Syntax 
[no] source ip-address
Context 
config>service>vprn>igmp>ssm-translate>grp-range
Description 

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters 
ip-address—
Specifies the IP address that will be sending data.

static

Syntax 
static
Context 
config>service>vprn>igmp>if
Description 

This command tests forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

group

Syntax 
[no] group grp-ip-address
[no] group start grp-ip-address end grp-ip-address [step ip-address]
Context 
config>service>vprn>igmp>if>static
Description 

This command adds a static multicast group either as a (*,G) or one or more (S,G) records. Use IGMP static group memberships to test multicast forwarding without a receiver host. When IGMP static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static IGMP group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static IGMP group entries do not generate join messages toward the RP.

Parameters 
grp-ip-address—
Specifies an IGMP multicast group address that receives data on an interface. The IP address must be unique for each static group. The address must be in dotted decimal notation.
start grp-ip-address
Specifies the start multicast group address.
end grp-ip-address
Specifies the end multicast group address.
step ip-address
Specifies the step increment.

starg

Syntax 
starg
Context 
config>service>vprn>igmp>if>static>group
Description 

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

Use the no form of this command to remove the starg entry from the configuration.

source

Syntax 
source ip-address
Context 
config>service>vprn>igmp>if>static>group
Description 

This command specifies an IPv4 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group is to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command in combination with the group is used to create a specific (S,G) static group entry.

Use the no form of this command to remove the source from the configuration.

Parameters 
ip-address—
Specifies the IPv4 unicast address.

subnet-check

Syntax 
[no] subnet-check
Context 
config>service>vprn>igmp>if
Description 

This command enables subnet checking for IGMP messages received on this interface. All IGMP packets with a source address that is not in the local subnet are dropped.

Default 

subnet-check

version

Syntax 
version version
no version
Context 
config>service>vprn>igmp>if
Description 

This command specifies the IGMP version. If routers run different versions of IGMP, they will negotiate the lowest common version of IGMP that is supported by hosts on their subnet and operate in that version. For IGMP to function correctly, all routers on a LAN should be configured to run the same version of IGMP on that LAN.

For IGMPv3, a multicast router that is also a group member performs both parts of IGMPv3, receiving and responding to its own IGMP message transmissions as well as those of its neighbors.

Default 

version 3

Parameters 
version—
Specifies the IGMP version number.
Values—
1, 2, 3

 

robust-count

Syntax 
robust-count robust-count
no robust-count
Context 
config>service>vprn>igmp
Description 

This command configures the robust count. The robust-count variable allows tuning for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count variable can be increased.

Default 

robust-count 2

Parameters 
robust-count—
Specifies the robust count value.
Values—
2 to 10

 

igmp-host-tracking

Syntax 
igmp-host-tracking
Context 
config>service>vprn
config>service>vprn>sap
Description 

This command enters the context to configure IGMP host tracking parameters.

expiry-time

Syntax 
expiry-time expiry-time
no expiry-time
Context 
config>service>vprn>igmp-trk
config>service>vprn>sap>igmp-trk
Description 

This command configures the time that the system continues to track inactive hosts.

The no form of this command removes the values from the configuration.

Default 

no expiry-time

Parameters 
expiry-time—
Specifies the time, in seconds, that this system continues to track an inactive host.
Values—
1 to 65535

 

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>sap>igmp-trk
Description 

This command associates an import policy to filter IGMP packets.

The no form of this command removes the values from the configuration.

Default 

no import

Parameters 
policy-name—
Specifies the import policy name.

reassembly-group

Syntax 
reassembly-group nat-group-id [to-base-network]
no reassembly-group
Context 
config>router
config>service>vprn
Description 

This command associates a reassembly-group consisting of multiple ISAs with the routing context in which the application requiring reassembly service resides.

Default 

no reassembly-group

Parameters 
nat-group-id —
Specifies the NAT group ID; the NAT group contains up to 10 active ISAs.
Values—
1 to 4

 

to-base-network —
Enables the reassembly context to use network interfaces in the base routing context.

route-distinguisher

Syntax 
route-distinguisher [ip-address:number | asn:number]
route-distinguisher auto-rd
no route-distinguisher
Context 
config>service>vprn
Description 

This command sets the identifier attached to routes the VPN belongs to. Each routing instance must have a unique (within the carrier’s domain) route distinguisher associated with it. A route distinguisher must be defined for a VPRN to be operationally active.

Alternatively, the auto-rd option allows the system to automatically generate a Route Distinguisher (RD) based on the bgp-auto-rd-range command configured at the service level.

Default 

no route-distinguisher

Parameters 
route distinguisher—
The route distinguisher is a 6-byte value that can be specified in one of the following formats:
ip-address:number —
Specifies the IP address in dotted decimal notation. The assigned number must not be greater than 65535.
asn:number —
The ASN is a 2-byte value less than or equal to 65535. The assigned number can be any 32-bit unsigned integer value.
auto-rd—
The system will generate an RD for the service according to the IP address and range configured in the bgp-auto-rd-range command.

router-id

Syntax 
router-id ip-address
no router-id
Context 
config>service>vprn
config>service>vprn>ospf
config>service>vprn>bgp
Description 

This command sets the router ID for a specific VPRN context.

When configuring the router ID in the base instance of OSPF it overrides the router ID configured in the config>router context. The default value for the base instance is inherited from the configuration in the config>router context. If the router ID in the config>router context is not configured, the following applies:

  1. The system uses the system interface address (which is also the loopback address).
  2. If a system interface address is not configured, use the last 32 bits of the chassis MAC address.

If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.

This is a required command when configuring multiple instances and the instance being configured is not the base instance.

When configuring a new router ID, the instance is not automatically restarted with the new router ID. The next time the instance is initialized, the new router ID is used.

To force the new router ID to be used, issue the shutdown and no shutdown commands for the instance, or reboot the entire router.

It is possible to configure an SR OS to operate with an IPv6 only BOF and no IPv4 system interface address. When configured in this manner, the operator must explicitly define IPv4 router IDs for protocols such as OSPF and BGP as there is no mechanism to derive the router ID from an IPv6 system interface address.

The no form of this command removes the router ID definition from the given VPRN context.

Default 

no router-id

Parameters 
ip-address—
The IP address must be given in dotted decimal notation.

sgt-qos

Syntax 
sgt-qos
Context 
config>service>vprn
Description 

This command configures DSCP/dot1p remarking for self-generated traffic.

application

Syntax 
application dscp-app-name dscp {dscp-value | dscp-name}
application dot1p-app-name dot1p dot1p-priority
no application {dscp-app-name | dot1p-app-name}
Context 
config>service>vprn>sgt-qos
Description 

This command configures DSCP/dot1p remarking for self-generated traffic. When an application is configured using this command, then the specified DSCP name/value is used for all packets generated by this application within the router instance it is configured.

Using the value configured in this command:

  1. Sets the DSCP bits in the IP packet.
  2. Maps to the FC. This value will be signaled from the CPM to the egress forwarding complex.
  3. Based on this signaled FC the egress forwarding complex QoS policy sets the IEEE 802.1p and MPLS EXP bits.
  4. The DSCP value in the egress IP header will be as configured in this command. The egress QoS policy will not overwrite this value.

Only one DSCP name/value can be configured per application, if multiple entries are configured then the subsequent entry overrides the previous configured entry.

The no form of this command reverts back to the default value.

Parameters 
dscp-app-name —
Specifies the DSCP application name.
Values—
Some of the following values may only apply to specific products. Refer to the SR OS 20.x.Rx Software Release Notes for details about application support for different SR OS products:
bgp, bmp, call-trace, cflowd, dhcp, diameter, dns, ftp, grpc, gtp, http, icmp, igmp, igmp-reporter, l2tp, ldp, mld, mpls-udp-return, msdp, mtrace2, ndis, ntp, ospf, pcep, pim, ptp, radius, rip, rsvp, sflow, snmp, snmp-notification, srrp, ssh, syslog, tacplus, telnet, tftp, traceroute, vrrp

 

dscp-value—
Specifies the DSCP value.
Values—
0 to 63

 

dscp-name—
Specifies the DSCP name.
Values—
none, be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

 

dot1p-priority—
Specifies the dot1p priority.
Values—
none, 0 to 7

 

dot1p-app-name—
Specifies the dot1p application name.
Values—
arp, isis, pppoe

 

dscp

Syntax 
dscp dscp-name fc fc-name
no dscp dscp-name
Context 
config>service>vprn>sgt-qos
Description 

This command creates a mapping between the DiffServ Code Point (DSCP) of the self-generated traffic and the forwarding class.

Self-generated traffic that matches the specified DSCP will be assigned to the corresponding forwarding class. Multiple commands can be entered to define the association of some or all sixty-four DiffServ code points to the forwarding class. For undefined code points, packets are assigned to the forwarding class specified under the default-action command.

All DSCP names that defines a DSCP value must be explicitly defined.

The no form of this command removes the DiffServ code point to forwarding class association. The default-action then applies to that code point value.

Parameters 
dscp-name—
Specifies the DSCP name.
Values—
be, ef, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cp9, cs1, cs2, cs3, cs4, cs5, nc1, nc2, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, cp11, cp13, cp15, cp17, cp19, cp21, cp23, cp25, cp27, cp29, cp31, cp33, cp35, cp37, cp39, cp41, cp42, cp43, cp44, cp45, cp47, cp49, cp50, cp51, cp52, cp53, cp54, cp55, cp57, cp58, cp59, cp60, cp61, cp62, cp63

 

fc fc-name
Specifies the forwarding class name.
Values—
be, l2, af, l1, h2, ef, h1, nc

 

single-sfm-overload

Syntax 
single-sfm-overload [holdoff-time holdoff-time]
no single-sfm-overload
Context 
config>service>vprn
Description 

This command configures OSPF, OSPFv3 and IS-IS to set overload when the router has fewer than the full set of SFMs functioning, which reduces forwarding capacity. Setting overload enables a router to still participate in exchanging routing information, but routes all traffic away from it.

The conditions to set overload are as follows:

  1. 7950 XRS-20, 7750 SR-12/SR-7, and 7450 ESS-12/ESS-7 platforms: if an SF/CPMs fails, the protocol will set the overload
  2. 7950-40 XRS and 7750 SR-12e platforms: if two SFMs fail (a connected pair on the XRS-40) the protocol will set the overload

The no form of this command configures the router to not set overload if an SFM fails.

Default 

no single-sfm-overload

Parameters 
holdoff-time —
Specifies the delay between detecting SFM failures and setting overload.
Values—
1 to 600 seconds

 

Default—
0 seconds

snmp

Syntax 
snmp
Context 
config>service>vprn
Description 

This command enters the context to configure SNMP parameters for this VPRN.

access

Syntax 
[no] access
Context 
config>service>vprn>snmp
Description 

This command enables SNMP access using VPRN interface addresses. This command allows SNMP messages destined to the VPRN interface IP addresses for this VPRN (including VPRN interfaces that are bound to R-VPLS services) to be processed by the SNMP agent on the router. SNMP messages that arrive on VPRN interfaces but are destined to IP addresses in the Base routing context that can be accessed in the VPRN (for example, the router system address via grt leaking) do not require snmp access to be enabled but do require allow-local-management to be enabled.

Using an SNMP community defined inside the VPRN context (configure service vprn snmp community) allows access to a subset of the full SNMP data model. This subset can be seen in the output of show system security view "vprn-view".

Using an SNMP community defined in the system context (configure system security snmp community) allows access to the full SNMP data model (unless otherwise restricted used SNMP views).

Alternatively, grt leaking and a Base routing IP address can be used (along with an SNMP community defined at the system context) to get access to the entire SNMP data model (see the allow-local-management command).

The Nokia NSP cannot discover or fully manage an SR OS router using an SNMP community defined inside the VPRN context. Full SNMP access requires using one of the approaches described above.

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR System Management Guide for detailed information about SNMP.

community

Syntax 
community community-name [hash | hash2 | custom] [access-permissions] [version SNMP-version] [src-access-list list-name]
no community community-name [hash | hash2 | custom]
Context 
config>service>vprn>snmp
Description 

This command sets the SNMP community name(s) to be used with the associated VPRN instance. These VPRN community names are used to associate SNMP v1/v2c requests with a particular vprn context and to return a reply that contains VPRN-specific data or limit SNMP access to data in a specific VPRN instance.

VPRN snmp communities configured with an access permission of 'r' are automatically associated with the default access group "snmp-vprn-ro” and the “vprn-view” view (read only). VPRN snmp communities configured with an access permission of 'rw' are automatically associated with the default access group "snmp-vprn” and the “vprn-view” view (read/write).

The community in an SNMP v1/v2 request determines the SNMP context (i.e., the vprn# for accessing SNMP tables) and not the VPRN of the incoming interface on which the request was received. When an SNMP request arrives on VPRN 5 interface “ringo” with a destination IP address equal to the “ringo” interface, but the community in the SNMP request is the community configured against VPRN 101, then the SNMP request will be processed using the VPRN 101 context. (the response will contain information about VPRN 101). It is recommended to avoid using a simple series of vprn snmp-community values that are similar to each other (for example, avoid my-vprncomm-1, my-vprn-comm-2, etc).

The no form of this command removes the SNMP community name from the given VPRN context.

Parameters 
community-name—
Specifies the SNMP v1/v2c community name. This is a secret/confidential key used to access SNMP and specify a context (base vs vprn1 vs vprn2).
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.
version SNMP-version
Specifies the SNMP version.
Values—
v1, v2c, both

 

access-permissions—
Specifies the access rights to MIB objects.
Values—
r — Grants only read access to MIB objects. Creates an association of the community-name with the snmp-vprn-ro access group. rw — Grants read and write access to MIB objects. Creates an association of the community-name with the snmp-vprn access group.

 

list-name—
Configures the community to reference a specific src-access-list (created under configure system security snmp), which will be used to validate the source IP address of all received SNMP requests that use this community. Multiple community (vprn or base router) and usm-community instances can reference the same src-access-list.

source-address

Syntax 
source-address
Context 
config>service>vprn
Description 

This command enters the context to specify the source address and application that should be used in all unsolicited packets.

application

Syntax 
application app [ip-int-name | ip-address]
no application app
Context 
config>service>vprn>source-address
Description 

This command specifies the source address and application.

Parameters 
app—
Specifies the application name.
Values—
cflowd, dns, ftp, ntp, ping, ptp, radius, snmptrap, sntp, ssh, syslog, tacplus, telnet, traceroute, mcreporter, icmp-error

 

ip-int-name | ip-address—
Specifies the name of the IP interface or IP address. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

application6

Syntax 
application6 app ipv6-address
Context 
config>service>vprn>source-address
Description 

This command specifies the IPv6 source address and application.

Parameters 
app—
Specifies the application name.
Values—
cflowd, dns, ftp, ntp, ping, radius, snmptrap, syslog, tacplus, telnet, traceroute, icmp6-error

 

ipv6-address—
Specifies the IPv6 address.

static-route-entry

Syntax 
static-route-entry ip-prefix/prefix-length [mcast]
no static-route-entry ip-prefix/prefix-length [mcast]
Context 
config>service>vprn
Description 

This command creates a static route entry for both the network and access routes. A prefix and netmask must be specified.

Once the static route context for the specified prefix and netmask has been created, additional parameters associated with the static route(s) may be specified through the inclusion of additional static-route parameter commands.

The no form of this command deletes the static route entry. If a static route needs to be removed when multiple static routes exist to the same destination, then as many parameters to uniquely identify the static route must be entered.

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

Default 

No static routes are defined.

Parameters 
ip-prefix/prefix-length—
The destination address of the static route.
Values—
The following values apply to the 7750 SR and 7950 XRS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

 

Values—
The following values apply to the 7450 ESS:

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

 

mcast—
Specifies that the associated static route should be populated in the associated VPRN multicast route table.

next-hop

Syntax 
next-hop {ip-address | ip-int-name | ipv6 address}
Context 
config>service>vprn>static-route-entry
Description 

This command specifies the directly connected next hop IP address or interface used to reach the destination. If the next hop is over an unnumbered interface or a point-to-point interface, the ip-int-name of the unnumbered or point-to-point interface (on this node) can be configured.

If the next hop is over an unnumbered interface in the 7450 ESS router, the ip-int-name of the unnumbered interface (on this node) can be configured.

The configured ip-address can be either on the network side or the access side on this node. The address must be associated with a network directly connected to a network configured on this node.

Default 

no next-hop

Parameters 
ip-int-name, ipv4-address, ipv6-address—
the IP-INT, IPv4, and IPv6 addresses
Values—
The following values apply to the 7750 SR and 7950 XRS:

ip-int-name

32 characters max

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

IPv6 static routes are not supported on the 7450 ESS except in mixed mode.

 

indirect

Syntax 
[no] indirect ip-address
Context 
config>service>vprn>static-route-entry
Description 

This command specifies that the route is indirect and specifies the next hop IP address used to reach the destination.

The configured ip-address is not directly connected to a network configured on this node. The destination can be reached via multiple paths. The indirect address can only be resolved from dynamic routing protocol. Another static route cannot be used to resolve the indirect address.

The ip-address configured here can be either on the network side or the access side and is typically at least one hop away from this node.

Default 

no indirect

Parameters 
ip-address—
The IP address of the IP interface.
Values—

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x-[interface]

 

black-hole

Syntax 
[no] black-hole
Context 
config>service>vprn>static-route-entry
Description 

This command specifies that the route is a black hole route. If the destination address on a packet matches this static route, it will be silently discarded.

Default 

no black-hole

community

Syntax 
community comm-id [comm-id]
no community [comm-id [comm-id]]
Context 
config>service>vprn>static-route-entry
Description 

This command associates a list of up to 12 BGP communities (any mix of standard, extended, and large communities) with the static route. These communities can be matched in route policies and are automatically added to BGP routes that are created from the static route.

The communities specified at this level of the static route causes communities configured under the next-hop, black-hole, and indirect contexts of the static route to be ignored.

The no form of this command removes the association.

Default 

no community

Parameters 
comm-id—
Specifies a BGP community value, up to 72 characters.
Values—
[as-num:comm-val | well-known-comm | ext-comm | large-comm]
where:
  1. as-num — 0 to 65535
  2. comm-val — 0 to 65535
  3. well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole
  4. ext-comm — the extended community, defined as one of the following:
    1. {target | origin}:ip-address:comm-val
    2. {target | origin}:asnum:ext-comm-val
    3. {target | origin}:ext-asnum:comm-val
    4. bandwidth:asnum:val-in-mbps
    5. ext:4300:ovstate
    6. ext:value1:value2
    7. color:co-bits:color-value
    where:
    1. target — route target
    2. origin — route origin
    3. ip-address — a.b.c.d
    4. ext-comm-val — 0 to 4294967295
    5. ext-asnum — 0 to 4294967295
    6. val-in-mbps — 0 to 16777215
    7. ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)
    8. value1 — 0000 to FFFF
    9. value2 — 0 to FFFFFFFFFFFF
    10. co-bits — 00, 01, 10 or 11
    11. color-value — 0 to 4294967295
  5. large-commasn-or-ex:val-or-ex:val-or-ex

 

grt

Syntax 
[no] grt
Context 
config>service>vprn>static-route-entry
Description 

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.

This next-hop type cannot be used in conjunction with any other next-hop types.

Default 

no grt

ipsec-tunnel

Syntax 
ipsec-tunnel ipsec-tunnel-name
no ipsec-tunnel [ipsec-tunnel-name]
Context 
config>service>vprn>static-route-entry
Description 

This command creates a static route in a VPRN service context that points to the global routing context (base router). This is primarily used to allow traffic that ingress through a VPRN service to be routed out of the global routing context.

This next-hop type cannot be used in conjunction with any other next-hop types.

Default 

no ipsec-tunnel

Parameters 
ipsec-tunnel-name—
IPsec tunnel name; maximum length up to 32 characters.

tag

Syntax 
tag tag
no tag [tag]
Context 
config>service>vprn>static-route-entry
Description 

This command associates a 4-byte route-tag with the static route. The tag value can be used in route policies to control distribution of the static route into other protocols.

The tag specified at this level of the static route causes tag values configured under the next-hop, black-hole, and indirect contexts of the static route to be ignored.

The no form of this command removes the tag association.

Default 

no tag

Parameters 
tag—
Specifies an integer value.
Values—
1 to 4294967295

 

bfd-enable

Syntax 
[no] bfd-enable
Context 
config>service>vprn>static-route-entry>next-hop
Description 

This command associates the static route state to a BFD session between the local system and the configured nexthop.

The remote end of the BFD session must also be configured to originate or accept the BFD session controlling the static route state.

The no form of this command removes the association of the static route state to that of the BFD session.

Default 

no bfd-enable

community

Syntax 
community comm-id
no community [comm-id]
Context 
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
Description 

This command associates one BGP community (standard, extended or large) with a next-hop of the static route. This community can be matched in route policies and automatically added to BGP routes that are created from the static route.

Any community specified in one of these contexts is overridden by any communities specified at the prefix level of the static route entry.

The no form of this command removes the association.

Default 

no community

Parameters 
comm-id—
Specifies a BGP community value, up to 72 characters.
Values—
[as-num:comm-val | well-known-comm | ext-comm | large-comm]
where:
  1. as-num — 0 to 65535
  2. comm-val — 0 to 65535
  3. well-known-commnull | no-export | no-export-subconfed | no-advertise | llgr-stale | no-llgr | blackhole
  4. ext-comm — the extended community, defined as one of the following:
    1. {target | origin}:ip-address:comm-val
    2. {target | origin}:asnum:ext-comm-val
    3. {target | origin}:ext-asnum:comm-val
    4. bandwidth:asnum:val-in-mbps
    5. ext:4300:ovstate
    6. ext:value1:value2
    7. color:co-bits:color-value
    where:
    1. target — route target
    2. origin — route origin
    3. ip-address — a.b.c.d
    4. ext-comm-val — 0 to 4294967295
    5. ext-asnum — 0 to 4294967295
    6. val-in-mbps — 0 to 16777215
    7. ovstate — 0, 1, or 2 (0 for valid, 1 for not found, 2 for invalid)
    8. value1 — 0000 to FFFF
    9. value2 — 0 to FFFFFFFFFFFF
    10. co-bits — 00, 01, 10 or 11
    11. color-value — 0 to 4294967295
  5. large-commasn-or-ex:val-or-ex:val-or-ex

 

community

Syntax 
community comm-id
no community [comm-id]
Context 
config>service>vprn>static-route-entry>ip-sec-tunnel
Description 

This configuration option associates a BGP community with the static route. The community can be matched in route policies and is automatically added to BGP routes exported from the static route.

The no form of this command removes the community association.

Default 

no community

Parameters 
comm-id—
Specifies community IDs, up to 72 characters.
Values—
[2 byte asnumber:comm-val | well-known-comm]
where:
  1. 2 byte as-number — 0 to 65535
  2. comm-val — 0 to 65535
  3. well-known-commno-export | no-export-subconfed | no-advertise

 

cpe-check

Syntax 
cpe-check cpe-ip-address
no cpe-check [cpe-ip-address]
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
Description 

This command enables CPE-check and specifies the IP address of the target CPE device.

This option initiates a background ICMP ping test to the configured target IP address. The IP address can either be an IPv4 address for IPv4 static routes or an IPv6 address for IPv6 static routes. The target-ip-address cannot be in the same subnet as the static route subnet itself to avoid possible circular references. This option is mutually exclusive with BFD support on a given static route.

The no form of this command disables the cpe-check option.

Default 

no cpe-check

Parameters 
cpe-ip-address—
Specifies the IP address of the CPE device.

drop-count

Syntax 
drop-count count
no drop-count
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter specifies the number of consecutive ping-replies that must be missed to declare the CPE down and to deactivate the associated static route.

Default 

drop-count 3

Parameters 
count—
An integer count value.
Values—
1 to 255

 

interval

Syntax 
interval seconds
no interval
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter specifies the interval between ICMP pings to the target IP address.

Default 

interval 1

Parameters 
seconds—
An integer interval value.
Values—
1 to 255

 

padding-size

Syntax 
padding-size padding-size
no padding-size
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter specifies the amount of padding to add to the ICMP packet in bytes. The parameter is only applicable when the cpe-check option is used with the associated static route.

Default 

padding-size 56

Parameters 
padding-size—
An integer value.
Values—
0 to 16384 bytes

 

log

Syntax 
[no] log
Context 
config>service>vprn>static-route-entry>indirect>cpe-check
config>service>vprn>static-route-entry>next-hop>cpe-check
Description 

This optional parameter enables the ability to log transitions between active and in-active based on the CPE connectivity check. Events will be sent to the system log, syslog and SNMP traps.

Default 

no log

description

Syntax 
description description-string
no description [description-string]
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>ipsec-tunnel
Description 

This command creates a text description stored in the configuration file for a configuration context.

The no form of this command removes the description string from the context

Default 

no description

Parameters 
description-string—
Specifies the description character string. Allowed values are any string up to 80 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

destination-class

Syntax 
destination-class dest-index
no destination-class [dest-index]
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
Description 

This command configures the policy accounting destination-class index to be used when incrementing accounting statistic for traffic matching the associated static route.

The no form of this command removes the associated destination-class from the associated static route nexthop.

Default 

no destination-class

Parameters 
dest-index—
The destination index integer value.
Values—
1 to 255

 

generate-icmp

Syntax 
[no] generate-icmp
Context 
config>service>vprn>static-route-entry>black-hole
Description 

This optional command causes the ICMP unreachable messages to be sent when received packets match the associated static route. By default, the ICMP unreachable messages for those types of static routes are not generated.

This command can only be associated with a static route that has a black-hole next-hop

The no form of this command removes the black-hole next-hop from static route configuration.

Default 

no generate-icmp

forwarding-class

Syntax 
forwarding-class {be | l2 | af | l1 | h2 | ef | h1 | nc}
no forwarding-class [{be | l2 | af | l1 | h2 | ef | h1 | nc}]
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This command specifies the enqueuing forwarding class that should be associated with traffic matching the associate static route. If this parameter is not specified, the packet will use the forwarding-class association based on default classification or other QoS Policy associations.

Default 

no forwarding-class

Parameters 
Forwarding class—
The forwarding class must be one of the pre-defined system forwarding classes.
Values—
be, l2, af, l1, h2, ef, h1, nc

 

ldp-sync

Syntax 
[no] ldp-sync
Context 
config>service>vprn>static-route-entry>indirect
Description 

This command extends the LDP synchronization feature to a static route. When an interface comes back up, it is possible that a preferred static route using the interface as next-hop for a given prefix is enabled before the LDP adjacency to the peer LSR comes up on this interface. In this case, traffic on an SDP that uses the static route for the far-end address would be black-holed until the LDP session comes up and the FECs exchanged.

This option when enabled delays the activation of the static route until the LDP session comes up over the interface and the ldp-sync-timer configured on that interface has expired

Default 

no ldp-sync

load-balancing-weight

Syntax 
load-balancing-weight value
no load-balancing-weight [value]
Context 
config>service>vprn>static-route-entry>next-hop
Description 

This command configures a weighted ECMP load-balancing weight for a static route next-hop.

If all of the ECMP next-hops of a static route have a configured load-balancing-weight then packets matching the route are sprayed according to the relative weights. In other words, the next-hop interface with the largest load-balancing weight should receive the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface and effectively disables weighted ECMP for the entire static route.

Parameters 
value
Specifies the cost metric value.
Values—
0 to 4294967295

 

metric

Syntax 
metric metric-value
no metric [metric-value]
Context 
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>next-hop
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
Description 

This command specifies the cost metric for the static route, expressed as a decimal integer. This value is used when importing the static route into other protocols such as OSPF. When the metric is configured as 0 then the metric configured in OSPF, default-import-metric, applies. When modifying the metric of an existing static route, the preference will not change unless specified. This value is also used to determine which static route to install in the forwarding table.

If there are multiple static routes with the same preference but different metrics then the lower cost (metric) route will be installed.

The no form of this command returns the metric to the default value

Default 

metric 1

Parameters 
metric-value
Specifies the cost metric value.
Values—
0 to 65535

 

preference

Syntax 
preference preference-value
no preference
Context 
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>next-hop
Description 

This command specifies the route preference to be assigned to the associated static route. The lower the preference value the more preferred the route is considered.

Table 37 shows the default route preference based on the route source.

Table 37:   Default Route Preference 

Label

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

OSPF Internal routes

10

Yes

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

Aggregate

130

No

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

The no form of this command returns the returns the associated static route preference to its default value.

Default 

preference 5

Parameters 
preference-value
Specifies the route preference value.
Values—
1 to 255

 

prefix-list

Syntax 
prefix-list name [{all | none | any}]
no prefix-list [name] [{all | none | any}]
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>next-hop
config>service>vprn>static-route-entry>black-hole
Description 

This command associates a new constraint to the associated static route such that the static route is only active if any, none, or all of the routes in the prefix list are present and active in the route-table.

Default 

no prefix-list

Parameters 
name
Specifies the name of a currently configured prefix-list.
all
Specifies that the static route condition is met if all prefixes in the prefix-list must be present in the active static route.
none
Specifies that the static route condition is met if none of the prefixes in the named prefix-list can be present in the active static route.
any
Specifies that the static route condition is met if any prefixes in the prefix-list are present in the active static route.

priority

Syntax 
priority {low | high}
no priority [{low | high}]
Context 
config>service>vprn>static-route-entry>indirect>forwarding-class
config>service>vprn>static-route-entry>ipsec-tunnel>forwarding-class
config>service>vprn>static-route-entry>next-hop>forwarding-class
Description 

This optional command associates an enqueuing priority with the static route. The options are either high or low, with low being the default. This parameter has the ability to affect the likelihood that a packet will be enqueued at SAP ingress in the face of ingress congestion.

Once a packet is enqueued into an ingress buffer, the significance of this parameter is lost.

Default 

priority low

Parameters 
low
Setting the enqueuing parameter for a packet to low decreases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.
high
Setting the enqueuing parameter for a packet to high increases the likelihood of enqueuing the packet when the ingress queue is congested. Ingress enqueuing priority only affects ingress SAP queuing. Once the packet is placed in a buffer on the ingress queue, the significance of the enqueuing priority is lost.

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>static-route-entry>black-hole
config>service>vprn>static-route-entry>grt
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This command causes the static route to be placed in an administratively down state and removed from the active route-table

Default 

no shutdown

source-class

Syntax 
source-class source-index
no source-class [source-index]
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This command configures the policy accounting source-class index to be used when incrementing accounting statistic for traffic matching the associated static route.

If source route policy accounting is enabled and a source-class index is configured, traffic with a source IP address matches the associated static route, the source accounting statistics for the specified class will be incremented.

The no form of this command removes the associated destination-class from the associated static route nexthop.

Default 

no source-class

Parameters 
source-index
Specifies an integer value for the accounting source class index.
Values—
1 to 255

 

tag

Syntax 
tag tag-value
no tag [tag-value]
Context 
config>service>vprn>static-route-entry>indirect
config>service>vprn>static-route-entry>ipsec-tunnel
config>service>vprn>static-route-entry>next-hop
Description 

This command adds a 32-bit integer tag to the associated static route.

The tag value can be used in route policies to control distribution of the route into other protocols.

Default 

no tag

Parameters 
tag-value
Specifies an integer tag value.
Values—
32 bit integer

 

validate-next-hop

Syntax 
[no] validate-next-hop
Context 
config>service>vprn>static-route-entry>next-hop
Description 

This optional command tracks the state of the next hop in the IPv4 ARP cache or IPv6 Neighbor Cache. When the next hop is not reachable and is removed from the ARP or Neighbor Cache, the next hop will no longer be considered valid and the associated static route state removed from the active route-table.

When the next hop is reachable again and present in the ARP/Neighbor Cache, the static route will be considered valid and is subject to being placed into the active route-table.

Default 

no validate-next-hop

ttl-propagate

Syntax 
ttl-propagate
Context 
config>service>vprn
Description 

This command enters the context to configure TTL propagation for transit and locally generated packets in a given VPRN routing context.

local

Syntax 
local [inherit | all | vc-only | none]
Context 
config>service>vprn>ttl-propagate
Description 

This command overrides the global configuration of the TTL propagation for locally generated packets which are forwarded over a MPLS LSPs in a given VPRN service context.

The global configuration is performed under config>router>ttl-propagate>vprn-local.

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value

Default 

local inherit

Parameters 
inherit—
specifies the TTL propagation behavior is inherited from the global configuration under config>router>ttl-propagate>vprn-local.
none—
specifies the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack.
vc-only—
specifies the TTL of the IP packet is propagated into the VC label and not into the labels in the transport label stack.
all—
specifies the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.

transit

Syntax 
transit [inherit | all | vc-only | none]
Context 
config>service>vprn>ttl-propagate
Description 

This command overrides the global configuration of the TTL propagation for in transit packets which are forwarded over a MPLS LSPs in a given VPRN service context.

The global configuration is performed under config>router>ttl-propagate>vprn-transit.

The default behavior for a given VPRN instance is to inherit the global configuration for the same command. The user can explicitly set the default behavior by configuring the inherit value.

Default 

transit inherit

Parameters 
inherit—
specifies the TTL propagation behavior is inherited from the global configuration under config>router>ttl-propagate>vprn-transit.
none—
specifies the TTL of the IP packet is not propagated into the VC label or labels in the transport label stack.
vc-only—
specifies the TTL of the IP packet is propagated into the VC label and not into the labels. in the transport label stack
all—
specifies the TTL of the IP packet is propagated into the VC label and all labels in the transport label stack.

type

Syntax 
type [hub | spoke | subscriber-split-horizon]
no type
Context 
config>service>vprn>
Description 

This command designates the type of VPRN instance being configured for hub and spoke topologies. Use the no form to reset to the default of a fully meshed VPRN.

Default 

no type

Parameters 
hub—
Specifies a hub VPRN which allows all traffic from the hub SAPs to be routed to the destination directly, while all traffic from spoke VPRNs or network interfaces can only be routed to a hub SAP.
spoke—
Specifies a spoke VPRN which allows traffic from associated SAPs or spoke terminations to only be forwarded through routes learned from separate VPRN, which should be configured as a type Hub VPRN.
subscriber-split-horizon—
Controls the flow of traffic for wholesale subscriber applications.

vrf-export

Syntax 
vrf-export plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
no vrf-export
Context 
config>service>vprn
Description 

This command is used to specify route policies that control how routes are exported from the local VRF to other VRFs on the same or remote PE routers (via MP-BGP). Route policies are configured in the config>router>policy-options context.

The vrf-export command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route.

Only one of the 15 objects referenced by the vrf-export command can be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple vrf-export commands are issued, the last command entered overrides the previous command.

Aggregate routes are not advertised via MP-BGP protocols to the other MP-BGP peers.

The no form of this command removes all route policy names from the vrf-export list.

Default 

no vrf-export

Parameters 
plcy-or-long-expr—
specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).
plcy-or-expr—
specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

vrf-import

Syntax 
vrf-import plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]
no vrf-import
Context 
config>service>vprn
Description 

This command is used to specify route policies that control how VPN-IP routes exported by other VRFs, on the same or remote PEs, are imported into the local VRF. Route policies are configured in the config>router>policy-options context.

The vrf-import command can reference up to 15 objects, where each object is either a policy logical expression or the name of a single policy. The objects are evaluated in the specified order to determine final action to accept or reject the route

Only one of the 15 objects referenced by the vrf-import command is allowed to be a policy logical expression consisting of policy names (enclosed in square brackets) and logical operators (AND, OR, NOT). The first of the 15 objects has a maximum length of 255 characters while the remaining 14 objects have a maximum length of 64 characters each.

When multiple vrf-import commands are issued, the last command entered overrides the previous command.

The no form of this command removes all route policy names from the import list

Note that unless the preference value is changed by the policy, BGP-VPN routes imported with a vrf-import policy have the preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs on the same router.

Default 

no vrf-import

Parameters 
plcy-or-long-expr—
specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).
plcy-or-expr—
specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters).

vrf-target

Syntax 
vrf-target {ext-community | export ext-community | import ext-community}
no vrf-target
Context 
config>service>vprn
Description 

This command facilitates a simplified method to configure the route target to be added to advertised routes or compared against received routes from other VRFs on the same or remote PE routers (via MP-BGP).

BGP-VPN routes imported with a vrf-target statement will use the BGP preference value of 170 when imported from remote PE routers, or retain the protocol preference value of the exported route when imported from other VRFs in the same router.

Specified vrf-import or vrf-export policies override the vrf-target policy.

The no form of this command removes the vrf-target

Default 

no vrf-target

Parameters 
ext-comm—
Specifies an extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

<ext-community>

: target:{<ip-addr:comm-val> | <2byte-asnumber:ext-comm-val> | <4byte-asnumber:comm-val>}

ip-addr:

a.b.c.d

comm-val:

[0 to 65535]

2byte-asnumber:

[0 to 65535]

ext-comm-val:

[0 to 4294967295]

4byte-asnumber:

[0 to 4294967295]

 

import ext-community
Specifies communities allowed to be accepted from remote PE neighbors.
export ext-community
Specifies communities allowed to be sent to remote PE neighbors.

weighted-ecmp

Syntax 
weighted-ecmp [strict]
no weighted-ecmp
Context 
config>service>vprn
Description 

This command enables weighted load-balancing for IS-IS ECMP routes in the VPRN instance. Weighted ECMP can be performed only when all the next hops are associated with the same neighbor and all of them are configured with (non-zero) load-balancing weights. The weighted ECMP support for IS-IS ECMP routes applies to both IPv4 and IPv6.

The no form of this command restores regular ECMP spraying of packets to IS-IS route destinations.

Default 

no weighted-ecmp

Parameters 
strict—
Specifies the strict weighted ECMP option.

3.8.2.8. Interface Commands

interface

Syntax 
interface ip-int-name [create]
interface ip-int-name [create] [tunnel]
no interface ip-int-name
Context 
config>service>vprn
Description 

This command creates a logical IP routing interface for a Virtual Private Routed Network (VPRN). Once created, attributes like an IP address and service access point (SAP) can be associated with the IP interface.

The interface command, under the context of services, is used to create and maintain IP routing interfaces within VPRN service IDs. The interface command can be executed in the context of an VPRN service ID. The IP interface created is associated with the service core network routing instance and default routing table. The typical use for IP interfaces created in this manner is for subscriber Internet access.

Interface names are case sensitive and must be unique within the group of defined IP interfaces defined for config router interface and config service vprn interface. Interface names must not be in the dotted decimal notation of an IP address. For example, the name “1.1.1.1” is not allowed, but “int-1.1.1.1” is allowed. Show commands for router interfaces use either interface names or the IP addresses. Use unique IP address values and IP address names to maintain clarity. It could be unclear to the user if the same IP address and IP address name values are used. Although not recommended, duplicate interface names can exist in different router instances.

The available IP address space for local subnets and routes is controlled with the config router service-prefix command. The service-prefix command administers the allowed subnets that can be defined on service IP interfaces. It also controls the prefixes that may be learned or statically defined with the service IP interface as the egress interface. This allows segmenting the IP address space into config router and config service domains.

When a new name is entered, a new logical router interface is created. When an existing interface name is entered, the user enters the router interface context for editing and configuration.

By default, there are no default IP interface names defined within the system. All VPRN IP interfaces must be explicitly defined. Interfaces are created in an enabled state.

The no form of this command removes IP the interface and all the associated configuration. The interface must be administratively shutdown before issuing the no interface command.

For VPRN services, the IP interface must be shutdown before the SAP on that interface may be removed. VPRN services do not have the shutdown command in the SAP CLI context. VPRN service SAPs rely on the interface status to enable and disable them.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

If ip-int-name already exists within the service ID, the context will be changed to maintain that IP interface. If ip-int-name already exists within another service ID or is an IP interface defined within the config router commands, an error will occur and context will not be changed to that IP interface. If ip-int-name does not exist, the interface is created and context is changed to that interface for further command processing.

tunnel—
Specifies that this is an IPsec interface used for IPsec tunneling. Refer to the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide for information about IPsec commands and descriptions.
create —
Keyword used to create the interface instance.

active-cpm-protocols

Syntax 
[no] active-cpm-protocols
Context 
config>service>vprn>if
Description 

This command enables CPM protocols on this interface.

address

Syntax 
address ip-address[/mask] [netmask] [broadcast {all-ones | host-ones}] [track-srrp srrp-instance]
no address [ip-address[/mask]] [netmask] [broadcast {all-ones | host-ones}]
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command assigns an IP address, IP subnet, and broadcast address format to a VPRN IP router interface. Only one IP address can be associated with an IP interface. Use the secondary command to assign multiple addresses.

An IP address must be assigned to each VPRN IP interface. An IP address and a mask are used together to create a local IP prefix. The defined IP prefix must be unique within the context of the routing instance. It cannot overlap with other existing IP prefixes defined as local subnets on other IP interfaces in the same routing context within the 7750 SR.

The local subnet that the address command defines must be part of the services address space within the routing context using the config router service-prefix command. The default is to disallow the complete address space to services. Once a portion of the address space is allocated as a service prefix, that portion can be made unavailable for IP interfaces defined within the config router interface CLI context for network core connectivity with the exclude option in the config router service-prefix command.

The IP address for the interface can be entered in either CIDR (Classless Inter-Domain Routing) or traditional dotted decimal notation. The show commands display CIDR notation and is stored in configuration files.

By default, no IP address or subnet association exists on an IP interface until it is explicitly created.

Use the no form of this command to remove the IP address assignment from the IP interface. When the no address command is entered, the interface becomes operationally down.

Address

Admin state

Oper state

No address

up

down

No address

down

down

1.1.1.1

up

up

1.1.1.1

down

down

The operational state is a read-only variable and the only controlling variables are the address and admin states. The address and admin states are independent and can be set independently. If an interface is in an administratively up state and an address is assigned, it becomes operationally up and the protocol interfaces and the MPLS LSPs associated with that IP interface will be reinitialized.

Parameters 
ip-address—
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
/—
The forward slash is a parameter delimiter and separates the ip-address portion of the IP address from the mask that defines the scope of the local subnet. No spaces are allowed between the ip-address, the “/” and the mask-length parameter. If a forward slash is not immediately following the ip-address, a dotted decimal mask must follow the prefix.
mask-length—
The subnet mask length when the IP prefix is specified in CIDR notation. When the IP prefix is specified in CIDR notation, a forward slash (/) separates the ip-address from the mask-length parameter. The mask length parameter indicates the number of bits used for the network portion of the IP address; the remainder of the IP address is used to determine the host portion of the IP address. Allowed values are integers in the range 0 – 30. A mask length of 32 is reserved for system IP addresses.
mask—
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
broadcast—
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed.

This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface.

Default—
host-ones
all-ones—
The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
host-ones—
The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default broadcast address used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

track-srrp—
Specifies the SRRP instance ID that this interface route needs to track.

allow-directed-broadcasts

Syntax 
[no] allow-directed-broadcasts
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command controls the forwarding of directed broadcasts out of the IP interface.

A directed broadcast is a packet received on a local router interface destined for the subnet broadcast address on another IP interface. The allow-directed-broadcasts command on an IP interface enables or disables the transmission of packets destined to the subnet broadcast address of the egress IP interface.

When enabled, a frame destined to the local subnet on this IP interface will be sent as a subnet broadcast out this interface. Care should be exercised when allowing directed broadcasts as it is a well-known mechanism used for denial-of-service attacks.

When disabled, directed broadcast packets discarded at this egress IP interface will be counted in the normal discard counters for the egress SAP.

By default, directed broadcasts are not allowed and will be discarded at this egress IP interface.

The no form of this command disables the forwarding of directed broadcasts out of the IP interface.

Default 

no allow-directed-broadcasts — Directed broadcasts are dropped.

arp-host-route

Syntax 
arp-host-route
Context 
config>service>vprn>if
Description 

This command enables the context to populate ARP host route entries.

populate

Syntax 
populate {static | dynamic | evpn} [route-tag route-tag]
no populate {static | dynamic | evpn}
Context 
config>service>vprn>if>arp-host-route
Description 

This command enables the creation of ARP/ND host-route entries in the route-table out of a certain ARP/ND entry type.

The no form of this command disables the creation of ARP/ND host-route entries.

Parameters 
static—
Specifies the creation of ARP/ND host routes in the route-table out of configured static ARP/ND entries.
dynamic—
Specifies the creation of ARP/ND host routes in the route-table out of dynamic ARP/ND entries (learned from received ARP/ND messages from the hosts).
evpn—
Specifies the creation of ARP/ND host routes in the route-table out of EVPN ARP/ND entries (learned from EVPN MAC/IP routes).
route-tag—
Specifies the route tag ID that is added in the route table for ARP/ND host routes of type evpn, dynamic, or static. This tag can be matched on BGP VRF export and BGP peer export policies.
Values—
1 to 255

 

arp-learn-unsolicited

Syntax 
[no] arp-learn-unsolicited
Context 
config>service>vprn>if
Description 

This command allows the ARP application to learn new entries based on any received ARP message (GARP/ARP-Request/ARP-Reply, such as any frame with ethertype 0x0806).

The no form of this command disables the above behavior and ARP entries are only learned when needed, that is, when the router receives an ARP-reply after an ARP-request triggered by some received traffic.

arp-proactive-refresh

Syntax 
[no] arp-proactive-refresh
Context 
config>service>vprn>if
Description 

This command enables the router to always send out a refresh message 30 seconds prior to the timeout of the entry (a single refresh message with no retries).

The no form of this command sets the default behavior, in which an entry is marked as stale 30 seconds prior to age-out, and the router only sends an ARP request to refresh the entry if the IOM receives traffic that uses it. If so, the IOM asks the ARP application to send a refresh message. With arp-proactive-refresh enabled, the ARP module sends a refresh message regardless of the IOM receiving traffic.

bfd

Syntax 
bfd transmit-interval [receive receive-interval] [multiplier multiplier] [echo-receive echo-interval] [type cpm-np]
no bfd
Context 
config>service>vprn>if
config>service>vprn>if>ipv6
config>service>vprn>nw-if
Description 

This command specifies the BFD parameters for the associated IP interface. If no parameters are defined the default value are used.

The multiplier specifies the number of consecutive BFD messages that must be missed from the peer before the BFD session state is changed to down and the upper level protocols (OSPF, IS-IS, BGP or PIM) is notified of the fault.

The no form of this command removes BFD from the associated IGP protocol adjacency.

Note:

On the 7750 SR and 7950 XRS, the transmit-interval, receive receive-interval, and echo-receive echo-interval values can only be modified to a value less than 100 when:

  1. The type cpm-np option is explicitly configured.
  2. The interval is specified 10 to 100000.
  3. The service is shut down (shutdown)
  4. The service is re-enabled (no shutdown)

To remove the type cpm-np option, re-issue the bfd command without specifying the type parameter.

Default 

no bfd

Parameters 
transmit-interval—
Sets the transmit interval for the BFD session.
Values—
10 to 100000 (see the Note above)

 

Default—
100
receive receive-interval
Sets the receive interval for the BFD session.
Values—
10 to 100000 (see the Note above)

 

Default—
100
multiplier multiplier
Sets the multiplier for the BFD session.
Values—
3 to 20

 

Default—
3
echo-receive echo-interval
Sets the minimum echo receive interval, in milliseconds, for the BFD session.
Values—
100 to 100000
10 to 100000 (applies to the 7750 SR; see the Note above)

 

Default—
100
type cpm-np—
Specifies that BFD sessions associated with this interface will be created on the CPM network processor to allow for fast timers down to 10 ms granularity.

cflowd-parameters

Syntax 
cflowd-parameters
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command creates the configuration context to configure cflowd parameters for the associated IP interfaces.

cflowd is used for network planning and traffic engineering, capacity planning, security, application and user profiling, performance monitoring, usage-based billing, and SLA measurement.

At a minimum, the sampling command must be configured within this context in order to enable cflowd sampling, otherwise traffic sampling will not occur.

Default 

no cflowd-parameters

sampling

Syntax 
sampling {unicast | multicast} type {acl | interface} [direction {ingress-only | egress-only | both}] [sample-profile [profile-id]]
no sampling {unicast | multicast}
Context 
config>service>vprn>if>cflowd-parameters
config>service>vprn>nw-if>cflowd-parameters
Description 

This command enables and configures the cflowd sampling behavior to collect traffic flow samples through a router for analysis.

This command can be used to configure the sampling parameters for unicast and multicast traffic separately. If sampling is not configured for either unicast or multicast traffic, then that type of traffic will not be sampled.

If cflowd is enabled without either egress-only or both specified or with the ingress-only keyword specified, then only ingress sampling will be enabled on the associated IP interface.

The no form of this command disables the associated type of traffic sampling on the associated interface.

Default 

no sampling

Parameters 
unicast—
Specifies that the sampling command control the sampling of unicast traffic on the associated interface or SAP.
multicast—
Specifies that the sampling command control the sampling of multicast traffic on the associated interface or SAP.
type—
Specifies the sampling type.
Values—
acl — Specifies that the sampled traffic is controlled via an IP traffic filter entry with the action “filter-sample” configured.
interface — Specifies that all traffic entering or exiting the interface is subject to sampling.

 

direction—
Specifies the direction in which to collect traffic flow samples.
Values—
ingress-only — Enables ingress sampling only on the associated interface.
egress-only — Enables egress sampling only on the associated interface.
both — Enables both ingress and egress cflowd sampling.

 

profile-id—
Defines the sampling profile to be associated with this interface.
Values—
1 to 5

 

cpu-protection

Syntax 
cpu-protection policy-id
no cpu-protection
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command assigns an existing CPU protection policy to the associated service interface. For these interface types, the per-source rate limit is not applicable. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU protection policy is assigned to a service interface, then the default policy is used to limit the overall-rate.

The no form of this command removes CPU protection policy association from the interface, resulting in no default rate limiting of control packets.

Default 

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

no cpu-protection (for video interfaces)

Parameters 
policy-id—
Specifies an existing CPU protection policy.
Values—
1 to 255

 

cpu-protection

Syntax 
cpu-protection policy-id [mac-monitoring] | [eth-cfm-monitoring [aggregate] [car]] | [ip-src-monitoring]
no cpu-protection
Context 
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
Description 

This command assigns an existing CPU protection policy to the associated service group interface SAP, interface or MSAP policy. The CPU protection policies are configured in the config>sys>security>cpu-protection>policy cpu-protection-policy-id context.

If no CPU protection policy is assigned to a service group interface SAP, then the default policy is used to limit the overall-rate.

Default 

cpu-protection 254 (for access interfaces)

cpu-protection 255 (for network interfaces)

no cpu-protection (for video interfaces)

The configuration of no cpu-protection returns the interface/SAP to the default policies as shown above.

Parameters 
policy-id—
Specifies an existing CPU protection policy.
Values—
1 to 255

 

mac-monitoring—
When specified, the per MAC rate limiting should be performed, using the per-source-rate from the associated cpu-protection policy.
eth-cfm-monitoring —
Enables Ethernet Connectivity Fault Management monitoring.
aggregate—
Applies the rate limit to the sum of the per peer packet rates.
car—
(Committed Access Rate) causes Eth-CFM packets to be ignored when enforcing the overall-rate.
ip-src-monitoring—
Enables per SAP + IP source address rate limiting for DHCP packets using the per-source-rate from the associated cpu-protection policy. The ip-src-monitoring is useful in subscriber management architectures that have routers between the subscriber and the BNG (router). In Layer 3 aggregation scenarios all packets from all subscribers behind the same aggregation router will arrive with the same source MAC address and as such the mac-monitoring functionality can not differentiate traffic from different subscribers.

dad-disable

Syntax 
[no] dad-disable
Context 
config>service>vprn>if>ipv6
Description 

This command disables duplicate address detection (DAD) on a per-interface basis. This prevents the router from performing a DAD check on the interface. All IPv6 addresses of an interface with DAD disabled, immediately enter a preferred state, without checking for uniqueness on the interface. This is useful for interfaces which enter a looped state during troubleshooting and operationally disable themselves when the loop is detected, requiring manual intervention to clear the DAD violation.

The no form of this command turns off dad-disable on the interface.

Default 

no dad-disable

forward-ipv4-packets

Syntax 
[no] forward-ipv4-packets
Context 
config>service>vprn>if>ipv6
Description 

This command allows an IPv6-only interface (with no configured IPv4 addresses) to be used for forwarding transit and locally originating and terminating IPv4 packets.

The interface will report that its IPv4 oper-state is up if its IPv6 oper-state is up. Be aware that not all protocols will observe the interface as up from an IPv4 perspective. This command is mostly intended to support BGP routing use cases. Refer to RFC 5549, Advertising IPv4 Network Layer Reachability Information with an IPv6 Next Hop, for further information.

The no form of this command restores the default behavior and prevents the interface from forwarding IPv4 packets if it has no configured IPv4 subnets.

dist-cpu-protection

Syntax 
dist-cpu-protection policy-name
no dist-cpu-protection
Context 
config>service>vprn>nw-if
Description 

This command assigns a Distributed CPU Protection (DCP) policy to the network interface. Only a valid created DCP policy can be assigned to a network interface (this rule does not apply to templates such as an msap-policy).

Default 

If no dist-cpu-protection policy is assigned to the VPRN network interface, then the default network DCP policy (_default-network-policy) is used.

If no DCP functionality is required on the VPRN network interface then an empty DCP policy can be created and explicitly assigned to the VPRN network interface.

Parameters 
policy-name—
Specifies the name of the DCP policy up to 32 characters in length

dist-cpu-protection

Syntax 
dist-cpu-protection policy-name
no dist-cpu-protection
Context 
config>service>vprn>if>sap
Description 

This command assigns a Distributed CPU Protection (DCP) policy to the network interface. Only a valid created DCP policy can be assigned to a SAP (this rule does not apply to templates such as an msap-policy).

Default 

If no dist-cpu-protection policy is assigned to a SAP, then the default access DCP policy (_default-access-policy) is used. If no DCP functionality is required on the SAP, then an empty DCP policy can be created and explicitly assigned to the SAP.

Parameters 
policy-name—
Specifies the name of the DCP policy up to 32 characters in length

if-attribute

Syntax 
if-attribute
Context 
config>service>vprn>if
Description 

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

admin-group

Syntax 
admin-group group-name [group-name]
no admin-group group-name [group-name]
no admin-group
Context 
config>service>vprn>if>if-attribute
Description 

This command configures the admin group membership of an interface. The user can apply admin groups to an IES, VPRN, network IP, or MPLS interface. Once an admin group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured admin-group membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the admin groups bound to an MPLS interface are advertised area-wide in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the admin-group memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group with up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain. Each single operation of the admin-group command allows a maximum of 5 groups to be specified at a time. A maximum of 32 groups can be added to a given interface through multiple operations.

srlg-group

Syntax 
srlg-group group-name [group-name]
no srlg-group group-name [group-name]
no srlg-group
Context 
config>service>vprn>if>if-attribute
Description 

This command configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface.

Once an SRLG group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured SRLG membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the SRLGs bound to an MPLS interface are advertised area-wide in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the SRLG memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain. An interface can belong to up to 64 SRLG groups. Each single operation of the srlg-group command allows a maximum of 5 groups to be specified at a time.

ingress

Syntax 
ingress
Context 
config>service>vprn>if
Description 

This command enters context to configure ingress parameters for network interfaces.

destination-class-lookup

Syntax 
[no] destination-class-lookup
Context 
config>service>vprn>if>ingress
Description 

This command enables BGP destination-class lookup for packets on this interface ingress and is supported on FP3-based cards and later. It is used in combination with an IP filter or IPv6 filter destination-class to filter traffic egress of the router based on BGP destination classes.

The command is supported on network, IES, VPRN and R-VPLS interfaces. It is not supported on subscriber interfaces, tunnel interfaces and VPRN network interfaces.

Default 

no destination-class-lookup

policy-accounting

Syntax 
policy-accounting <template-name>
no policy-accounting
Context 
config>service>vprn>if>ingress
Description 

This command configures the service VPRN interface ingress policy accounting

Parameters 
template-name—
Specifies the template name, up to 32 characters.

ip-helper-address

Syntax 
ip-helper-address gateway-address
no ip-helper-address
Context 
config>service>vprn>if
Description 

This command enables broadcast UDP packets received on the associated interface to be redirected to the specified gateway address and then forwarded on to the gateway.

The no form of this command removes the gateway address from the interface configuration and stops the UDP broadcast redirect function.

Parameters 
gateway-address—
Specifies the IPv4 address of the target UDP broadcast gateway.

ipcp

Syntax 
ipcp
Context 
config>service>vprn>if
Description 

This command creates allows access to the IPCP context within the interface configuration. Within this context, IPCP extensions can be configured to define such things as the remote IP address and DNS IP address to be signaled via IPCP on the associated PPP interface.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface.

dns

Syntax 
dns ip-address [secondary ip-address]
dns secondary ip-address
no dns [ip-address] [secondary ip-address]
Context 
config>service>vprn>if>ipcp
Description 

This command defines the dns address(es) to be assigned to the far-end of the associated PPP/MLPPP link via IPCP extensions.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The no form of this command deletes either the specified primary DNS address, secondary DNS address or both addresses from the IPCP extension peer-ip-address configuration.

Default 

no dns

Parameters 
ip-address—
Specifies a unicast IPv4 address for the primary DNS server to be signaled to the far-end of the associate PPP/MLPPP link via IPCP extensions.
secondary ip-address
Specifies a unicast IPv4 address for the secondary DNS server to be signaled to the far-end of the associate PPP/MLPPP link via IPCP extensions.

peer-ip-address

Syntax 
peer-ip-address ip-address
no peer-ip-address
Context 
config>service>vprn>if>ipcp
Description 

This command defines the remote IP address to be assigned to the far-end of the associated PPP/MLPPP link via IPCP extensions.

This command is only applicable if the associated SAP/port is a PPP/MLPPP interface with an IPCP encapsulation.

The interface must be shut down to modify the IPCP configuration.

The no form of this command deletes the IPCP extension peer-ip-address configuration.

Default 

no peer-ip-address (0.0.0.0)

Parameters 
ip-address—
Specifies a unicast IPv4 address to be signaled to the far-end of the associated PPP/MLPPP link by IPCP extensions.

ipv6

Syntax 
[no] ipv6
Context 
config>service>vprn>if
Description 

This command configures an IPv6 interface.

address

Syntax 
address ipv6-address/mask [eui-64] [track-srrp srrp-instance] [modifier cga-modifier] [dad-disable] [primary-preference primary-preference]
no address ipv6-address/prefix-length
Context 
config>service>vprn>if>ipv6
Description 

This command assigns an IPv6 address to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces.

Caution:

Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.

Parameters 
ipv6-address/prefix-length—
Specifies the IPv6 address on the interface.
Values—

ipv6-address/prefix:

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

1 to 128

 

eui-64—
When the eui-64 keyword is specified, a complete IPv6 address from the supplied prefix and 64-bit interface identifier is formed. The 64-bit interface identifier is derived from MAC address on Ethernet interfaces. For interfaces without a MAC address, for example ATM interfaces, the Base MAC address of the chassis is used.
track-srrp srrp-instance
Specifies the SRRP instance ID that this interface route needs to track.
Values—
1 to 4294967295

 

modifier cga-modifier
Specifies the modifier in 32 hexadecimal nibbles.
Values—
0x0–0xFFFFFFFF

 

dad-disable—
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.
primary-preference primary-preference
Specifies a primary-preference index to an IPv6 address of the interface to enforce the order in which the address is used by control plane protocols and applications which require a fixed address of the interface. These include LDP and Segment Routing.

When originating packets from this interface, the source IPv6 address follows the selection rules in RFC 6724 except for the specific cases where a fixed address is required. In the latter case, the IPv6 address with the lowest primary-preference index is selected. If the selected address is removed, the system selects the IPv6 address with the next lowest primary-preference index.

The system assigns the next available index value to any IPv6 address of the interface when configured without the primary-preference index value specified. The address index space is unique across all addresses of a given interface.

Values—
1 to 4294967295

 

icmp6

Syntax 
icmp6
Context 
config>service>vprn>if>ipv6
Description 

This command configures ICMPv6 for the interface.

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>vprn>if
config>service>vprn>if>sap>ip-tunnel
Description 

This command configures the IP maximum transmit unit (packet) for this interface.

The no form of this command returns the default value. By default (for Ethernet network interface) if no ip-mtu is configured it is (1568 - 14) = 1554.

Default 

no ip-mtu

Parameters 
octets—
Specifies the maximum number of octets that can be transmitted.
Values—
512 to 9786

 

link-local-address

Syntax 
link-local-address ipv6-address [dad-disable]
no link-local-address
Context 
config>router>if>ipv6
config>service>vprn>if>ipv6
config>service>vprn>if>ipv6
Description 

This command configures the IPv6 link local address.

The no form of this command removes the configured link local address, and the router automatically generates a default link local address.

Caution:

Removing a manually configured link local address may impact routing protocols or static routes that have a dependency on that address. It is not recommended to remove a link local address when there are active IPv6 subscriber hosts on an IES or VPRN interface.

Parameters 
dad-disable—
Disables Duplicate Address Detection (DAD) and sets the address to preferred, even if there is a duplicated address.

local-proxy-nd

Syntax 
[no] local-proxy-nd
Context 
config>service>vprn>if>ipv6
Description 

This command enables or disables neighbor discovery on the interface.

nd-host-route

Syntax 
nd-host-route
Context 
config>service>vprn>if>ipv6
Description 

This command enables the context to populate ND host route entries.

populate

Syntax 
populate {static | dynamic | evpn} [route-tag route-tag]
no populate {static | dynamic | evpn}
Context 
config>service>vprn>if>ipv6>nd-host-route
Description 

This command enables the creation of ARP/ND host-route entries in the route table out of a particular ARP/ND entry type.

The no form of this command disables the creation of ARP/ND host-route entries.

Parameters 
static—
Specifies the creation of ARP/ND host routes in the route table out of configured static ARP/ND entries.
dynamic—
Specifies the creation of ARP/ND host routes in the route table out of dynamic ARP/ND entries (learned from received ARP/ND messages from the hosts).
evpn—
Specifies the creation of ARP/ND host routes in the route table out of EVPN ARP/ND entries (learned from EVPN MAC/IP routes).
route-tag—
Specifies the route tag ID that is added in the route table for ARP/ND host routes of type evpn, dynamic, or static. This tag can be matched on BGP VRF export and BGP peer export policies.
Values—
1 to 255

 

nd-learn-unsolicited

Syntax 
nd-learn-unsolicited {global | link-local | both}
no nd-learn-unsolicited
Context 
config>service>vprn>if>ipv6
Description 

This command enables the ability to learn neighbor entries out of received unsolicited Neighbor Advertisement messages, with or without the solicited flag set. The command can be enabled for global addresses, link-local addresses, or for both.

The no form of this command makes the router follow standard RFC 4861 behavior for learning of neighbor entries.

  1. If an unsolicited NA (regardless of the S flag) is received from a neighbor that is not yet in the ND cache, the NA is ignored in line with RFC 4861.
  2. If an NS, RS, RA, or Redirect message with a Link Layer Address (MAC) is received from a neighbor that is not yet in the ND cache, a new neighbor entry is created in the cache to store the received Link Layer MAC. The neighbor is put in the STALE state. This is the standard RFC behavior.
Parameters 
global—
Learns global neighbor entries out of received unsolicited Neighbor Advertisement messages.
link-local—
Learns link local neighbor entries out of received unsolicited Neighbor Advertisement messages.
both—
Learns both global and link local neighbor entries out of received unsolicited Neighbor Advertisement messages.

nd-proactive-refresh

Syntax 
nd-proactive-refresh {global | link-local | both}
no nd-proactive-refresh
Context 
config>service>vprn>if>ipv6
Description 

This command enables a proactive refresh of the neighbor entries. When enabled, at the stale timer expiration, the router sends an NUD message to the host (regardless of the existence of traffic to the IP address on the IOM), so the entry can be refreshed or removed.

This behavior is different from ARP, where the refresh is sent 30 seconds prior to the entry’s age out time. The refresh can be optionally enabled for global addresses, link-local addresses, or both.

The no form of this command disables the proactive behavior and the router only refreshes an entry if there is traffic that needs to be sent to the IP address.

Parameters 
global—
Refreshes global neighbor entries. This parameter is relevant only to global IPv6 addresses.
link-local—
Refreshes link local neighbor entries. This parameter is relevant only to global IPv6 addresses.
both—
Refreshes both global and link local neighbor entries. This parameter is relevant only to global IPv6 addresses.

neighbor

Syntax 
neighbor ipv6-address mac-address
no neighbor ipv6-address
Context 
config>service>vprn>if>ipv6
Description 

This command configures IPv6-to-MAC address mapping on the interface.

Parameters 
ipv6-address—
Specifies the IPv6 address on the interface.
Values—

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

 

mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

neighbor-limit

Syntax 
neighbor-limit limit [log-only] [threshold percent]
no neighbor-limit
Context 
config>service>vprn>if>ipv6
Description 

This command configures the maximum amount of dynamic IPv6 neighbor entries that can be learned on an IP interface.

When the number of dynamic neighbor entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of this command removes the neighbor-limit.

Default 

neighbor-limit 90

Parameters 
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
percent —
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 to 100

 

limit —
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic neighbor learning is disabled and no dynamic neighbor entries are learned.
Values—
0 to 102400

 

proxy-nd-policy

Syntax 
proxy-nd-policy policy-name [policy-name]
no proxy-nd-policy
Context 
config>service>vprn>if>ipv6
Description 

This command configures a proxy neighbor discovery policy for the interface.

Parameters 
policy-name—
Specifies up to five existing policy names.

python-policy

Syntax 
python-policy name
no python-policy
Context 
config>service>vprn>if>ipv6
Description 

This command specifies a python policy. Python policies are configured in the config>python> python-policy name context.

Parameters 
name—
Specifies the name of an existing python script, up to 32 characters in length.

load-balancing

Syntax 
load-balancing
Context 
config>service>vprn>if config>service>vprn>nw-if
Description 

This command enables the load-balancing context to configure interface per-flow load balancing options that will apply to traffic entering this interface and egressing over a LAG/ECMP on system-egress. This is a per interface setting. For load-balancing options that can also be enabled on the system level, the options enabled on the interface level overwrite system level configurations.

egr-ip-load-balancing

Syntax 
egr-ip-load-balancing {source | destination | inner-ip}
no egr-ip-load-balancing
Context 
config>service>vprn>if>load-balancing
config>service>vprn>if>nw-if>load-balancing
Description 

This command specifies whether to include the source address or destination address or both in the LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled, the command also applies to the inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default 

no egr-ip-load-balancing

Parameters 
source—
Specifies using the source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port.
destination—
Specifies using the destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port.
inner-ip—
Specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic.

lsr-load-balancing

Syntax 
lsr-load-balancing hashing-algorithm
no lsr-load-balancing
Context 
config>service>vprn>nw-if>load-balancing
Description 

This command specifies whether the IP header is used in the LAG and ECMP LSR hashing algorithm. This is the per interface setting.

Default 

no lsr-load-balancing

Parameters 
lbl-only—
Only the label is used in the hashing algorithm.
lbl-ip —
The IP header is included in the hashing algorithm.
ip-only—
The IP header is used exclusively in the hashing algorithm.
eth-encap-ip—
The hash algorithm parses down the label stack (up to 3 labels supported) and once it hits the bottom, the stack assumes Ethernet II non-tagged header follows. At the expected Ethertype offset location, algorithm checks whether the value present is IPv4/v6 (0x0800 or 0x86DD). If the check passes, the hash algorithm checks the first nibble at the expected IP header location for IPv4/IPv6 (0x0100/0x0110). If the secondary check passes, the hash is performed using IP SA/DA fields in the expected IP header; otherwise (if any of the checks failed) label-stack hash is performed.

spi-load-balancing

Syntax 
[no] spi-load-balancing
Context 
config>service>vprn>if>load-balancing config>service>vprn>nw-if>load-balancing
Description 

This command enables use of the SPI in hashing for ESP/AH encrypted IPv4/v6 traffic. This is a per interface setting.

The no form disables the SPI function.

Default 

no spi-load-balancing

teid-load-balancing

Syntax 
[no] teid-load-balancing
Context 
config>service>vprn>if>load-balancing
config>service>vprn>nw-if>load-balancing
Description 

This command enables inclusion of TEID in hashing for GTP-U/C encapsulates traffic for GTPv1/GTPv2.

The no form of this command ignores TEID in hashing.

Default 

no teid-load-balancing

local-proxy-arp

Syntax 
[no] local-proxy-arp
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command enables local proxy ARP. When local proxy ARP is enabled on an IP interface, the system responds to all ARP requests for IP addresses belonging to the subnet with its own MAC address, and thus will become the forwarding point for all traffic between hosts in that subnet. When local-proxy-arp is enabled, ICMP redirects on the ports associated with the service are automatically blocked.

Default 

no local-proxy-arp

loopback

Syntax 
[no] loopback
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command specifies that the associated interface is a loopback interface that has no associated physical interface. As a result, the associated interface cannot be bound to a SAP.

When using mtrace/mstat in a Layer 3 VPN context then the configuration for the VPRN should have a loopback address configured which has the same address as the core instance's system address (BGP next-hop).

Default 

no loopback

mac

Syntax 
[no] mac ieee-mac-address
Context 
config>service>vprn>if
config>service>vprn>if>vrrp
config>service>vprn>nw-if
Description 

This command assigns a specific MAC address to a VPRN IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

Default 

The physical MAC address associated with the Ethernet interface that the SAP is configured on.

Parameters 
ieee-mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

monitor-oper-group

Syntax 
monitor-oper-group name
no monitor-oper-group
Context 
config>service>vprn>if
Description 

This command specifies the operational group to be monitored by the object under which it is configured. The oper-group name must be already configured under the config>service context before its name is referenced in this command.

The no form of this command removes the association from the configuration.

Default 

no monitor-oper-group

Parameters 
name—
Specifies a character string, up to 32 ASCII characters, identifying the group instance.

proxy-arp

Syntax 
[no] proxy-arp
Context 
config>service>vprn>nw-if
Description 

This command enables proxy ARP on the interface.

Default 

no proxy-arp

proxy-arp-policy

Syntax 
[no] proxy-arp-policy policy-name [policy-name]
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command enables a proxy ARP policy for the interface.

The no form of this command disables the proxy ARP capability.

Default 

no proxy-arp-policy

Parameters 
policy-name—
Specifies the export route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. The specified name(s) must already be defined. Up to 5 route policies can be specified.

ptp-hw-assist

Syntax 
[no] ptp-hw-assist
Context 
config>service>vprn>if
Description 

This command configures the 1588 port based timestamping assist function for the interface. This capability is supported on a specific set of hardware. The command may be blocked if not all hardware has the required level of support.

If the SAP configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

If the IPv4 address configuration of the interface is removed, the ptp-hw-assist configuration will be removed.

Only one interface per physical port can have ptp-hw-assist enabled.

Default 

no ptp-hw-assist

qos-route-lookup

Syntax 
qos-route-lookup [source | destination]
no qos-route-lookup
Context 
config>service>vprn>if
config>service>vprn>if>ipv6
Description 

This command enables QoS classification of the ingress IP packets on an interface based on the QoS information associated with routes in the forwarding table.

If the optional destination parameter is specified and the destination address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the destination address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network QoS policy.

If the optional source parameter is specified and the source address of an incoming IP packet matches a route with QoS information the packet is classified to the fc and priority associated with that route, overriding the fc and priority/profile determined from the sap-ingress or network qos policy associated with the IP interface. If the source address of the incoming packet matches a route with no QoS information the fc and priority of the packet remain as determined by the sap-ingress or network QoS policy.

If neither the optional source nor destination parameter is present, then the default is destination address matching.

The functionality enabled by the qos-route-lookup command can be applied to IPv4 packets or IPv6 packets on an interface, depending on whether it is present at the interface context (applies to IPv4) or the interface>ipv6 context (applies to IPv6). The ability to specify source address based QoS lookup is not supported for IPv6. Subscriber management group interfaces also do not support the source QPPB option.

The no form of this command reverts to the default destination address matching mode.

Default 

no qos-route-lookup

Parameters 
source—
Enables QoS classification of incoming IP packets based on the source address matching a route with QoS information.
destination—
Enables QoS classification of incoming IP packets based on the destination address matching a route with QoS information.

redundant-interface

Syntax 
redundant-interface red-ip-int-name
no redundant-interface
Context 
config>service>vprn
Description 

This command configures a redundant interface used for dual homing.

Parameters 
red-ip-int-name—
Specifies the redundant IP interface name.

remote-proxy-arp

Syntax 
[no] remote-proxy-arp
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command enables remote proxy ARP on the interface.

Remote proxy ARP is similar to proxy ARP. It allows the router to answer an ARP request on an interface for a subnet that is not provisioned on that interface. This allows the router to forward to the other subnet on behalf of the requester. To distinguish remote proxy ARP from local proxy ARP, local proxy ARP performs a similar function but only when the requested IP is on the receiving interface.

Default 

no remote-proxy-arp

secondary

Syntax 
secondary ip-address[/mask] [netmask] [broadcast {all-ones | host-ones}] [igp-inhibit] [track-srrp srrp-instance]
no secondary ip-address[/mask]
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command assigns a secondary IP address to the interface. Up to 16 total primary and secondary IPv4 and IPv6 addresses can be assigned to network interfaces, and up to 256 to access interfaces. Each address can be configured in an IP address, IP subnet or broadcast address format.

Caution:

Configurations must not exceed 16 secondary IP addresses when IPsec, GRE, L2TPv3, or IP in IP protocols are active on an access interface.

Parameters 
ip-address—
The IP address of the IP interface. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation. Allowed values are IP addresses in the range 1.0.0.0 – 223.255.255.255 (with support of /31 subnets).
mask—
The subnet mask in dotted decimal notation. When the IP prefix is not specified in CIDR notation, a space separates the ip-address from a traditional dotted decimal mask. The mask parameter indicates the complete mask that will be used in a logical ‘AND’ function to derive the local subnet of the IP address. Allowed values are dotted decimal addresses in the range 128.0.0.0 – 255.255.255.252. A mask of 255.255.255.255 is reserved for system IP addresses.
netmask—
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.
broadcast—
The optional broadcast parameter overrides the default broadcast address used by the IP interface when sourcing IP broadcasts on the IP interface. If no broadcast format is specified for the IP address, the default value is host-ones which indicates a subnet broadcast address. Use this parameter to change the broadcast address to all-ones or revert back to a broadcast address of host-ones.

The broadcast format on an IP interface can be specified when the IP address is assigned or changed. This parameter does not affect the type of broadcasts that can be received by the IP interface. A host sending either the local broadcast (all-ones) or the valid subnet broadcast address (host-ones) will be received by the IP interface. (Default: host-ones)

all-ones—
The all-ones keyword following the broadcast parameter specifies the broadcast address used by the IP interface for this IP address will be 255.255.255.255, also known as the local broadcast.
host-ones—
The host-ones keyword following the broadcast parameter specifies that the broadcast address used by the IP interface for this IP address will be the subnet broadcast address. This is an IP address that corresponds to the local subnet described by the ip-address and the mask-length or mask with all the host bits set to binary one. This is the default used by an IP interface.

The broadcast parameter within the address command does not have a negate feature, which is usually used to revert a parameter to the default value. To change the broadcast type to host-ones after being changed to all-ones, the address command must be executed with the broadcast parameter defined.

igp-inhibit—
The optional igp-inhibit parameter signals that the given secondary IP interface should not be recognized as a local interface by the running IGP. For OSPF and IS-IS, this means that the specified secondary IP interfaces will not be injected and used as passive interfaces and will not be advertised as internal IP interfaces into the IGP’s link state database. For RIP, this means that these secondary IP interfaces will not source RIP updates.
track-srrp srrp-instance
Specifies the SRRP instance ID that this interface route needs to track.

shcv-policy-ipv4

Syntax 
shcv-policy-ipv4 policy-name
no shcv-policy-ipv4
Context 
config>service>vprn>if
Description 

This command specifies the Subscriber Host Connectivity Verification (SHCV) policy for IPv4 only.

The no form of this command removes the policy name from the SAP configuration.

shcv-policy-ipv6

Syntax 
shcv-policy-ipv6 policy-name
no shcv-policy-ipv6
Context 
config>service>vprn>if
Description 

This command specifies the Subscriber Host Connectivity Verification (SHCV) policy for IPv6 only.

The no form of this command removes the policy name from the SAP configuration.

static-arp

Syntax 
static-arp ieee-mac-address unnumbered
static-arp ip-address ieee-mac-address
no static-arp [ieee-mac-address] unnumbered
no static-arp ip-address [ieee-mac-address]
Context 
config>service>vprn>if
Description 

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP will appear in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface. If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters 
ip-address—
Specifies the IP address for the static ARP in IP address dotted decimal notation.
ieee-mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.
unnumbered
Specifies the static ARP MAC for an unnumbered interface. Unnumbered interfaces support dynamic ARP. Once this command is configured, it overrides any dynamic ARP.

static-arp

Syntax 
static-arp ip-address ieee-mac-address
no static-arp ip-address
Context 
config>service>vprn>nw-if
Description 

This command configures a static address resolution protocol (ARP) entry associating a subscriber IP address with a MAC address for the core router instance. This static ARP will appear in the core routing ARP table. A static ARP can only be configured if it exists on the network attached to the IP interface. If an entry for a particular IP address already exists and a new MAC address is configured for the IP address, the existing MAC address will be replaced with the new MAC address.

The no form of this command removes a static ARP entry.

Parameters 
ip-address—
Specifies the IP address for the static ARP in IP address dotted decimal notation.
ieee-mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

static-tunnel-redundant-next-hop

Syntax 
static-tunnel-redundant-next-hop ip-address
no static-tunnel-redundant-next-hop
Context 
config>service>vprn>if
Description 

This command specifies redundant next-hop address on public or private IPsec interface (with public or private tunnel-sap) for static IPsec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them.

The next-hop address will be resolved in routing table of corresponding service.

The no form of this command removes the address from the interface configuration.

Parameters 
ip-address—
Specifies the static ISA tunnel redundant next-hop address.

secure-nd

Syntax 
[no] secure-nd
Context 
config>service>vprn>if>ipv6
Description 

This command enables Secure Neighbor Discovery (SeND) on the IPv6 interface.

The no form of this command reverts to the default and disabled SeND.

allow-unsecured-msgs

Syntax 
[no] allow-unsecured-msgs
Context 
config>service>vprn>if>secure-nd
Description 

This command specifies whether unsecured messages are accepted. When Secure Neighbor Discovery (SeND) is enabled, only secure messages are accepted by default.

The no form of this command disables accepting unsecured messages.

link-local-modifier

Syntax 
link-local-modifier modifier
[no] link-local-modifier
Context 
config>service>vprn>if>secure-nd
Description 

This command configures the Cryptographically Generated Address (CGA) modifier for link-local addresses.

Parameters 
modifier—
Specifies the modifier in 32 hexadecimal nibbles.
Values—
0x0–0xFFFFFFFF

 

public-key-min-bits

Syntax 
public-key-min-bits bits
[no] public-key-min-bits
Context 
config>service>vprn>if>secure-nd
Description 

This command configures the minimum acceptable key length for public keys used in the generation of a Cryptographically Generated Address (CGA).

Parameters 
bits—
Specifies the number of bits.
Values—
512 to 1024

 

security-parameter

Syntax 
security-parameter sec
[no] security-parameter
Context 
config>service>vprn>if>secure-nd
Description 

This command configures the security parameter used in the generation of a Cryptographically Generated Address (CGA).

Parameters 
sec—
Specifies the security parameter.
Values—
0 to 1

 

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>if>secure-nd
Description 

This command enables or disables Secure Neighbor Discovery (SeND) on the interface.

stale-time

Syntax 
stale-time seconds
no stale-time
Context 
config>service>vprn>ipv6
config>service>vprn>if>ipv6
Description 

This command configures the time a neighbor discovery cache entry can remain stale before being removed.

The no form of this command removes the stale-time value.

Default 

no stale-time

Parameters 
seconds—
Specifies the allowed stale time (in seconds) before a neighbor discovery cache entry is removed.
Values—
60 to 65535

 

tcp-mss

Syntax 
tcp-mss mss-value
no tcp-mss
Context 
service>vprn>if
service>vprn>if>ipv6
config>service>vprn>nw-if
Description 

This command statically sets the TCP maximum segment size (MSS) for TCP connections originated from the associated IP or network interface to the specified value.

The no form of this command removes the static value and allows the TCP MSS value to be calculated based on the IP MTU value by subtracting the base IP and TCP header lengths from the IP MTU value (tcp_mss = ip_mtu – 40).

Default 

no tcp-mss

Parameters 
mss-value—
Specifies the TCP MSS value that should be used in the TCP SYN packet during the three-way handshake negotiation of a TCP connection.

Note: 9746 = max-IP_MTU (9786)-40

Values—
384 to 9746 (IPv4 or network)
1220 to 9726(IPv6)

 

tos-marking-state

Syntax 
tos-marking-state {trusted | untrusted}
no tos-marking-state
Context 
config>service>vprn>nw-if
Description 

This command is used to alter the default trusted state to a non-trusted state. When unset or reverted to the trusted default, the ToS field will not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set, in which case the egress network interface treats all VPRN and network IP interface as untrusted.

When the ingress interface is set to untrusted, all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface. The egress network remarking rules also apply to the ToS field of IP packets routed using IGP shortcuts (tunneled to a remote next-hop). However, the tunnel QoS markings are always derived from the egress network QoS definitions. Egress marking and remarking is based on the internal forwarding class and profile state of the packet once it reaches the egress interface. The forwarding class is derived from ingress classification functions. The profile of a packet is either derived from ingress classification or ingress policing.

The default marking state for network IP interfaces is trusted. This is equivalent to declaring no tos-marking-state on the network IP interface. When undefined or set to tos-marking-state trusted, the trusted state of the interface will not be displayed when using show config or show info unless the detail parameter is given. The save config command will not store the default tos-marking-state trusted state for network IP interfaces unless the detail parameter is also specified.

The no tos-marking-state command is used to restore the trusted state to a network IP interface. This is equivalent to executing the tos-marking-state trusted command.

Default 

tos-marking-state trusted

Parameters 
trusted—
The default prevents the ToS field to not be remarked by egress network IP interfaces unless the egress network IP interface has the remark-trusted state set.
untrusted—
Specifies that all egress network IP interfaces will remark IP packets received on the network interface according to the egress marking definitions on each network interface.

unnumbered

Syntax 
unnumbered [ip-int-name | ip-address]
no unnumbered
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command configures the interface as an unnumbered interface. An unnumbered IP interface is supported on a SONET/SDH access port with the PPP, ATM, Frame Relay, cisco-HDLC encapsulation. It is not supported on access ports that do not carry IP traffic, but are used for native TDM circuit emulation.

Parameters 
ip-int-name—
Specifies the name of an IP interface. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
ip-address—
Specifies an IP address.

qos

Syntax 
qos network-policy-id
qos network-policy-id egress-port-redirect-group queue-group-name egress-instance instance-id ingress-fp-redirect-group queue-group-name ingress-instance instance-id
qos network-policy-id egress-port-redirect-group queue-group-name egress-instance instance-id
qos network-policy-id ingress-fp-redirect-group queue-group-name ingress-instance instance-id
no qos
Context 
config>service>vprn>nw-if
Description 

This command associates a network Quality of Service (QoS) policy with a network IP interface. Only one network QoS policy can be associated with an IP interface at one time. Attempts to associate a second QoS policy return an error.

Associating a network QoS policy with a network interface is useful for the following purposes:

  1. To apply classification rules for determining the forwarding-class and profile of ingress packets on the interface.
  2. To associate ingress packets on the interface with a queue-group instance applied to the ingress context of the interface’s forwarding plane (FP). (This is only applicable to interfaces on IOM3 and later cards.) The referenced ingress queue-group instance may have policers defined in order to rate limit ingress traffic on a per-forwarding class (and forwarding type: unicast vs. multicast) basis.
  3. To perform 802.1p, DSCP, IP precedence and/or MPLS EXP re-marking of egress packets on the interface.
  4. To associate egress packets on the interface with a queue-group instance applied to the egress context of the interface’s port. The referenced egress queue-group instance may have policers and/or queues defined in order to rate limit egress traffic on a per-forwarding class basis.

The no form of this command removes the network QoS policy association from the network IP interface, and the QoS policy reverts to the default.

Default 

no qos

Parameters 
network-policy-id—
An existing network policy ID to associate with the IP interface.
Values—
1 to 65535

 

port-redirect-group queue-group-name
This optional parameter specifies the egress queue-group used for all egress forwarding-class redirections specified within the network QoS policy ID. The specified queue-group-name must exist as an egress queue group applied to the egress context of the port associated with the IP interface.
egress-instance instance-id
Since multiple instances of the same egress queue-group can be applied to the same port this optional parameter is used to specify which particular instance to associate with this particular network IP interface.
Values—
1 to 16384

 

fp- redirect-group queue-group-name
This optional parameter specifies the ingress queue-group used for all ingress forwarding-class redirections specified within the network QoS policy ID. The specified queue-group-name must exist as an ingress queue group applied to the ingress context of the forwarding plane associated with the IP interface.
ingress-instance instance-id
Since multiple instances of the same ingress queue-group can be applied to the same forwarding plane this parameter is required to specify which particular instance to associate with this particular network IP interface.
Values—
1 to 16384

 

urpf-check

Syntax 
[no] urpf-check
Context 
config>service>vprn>if
config>service>vprn>nw-if
config>service>vprn>if>ipv6
Description 

This command enables unicast RPF (uRPF) check on this interface.

The no form of this command disables unicast RPF (uRPF) Check on this interface.

Default 

no urpf-check

vas-if-type

Syntax 
vas-if-type {to-from-access | to-from-network | to-from-both}
no vas-if-type
Context 
config>service>vprn>if
Description 

This command configures the type of a Value Added Service (VAS) facing interface. To change the vas-if-type, the shutdown command is required. The vas-if-type and loopback commands are mutually exclusive.

The no form of this command removes the VAS interface type configuration.

Default 

no vas-if-type

Parameters 
to-from-access—
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from access interfaces (upstream) is redirected to a PBR target reachable over this interface for upstream VAS processing. Downstream traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.
to-from-network—
Used when two separate (to-from-access and to-from-network) interfaces are used for VAS connectivity. For service chaining, traffic arriving from network interfaces (downstream) is redirected to a PBR target reachable over this interface for downstream VAS processing. Upstream traffic after VAS processing must arrive on this interface, so that regular routing can be applied.
to-from-both—
Used when a single interface is used for VAS connectivity (no local-to-local traffic). For service chaining, both traffic arriving from access and from network is redirected to a PBR target reachable over this interface for upstream/downstream VAS processing. Traffic after VAS processing must arrive on this interface, so that the traffic is subject to regular routing but is not subject to AA divert, nor egress subscriber PBR.

mode

Syntax 
mode {strict | loose | strict-no-ecmp}
no mode
Context 
config>service>vprn>if>urpf-check
config>service>vprn>nw-if>urpf-check
Description 

This command specifies the mode of unicast RPF check.

The no form of this command reverts to the default (strict) mode.

Default 

mode strict

Parameters 
strict—
When specified, uRPF checks whether incoming packet has a source address that matches a prefix in the routing table, and whether the interface expects to receive a packet with this source address prefix.
loose—
In loose mode, uRPF checks whether incoming packet has source address with a corresponding prefix in the routing table. However, the loose mode does not check whether the interface expects to receive a packet with a specific source address prefix. This object is valid only when urpf-check is enabled.
strict-no-ecmp—
When a packet is received on an interface in this mode and the SA matches an ECMP route the packet is dropped by uRPF.

3.8.2.9. Interface Commands

egress

Syntax 
egress
Context 
config>service>vprn>nw-if
Description 

This command enters the context to configure egress network filter policies for the interface.

dynamic-tunnel-redundant-next-hop

Syntax 
dynamic-tunnel-redundant-next-hop ip-address
no dynamic-tunnel-redundant-next-hop
Context 
config>service>vprn>if
Description 

This command specifies redundant next-hop address on public or private IPsec interface (with public or private tunnel-sap) for dynamic IPsec tunnel. The specified next-hop address will be used by standby node to shunt traffic to master in case of it receives them.

The next-hop address will be resolved in routing table of corresponding service.

Parameters 
ip-address—
Specifies the dynamic ISA tunnel redundant next-hop address.

egr-ip-load-balancing

Syntax 
egr-ip-load-balancing {source | destination | inner-ip}
no egr-ip-load-balancing
Context 
config>service>vprn>if>load-balancing
config>service>vprn>if>nw-if>load-balancing
Description 

This command specifies whether to include source address or destination address or both in LAG/ECMP hash on IP interfaces. Additionally, when l4-load-balancing is enabled the command applies also to inclusion of source/destination port in the hash inputs.

The no form of this command includes both source and destination parameters.

Default 

no egr-ip-load-balancing

Parameters 
source—
Specifies using source address and (if l4-load balancing is enabled) source port in the hash, ignore destination address/port.
destination—
Specifies using destination address and (if l4-load balancing is enabled) destination port in the hash, ignore source address/port.
inner-ip—
Specifies use of the inner IP header parameters instead of outer IP header parameters in LAG/ECMP hash for IPv4 encapsulated traffic.

enable-ingress-stats

Syntax 
[no] enable-ingress-stats
Context 
config>router>if
config>service>ies >if
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command enables the collection of ingress interface IP stats. This command is only applicable to IP statistics, and not to uRPF statistics.

If enabled, then the following statistics are collected:

  1. IPv4 offered packets
  2. IPv4 offered octets
  3. IPv6 offered packets
  4. IPv6 offered octets
  5. Octet statistics for IPv4 and IPv6 bytes at IP interfaces include the layer 2 frame overhead.
Default 

no enable-ingress-stats

enable-mac-accounting

Syntax 
[no] enable-mac-accounting
Context 
config>service>vprn>if
Description 

This command enables MAC accounting functionality on this interface.

The no form of this command disables MAC accounting functionality on this interface.

hold-time

Syntax 
hold-time
Context 
config>service>vprn>if
config>service>vprn>network-interface
config>service>vprn>redundant-interface
Description 

This command creates the CLI context to configure interface level hold-up and hold-down timers for the associated IP interface.

The up timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the deactivation of the associated interface for the specified amount of time.

The down timer controls a delay for the associated IPv4 or IPv6 interface so that the system will delay the activation of the associated interface for the specified amount of time

down

Syntax 
down ip seconds [init-only]
no down ip
down ipv6 seconds [init-only]
no down ipv6
Context 
config>service>vprn>if>hold-time
Description 

This command will cause a delay in the activation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is configured, the delay is only applied when the IP interface is first configured or after a system reboot.

The no form of this command removes the command from the active configuration and removes the delay in activating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it completes.

Parameters 
seconds—
Specifies the time delay, in seconds, to make the interface operational.
Values—
1 to 1200

 

init-only
Specifies that the down delay is only applied when the interface is configured or after a reboot.
Values—
1 to 1200

 

down

Syntax 
down ip seconds [init-only]
no down ip
Context 
config>service>vprn>nw-if>hold-time
config>service>vprn>red-if>hold-time
Description 

This command will cause a delay in the activation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface up, unless the init-only option is configured. If the init-only option is configured, the delay is only applied when the IP interface is first configured or after a system reboot.

The no form of this command removes the command from the active configuration and removes the delay in activating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it completes.

Parameters 
seconds—
Specifies the time delay, in seconds, to make the interface operational.
Values—
1 to 1200

 

init-only
Specifies that the down delay is only applied when the interface is configured or after a reboot.
Values—
1 to 1200

 

up

Syntax 
up ip seconds
no up ip
up ipv6 seconds
no up ipv6
Context 
config>service>vprn>if>hold-time
Description 

This command will cause a delay in the deactivation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of this command removes the command from the active configuration and removes the delay in deactivating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires.

Parameters 
seconds—
The time delay, in seconds, to make the interface operational.
Values—
1 to 1200

 

up

Syntax 
up ip seconds
no up ip
Context 
config>service>vprn>nw-if>hold-time
config>service>vprn>red-if>hold-time
Description 

This command will cause a delay in the deactivation of the associated IP interface by the specified number of seconds. The delay is invoked whenever the system attempts to bring the associated IP interface down.

The no form of this command removes the command from the active configuration and removes the delay in deactivating the associated IP interface. If the configuration is removed during a delay period, the currently running delay will continue until it expires.

Parameters 
seconds—
The time delay, in seconds, to make the interface operational.
Values—
1 to 1200

 

host-connectivity-verify

Syntax 
host-connectivity-verify [source {vrrp | interface}] [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count]
host-connectivity-verify [interval interval] [action {remove | alarm}] [timeout retry-timeout] [retry-count count] [family family]
Context 
config>service>vprn>if
Description 

This command enables subscriber host connectivity verification on a given SAP within a service.

This tool will periodically scan all known hosts and perform a UC ARP request. The subscriber host connectivity verification will maintain state (connected as opposed to not-connected) for all hosts.

Default 

no host-connectivity-verify

Parameters 
source {vrrp | interface}—
Specifies the source to be used for generation of subscriber host connectivity verification packets. The interface keyword forces the use of the interface mac and ip addresses. There are up to 16 possible subnets on a given interface, therefore subscriber host connectivity verification tool will use always an address of the subnet to which the given host is pertaining. In case of group-interfaces. one of the parent subscriber-interface subnets (depending on host's address) will be used.
interval interval
Specifies the interval, expressed in minutes, which specifies the time interval which all known sources should be verified. The actual rate is then dependent on number of known hosts and interval.
Values—
1 to 6000 (A zero value can be used by the SNMP agent to disable host-connectivity-verify.)

 

action {remove | alarm}
Defines the action taken on a subscriber host connectivity verification failure for a given host. The remove keyword raises an alarm and removes dhcp-state and releases all allocated resources (queues, table entries, and so on). DHCP-RELEASE will be signaled to corresponding DHCP server. Static hosts will never be removed. The alarm keyword raises an alarm indicating that the host is disconnected.
timeout retry-timeout
Specifies the timeout in seconds between consecutive retries of subscriber host connectivity verification checks, in case the host does not respond.
Values—
10 to 60 seconds

 

retry-count count
Specifies the number of retries that will be carried out before a subscriber host is considered to have failed the SHCV check.
Values—
2 to 29

 

family family
Indicates the IP address family for which subscriber host connectivity verification checks will be enabled. It can be set to ipv4 or ipv6 only, or both.
Values—
2 to 29

 

3.8.2.10. Interface ETH-CFM Commands

eth-cfm

Syntax 
eth-cfm
Context 
config>service>vprn
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
config>service>vprn>sub-if>grp-if>sap
Description 

This command enters the context to configure ETH-CFM parameters.

collect-lmm-stats

Syntax 
collect-lmm-stats
no collect-lmm-stats
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables the collection of statistics on the SAP or MPLS SDP binding on which the ETH- LMM test is configured. The collection of LMM statistics must be enabled if a MEP is launching or responding to ETH-LMM packets. If LMM statistics collection is not enabled, the counters in the LMM and LMR PDU do not represent accurate measurements and all measurements should be ignored. The show>service>sap-using>eth-cfm>collect-lmm-stats command and the show>service>sdp-using>eth-cfm>collect-lmm-stats command can be used to display which entities are collecting stats.

The no form of this command disables and deletes the counters for this SAP or MPLS SDP binding.

Default 

no collect-lmm-stats

collect-lmm-fc-stats

Syntax 
collect-lmm-fc-stats
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enters the context to configure per-forwarding class (FC) LMM information collection.

This command is mutually exclusive with the collect-lmm-stats command when there is entity resource contention.

fc

Syntax 
fc fc-name [fc-name]
no fc
Context 
config>service>vprn>if>sap>eth-cfm>collect-lmm-fc-stats
config>service>vprn>if>spoke-sdp>eth-cfm>collect-lmm-fc-stats
config>service>vprn>sub-if>grp-if>sap>eth-cfm>collect-lmm-fc-stats
Description 

This command creates individual counters for the specified FCs without regard for profile. All countable packets that match a configured FC, regardless of profile, will be included in this counter.

A differential is performed when this command is re-entered. Omitted FCs will stop counting, newly added FCs will start counting, and unchanged FCs will continue to count.

Up to eight FCs may be specified. An FC that is specified as part of this command for this specific context cannot be specified as a profile-aware FC using the fc-in-profile command under the same context.

The no form of this command removes all previously defined FCs and stops counting for those FCs.

Default 

no fc

Parameters 
fc-name—
Specifies the name of the FC for which to create an individual profile-unaware counter. Up to 8 FCs can be named in a single statement. In order for the counter to be used, the config>oam-pm>session>ethernet>priority command must be configured with a numerical value representing the FC name (7 = NC, 6 = H1, 5 = EF, 4 = H2, 3 = L1, 2 = AF, 1 = L2, 0 = BE), and the config>oam-pm>session>ethernet>lmm>enable-fc-collection command must be enabled.
Values—
nc, h1, ef, h2, l1, af, l2, be

 

fc-in-profile

Syntax 
fc-in-profile fc-name [fc-name]
no fc-in-profile
Context 
config>service>vprn>if>sap>eth-cfm>collect-lmm-fc-stats
config>service>vprn>if>spoke-sdp>eth-cfm>collect-lmm-fc-stats
config>service>vprn>sub-if>grp-if>sap>eth-cfm>collect-lmm-fc-stats
Description 

This command creates individual counters for the specified FCs with regard for profile. All countable packets that match a configured FC and are deemed to be in profile will be included in this counter.

A differential is performed when this command is re-entered. Omitted FCs will stop counting, newly added FCs will start counting, and unchanged FCs will continue to count.

Up to eight FCs may be specified. An FC that is specified as part of this command for this specific context cannot be specified as a profile-unaware FC using the fc command under the same context.

The no form of this command removes all previously defined FCs and stops counting for those FCs.

Default 

no fc-in-profile

Parameters 
fc-name—
Specifies the name of the FC for which to create an individual profile-aware counter. Up to 8 FCs can be named in a single statement. In order for the counter to be used, the config>oam-pm>session>ethernet>priority command must be configured with a numerical value representing the FC name (7 = NC, 6 = H1, 5 = EF, 4 = H2, 3 = L1, 2 = AF, 1 = L2, 0 = BE), and the config>oam-pm>session>ethernet>lmm>enable-fc-collection command must be enabled.
Values—
nc, h1, ef, h2, l1, af, l2, be

 

mep

Syntax 
mep mep-id domain md-index association ma-index [direction {up | down}]
no mep mep-id domain md-index association ma-index
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command configures the ETH-CFM maintenance endpoint (MEP).

Parameters 
mep-id—
Specifies the maintenance association end point identifier.
Values—
1 to 8191

 

md-index—
Specifies the maintenance domain (MD) index value.
Values—
1 to 4294967295

 

ma-index—
Specifies the MA index value.
Values—
1 to 4294967295

 

direction up | down—
Indicates the direction in which the maintenance association (MEP) faces on the bridge port. Direction UP is not supported on VPRN MEPs.
Values—
down — Sends continuity check messages away from the MAC relay entity.
up — Sends continuity check messages towards the MAC relay entity.

 

ais-enable

Syntax 
[no] ais-enable
Context 
config>service>vprn>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command configures the reception of Alarm Indication Signal (AIS) message.

interface-support-enable

Syntax 
[no] interface-support-enable
Context 
config>service>vprn>sap>eth-cfm>mep>ais-enable
config>service>vprn>spoke-sdp>eth-cfm>mep>ais-enable
Description 

This command enables the AIS function to consider the operational state of the entity on which it is configured. With this command, ETH-AIS on DOWN MEPs will be triggered and cleared based on the operational status of the entity on which it is configured. If CCM is also enabled then transmission of the AIS PDU will be based on either the non-operational state of the entity or on ANY CCM defect condition. AIS generation will cease if BOTH operational state is UP and CCM has no defect conditions. If the MEP is not CCM enabled then the operational state of the entity is the only consideration assuming this command is present for the MEP.

The no form of this command means that AIS will not be generated or stopped based on the state of the entity on which the DOWN MEP is configured.

Default 

no interface-support-enable

alarm-notification

Syntax 
alarm-notification
Context 
config>service>vprn>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
Description 

This command configures the MEP alarm notification parameters.

fng-alarm-time

Syntax 
fng-alarm-time time
Context 
config>service>vprn>sap>eth-cfm>mep>alarm-notification
config>service>vprn>if>spoke-sdp>eth-cfm>mep>alarm-notification
Description 

This command configures the Fault Notification Generation (FNG) alarm time.

Parameters 
time—
The length of time, in centi-seconds, that must pass before an alarm is raised for a defect.
Values—
0, 250, 500, 1000

 

Default—
0

fng-reset-time

Syntax 
fng-reset-time time
Context 
config>service>vprn>sap>eth-cfm>mep>alarm-notification
config>service>vprn>if>spoke-sdp>eth-cfm>mep>alarm-notification
Description 

This command configures the FNG reset time.

Parameters 
time—
The length of time, in centiseconds, that must expire before a defect is reset.
Values—
0, 250, 500, 1000

 

Default—
0

ccm-enable

Syntax 
[no] ccm-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables the generation of CCM messages.

The no form of this command disables the generation of CCM messages.

ccm-ltm-priority

Syntax 
ccm-ltm-priority priority
no ccm-ltm-priority
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command specifies the priority value for CCMs and LTMs transmitted by the MEP.

The no form of this command removes the priority value from the configuration.

Default 

The highest priority on the bridge-port.

Parameters 
priority—
Specifies the priority of CCM and LTM messages.
Values—
0 to 7

 

ccm-padding-size

Syntax 
ccm-padding-size ccm-padding
no ccm-padding-size
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command sets the byte size of the optional Data TLV to be included in the ETH-CC PDU. This will increase the size of the ETH-CC PDU by the configured value. The base size of the ETH-CC PDU, including the Interface Status TLV and Port Status TLV, is 83 bytes not including the Layer 2 encapsulation. CCM padding is not supported when the CCM-Interval is less than one second.

Parameters 
ccm-padding—
Specifies the byte size of the Optional Data TLV.
Values—
3 to 1500

 

csf-enable

Syntax 
[no] csf-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command enables the reception and local processing of ETH-CSF frames.

multiplier

Syntax 
multiplier multiplier-value
no multiplier
Context 
config>service>vprn>if>sap>eth-cfm>mep>csf-enable
config>service>vprn>if>spoke-sdp>eth-cfm>mep>csf-enable
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>csf-enable
Description 

This command enables the multiplication factor applied to the receive time used to clear the CSF condition in increments of 5.

Default 

multiplier 3.5

Parameters 
multiplier-value—
Specifies the multiplier used for timing out CSF.
Values—
0.0, 2.0 to 30.0

 

eth-test-enable

Syntax 
[no] eth-test-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables eth-test functionality on MEP. For this test to work, operators need to configure ETH-test parameters on both sender and receiver nodes. The ETH-test then can be done using the following OAM commands:

oam eth-cfm eth-test mac-address mep mep-id domain md-index association ma-index [priority priority] [data-length data-length]

A check is done for both the provisioning and test to ensure the MEP is an Y.1731 MEP (MEP provisioned with domain format none, association format icc-based). If not, the operation fails. An error message in the CLI and SNMP will indicate the problem.

test-pattern

Syntax 
test-pattern {all-zeros | all-ones} [crc-enable]
no test-pattern
Context 
config>service>vprn>if>sap>eth-cfm>mep>eth-test-enable
config>service>vprn>if>spoke-sdp>eth-cfm>mep>eth-test-enable
config>service>vprn>sub-if>grp-if>sap>eth-cfm>eth-test-enable
Description 

This command configures the test pattern for eth-test frames.

The no form of this command removes the values from the configuration.

Default 

test-pattern all-zeros

Parameters 
all-zeros —
Specifies to use all zeros in the test pattern.
all-ones—
Specifies to use all ones in the test pattern.
crc-enable—
generates a CRC checksum.

bit-error-threshold

Syntax 
bit-error-threshold bit-errors
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command specifies the lowest priority defect that is allowed to generate a fault alarm.

Default 

bit-error-threshold 1

Parameters 
bit-errors
Specifies the lowest priority defect.
Values—
0 to 11840

 

one-way-delay-threshold

Syntax 
one-way-delay-threshold time
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command enables one way delay threshold time limit.

Default 

3 seconds

Parameters 
priority—
Specifies the value for the threshold.
Values—
0 to 600

 

squelch-ingress-levels

Syntax 
squelch-ingress-levels [md-level [md-level]]
no squelch-ingress-levels
Context 
config>service>vprn>if>sap>eth-cfm
config>service>vprn>if>spoke-sdp>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command defines the levels of the ETH-CFM PDUs that will silently be discarded on ingress into the SAP or SDP Binding from the wire. All ETH-CFM PDUs inbound to the SAP or SDP binding will be dropped that match the configured levels without regard for any other ETH-CFM criteria. No statistical information or drop count will be available for any ETH-PDU that is silently discarded by this option. The operator must configure a complete contiguous list of md-levels up to the highest level that will be dropped. The command must be retyped in complete form to modify a previous configuration, if the operator does not want to delete it first.

The no form of this command removes the silent discarding of previously matching ETH-CFM PDUs.

Default 

no squelch-ingress-levels

Parameters 
md-level—
Identifies the level.
Values—
0 to 7

 

tunnel-fault

Syntax 
tunnel-fault {accept | ignore}
Context 
config>service>vprn>eth-cfm
config>service>vprn>if>sap>eth-cfm
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

Allows the individual service SAPs to react to changes in the tunnel MEP state. When tunnel-fault accept is configured at the service level, the SAP will react according to the service type, Epipe will set the operational flag and VPLS, IES and VPRN SAP operational state will become down on failure or up on clear. This command triggers the OAM mapping functions to mate SAPs and bindings in an Epipe service as well as setting the operational flag. If AIS generation is the requirement for the Epipe services this command is not required. See the ais-enable command in the epipe>sap>eth-cfm>ais-enable context for more information. This works in conjunction with the tunnel-fault accept on the individual SAPs. Both must be set to accept to react to the tunnel MEP state. By default the service level command is “ignore” and the sap level command is “accept”. This means simply changing the service level command to “accept” will enable the feature for all SAPs. This is not required for Epipe services that only wish to generate AIS on failure.

Default 

tunnel-fault ignore (Service Level)

tunnel-fault accept (SAP Level for Epipe and VPLS)

Parameters 
accept—
Share fate with the facility tunnel MEP.
ignore—
Do not share fate with the facility tunnel MEP.

fault-propagation-enable

Syntax 
fault-propagation-enable {use-if-tlv | suspend-ccm}
no fault-propagation-enable
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command configures the fault propagation for the MEP.

Parameters 
use-if-tlv—
Specifies to use the interface TLV.
suspend-ccm—
Specifies to suspend the continuity check messages.

grace

Syntax 
grace
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep
Description 

This command enters the context to configure Nokia ETH-CFM Grace and ITU-T Y.1731 ETH-ED expected defect functional parameters.

eth-ed

Syntax 
eth-ed
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace
Description 

This command enters the context to configure ITU-T Y.1731 ETH-ED expected defect functional parameters.

max-rx-defect-window

Syntax 
max-rx-defect-window seconds
no max-rx-defect-window
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace>eth-ed
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command limits the duration of the received ETH-ED expected defect window to the lower value of either the received value from the peer or this parameter.

The no form of this command removes the limitation, and any valid defect window value received from a peer MEP in the ETH-ED PDU will be used.

Default 

no max-rx-defect-window

Parameters 
seconds—
Specifies the duration, in seconds, of the maximum expected defect window
Values—
1 to 86400

 

priority

Syntax 
priority priority
no priority
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace>eth-ed
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command sets the priority bits and determines the forwarding class based on the mapping of priority to FC.

The no form of this command disables the local priority configuration and sets the priority to the ccm-ltm-priority associated with this MEP.

Default 

no priority

Parameters 
priority—
Specifies the priority bit.
Values—
0 to 7

 

rx-eth-ed

Syntax 
[no] rx-eth-ed
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace>eth-ed
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command enables the reception and processing of the ITU-T Y.1731 ETH-ED PDU on the MEP.

The no form of this command disables the reception of the ITU-T Y.1731 ETH-ED PDU on the MEP.

Default 

rx-eth-ed

tx-eth-ed

Syntax 
[no] tx-eth-ed
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace>eth-ed
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-ed
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-ed
Description 

This command enables the transmission of the ITU-T Y.1731 ETH-ED PDU from the MEP when a system soft reset notification is received for one or more cards.

The config>eth-cfm>system>grace-tx-enable command must be configured to instruct the system that the node is capable of transmitting expected defect windows to the peers. Only one form of ETH-CFM grace (Nokia ETH-CFM Grace or ITU-T Y.1731 ETH-ED) may be transmitted.

The no form of this command disables the transmission of the ITU-T Y.1731 ETH-ED PDU from the MEP.

Default 

no tx-eth-ed

eth-vsm-grace

Syntax 
eth-vsm-grace
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace
Description 

This command enters the context to configure Nokia ETH-CFM Grace functional parameters.

rx-eth-vsm-grace

Syntax 
[no] rx-eth-vsm-grace
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace>eth-vsm-grace
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-vsm-grace
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-vsm-grace
Description 

This command enables the reception and processing of the Nokia ETH-CFM Grace PDU on the MEP.

The Nokia Grace function is a vendor-specific PDU that informs MEP peers that the local node may be entering a period of expected defect.

The no form of this command disables the reception of the Nokia ETH-CFM Grace PDU on the MEP.

Default 

rx-eth-vsm-grace

tx-eth-vsm-grace

Syntax 
[no] tx-eth-vsm-grace
Context 
config>service>vprn>if>sap>eth-cfm>mep>grace>eth-vsm-grace
config>service>vprn>if>spoke-sdp>eth-cfm>mep>grace>eth-vsm-grace
config>service>vprn>sub-if>grp-if>sap>eth-cfm>mep>grace>eth-vsm-grace
Description 

This command enables the transmission of the Nokia ETH-CFM Grace PDU from the MEP when a system soft reset notification is received for one or more cards.

The Nokia Grace function is a vendor-specific PDU that informs MEP peers that the local node may be entering a period of expected defect.

The config>eth-cfm>system>grace-tx-enable command must be configured to instruct the system that the node is capable of transmitting expected defect windows to the peers. Only one form of ETH-CFM grace (Nokia ETH-CFM Grace or ITU-T Y.1731 ETH-ED) may be transmitted.

The no form of this command disables the transmission of the Nokia ETH-CFM Grace PDU from the MEP.

Default 

tx-eth-vsm-grace

low-priority-defect

Syntax 
low-priority-defect {allDef | macRemErrXcon | remErrXcon | errXcon | xcon | noXcon}
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command specifies the lowest priority defect that is allowed to generate a fault alarm.

Default 

low-priority-defect macRemErrXcon

Parameters 
parameters—
Specifies the lowest priority defect.
Values—

allDef

DefRDICCM, DefMACstatus, DefRemoteCCM, DefErrorCCM, and DefXconCCM

macRemErrXcon

Only DefMACstatus, DefRemoteCCM, DefErrorCCM, and DefXconCCM

remErrXcon

Only DefRemoteCCM, DefErrorCCM, and DefXconCCM

errXcon

Only DefErrorCCM and DefXconCCM

xcon

Only DefXconCCM; or

noXcon

No defects DefXcon or lower are to be reported

 

mac-address

Syntax 
mac-address mac-address
Context 
config>service>vprn>if>sap>eth-cfm>mep
config>service>vprn>if>spoke-sdp>eth-cfm>mep
config>service>vprn>sub-if>grp-if>sap>eth-cfm
Description 

This command assigns a specific MAC address to an IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

Default 

The physical MAC address associated with the Ethernet interface that the SAP is configured on.

Parameters 
mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

3.8.2.11. Interface ICMP Commands

icmp

Syntax 
icmp
Context 
config>service>vprn>if
config>service>vprn>nw-if
Description 

This command configures Internet Control Message Protocol (ICMP) parameters on a VPRN service.

mask-reply

Syntax 
[no] mask-reply
Context 
config>service>vprn>if>icmp
config>service>vprn>nw-if>icmp
Description 

This command enables responses to Internet Control Message Protocol (ICMP) mask requests on the router interface.

If a local node sends an ICMP mask request to the router interface, the mask-reply command configures the router interface to reply to the request.

By default, the router instance will reply to mask requests.

The no form of this command disables replies to ICMP mask requests on the router interface.

Default 

mask-reply — Specifies to reply to ICMP mask requests.

packet-too-big

Syntax 
packet-too-big [number seconds]
no packet-too-big
Context 
config>service>vprn>if>ipv6>icmp6
Description 

This command configures the rate for Internet Control Message Protocol version 6 (ICMPv6) packet-too-big messages.

Parameters 
number—
Specifies the number of packet-too-big messages to send in the time frame specified by the seconds parameter.
Values—
10 to 1000

 

Default—
100
seconds—
Specifies the time frame, in seconds, that is used to limit the number of packet-too-big messages issued.
Values—
1 to 60

 

Default—
10

param-problem

Syntax 
param-problem number seconds
no param-problem [number seconds]
Context 
config>service>vprn>if>icmp
config>service>vprn>if>ipv6>icmp6
config>service>vprn>nw-if>icmp
Description 

This command specifies whether parameter-problem ICMP messages should be sent. When enabled, parameter-problem ICMP messages are generated by this interface. The no form of this command disables the sending of parameter-problem ICMP messages.

Parameters 
number—
Specifies the number of parameter-problem ICMP messages to send in the time frame specified by the seconds parameter.
Values—
10 to 1000

 

Default—
100
seconds—
Specifies the time frame, in seconds, that is used to limit the number of parameter-problem ICMP messages issued.
Values—
1 to 60

 

Default—
10

redirects

Syntax 
redirects [number seconds]
no redirects
Context 
config>service>vprn>if>icmp
config>service>vprn>if>ipv6>icmp6
config>service>vprn>nw-if>icmp
Description 

This command configures the rate for ICMP redirect messages issued on the router interface.

When routes are not optimal on this router and another router on the same subnetwork has a better route, the router can issue an ICMP redirect to alert the sending node that a better route is available.

The redirects command enables the generation of ICMP redirects on the router interface. The rate at which ICMP redirects are issued can be controlled with the optional number and seconds parameters, by indicating the maximum number of redirect messages that can be issued on the interface for a given time interval.

By default, generation of ICMP redirect messages is enabled at a maximum rate of 100 messages per 10 second time interval.

The no form of this command disables the generation of ICMP redirects on the router interface.

Default 

redirects 100 10 — Specifies a maximum of 100 redirect messages in 10 seconds.

Parameters 
number—
Specifies the maximum number of ICMP redirect messages to send. This parameter must be specified with the seconds parameter.
Values—
10 to 1000

 

seconds—
Specifies the time frame in seconds used to limit the seconds of ICMP redirect messages that can be issued.
Values—
1 to 60

 

time-exceeded

Syntax 
time-exceeded number seconds
no time-exceeded
Context 
config>service>vprn>if>ipv6>icmp6
Description 

This command configures rate for ICMPv6 time-exceeded messages.

Parameters 
number—
Specifies the maximum number of time-exceeded messages to send, expressed as a decimal integer. This parameter must be specified with the seconds parameter.
Values—
10 to 1000

 

seconds—
Specifies the time frame in seconds used to limit the number of time-exceeded messages that can be issued, expressed as a decimal integer.
Values—
1 to 60

 

ttl-expired

Syntax 
ttl-expired [number seconds]
no ttl-expired
Context 
config>service>vprn>if>icmp
config>service>vprn>nw-if>icmp
Description 

This command configures the rate of Internet Control Message Protocol (ICMP) TTL expired messages are issued by the IP interface.

By default, generation of ICMP TTL expired messages is enabled at a maximum rate of 100 per 10 second time interval.

The no form of this command disables the limiting the rate of TTL expired messages on the router interface.

Default 

ttl-expired 100 10

Parameters 
number—
Specifies the maximum number of ICMP TTL expired messages to send, expressed as a decimal integer. This parameter must be specified with the seconds parameter.
Values—
10 to 2000

 

seconds—
Specifies the time frame in seconds used to limit the number of ICMP TTL expired messages that can be issued, expressed as a decimal integer.
Values—
1 to 60

 

unreachables

Syntax 
unreachables [number seconds]
no unreachables
Context 
config>service>vprn>if>icmp
config>service>vprn>if>ipv6>icmp6
config>service>vprn>nw-if>icmp
Description 

This command enables and configures the rate for ICMP host and network destination unreachable messages issued on the router interface.

The unreachables command enables the generation of ICMP destination unreachables on the router interface. The rate at which ICMP unreachables is issued can be controlled with the optional number and seconds parameters by indicating the maximum number of destination unreachable messages which can be issued on the interface for a given time interval.

By default, generation of ICMP destination unreachable messages is enabled at a maximum rate of 10 messages per 10 second time interval.

The no form of this command disables the generation of icmp destination unreachable messages on the router interface.

Default 

unreachables 100 10

Parameters 
number—
Specifies the maximum number of ICMP unreachable messages to send. This parameter must be specified with the seconds parameter.
Values—
10 to 2000

 

seconds—
Specifies the time frame in seconds used to limit the number of ICMP unreachable messages that can be issued.
Values—
1 to 60

 

ip-mtu

Syntax 
ip-mtu octets
no ip-mtu
Context 
config>service>vprn>nw-if
config>service>vprn>red-if
Description 

This command configures the IP maximum transmit unit (packet) for the associated router IP interface.

The configured IP-MTU cannot be larger than the calculated IP MTU based on the port MTU configuration.

The MTU that is advertised from the IES size is:

MINIMUM((SdpOperPathMtu - EtherHeaderSize), (Configured ip-mtu))

The no form of this command returns the associated IP interfaces MTU to its default value, which is calculated based on the port MTU setting. For Ethernet ports this will typically be 1554.

Default 

no ip-mtu

Parameters 
octets —
Specifies the octets.
Values—
512 to 9786

 

lag

Syntax 
lag lag-id[:encap-val]
no lag
Context 
config>service>vprn>nw-if
Description 

This command binds the interface to a Link Aggregation Group (LAG)

The no form of this command removes the LAG id from the configuration.

Parameters 
lag-id[:encap-val]—
Specifies the LAG ID.
Values—

lag-id

1 to 800

encap-val

0 (for null)

0 to 4094 (for dot1q)

 

lag-per-link-hash

Syntax 
lag-per-link-hash class {1 | 2 | 3} weight [1 to 1024]
no per-link-hash
Context 
config>service>vprn>nw-if
config>service>vprn>if>sap
Description 

This command configures weight and class to this SAP to be used on LAG egress when the LAG uses weighted per-link-hash.

The no form of this command restores the default configuration.

Default 

no lag-per-link-hash (equivalent to weight 1 class 1)

3.8.2.12. Interface SAP Commands

sap

Syntax 
sap sap-id [create]
no sap sap-id
Context 
config>service>vprn>if
config>service>vprn>if>sap
Description 

This command creates a Service Access Point (SAP) within a service. A SAP is a combination of port and encapsulation parameters which identifies the service access point on the interface and within the router. Each SAP must be unique.

All SAPs must be explicitly created. If no SAPs are created within a service or on an IP interface, a SAP will not exist on that object. Enter an existing SAP without the create keyword to edit SAP parameters. The SAP is owned by the service in which it was created.

A SAP can only be associated with a single service. A SAP can only be defined on a port that has been configured as an access port using the config interface port-type port-id mode access command. Channelized TDM ports are always access ports.

If a port is shut down, all SAPs on that port become operationally down. When a service is shut down, SAPs for the service are not displayed as operationally down although all traffic traversing the service will be discarded. The operational state of a SAP is relative to the operational state of the port on which the SAP is defined.

The no form of this command deletes the SAP with the specified port. When a SAP is deleted, all configuration parameters for the SAP will also be deleted. The no form of this command causes the ptp-h-assist to be disabled.

Default 

No SAPs are defined.

Special Cases 
VPRN—
A VPRN SAP must be defined on an Ethernet interface.

sap ipsec-id.private | public:tag — This parameter associates an IPsec group SAP with this interface. This is the public side for an IPsec tunnel. Tunnels referencing this IPsec group in the private side may be created if their local IP is in the subnet of the interface subnet and the routing context specified matches with the one of the interface.

This context will provide a SAP to the tunnel. The operator may associate an ingress and egress QoS policies as well as filters and virtual scheduling contexts. Internally this creates an Ethernet SAP that will be used to send and receive encrypted traffic to and from the MDA. Multiple tunnels can be associated with this SAP. The “tag” will be a dot1q value. The operator may see it as an identifier. The range is limited to 1 to 4094.

Parameters 
sap-id—
Specifies the physical port identifier portion of the SAP definition.
port-id—
Specifies the physical port ID.

If the card in the slot has Media Dependent Adapters (MDAs) installed, the port-id must be in the slot_number/MDA_number/port_number format. For example 6/2/3 specifies port 3 on MDA 2 in slot 6.

The port-id must reference a valid port type. When the port-id parameter represents SONET/SDH and TDM channels the port ID must include the channel ID. A period “.” separates the physical port from the channel-id. The port must be configured as an access port.

If the SONET/SDH port is configured as clear-channel then only the port is specified.

port-id

slot/mda/port [.channel]

eth-sat-id

esat-id/slot/port

esat

keyword

id

1 to 20

pxc-id

pxc-id.sub-port

pxc

keyword

id

1 to 64

sub-port

a, b

create—
Keyword used to create a SAP instance.
split-horizon-group group-name
Specifies the name of the split horizon group to which the SAP belongs.

aarp

Syntax 
aarp aarpId type type
no aarp
Context 
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
Description 

This command associates an AARP instance with a multi-homed SAP or spoke SDP. This instance uses the same AARP ID in the same node or in a peer node (pre-configured) to provide traffic flow and packet asymmetry removal for a multi-homed SAP or spoke SDP.

The type specifies the role of this service point in the AARP: either, primary (dual-homed) or secondary (dual-homed-secondary). The AA service attributes (app-profile and transit-policy) of the primary are inherited by the secondary endpoints. All endpoints within an AARP must be of the same type (SAP or spoke), and all endpoints with an AARP must be within the same service.

The no form of this command removes the association between an AARP instance and a multi-homed SAP or spoke SDP.

Default 

no aarp

Parameters 
aarpId—
Specifies the AARP instance associated with this SAP. If not configured, no AARP instance is associated with this SAP.
Values—
1 to 65535

 

type—
Specifies the role of the SAP referenced by the AARP instance.
Values—
dual-homed — The primary dual-homed AA subscriber side service-point of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP. dual-homed-secondary — One of the secondary dual-homed AA subscriber side service-points of an AARP instance; only supported for Epipe, IES, and VPRN SAP and spoke SDP.

 

transit-policy

Syntax 
transit-policy ip ip-aasub-policy-id
transit-policy prefix-aasub-policy-id
no transit-policy
Context 
config>service>vprn>if>sap>
config>service>vprn>if>spoke-sdp>
Description 

This command associates an AA transit policy to the service. The transit IP policy must be defined prior to associating the policy with a SAP in the config>application-assurance>group>policy>transit-ip-policy context.

Transit AA subscribers are managed by the system through this service policy, which determines how transit subs are created and removed for that service.

The no form of this command removes the association of the policy to the service.

Default 

no transit-policy

Parameters 
ip-aasub-policy-id—
Specifies an integer identifying an IP transit IP profile entry.
Values—
1 to 65535

 

prefix-aasub-policy-id—
Specifies an integer identifying a prefix transit profile entry.
Values—
1 to 65535

 

pw-path-id

Syntax 
[no] pw-path-id
Context 
config>service>vprn>if>spoke-sdp
config>service>vprn>red-if>spoke-sdp
Description 

This command enters the context to configure an MPLS-TP Pseudowire Path Identifier for a spoke-sdp. All elements of the PW path ID must be configured in order to enable a spoke-sdp with a PW path ID.

For an IES or VPRN spoke-sdp, the pw-path-id is only valid for Ethernet spoke-sdps.

The pw-path-id is only configurable if all of the following is true:

  1. SDP signaling is off
  2. control-word is enabled (control-word is disabled by default)
  3. the service type is epipe, vpls, cpipe, apipe, or IES/VPRN interface
  4. mate SDP signaling is off for vc-switched services

The no form of this command deletes the PW path ID.

Default 

no pw-path-id

agi

Syntax 
agi attachment-group-identifier
no agi
Context 
config>service>vprn>if>spoke-sdp>pw-path-id
config>service>vprn>red-if>spoke-sdp>pw-path-id
Description 

This command configures the attachment group identifier for an MPLS-TP PW.

Parameters 
attachment-group-identifier—
Specifies the attachment group identifier.
Values—
0 to 4294967295

 

saii-type2

Syntax 
saii-type2 global-id:node-id:ac-id
no saii-type2
Context 
config>service>vprn>if>spoke-sdp>pw-path-id
config>service>vprn>red-if>spoke-sdp>pw-path-id
Description 

This command configures the source individual attachment identifier (SAII) for an MPLS-TP spoke SDP. If this is configured on a spoke SDP for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the taii-type2 of the mate spoke SDP.

Parameters 
global-id—
Specifies the global ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.
Values—
0 to 4294967295

 

node-id—
Specifies the node ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP.
Values—
a.b.c.d or 1 to 4294967295

 

ac-id—
Specifies the attachment circuit ID at the source PE or T-PE for the MPLS-TP PW for a spoke SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.
Values—
1 to 4294967295

 

taii-type2

Syntax 
taii-type2 global-id:node-id:ac-id
no taii-type2
Context 
config>service>vprn>if>spoke-sdp>pw-path-id
config>service>vprn>red-if>spoke-sdp>pw-path-id
Description 

This command configures the target individual attachment identifier (TAII) for an MPLS-TP spoke SDP. If this is configured on a spoke SDP for which vc-switching is also configured (for example, it is at an S-PE), then the values must match those of the saii-type2 of the mate spoke SDP.

Parameters 
global-id—
Specifies the global ID at the target PE or T-PE for the MPLS-TP PW for a spoke SDP.
Values—
0 to 4294967295

 

node-id—
Specifies the node ID at the target PE or T-PE for the MPLS-TP PW for a spoke SDP.
Values—
a.b.c.d or 1 to 4294967295

 

ac-id—
Specifies the attachment circuit ID at the target PE or T-PE for the MPLS-TP PW for a spoke SDP. If this node is the source of the PW, then the AC ID must be set to a locally unique value.
Values—
1 to 4294967295

 

accounting-policy

Syntax 
accounting-policy acct-policy-id
no accounting-policy
Context 
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
Description 

This command creates the accounting policy context that can be applied to an interface SAP or interface SAP spoke SDP.

An accounting policy must be defined before it can be associated with a SAP. If the policy-id does not exist, an error message is generated.

A maximum of one accounting policy can be associated with a SAP at one time. Accounting policies are configured in the config>log context.

The no form of this command removes the accounting policy association from the SAP, and the accounting policy reverts to the default.

Default 

no accounting-policy

Parameters 
acct-policy-id—
The accounting policy-id as configured in the config>log>accounting-policy context.
Values—
1 to 99

 

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>vprn>if>spoke-sdp
Description 

This command configures the application profile name.

Parameters 
app-profile-name—
Specifies the application profile name, up to 32 characters.

bfd-enable

Syntax 
bfd-enable
no bfd-enable
Context 
config>service>vprn>if>spoke-sdp
Description 

This command enables VCCV BFD on the PW associated with the VLL, BGP VPWS, or VPLS service. The parameters for the BFD session are derived from the named BFD template, which must have been first configured using the bfd-template command.

bfd-template

Syntax 
bfd-template name
no bfd-template
Context 
config>service>vprn>if>spoke-sdp
Description 

This command configures a named BFD template to be used by VCCV BFD on PWs belonging to the VLL, BGP VPWS, or VPLS service. The template specifies parameters, such as the minimum transmit and receive control packet timer intervals, to be used by the BFD session. Template parameters are configured under the config>router>bfd context.

Default 

no bfd-template

Parameters 
name—
A text string name for the template of up to 32 characters in printable 7-bit ASCII, enclosed in double quotes.

collect-stats

Syntax 
[no] collect-stats
Context 
config>service>vprn>if>sap
config>service>vprn>if>spoke-sdp
Description 

This command enables accounting and statistical data collection for either an interface SAP or interface SAP spoke SDP, or network port. When applying accounting policies the data, by default, is collected in the appropriate records and written to the designated billing file.

When the no collect-stats command is issued the statistics are still accumulated by the IOM cards. However, the CPU will not obtain the results and write them to the billing file. If a subsequent collect-stats command is issued then the counters written to the billing file include all the traffic while the no collect-stats command was in effect.

Default 

no collect-stats

control-channel-status

Syntax 
control-channel-status
Context 
config>service>vprn>if>spoke-sdp
config>service>vprn>red-if>spoke-sdp
Description 

This command enables the configuration of static pseudowire status signaling on a spoke SDP for which signaling for its SDP is set to OFF.

A control-channel-status no shutdown is allowed only if all of the following are true:

  1. SDP signaling is off.
  2. The control-word is enabled (the control-word is disabled by default)
  3. The service type is Epipe, Apipe, VPLS, Cpipe, or IES/VPRN
  4. Mate SDP signaling is off (in vc-switched services)
  5. The pw-path-id is configured for this spoke SDP.

The no form of this command removes control channel status signaling from a spoke SDP. It can only be removed if control channel status is shut down.

Default 

no control-channel-status

acknowledgment

Syntax 
[no] acknowledgment
Context 
config>service>vprn>if>spoke-sdp>control-channel-status
config>service>vprn>red-if>spoke-sdp>control-channel-status
Description 

This command enables the acknowledgment of control channel status messages. By default, no acknowledgment packets are sent.

refresh-timer

Syntax 
refresh-timer value
no refresh-timer
Context 
config>service>vprn>if>spoke-sdp>control-channel-status
config>service>vprn>red-if>spoke-sdp>control-channel-status
Description 

This command configures the refresh timer for control channel status signaling packets. By default, no refresh packets are sent.

Default 

no refresh-timer

Parameters 
value—
Specifies the refresh timer value.
Values—
10 to 65535 seconds

 

Default—
0 (off)

request-timer

Syntax 
request-timer request-timer-secs retry-timer retry-timer-secs timeout-multiplier multiplier
no request-timer
Context 
config>service>vprn>if>spoke-sdp>control-channel-status
config>service>vprn>red-if>spoke-sdp>control-channel-status
Description 

This command configures the control channel status request mechanism. When it is configured, control channel status request procedures are used. These augment the procedures for control channel status messaging from RFC 6478. This command is mutually exclusive with a non-zero refresh-timer value.

Parameters 
request-timer-secs—
Specifies the interval, in seconds, at which pseudowire status messages, including a reliable delivery TLV, with the “request” bit set, are sent.
Values—
10 to 65535

 

retry-timer retry-timer-secs
Specifies the timeout interval, in seconds, if no response to a pseudowire status request is received. This parameter must be configured. A value of zero (0) disables retries.
Values—
0, 3 to 60

 

timeout-multiplier multiplier
Specifies the multiplier, in seconds. If a requesting node does not receive a valid response to a pseudowire status request within this multiplier times the retry timer, then it assume the pseudowire is down. This parameter is optional.
Values—
3 to 15

 

control-word

Syntax 
[no] control-word
Context 
config>service>vprn>if>spoke-sdp
config>service>vprn>red-if>spoke-sdp
Description 

This command enables the PW control word on spoke SDPs terminated on an IES or VPRN interface. The control word must be enabled to allow MPLS-TP OAM on the spoke SDP

It is only valid for MPLS-TP spoke SDPs when used with IES and VPRN services.

The no form of this command disables the control work on spoke SDPs.

Default 

no control-word

dist-cpu-protection

Syntax 
dist-cpu-protection policy-name
no dist-cpu-protection
Context 
config>service>vprn>if>sap
Description 

This command assigns a Distributed CPU Protection (DCP) policy to the SAP. Only a valid created DCP policy can be assigned to a SAP or a network interface (This rule does not apply to templates such as an msap-policy).

Default 

If no dist-cpu-protection policy is assigned to an SAP policy, then the default access DCP policy (default-access-policy) is used. If no DCP functionality is required on the SAP policy, then an empty DCP policy can be created and explicitly assigned to the SAP policy.

Parameters 
policy-name—
Specifies the name of the DCP policy up to 32 characters in length

3.8.2.13. Interface SAP ATM Commands

atm

Syntax 
atm
Context 
config>service>vprn>if>sap
Description 

This command enters the context to configure ATM-related attributes. This command can only be used when a given context (for example, a channel or SAP) supporting ATM functionality such as:

  1. Configuring ATM port or ATM port-related functionality on MDAs supporting ATM functionality.
  2. Configuring ATM-related configuration for ATM-based SAPs that exist on MDAs supporting ATM functionality.

If ATM functionality is not supported for a given context, the command returns an error.

egress

Syntax 
egress
Context 
config>service>vprn>if>sap>atm
Description 

This command configures egress ATM attributes for the SAP.

encapsulation

Syntax 
encapsulation atm-encap-type
Context 
config>service>vprn>if>sap>atm
Description 

This command configures RFC 2684, Multiprotocol Encapsulation over ATM AAL5, encapsulation for an ATM PVCC delimited SAP. This command specifies the data encapsulation for an ATM PVCC delimited SAP. The definition also references the ATM Forum LAN Emulation specification. The encapsulation is driven by the services for which the SAP is configured.

Ingress traffic that does not match the configured encapsulation will be dropped.

Default 

encapsulation aal5snap-routed (for VPRN service SAPs)

Parameters 
atm-encap-type—
specifies the encapsulation type
Values—
aal5snap-routed — Routed encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684.
aal5mux-ip — Routed IP encapsulation for VC multiplexed circuit as defined in RFC 2684.
aal5snap-bridged — Bridged encapsulation for LLC encapsulated circuit (LLC/SNAP precedes protocol datagram) as defined in RFC 2684.
aal5mux-bridged-eth-nofcs — Bridged IP encapsulation for VC multiplexed circuit as defined in RFC 2684.

 

ingress

Syntax 
ingress
Context 
config>service>vprn>if>sap>atm
Description 

This command configures ingress ATM attributes for the SAP.

traffic-desc

Syntax 
traffic-desc traffic-desc-profile-id
no traffic-desc
Context 
config>service>vprn>if>sap>atm>egress
config>service>vprn>if>sap>atm>ingress
Description 

This command assigns an ATM traffic descriptor profile to a given context (for example, a SAP). When configured under the ingress context, the specified traffic descriptor profile defines the traffic contract in the forward direction. When configured under the egress context, the specified traffic descriptor profile defines the traffic contract in the backward direction.

The no form of this command reverts the traffic descriptor to the default traffic descriptor profile.

Default 

The default traffic descriptor (trafficDescProfileId. = 1) is associated with newly created PVCC-delimited SAPs.

Parameters 
traffic-desc-profile-id—
Specifies a defined traffic descriptor profile (see the QoS atm-td-profile command).

oam

Syntax 
oam
Context 
config>service>vprn>if >sap>atm
 
Description 

This command enters the context to configure OAM functionality for a PVCC delimiting a SAP.

The ATM-capable MDAs support F5 end-to-end OAM functionality (AIS, RDI, Loopback):

  1. ITU-T Recommendation I.610 - B-ISDN Operation and Maintenance Principles and Functions version 11/95
  2. GR-1248-CORE - Generic Requirements for Operations of ATM Network Elements (NEs). Issue 3 June 1996
  3. GR-1113-CORE - Bellcore, Asynchronous Transfer Mode (ATM) and ATM Adaptation Layer (AAL) Protocols Generic Requirements, Issue 1, July 1994

alarm-cells

Syntax 
[no] alarm-cells
Context 
config>service>vprn>if>sap>atm>oam
 
Description 

This command configures AIS/RDI fault management on a PVCC. Fault management allows PVCC termination to monitor and report the status of their connection by propagating fault information through the network and by driving PVCC’s operational status.

When alarm-cells functionality is enabled, a PVCC’s operational status is affected when a PVCC goes into an AIS or RDI state because of an AIS/RDI processing (assuming nothing else affects PVCC’s operational status, for example, if the PVCC goes DOWN, or enters a fault state and comes back UP, or exits that fault state). RDI cells are generated when PVCC is operationally DOWN. No OAM-specific SNMP trap is raised whenever an endpoint enters/exits an AIS or RDI state, however, if as result of an OAM state change, the PVCC changes operational status, then a trap is expected from an entity the PVCC is associated with (for example a SAP).

The no command disables alarm-cells functionality for a PVCC. When alarm-cells functionality is disabled, a PVCC’s operational status is no longer affected by a PVCC’s OAM state changes due to AIS/RDI processing (when alarm-cells is disabled, a PVCC will change operational status to UP due to alarm-cell processing) and RDI cells are not generated as result of the PVCC going into AIS or RDI state. The PVCC’s OAM status, however, will record OAM faults as described above.

Default 

enabled for PVCCs delimiting VPRN SAPs

periodic-loopback

Syntax 
[no] periodic-loopback
Context 
config>service>vprn>if >sap>atm>oam
Description 

This command enables periodic OAM loopbacks on this SAP. This command is only configurable on VPRN SAPs. When enabled, an ATM OAM loopback cell is transmitted every period as configured in the config>system>atm>oam>loopback-period period context.

If a response is not received and consecutive retry-down retries also result in failure, the endpoint will transition to an alarm indication signal/loss of clock state. Then, an ATM OAM loopback cell will be transmitted every period as configured in the loopback-period period. If a response is received for the periodic loopback and consecutive retry-up retries also each receive a response, the endpoint will transition back to the up state.

The no form of this command sets the value back to the default.

Default 

no periodic-loopback

3.8.2.14. Interface SAP Filter and QoS Policy Commands

egress

Syntax 
egress
Context 
config>service>vprn>if>sap
Description 

This command enters the context to configure egress SAP Quality of Service (QoS) policies and filter policies.

If no sap-egress QoS policy is defined, the system default sap-egress QoS policy is used for egress processing. If no egress filter is defined, no filtering is performed.

ingress

Syntax 
ingress
Context 
config>service>vprn>if>sap
Description 

This command enters the context to configure ingress SAP Quality of Service (QoS) policies and filter policies.

If no sap-ingress QoS policy is defined, the system default sap-ingress QoS policy is used for ingress processing. If no ingress filter is defined, no filtering is performed.

agg-rate

Syntax 
[no] agg-rate
Context 
config>service>vprn>if>sap>egress
Description 

This command is used to control an HQoS aggregate rate limit. It is used in conjunction with the following parameter commands: rate, limit-unused-bandwidth, and queue-frame-based-accounting.

limit-unused-bandwidth

Syntax 
[no] limit-unused-bandwidth
Context 
config>service>vprn>if>sap>egress>agg-rate
Description 

This command is used to enable (or disable) aggregate rate overrun protection on the agg-rate context.

queue-frame-based-accounting

Syntax 
[no] queue-frame-based-accounting
Context 
config>service>vprn>if>sap>egress>agg-rate
Description 

This command is used to enabled (or disable) frame based accounting on all policers and queues associated with the agg-rate context. Only supported on Ethernet ports. Not supported on HSMDA Ethernet ports. Packet byte offset settings are not included in the applied rate when queue frame-based accounting is configured; the offsets are applied to the statistics.

rate

Syntax 
rate kilobits-per-second
no rate
Context 
config>service>vprn>if>sap>egress>agg-rate
Description 

This command defines the enforced aggregate rate for all queues associated with the agg-rate context. A rate must be specified for the agg-rate context to be considered to be active on the context’s object.

The no form of this command removes an explicit rate value from the aggregate rate returning it to its default value.

Parameters 
kilobits-per-second—
Specifies the rate limit for the SAP, in kilobits per second.
Values—
1 to 6400000000, max

 

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface. Filter policies control the forwarding and dropping of packets based on IP matching criteria.

The filter command is used to associate a filter policy with a specified filter ID with an ingress or egress SAP. The filter ID must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters 
ip ip-filter-id
Specifies IP filter policy. The filter ID must already exist within the created IP filters.
Values—
ip-filter-id: 1 to 65535
name: up to 64 characters

 

ipv6 ipv6-filter-id
Specifies IPv6 filter policy. The filter ID must already exist within the created IP filters.
Values—
ip-filter-id: 1 to 65535
name: up to 64 characters

 

hsmda-queue-override

Syntax 
[no] hsmda-queue-override
Context 
config>service>vprn>if>sap>egress
Description 

This command enters the context to configure HSMDA queue overrides.

packet-byte-offset

Syntax 
packet-byte-offset {add add-bytes | subtract sub-bytes}
no packet-byte-offset
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override
Description 

This command adds or subtracts the specified number of bytes to the accounting function for each packet handled by the HSMDA queue. Normally, the accounting and leaky bucket functions are based on the Ethernet DLC header, payload and the 4 byte CRC (everything except the preamble and inter-frame gap). As an example, the packet-byte-offset command can be used to add the frame encapsulation overhead (20 bytes) to the queues accounting functions.

The accounting functions affected include:

  1. Offered High Priority / In-Profile Octet Counter
  2. Offered Low Priority / Out-of-Profile Octet Counter
  3. Discarded High Priority / In-Profile Octet Counter
  4. Discarded Low Priority / Out-of-Profile Octet Counter
  5. Forwarded In-Profile Octet Counter
  6. Forwarded Out-of-Profile Octet Counter
  7. Peak Information Rate (PIR) Leaky Bucket Updates
  8. Committed Information Rate (CIR) Leaky Bucket Updates
  9. Queue Group Aggregate Rate Limit Leaky Bucket Updates

The secondary shaper leaky bucket, scheduler priority level leaky bucket and the port maximum rate updates are not affected by the configured packet-byte-offset. Each of these accounting functions are frame based and always include the preamble, DLC header, payload and the CRC regardless of the configured byte offset.

The packet-byte-offset command accepts either add or subtract as valid keywords which define whether bytes are being added or removed from each packet traversing the queue. Up to 31 bytes may be added to the packet and up to 32 bytes may be removed from the packet. An example use case for subtracting bytes from each packet is an IP based accounting function. Given a Dot1Q encapsulation, the command packet-byte-offset subtract 14 would remove the DLC header and the Dot1Q header from the size of each packet for accounting functions only. The 14 bytes are not actually removed from the packet, only the accounting size of the packet is affected.

As inferred above, the variable accounting size offered by the packet-byte-offset command is targeted at the queue and queue group level. The packet-byte-offset, when set, applies to all queues in the queue group. The accounting size of the packet is ignored by the secondary shapers, the scheduling priority level shapers and the scheduler maximum rate. The actual on-the-wire frame size is used for these functions to allow an accurate representation of the behavior of the subscriber's packets on an Ethernet aggregation network.

The packet-byte-offset value may be overridden at the queue-group level.

Parameters 
add add-bytes
Indicates that the byte value should be added to the packet for queue and queue group level accounting functions. Either the add or subtract keyword must be specified. The corresponding byte value must be specified when executing the packet-byte-offset command. The add keyword is mutually exclusive with the subtract keyword.
Values—
0 to 31

 

subtract sub-bytes
Indicates that the byte value should be subtracted from the packet for queue and queue group level accounting functions. The subtract keyword is mutually exclusive with the add keyword. Either the add or subtract keyword must be specified. The corresponding byte value must be specified when executing the packet-byte-offset command.
Values—
1 to 64

 

queue

Syntax 
queue queue-id [create]
no queue queue-id
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override
Description 

This command configures overrides for a HSMDA queue. The actual valid values are those defined in the given SAP QoS policy.

Parameters 
queue-id—
Specifies the queue ID to override.
Values—
1 to 8

 

create—
This keyword is mandatory when creating a new queue override.

mbs

Syntax 
mbs { [0..2625] [kilobytes] | [0..2688000] bytes | default }
no mbs
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s MBS parameters. The MBS is a mechanism to override the default maximum size for the queue.

The sum of the MBS for all queues on an egress access port can oversubscribe the total amount of buffering available. When congestion occurs and buffers become scarce, access to buffers is controlled by the RED slope a packet is associated with. A queue that has not exceeded its MBS size is not guaranteed that a buffer will be available when needed or that the packet’s RED slope will not force the discard of the packet. Setting proper CBS parameters and controlling CBS oversubscription is one major safeguard to queue starvation (when a queue does not receive its fair share of buffers). Another is properly setting the RED slope parameters for the needs of services on this port or channel.

If the CBS value is larger than the MBS value, an error will occur, preventing the MBS change.

The no form of this command returns the MBS size assigned to the queue.

Default 

mbs default

Parameters 
size—
Specifies the maximum number of kbytes of buffering allowed for the queue. For a value of 100 kb/s, enter the number 100. A value of 0 causes the queue to discard all packets.
Values—
0 to 2625 kilobytes
0 to 2688000 bytes
default

 

monitor-depth

Syntax 
[no] monitor-depth
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command enables queue depth monitoring for the specified queue.

The no form of this command removes queue depth monitoring for the specified queue.

rate

Syntax 
rate pir-rate
no rate
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR). The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The rate command can be executed at any time, altering the PIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR parameters (max, 0).

Parameters 
pir-rate—
Defines the administrative PIR rate, in kilobits, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values—
1 to 100000000

 

Default—
max

slope-policy

Syntax 
slope-policy hsmda-slope-policy-name
no slope-policy
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override
Description 

This command specifies an existing slope policy name.

wrr-weight

Syntax 
wrr-weight value
no wrr-weight
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override>queue
Description 

This command assigns the weight value to the HSMDA queue.

The no form of this command returns the weight value for the queue to the default value.

Parameters 
percentage
Specifies the weight for the HSMDA queue.
Values—
1 to 32

 

policer-control-policy

Syntax 
policer-control-policy policy-name
no policer-control-policy
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command, within the qos CLI node, is used to create, delete or modify policer control policies. A policer control policy is very similar to the scheduler-policy which is used to manage a set of queues by defining a hierarchy of virtual schedulers and specifying how the virtual schedulers interact to provide an aggregate SLA. In a similar fashion, the policer-control-policy controls the aggregate bandwidth available to a set of child policers. Once created, the policy can be applied to ingress or egress SAPs. The policy may also be applied to the ingress or egress context of a sub-profile.

Policer Control Policy Instances

On the SAP side, an instance of a policy is created each time a policy is applied. When applied to a sub-profile, an instance of the policy is created each time a subscriber successfully maps one or more hosts to the profile per ingress SAP.

Each instance of the policer-control-policy manages the policers associated with the object that owns the policy instance (SAP or subscriber). If a policer on the object is parented to an appropriate arbiter name that exists within the policy, the policer will be managed by the instance. If a policer is not parented or is parented to a non-existent arbiter, the policer will be orphaned and will not be subject to bandwidth control by the policy instance.

Maximum Rate and Root Arbiter

The policer-control-policy supports an overall maximum rate (max-rate) that defines the total amount of bandwidth that may be distributed to all associated child policers. By default, that rate is set to max which provides an unlimited amount of bandwidth to the policers. Once the policy is created, an actual rate should be configured in order for the policy instances to be effective. At the SAP level, the maximum rate may be overridden on a per instance basis. For subscribers, the maximum rate may only be overridden on the subscriber profile which will then be applied to all instances associated with the profile.

The maximum rate is defined within the context of the root arbiter which is always present in a policer-control-policy. The system creates a parent policer which polices the output of all child policers attached to the policy instance to the configured rate. Child policers may be parented directly to the root arbiter (parent root) or parented to one of the tiered arbiters (parent arbiter-name). Since each tiered arbiter must be parented to either another tiered arbiter or the root arbiter (default), every parented child policer is associated with the root arbiter and therefore the root arbiter’s parent policer.

Parent Policer PIR Leaky Bucket Operation

The parent policer is a single leaky bucket that monitors the aggregate throughput rate of the associated child policers. Forwarded packets increment the bucket by the size of each packet. The rate of the parent policer is implemented as a bucket decrement function which attempts to drain the bucket. If the rate of the packets flowing through the bucket is less than the decrement rate, the bucket does not accumulate depth. Each packet that flows through the bucket is accompanied by a derived discard threshold. If the current depth of the bucket is less than the discard threshold, the packet is allowed to pass through, retaining the colors derived from the packet’s child policer. If the current depth is equal to or greater than the threshold value, the packet is colored red and the bucket depth is not incremented by the packet size. Also, any increased bucket depths in the child policer are canceled making any discard event an atomic function between the child and the parent.

Due to the fact that multiple thresholds are supported by the parent policer, the policer control policy is able to protect the throughput of higher priority child policers from the throughput of the lower priority child policers within the aggregate rate.

Tier 1 and Tier 2 Arbiters

As stated above, each child is attached either to the always available root arbiter or to an explicitly created tier 1 or tier 2 arbiter. Unlike the hardware parent policer based root arbiter, the arbiters at tier 1 and tier 2 are only represented in software and are meant to provide an arbitrary hierarchical bandwidth distribution capability. An arbiter created on tier 2 must parent to either to an arbiter on tier 1 or to the root arbiter. Arbiters created on tier 1 always parent to the root arbiter. In this manner, every arbiter ultimately is parented or grand-parented by the root arbiter.

Each tiered arbiter supports an optional rate parameter that defines a rate limit for all child arbiters or child policers associated with the arbiter. Child arbiters and policers attached to the arbiter have a level attribute that defines the strict level at which the child is given bandwidth by the arbiter. Level 8 is the highest and 1 is the lowest. Also a weight attribute defines each child’s weight at that strict level in order to determine how bandwidth is distributed to multiple children at that level when insufficient bandwidth is available to meet each child’s required bandwidth.

Fair and Unfair Bandwidth Control

Each child policer supports three leaky buckets. The PIR bucket manages the policer’s peak rate and maximum burst size, the CIR leaky bucket manages the policer’s committed rate and committed burst size. The third leaky bucket is used by the policer control policy instance to manage the child policer’s fair rate (FIR). When multiple child policers are attached to the root arbiter at the same priority level, the policy instance uses each child’s FIR bucket rate to control how much of the traffic forwarded by the policer is fair and how much is unfair.

In the simplest case where all the child policers in the same priority level are directly attached to the root arbiter, each child’s FIR rate is set according to the child’s weight divided by the sum of the active children’s weights multiplied by the available bandwidth at the priority level. The result is that the FIR bucket will mark the appropriate amount of traffic for each child as fair-based on the weighted fair output of the policy instance.

The fair/unfair forwarding control in the root parent policer is accomplished by implementing two different discard thresholds for the priority. The first threshold is discard-unfair and the second is discard-all for packet associated with the priority level. As the parent policer PIR bucket fills (due the aggregate forwarded rate being greater than the parent policers PIR decrement rate) and the bucket depth reaches the first threshold, all unfair packets within the priority are discarded. This leaves room in the bucket for the fair packets to be forwarded.

In the more complex case where one or more tiered arbiters are attached at the priority level, the policer control policy instance must consider more than just the child policer weights associated with the attached arbiter. If the arbiter is configured with an aggregate rate limit that its children cannot exceed, the policer control policy instance will switch to calculating the rate each child serviced by the arbiter should receive and enforces that rate using each child policers PIR leaky bucket.

When the child policer PIR leaky bucket is used to limit the bandwidth for the child policer and the child’s PIR bucket discard threshold is reached, packets associated with the child policer are discarded. The child policer’s discarded packets do not consume depth in the child policer’s CIR or FIR buckets. The child policers discarded packets are also prevented from impacting the parent policer and will not consume the aggregate bandwidth managed by the parent policer.

Parent Policer Priority Level Thresholds

As stated above, each child policer is attached either to the root arbiter or explicitly to one of the tier 1 or tier 2 arbiters. When attached directly to the root arbiter, its priority relative to all other child policers is indicated by the parenting level parameter. When attached through one of the tiered arbiters, the parenting hierarchy of the arbiters must be traced through to the ultimate attachment to the root arbiter. The parenting level parameter of the arbiter parented to the root arbiter defines the child policer’s priority level within the parent policer.

The priority level is important since it defines the parent policer discard thresholds that will be applied at the parent policer. The parent policer has 8 levels of strict priority and each priority level has its own discard-unfair and discard-all thresholds. Each priority’s thresholds are larger than the thresholds of the lower priority levels. This ensures that when the parent policer is discarding, it will be priority sensitive.

To visualize the behavior of the parent policer, picture that when the aggregate forwarding rate of all child policers is currently above the decrement rate of the parent PIR leaky bucket, the bucket depth will increase over time. As the bucket depth increases, it will eventually cross the lowest priority’s discard-unfair threshold. If this amount of discard sufficiently lowers the remaining aggregate child policer rate, the parent PIR bucket will hover around this bucket depth. If however, the remaining aggregate child rate is still greater than the decrement rate, the bucket will continue to rise and eventually reach the lowest priority’s discard-all threshold which will cause all packets associated with the priority level to be discarded (fair and unfair). Again, if the remaining aggregate child rate is less than or equal to the bucket decrement rate, the parent PIR bucket will hover around this higher bucket depth. If the remaining aggregate child rate is still higher than the decrement rate, the bucket will continue to rise through the remaining priority level discards until equilibrium is achieved.

As noted above, each child’s rate feeding into the parent policer is governed by the child policer’s PIR bucket decrement rate. The amount of bandwidth the child policer offers to the parent policer will not exceed the child policer’s configured maximum rate.

Root Arbiter’s Parent Policer’s Priority Aggregate Thresholds

Each policer-control-policy root arbiter supports configurable aggregate priority thresholds which are used to control burst tolerance within each priority level. Two values are maintained per priority level; the shared-portion and the fair-portion. The shared-portion represents the amount of parent PIR bucket depth that is allowed to be consumed by both fair and unfair child packets at the priority level. The fair-portion represents the amount of parent PIR bucket depth that only the fair child policer packets may consume within the priority level. It should be noted that the fair and unfair child packets associated with a higher parent policer priority level may also consume the bucket depth set aside for this priority.

While the policy maintains a parent policer default or explicit configurable values for shared-portion and fair-portion within each priority level, it is possible that some priority levels will not be used within the parent policer. Most parent policer use cases require fewer than eight strict priority levels.

To derive the actual priority level discard-unfair and discard-all thresholds while only accounting for the actual in-use priority levels, the system maintains a child policer to parent policer association counter per priority level for each policer control policy instance. As a child policer is parented to either the root or a tiered arbiter, the system determines the parent policer priority level for the child policer and increments the association counter for that priority level on the parent policer instance.

The shared-portion for each priority level is affected by the parent policer global min-thresh-separation parameter that defines the minimum separation between any in-use discard thresholds. When more than one child policer is associated with a parent policer priority level, the shared-portion for that priority level will be the current value of min-thresh-separation. When only a single child policer is associated, the priority level’s shared-portion is zero since all packets from the child will be marked fair and the discard-unfair threshold is meaningless. When the association counter is zero, both the shared-portion and the fair-portion for that priority level are zero since neither discard thresholds will be used. Whenever the association counter is greater than 0, the fair-portion for that priority level will be derived from the current value of the priority’s mbs-contribution parameter and the global min-thresh-separation parameter.

Each priority level’s discard-unfair and discard-all thresholds are calculated based on an accumulation of lower priorities shared-portions and fair-portions and the priority level’s own shared-portion and fair-portion. The base threshold value for each priority level is equal to the sum of all lower priority level’s shared-portions and fair-portions. The discard-unfair threshold is the priority level’s base threshold plus the priority level’s shared-portion. The discard-all threshold for the priority level is the priority level’s base threshold plus both the shared-portion and fair-portion values of the priority. As can be seen, an in-use priority level’s thresholds are always greater than the thresholds of lower priority levels.

Policer Control Policy Application

A policer-control-policy may be applied on any Ethernet ingress or egress SAP that is associated with a port (or ports in the case of LAG).

The no form of this command removes a non-associated policer control policy from the system. The command will not execute when policer-name is currently associated with any SAP or subscriber management sub-profile context.

Parameters 
policy-name—
Specifies the policy name. Each policer-control-policy must be created with a unique policy name. The name must be given as policy-name must adhere to the system policy ASCII naming requirements. If the defined policy-name already exists, the system will enter that policy’s context for editing purposes. If policy-name does not exist, the system will attempt to create a policy with the specified name. Creating a policy may require use of the create parameter when the system is configured for explicit object creation mode.

policer-control-override

Syntax 
policer-control-override [create]
no policer-control-override
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command, within the SAP ingress or egress contexts, creates a CLI node for specific overrides to the applied policer-control-policy. A policy must be applied for a policer-control-overrides node to be created. If the policer-control-policy is removed or changed, the policer-control-overrides node is automatically deleted from the SAP.

The no form of this command removes any existing policer-control-policy overrides and the policer-control-overrides node from the SAP.

Default 

no policer-control-override

Parameters 
create—
The create keyword is required when the policer-control-overrides node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit confirmation, the create keyword is not required.

max-rate

Syntax 
max-rate {rate | max}
Context 
config>service>vprn>if>sap>egress>policer-ctrl-over config>service>vprn>if>sap>ingress>policer-ctrl-over
Description 

This command, within the SAP ingress and egress contexts, overrides the root arbiter parent policer max-rate that is defined within the policer-control-policy applied to the SAP.

When the override is defined, modifications to the policer-control-policy max-rate parameter have no effect on the SAP’s parent policer until the override is removed using the no max-rate command within the SAP.

The no form of this command returns the policer-control-policy’s parent policer maximum rate to max.

Parameters 
rate | max—
Specifies the rate override in kilobits per second or use the maximum override value.
Values—
1 to 6400000000, max

 

priority-mbs-thresholds

Syntax 
priority-mbs-thresholds
Context 
config>service>vprn>if>sap>egress>policer-ctrl-over
config>service>vprn>if>sap>ingress>policer-ctrl-over
Description 

This command overrides the CLI node contains the configured min-thresh-separation and the various priority level mbs-contribution override commands.

min-thresh-separation

Syntax 
min-thresh-separation size [{bytes | kilobytes}]
Context 
config>service>vprn>if>sap>egress>policer-ctrl-over>mbsthrshlds config>service>vprn>if>sap>ingress>policer-ctrl-over>mbsthrshlds
Description 

This command within the SAP ingress and egress contexts is used to override the root arbiter’s parent policer min-thresh-separation parameter that is defined within the policer-control-policy applied to the SAP.

When the override is defined, modifications to the policer-control-policy min-thresh-separation parameter have no effect on the SAP’s parent policer until the override is removed using the no min-thresh-separation command within the SAP.

The no form of this command removes the override and allows the min-thresh-separation setting from the policer-control-policy to control the root arbiter’s parent policer’s minimum discard threshold separation size.

Default 

no min-thresh-separation

Parameters 
size—
This parameter is required when specifying min-thresh-separation override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Values—
0 to 16777216 or default

 

Default—
kilobytes

priority

Syntax 
[no] priority level
Context 
config>service>vprn>if>sap>egress>policer-ctrl-over>mbsthrshlds config>service>vprn>if>sap>ingress>policer-ctrl-over>mbsthrshlds
Description 

The priority-level level override CLI node contains the specified priority level’s mbs-contribution override value.

This node does not need to be created and will not be output in show or save configurations unless an mbs-contribution override exist for level.

The no form of this command sets the MBS contribution for the associated priority to its default value.

Parameters 
level—
Specifies that the level parameter is required when specifying priority-level and identifies which of the parent policer instances priority level’s the mbs-contribution is overriding.
Values—
1 to 8

 

mbs-contribution

Syntax 
mbs-contribution size [bytes | kilobytes]
Context 
config>service>vprn>if>sap>egress>policer-ctrl-over>mbs-thrshlds>priority config>service>vprn>if>sap>ingress>policer-ctrl-over>mbs-thrshlds>priority
Description 

The mbs-contribution override command within the SAP ingress and egress contexts is used to override a parent policer’s priority level’s mbs-contribution parameter that is defined within the policer-control-policy applied to the SAP. This override allow the priority level’s burst tolerance to be tuned based on the needs of the SAP’s child policers attached to the priority level.

When the override is defined, modifications to the policer-control-policy priority level’s mbs-contribution parameter have no effect on the SAP’s parent policer priority level until the override is removed using the no mbs-contribution command within the SAP.

The no form of this command removes the override and allows the mbs-contribution setting from the policer-control-policy to control the parent policer’s priority level’s burst tolerance.

Default 

no mbs-contribution

Parameters 
size—
This parameter is required when specifying MBS contribution override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Values—
0 to 16777216 or default

 

Default—
kilobytes

wrr-policy

Syntax 
wrr-policy hsmda-wrr-policy-name
no wrr-policy
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override
Description 

This command associates an existing HSMDA weighted-round-robin (WRR) scheduling loop policy to the HSMDA queue.

Parameters 
hsmda-wrr-policy-name
Specifies the existing HSMDA WRR policy name to associate to the queue.

secondary-shaper

Syntax 
secondary-shaper secondary-shaper-name
no secondary-shaper
Context 
config>service>vprn>if>sap>egress>hsmda-queue-override
Description 

This command configures an HSMDA secondary shaper. A shaper override can only be configured on an HSMDA SAP.

Parameters 
secondary-shaper-name—
Specifies a secondary shaper name up to 32 characters in length.

policer-override

Syntax 
[no] policer-override
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to one or more policers created on the SAP through the sap-ingress or sap-egress QoS policies.

The no form of this command is used to remove any existing policer overrides.

Default 

no policer-override

policer

Syntax 
policer policer-id [create]
no policer policer-id
Context 
config>service>vprn>if>sap>egress>policer-override
config>service>vprn>if>sap>ingress>policer-override
Description 

This command, within the SAP ingress or egress contexts, is used to create a CLI node for specific overrides to a specific policer created on the SAP through a sap-ingress or sap-egress QoS policy.

The no form of this command is used to remove any existing overrides for the specified policer-id.

Parameters 
policer-id—
This parameter is required when executing the policer command within the policer-override context. The specified policer-id must exist within the sap-ingress or sap-egress QoS policy applied to the SAP. If the policer is not currently used by any forwarding class or forwarding type mappings, the policer will not actually exist on the SAP. This does not preclude creating an override context for the policer-id.
create—
The create keyword is required when a policer override node is being created and the system is configured to expect explicit confirmation that a new object is being created. When the system is not configured to expect explicit configuration, the create keyword is not required.

cbs

Syntax 
cbs size [{bytes | kilobytes}]
no cbs
Context 
config>service>vprn>if>sap>egress>policer-over>plcr
config>service>vprn>if>sap>ingress>policer-over>plcr
Description 

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured CBS parameter for the specified policer-id.

The no form of this command returns the CBS size to the default value.

Default 

no cbs

Parameters 
size—
This parameter is required when specifying CBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Values—
0 to 16777216 or default

 

Default—
kilobytes

mbs

Syntax 
mbs size [{bytes | kilobytes}]
no mbs
Context 
config>service>vprn>if>sap>egress>policer-override>plcr config>service>vprn>if>sap>ingress>policer-override>plcr
Description 

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured mbs parameter for the specified policer-id.

The no form of this command restores the policer’s mbs setting to the policy defined value.

Default 

no mbs

Parameters 
size—
This parameter is required when specifying MBS override and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional byte and kilobyte keywords are mutually exclusive and are used to explicitly define whether size represents bytes or kilobytes.
Values—
0 to 16777216 or default

 

Default—
kilobytes

packet-byte-offset

Syntax 
packet-byte-offset add add-bytes
packet-byte-offset subtract sub-bytes
no packet-byte-offset
Context 
config>service>vprn>if>sap>egress>policer-override>plcr config>service>vprn>if>sap>ingress>policer-override>plcr
Description 

This command, within the SAP ingress and egress policer-overrides contexts, is used to override the sap-ingress and sap-egress QoS policy configured packet-byte-offset parameter for the specified policer-id. Packet byte offset settings are not included in the applied rate when (queue) frame based accounting is configured, however the offsets are applied to the statistics.

The no form of this command restores the policer’s packet-byte-offset setting to the policy defined value.

Default 

no packet-byte-offset

Parameters 
add add-bytes
The add keyword is mutually exclusive to the subtract keyword. Either add or subtract must be specified. When add is defined, the corresponding bytes parameter specifies the number of bytes that is added to the size each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is increased by the amount being added to the size of each packet.
Values—
0 to 31

 

subtract sub-bytes
The subtract keyword is mutually exclusive to the add keyword. Either add or subtract must be specified. When subtract is defined, the corresponding bytes parameter specifies the number of bytes that is subtracted from the size of each packet associated with the policer for rate metering, profiling and accounting purposes. From the policer’s perspective, the maximum packet size is reduced by the amount being subtracted from the size of each packet.
Values—
1 to 64

 

percent-rate

Syntax 
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context 
config>service>vprn>if>sap>egress>policer-override>plcr
config>service>vprn>if>sap>ingress>policer-override>plcr
Description 

This command configures the percent rates (CIR and PIR) override and can only be used when the rate for the associated policer in the applied SAP ingress QoS policy is also configured with the percent-rate command.

The no form of this command removes the percent-rate override so that the percent-rate configured for the policer in the applied SAP egress QoS policy is used.

Parameters 
pir-percent—
Specifies the policer's PIR as a percentage of the policers's parent arbiterrate.
Values—
0.01 to 100.00

 

Default—
100.00
cir-percent—
Specifies the policer's CIR as a percentage of the policers's parent arbiterrate.
Values—
0.00 to 100.00

 

rate

Syntax 
rate {rate | max} [cir {max | rate}]
Context 
config>service>vprn>if>sap>egress>policer-override>plcr config>service>vprn>if>sap>ingress>policer-override>plcr
Description 

This command within the SAP ingress and egress policer-overrides contexts is used to override the sap-ingress and sap-egress QoS policy configured rate parameters for the specified policer-id.

The no form of this command restores the policy defined metering and profiling rate to a policer.

Parameters 
{rate | max}
Specifying the keyword max or an explicit kilobits per second parameter directly following the rate override command is required and identifies the policer instance’s metering rate for the PIR leaky bucket. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the PIR used is equivalent to max.
Values—
1 to 6400000000, max

 

cir {max | rate}
The optional cir keyword is used to override the policy derived profiling rate of the policer. Specifying the keyword max or an explicit kilobits per second parameter directly following the cir keyword is required. The kilobits per second value must be expressed as an integer and defines the rate in kilobits per second. The integer value is multiplied by 1,000 to derive the actual rate in bits per second. When max is specified, the maximum policer rate used will be equal to the maximum capacity of the card on which the policer is configured. If the policer rate is set to a value larger than the maximum rate possible for the card, then the CIR used is equivalent to max.
Values—
0 to 6400000000, max

 

stat-mode

Syntax 
stat-mode stat-mode
no stat-mode
Context 
config>service>vprn>if>sap>egress>policer-override>plcr config>service>vprn>if>sap>ingress>policer-override>plcr
Description 

The SAP-egress QoS policy’s policer stat-mode command is used to configure the forwarding plane counters that allow offered, output and discard accounting to occur for the policer. A policer has multiple types of offered packets (for example, soft in-profile and out-of-profile from ingress and hard in-profile and out-of-profile due to egress profile overrides) and each of these offered types is interacting with the policers metering and profiling functions resulting in colored output packets (green, yellow and red). Due to the potential large number of egress policers, it is not economical to allocate counters in the forwarding plane for all possible offered packet types and output conditions. Many policers will not be configured with a CIR profiling rate and not all policers will receive explicitly re-profiled offered packets. The stat-mode command allows provisioning of the number of counters each policer requires and how the offered packet types and output conditions should be mapped to the counters.

While a no-stats mode is supported which prevents any packet accounting, the use of the policer’s parent command requires that the policer’s stat-mode to be set at least to the minimal setting so that offered stats are available for the policer’s Fair Information Rate (FIR) to be calculated.

Each time the policer’s stat-mode is changed, any previous counter values are lost and any new counters are set to zero.

Each mode uses a certain number of counters per policer instance that are allocated from the forwarding plane’s policer counter resources. You can view the total/allocated/free stats by using the tools dump system-resources command. If insufficient counters exist to implement a mode on any policer instance, the stat-mode change will fail and the previous mode will continue unaffected for all instances of the policer.

The default stat-mode when a policer is created within the policy is minimal.

The stat-mode setting defined for the policer in the QoS policy may be overridden on a SAP where the policy is applied. If insufficient policer counter resources exist to implement the override, the stat-mode override command will fail. The previous stat-mode setting active for the policer will continue to be used by the policer.

The no form of this command returns the policer’s stat-mode setting to minimal.

Refer to the 7450 ESS, 7750 SR, 7950 XRS, and VSR Quality of Service Guide for detailed information about the policer stat-mode command parameters.

match-qinq-dot1p

Syntax 
match-qinq-dot1p {top | bottom}
no match-qinq-dot1p
Context 
config>service>vprn>if>sap>ingress
Description 

This command specifies which Dot1Q tag position Dot1P bits in a QinQ encapsulated packet should be used to evaluate Dot1P QoS classification.

The match-qinq-dot1p command allows the top or bottom PBits to be used when evaluating the applied sap-ingress QoS policy’s Dot1P entries. The top and bottom keywords specify which position should be evaluated for QinQ encapsulated packets.

The no form of this command restores the default dot1p evaluation behavior for the SAP.

By default, the bottom most service delineating Dot1Q tags Dot1P bits are used. Table 38 defines the default behavior for Dot1P evaluation when the match-qinq-dot1p command is not executed.

Table 38:  Dot1P Default Behavior 

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q PBits

null

TopQ BottomQ

TopQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (Default SAP)

none

Dot1Q

Dot1P (Default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

QinQ / QinQ

TopQ BottomQ

BottomQ PBits

Default 

no match-qinq-dot1p - No filtering based on p-bits.

top or bottom must be specified to override the default QinQ dot1p behavior.

Parameters 
top—
The top parameter is mutually exclusive to the bottom parameter. When the top parameter is specified, the top most PBits are used (if existing) to match any dot1p dot1p-value entries. Table 39 defines the dot1p evaluation behavior when the top parameter is specified.
Table 39:  Dot1P Evaluation Behavior 

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q

Dot1Q PBits

null

TopQ BottomQ

TopQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (Default SAP)

none

Dot1Q

Dot1P (Default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

TopQ PBits

bottom—
The bottom parameter is mutually exclusive to the top parameter. When the bottom parameter is specified, the bottom most PBits are used (if existing) to match any dot1p dot1p-value entries. The following tables define the bottom position QinQ and TopQ SAP dot1p evaluation and the default dot1p explicit marking actions.
Table 40:  Bottom Position QinQ and TopQ SAP Dot1P Evaluation  

Port / SAP Type

Existing Packet Tags

PBits Used for Match

null

none

none

null

Dot1P (VLAN-ID 0)

Dot1P PBits

null

Dot1Q

Dot1Q PBits

null

TopQ BottomQ

BottomQ PBits

null

TopQ (No BottomQ)

TopQ PBits

Dot1Q

none (default SAP)

none

Dot1Q

Dot1P (default SAP VLAN-ID 0)

Dot1P PBits

Dot1Q

Dot1Q

Dot1Q PBits

QinQ / TopQ

TopQ

TopQ PBits

QinQ / TopQ

TopQ BottomQ

BottomQ PBits

QinQ / QinQ

TopQ BottomQ

BottomQ PBits

Table 41:  Default Dot1P Explicit Marking Actions 

Egress SAP Type

Ingress Packet Preserved Dot1P State

Marked (or Remarked) PBits

null

no preserved Dot1P bits

none

null

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

Dot1Q

no preserved Dot1P bits

new PBits marked using dot1p-value

Dot1Q

preserved Dot1P bits

preserved tag PBits remarked using dot1p-value

TopQ

no preserved Dot1P bits

TopQ PBits marked using dot1p-value

TopQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits marked using dot1p-value, BottomQ PBits preserved

QinQ

no preserved Dot1P bits

TopQ PBits and BottomQ PBits marked using dot1p-value

QinQ

preserved Dot1P bits (used as TopQ and BottomQ PBits)

TopQ PBits and BottomQ PBits marked using dot1p-value

The dot1p dot1p-value command must be configured without the qinq-mark-top-only parameter to remove the TopQ PBits only marking restriction.

qinq-mark-top-only

Syntax 
[no] qinq-mark-top-only
Context 
config>service>vprn>if>sap>egress
Description 

When enabled (the encapsulation type of the access port where this SAP is defined as qinq), the qinq-mark-top-only command specifies which P-bits/DEI bit to mark during packet egress. When disabled, both set of P-bits/DEI bit are marked. When the enabled, only the P-bits/DEI bit in the top Q-tag are marked.

Default 

no qinq-mark-top-only

qos

Syntax 
qos policy-id [port-redirect-group queue-group-name instance instance-id]
no qos [policy-id]
Context 
config>service>vprn>if>sap>egress
Description 

This command associates a Quality of Service (QoS) policy with an ingress or egress Service Access Point (SAP).

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP or IP interface. If the policy- id does not exist, an error will be returned.

The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy can be associated with a SAP or IP interface at one time. Attempts to associate a second QoS policy of a given type will return an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Parameters 
policy-id—
The ingress/egress policy ID to associate with SAP or IP interface on ingress/egress. The policy ID must already exist.
Values—
1 to 65535

 

port-redirect-group—
This keyword associates a SAP egress with an instance of a named queue group template on the egress port of a given IOM/IMM/XMA. The queue-group-name and instance instance-id are mandatory parameters when executing the command.
queue-group-name
Specifies the name of the egress port queue group of the IOM/IMM/XMA, up to 32 characters in length. The queue-group-name must correspond to a valid egress queue group, created under config>port>ethernet>access>egress.
instance instance-id
Specifies the instance of the named egress port queue group on the IOM/IMM/XMA.
Values—
1 to 40960

 

Default—
1

qos

Syntax 
qos policy-id [shared-queuing | multipoint-shared]
qos policy-id [shared-queuing | multipoint-shared] fp-redirect-group queue-group-name instance instance-id
no qos [policy-id]
Context 
config>service>vprn>if>sap>ingress
Description 

This command associates a Quality of Service (QoS) policy with an ingress Service Access Point (SAP).

QoS ingress and egress policies are important for the enforcement of SLA agreements. The policy ID must be defined prior to associating the policy with a SAP. If the policy-id does not exist, an error will be returned.

The qos command is used to associate both ingress and egress QoS policies. The qos command only allows ingress policies to be associated on SAP ingress and egress policies on SAP egress. Attempts to associate a QoS policy of the wrong type returns an error.

Only one ingress and one egress QoS policy can be associated with a SAP or IP interface at one time. Attempts to associate a second QoS policy of a given type will return an error.

By default, no specific QoS policy is associated with the SAP for ingress or egress, so the default QoS policy is used.

The no form of this command removes the QoS policy association from the SAP, and the QoS policy reverts to the default.

Parameters 
policy-id—
The ingress/egress policy ID to associate with SAP or IP interface on ingress/egress. The policy ID must already exist.
Values—
1 to 65535

 

shared-queuing—
Specifies the ingress shared queue policy used by this SAP. When the value of this object is null it means that the SAP will use individual ingress QoS queues instead of the shared ones.
multipoint-shared—
Specifies that this queue-id is for multipoint forwarded traffic only. This queue-id can only be explicitly mapped to the forwarding class multicast, broadcast, or unknown unicast ingress traffic. Attempting to map forwarding class unicast traffic to a multipoint queue generates an error; no changes are made to the current unicast traffic queue mapping.

A queue must be created as multipoint. The multipoint designator cannot be defined after the queue is created. If an attempt is made to modify the command to include the multipoint keyword, an error is generated and the command will not execute.

The multipoint keyword can be entered in the command line on a pre-existing multipoint queue to edit queue-id parameters.

Default—
Present (the queue is created as non-multipoint).
Values—
Multipoint or not present.

 

fp-redirect-group—
Creates an instance of a named queue group template on the ingress forwarding plane of a given IOM/IMM/XMA. The queue-group-name and instance instance-id are mandatory parameters when executing the command. The named queue group template can contain only policers. If it contains queues, then the command fails.
queue-group-name
Specifies the name of the queue group template to be instantiated on the forwarding plane of the IOM/IMM/XMA, up to 32 characters in length. The queue-group-name must correspond to a valid ingress queue group template name, configured under config>qos>queue-group-templates.
instance-id
Specifies the instance of the named queue group to be created on the IOM/IMM/XMA ingress forwarding plane.

scheduler-policy

Syntax 
scheduler-policy scheduler-policy-name
no scheduler-policy
Context 
config>service>vprn>if>sap>ingress
config>service>vprn>if>sap>egress
Description 

This command applies an existing scheduler policy to an ingress or egress scheduler used by SAP policers and queues associated with this multi-service customer site. The schedulers defined in the scheduler policy can only be created once the customer site has been appropriately assigned to a chassis port, channel or slot. Scheduler policies are defined in the config>qos>scheduler-policy scheduler-policy-name context.

The no form of this command removes the configured ingress or egress scheduler policy from the multi-service customer site. When the policy is removed, the schedulers created due to the policy are removed also making them unavailable for the SAP policers and queues associated with the customer site. Policers and queues that lose their parent scheduler association are deemed to be orphaned and are no longer subject to a virtual scheduler. The SAPs that have policers and queues that rely on the removed schedulers enter into an operational state depicting the orphaned status of one or more policers and queues. When the no scheduler-policy command is executed, the customer site ingress or egress node will not contain an applied scheduler policy.

Parameters 
scheduler-policy-name:—
The scheduler-policy-name parameter applies an existing scheduler policy that was created in the config>qos>scheduler-policy scheduler-policy-name context to create the hierarchy of ingress or egress virtual schedulers. The scheduler names defined within the policy are created and made available to any ingress or egress queues created on associated SAPs.
Values—
any existing valid scheduler policy name

 

lag-link-map-profile

Syntax 
lag-link-map-profile link-map-profile-id
no lag-link-map-profile
Context 
config>service>vprn>if>sap
Description 

This command assigns a pre-configured LAG link map profile to a SAP or network interface configured on a LAG or a PW port that exists on a LAG. Once assigned, the SAP or network interface egress traffic will be re-hashed over LAG as required by the new configuration.

The no form of this command reverts the SAP or network interface to use per-flow, service or link hash as configured for the service or LAG.

Default 

no lag-link-map-profile

Parameters 
link-map-profile-id—
An integer from 1 to 64 that defines a unique LAG link map profile on which the LAG the SAP or network interface exist.

multi-service-site

Syntax 
multi-service-site customer-site-name
no multi-service-site customer-site-name
Context 
config>service>vprn>if>sap
Description 

This command creates a new customer site or edits an existing customer site with the customer-site-name parameter. A customer site is an anchor point to create an ingress and egress virtual scheduler hierarchy. When a site is created, it must be assigned to a chassis slot or port on the 7750 SR. When scheduler policies are defined for ingress and egress, the scheduler names contained in each policy are created according to the parameters defined in the policy. Multi-service customer sites exist for the sole purpose of creating a virtual scheduler hierarchy and making it available to queues on multiple Service Access Points (SAPs).

The scheduler policy association with the customer site normally prevents the scheduler policy from being deleted until after the scheduler policy is removed from the customer site. The multi-service-site object will generate a log message indicating that the association was deleted due to scheduler policy removal.

When the multi-service customer site is created, an ingress and egress scheduler policy association does not exist. This does not prevent the site from being assigned to a chassis slot or prevent service SAP assignment. After the site has been created, the ingress and egress scheduler policy associations can be assigned or removed at any time.

Parameters 
customer-site-name—
Each customer site must have a unique name within the context of the customer. If customer-site-name already exists for the customer ID, the CLI context changes to that site name for the purpose of editing the site scheduler policies or assignment. Any modifications made to an existing site will affect all SAPs associated with the site. Changing a scheduler policy association may cause new schedulers to be created and existing policers and queues on the SAPs to no longer be orphaned. Existing schedulers on the site may cease to exist, causing policers and queues relying on that scheduler to be orphaned.

If the customer-site-name does not exist, it is assumed that an attempt is being made to create a site of that name in the customer ID context. The success of the command execution depends on the following:

  1. The maximum number of customer sites defined for the chassis slot has not been met.
  2. The customer-site-name is valid.
  3. The create keyword is included in the command line syntax (if the system requires it).

When the maximum number of customer sites has been exceeded a configuration error occurs; the command will not execute and the CLI context will not change.

If the customer-site-name is invalid, a syntax error occurs; the command will not execute and the CLI context will not change.

Values—
Valid names consist of any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

 

static-host

Syntax 
static-host ip ip-address [mac ieee-address] [create]
static-host mac ieee-address [create]
no static-host [ip ip-address>] mac ieee-address>
no static-host all [force]
no static-host ip ip-address
Context 
config>service>vprn>if>sap
Description 

This command configures a static host on this SAP.

Parameters 
ip ip-address
Specifies the IPv4 unicast address.
mac ieee-address —
Specifies this optional parameter when defining a static host. Every static host definition must have at least one address defined, IP or MAC.
force—
Specifies the forced removal of the static host addresses.

sla-profile sla-profile-name

This optional parameter is used to specify an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

ancp-string

Syntax 
ancp-string ancp-string
no ancp-string
Context 
config>service>vprn>if>sap>static-host
Description 

This command specifies the ANCP string associated to this SAP host.

Parameters 
ancp-string—
Specifies the ANCP string up to 63 characters in length.

inter-dest-id

Syntax 
inter-dest-id intermediate-destination-id
no inter-dest-id
Context 
config>service>vprn>if>sap>static-host
Description 

This command specifies to which intermediate destination (for example a DSLAM) this host belongs.

Parameters 
intermediate-destination-id—
Specifies the intermediate destination ID.

sla-profile

Syntax 
sla-profile sla-profile-name
no sla-profile
Context 
config>service>vprn>if>sap>static-host
Description 

This command specifies an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

Parameters 
sla-profile-name—
Specifies the SLA profile name.

sub-profile

Syntax 
sub-profile sub-profile-name
no sub-profile
Context 
config>service>vprn>if>sap>static-host
Description 

This command specifies an existing subscriber profile name to be associated with the static subscriber host.

Parameters 
sub-profile-name—
Specifies the sub-profile name.

subscriber

Syntax 
subscriber sub-ident
no subscriber
Context 
config>service>vprn>if>sap>static-host
Description 

This command specifies an existing subscriber identification profile to be associated with the static subscriber host.

Parameters 
sub-ident—
Specifies the subscriber identification.

subscriber-sap-id

Syntax 
[no] subscriber-sap-id
Context 
config>service>vprn>if>sap>static-host
Description 

This command enables using the SAP ID as subscriber id.

Parameters 
subscriber-sap-id—
Specifies to use the sap-id as the subscriber-id.

queue-group-redirect-list

Syntax 
queue-group-redirect-list redirect-list-name
no queue-group-redirect-list
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command applies a queue group redirect list to the ingress or egress of an interface SAP within a VPRN service. The redirect list is used to redirect traffic to different instances of the default queue group.This command requires the prior configuration of a default queue group instance, which is the queue group instance specified with the QoS policy under the SAP ingress or egress.

The no version of this command removes the queue group redirect list from the SAP.

Parameters 
redirect-list-name —
Specifies the name of the queue group redirect list, up to 32 characters in length.

queue-override

Syntax 
[no] queue-override
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command enters the context to configure override values for the specified SAP egress or ingress QoS queue. These values override the corresponding ones specified in the associated SAP egress or ingress QoS policy.

rate

Syntax 
rate rate
no rate
Context 
config>service>vprn>if>sap>egress>queue-override>hs-wrr-group
Description 

This command overrides the scheduling rate applied to the HS WRR group in Kb/s. Alternatively, the keyword max can be specified which removes the bandwidth limitation on the HS WRR group. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the rate override value from the configuration.

Parameters 
rate—
Specifies the scheduling rate of the HS WRR group in Kb/s.
Values—
1 to 2000000000, max

 

hs-secondary-shaper

Syntax 
hs-secondary-shaper policy-name
no hs-secondary-shaper
Context 
config>service>vprn>if>sap>egress>queue-override
Description 

This command configures the HS secondary shaper to be used to apply an aggregate rate and per-scheduling class rates to the SAP egress HSQ queue group.

The no form of this command removes the HS secondary shaper override from the configuration, returning the SAP egress HSQ queue group to the default HS secondary shaper on that port.

Parameters 
policy-name—
Specifies the secondary shaper name, up to 32 characters.

hs-wrr-group

Syntax 
hs-wrr-group group-id [create]
no hs-wrr-group group-id
Context 
config>service>vprn>if>sap>egress>queue-override
Description 

This command configures the egress HS WRR group override parameters.

The no form of this command removes the group ID from the configuration.

Parameters 
group-id—
Specifies the HS WRR group ID to override.
Values—
1, 2

 

create —
Keyword used to create the HS WRR group override instance.

class-weight

Syntax 
class-weight weight
no class-weight
Context 
config>service>vprn>if>sap>egress>queue-override>hs-wrr-group
Description 

This command overrides the class weight of this WRR group at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters 
weight—
Specifies the class weight of the HS WRR group.
Values—
1, 2, 4, 8

 

percent-rate

Syntax 
percent-rate percent
no percent-rate
Context 
config>service>vprn>if>sap>egress>queue-override>hs-wrr-group
Description 

This command overrides the scheduling rate applied to the HS WRR group as a percentage of the port rate, including both the port's egress rate and port's HS scheduler policy max-rate, if configured. The override rate type must match the corresponding rate type within the applied QoS policy.

The no form of this command removes the percent rate override value from the configuration.

Parameters 
percent—
Specifies the percent rate of the HS WRR group.
Values—
0.01 to 100.00

 

queue

Syntax 
queue queue-id [create]
no queue queue-id
Context 
config>service>vprn>if>sap>egress>queue-override
config>service>vprn>if>sap>ingress>queue-override
Description 

This command specifies the ID of the queue whose parameters are to be overridden.

Parameters 
queue-id—
Specifies the queue ID whose parameters are to be overridden.
Values—
1 to 32

 

create —
Keyword used to create the group override instance.

adaptation-rule

Syntax 
adaptation-rule [pir adaptation-rule] [cir adaptation-rule]
no adaptation-rule
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s adaptation rule parameters. The adaptation rule controls the method used by the system to derive the operational CIR and PIR settings when the queue is provisioned in hardware. For the CIR and PIR parameters individually, the system attempts to find the best operational rate depending on the defined constraint.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the adaptation rule is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command removes any explicitly defined constraints used to derive the operational CIR and PIR created by the application of the policy. When a specific adaptation-rule is removed, the default constraints for rate and cir apply.

Default 

no adaptation-rule

Parameters 
pir—
The pir parameter defines the constraints enforced when adapting the PIR rate defined within the queue queue-id rate command. The pir parameter requires a qualifier that defines the constraint used when deriving the operational PIR for the queue. When the rate command is not specified, the default applies.
cir—
The cir parameter defines the constraints enforced when adapting the CIR rate defined within the queue queue-id rate command. The cir parameter requires a qualifier that defines the constraint used when deriving the operational CIR for the queue. When the cir parameter is not specified, the default constraint applies.
adaptation-rule—
Specifies the criteria to use to compute the operational CIR and PIR values for this queue, while maintaining a minimum offset.
Values—
max — The max (maximum) keyword is mutually exclusive with the min and closest options. When max is defined, the operational PIR for the queue will be equal to or less than the administrative rate specified using the rate command.
min — The min (minimum) keyword is mutually exclusive with the max and closest options. When min is defined, the operational PIR for the queue will be equal to or greater than the administrative rate specified using the rate command.
closest — The closest parameter is mutually exclusive with the min and max parameter. When closest is defined, the operational PIR for the queue will be the rate closest to the rate specified using the rate command.

 

avg-frame-overhead

Syntax 
avg-frame-overhead percent
no avg-frame-overhead
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

This command configures the average frame overhead to define the average percentage that the offered load to a queue will expand during the frame encapsulation process before sending traffic on-the-wire. While the avg-frame-overhead value may be defined on any queue, it is only used by the system for queues that egress a Sonet or SDH port or channel. Queues operating on egress Ethernet ports automatically calculate the frame encapsulation overhead based on a 20 byte per packet rule (8 bytes for preamble and 12 bytes for Inter-Frame Gap).

When calculating the frame encapsulation overhead for port scheduling purposes, the system determines the following values:

  1. Offered-load — The offered-load of a queue is calculated by starting with the queue depth in octets, adding the received octets at the queue and subtracting queue discard octets. The result is the number of octets the queue has available to transmit. This is the packet based offered-load.
  2. Frame encapsulation overhead — Using the avg-frame-overhead parameter, the frame encapsulation overhead is simply the queue’s current offered-load (how much has been received by the queue) multiplied by the avg-frame-overhead. If a queue had an offered load of 10000 octets and the avg-frame-overhead equals 10%, the frame encapsulation overhead would be 10000 x 0.1 or 1000 octets.

For egress Ethernet queues, the frame encapsulation overhead is calculated by multiplying the number of offered-packets for the queue by 20 bytes. If a queue was offered 50 packets then the frame encapsulation overhead would be 50 x 20 or 1000 octets.

  1. Frame based offered-load — The frame based offered-load is calculated by adding the offered-load to the frame encapsulation overhead. If the offered-load is 10000 octets and the encapsulation overhead was 1000 octets, the frame based offered-load would equal 11000 octets.
  2. Packet to frame factor — The packet to frame factor is calculated by dividing the frame encapsulation overhead by the queue’s offered-load (packet based). If the frame encapsulation overhead is 1000 octets and the offered-load is 10000 octets then the packet to frame factor would be 1000 / 10000 or 0.1. When in use, the avg-frame-overhead will be the same as the packet to frame factor making this calculation unnecessary.
  3. Frame based CIR — The frame based CIR is calculated by multiplying the packet to frame factor with the queue’s configured CIR and then adding that result to that CIR. If the queue CIR is set at 500 octets and the packet to frame factor equals 0.1, the frame based CIR would be 500 x 1.1 or 550 octets.
  4. Frame based within-cir offered-load — The frame based within-cir offered-load is the portion of the frame based offered-load considered to be within the frame-based CIR. The frame based within-cir offered-load is the lesser of the frame based offered-load and the frame based CIR. If the frame based offered-load equaled 11000 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would be limited to 550 octets. If the frame based offered-load equaled 450 octets and the frame based CIR equaled 550 octets, the frame based within-cir offered-load would equal 450 octets (or the entire frame based offered-load).

As a special case, when a queue or associated intermediate scheduler is configured with a CIR-weight equal to 0, the system automatically sets the queue’s frame based within-cir offered-load to 0, preventing it from receiving bandwidth during the port scheduler’s within-cir pass.

  1. Frame based PIR — The frame based PIR is calculated by multiplying the packet to frame factor with the queue’s configured PIR and then adding the result to that PIR. If the queue PIR is set to 7500 octets and the packet to frame factor equals 0.1, the frame based PIR would be 7500 x 1.1 or 8250 octets.
  2. Frame based within-pir offered-load — The frame based within-pir offered-load is the portion of the frame based offered-load considered to be within the frame based PIR. The frame based within-pir offered-load is the lesser of the frame based offered-load and the frame based PIR. If the frame based offered-load equaled 11000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered-load would be limited to 8250 octets. If the frame based offered-load equaled 7000 octets and the frame based PIR equaled 8250 octets, the frame based within-pir offered load would equal 7000 octets.

Port scheduler operation using frame transformed rates — The port scheduler uses the frame based rates to determine the maximum rates that each queue may receive during the within-cir and above-cir bandwidth allocation passes. During the within-cir pass, a queue may receive up to its frame based within-cir offered-load. The maximum it may receive during the above-cir pass is the difference between the frame based within-pir offered load and the amount of actual bandwidth allocated during the within-cir pass.

SAP and subscriber SLA-profile average frame overhead override — The average frame overhead parameter on a sap-egress may be overridden at an individual egress queue basis. On each SAP and within the sla-profile policy used by subscribers an avg-frame-overhead command may be defined under the queue-override context for each queue. When overridden, the queue instance will use its local value for the average frame overhead instead of the sap-egress defined overhead.

The no form of this command restores the average frame overhead parameter for the queue to the default value of 0 percent. When set to 0, the system uses the packet based queue statistics for calculating port scheduler priority bandwidth allocation. If the no avg-frame-overhead command is executed in a queue-override queue id context, the avg-frame-overhead setting for the queue within the sap-egress QoS policy takes effect.

Default 

0

Parameters 
percent—
This parameter sets the average amount of packet-to-frame encapsulation overhead expected for the queue. This value is not used by the system for egress Ethernet queues.
Values—
0 to 100

 

burst-limit

Syntax 
burst-limit size [bytes | kilobytes]
no burst-limit
Context 
config>service>vprn>if>sap>egress>queue-override
Description 

The queue burst-limit command defines an explicit shaping burst size for a queue. The configured size defines the shaping leaky bucket threshold level that indicates the maximum burst over the queue's shaping rate.

The no form of this command restores the default burst limit to the specified queue. This is equivalent to specifying burst-limit default within the QoS policies. When specified within a queue-override queue context, any current burst limit override for the queue is removed and the queue's burst limit is controlled by its defining policy.

Default 

no burst-limit

Parameters 
default—
Reverts the queue's burst limit to the system default value.
size—
When a numeric value is specified (size), the system interprets the value as an explicit burst limit size. The value is expressed as an integer and, by default, is interpreted as the burst limit in kilobytes. If the value is intended to be interpreted in bytes, the bytes qualifier must be added following size.
Values—
1 to 14000000

 

bytes—
Specifies that the value given for size must be interpreted as the burst limit in bytes.
kilobytes—
Specifies that the value given for size must be interpreted as the burst limit in kilobytes. If neither bytes nor kilobytes is specified, the default qualifier is kilobytes.

cbs

Syntax 
cbs size-in-kbytes
no cbs
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s CBS parameters.

It is permissible, and possibly desirable, to oversubscribe the total CBS reserved buffers for a given access port egress buffer pool. Oversubscription may be desirable due to the potential large number of service queues and the economy of statistical multiplexing the individual queue’s CBS setting into the defined reserved total.

When oversubscribing the reserved total, it is possible for a queue depth to be lower than its CBS setting and still not receive a buffer from the buffer pool for an ingress frame. As more queues are using their CBS buffers and the total in use exceeds the defined reserved total, essentially the buffers are being removed from the shared portion of the pool without the shared in use average and total counts being decremented. This can affect the operation of the high and low priority RED slopes on the pool, causing them to miscalculate when to start randomly drop packets.

If the CBS value is larger than the MBS value, an error occurs, preventing the CBS change.

The no form of this command returns the CBS to the default value.

Default 

no cbs

Parameters 
size-in-kbytes—
The size parameter is an integer expression of the number of kilobytes reserved for the queue. For a value of 10 kbytes, enter the number 10. A value of 0 specifies that no reserved buffers are required by the queue (a minimum reserved size can be applied for scheduling purposes).
Values—
0 to 131072 or default

 

drop-tail

Syntax 
drop-tail
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command enters the context to configure queue drop tail parameters.

low

Syntax 
low
Context 
config>service>vprn>if>sap>egress>queue-override>queue>drop-tail
config>service>vprn>if>sap>ingress>queue-override>queue>drop-tail
Description 

This command enters the context to configure the queue low drop tail parameters. The low drop tail defines the queue depth beyond which out-of-profile packets are not accepted into the queue and will be discarded.

percent-reduction-from-mbs

Syntax 
percent-reduction-from-mbs percent
no percent-reduction-from-mbs
Context 
config>service>vprn>if>sap>egress>queue-override>queue>drop-tail>low
config>service>vprn>if>sap>ingress>queue-override>queue>drop-tail>low
Description 

This command overrides the low queue drop tail as a percentage reduction from the MBS of the queue. For example, if a queue has an MBS of 600 kbytes and the percentage reduction is configured to be 30% for the low drop tail, then the low drop tail will be at 420 kbytes and out-of-profile packets will not be accepted into the queue if its depth is greater than this value, and so will be discarded.

Parameters 
percent—
Specifies the percentage reduction from the MBS for a queue drop tail.
Values—
0 to 100, default

 

hs-class-weight

Syntax 
hs-class-weight weight
no hs-class-weight
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

This command overrides the class weight of this queue at its parent primary shaper, relative to the other queues and WRR groups in different HSQ queue groups in the same scheduling class.

The no form of this command removes the class weight override value from the configuration.

Parameters 
weight—
Specifies the weight of the queue.
Values—
1, 2, 4, 8

 

hs-wred-queue

Syntax 
hs-wred-queue policy slope-policy-name
no hs-wred-queue
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

This command overrides the slope policy applied to the HSQ queue group queue.

The no form of this command removes the WRED queue policy override value from the configuration.

Parameters 
slope-policy-name—
Specifies an existing slope policy name to apply to this HSQ queue group queue.

hs-wrr-weight

Syntax 
hs-wrr-weight weight
no hs-wrr-weight
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

This command overrides the WRR relative weight with which this queue should parent into an HSQ Weighted Round Robin (WRR) group defined within the associated HS attachment policy.

The no form of this command removes the WRR weight override value from the configuration.

Parameters 
weight—
Specifies the HS WRR group queue weight.
Values—
1 to 127

 

mbs

Syntax 
mbs {size [bytes | kilobytes] | default}
no mbs
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s MBS parameters. The MBS value is used by a queue to determine whether it has exhausted all of its buffers while enqueuing packets. Once the queue has exceeded the amount of buffers allowed by MBS, all packets are discarded until packets have been drained from the queue.

The sum of the MBS for all queues on an ingress access port can oversubscribe the total amount of buffering available. When congestion occurs and buffers become scarce, access to buffers is controlled by the RED slope a packet is associated with. A queue that has not exceeded its MBS size is not guaranteed that a buffer will be available when needed or that the packet’s RED slope will not force the discard of the packet. Setting proper CBS parameters and controlling CBS oversubscription is one major safeguard to queue starvation (when a queue does not receive its fair share of buffers). Another is properly setting the RED slope parameters for the needs of services on this port or channel.

If the CBS value is larger than the MBS value, an error will occur, preventing the MBS change.

The no form of this command returns the MBS size assigned to the queue to the value.

Default 

mbs default

Parameters 
size—
The size parameter is required when specifying mbs and is expressed as an integer representing the required size in either bytes or kilobytes. The default is kilobytes. The optional bytes and kilobytes keywords are mutually exclusive and are used to explicitly define whether the size represents bytes or kilobytes.
Values—
0 to 1073741824
default

 

bytes—
When byte is defined, the value given for size is interpreted as the queue'sMBS value given in bytes.
kilobytes—
When kilobytes is defined, the value is interpreted as the queue's MBSvalue given in kilobytes.
default—
Specifying the keyword default sets the MBS to its default value.

monitor-depth

Syntax 
[no] monitor-depth
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command enables queue depth monitoring for the specified queue.

The no form of this command removes queue depth monitoring for the specified queue.

parent

Syntax 
parent [weight weight] [cir-weight cir-weight]
no parent
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default 

no parent

Parameters 
weight weight
Weight defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the queue or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values—
0 to 100

 

Default—
1
cir-weight cir-weight
The cir-weight keyword defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values—
0 to 100

 

Default—
1

percent-rate

Syntax 
percent-rate pir-percent [cir cir-percent]
no percent-rate
Context 
config>service>vprn>if>sap>egress>queue-override>queue
Description 

The percent-rate command supports a queue’s shaping rate and CIR rate as a percentage of the egress port’s line rate. When the rates are expressed as a percentage within the template, the actual rate used per instance of the queue group queue-id will vary based on the port speed. For example, when the same template is used to create a queue group on a 1-Gigabit and a 10-Gigabit Ethernet port, the queue’s rates will be 10 times greater on the 10 Gigabit port due to the difference in port speeds. This enables the same template to be used on multiple ports without needing to use port based queue overrides to modify a queue’s rate to get the same relative performance from the queue.

If the port’s speed changes after the queue is created, the queue’s shaping and CIR rates will be recalculated based on the defined percentage value.

The rate and percent-rate commands override one another. If the current rate for a queue is defined using the percent-rate command and the rate command is executed, the percent-rate values are deleted. In a similar fashion, the percent-rate command causes any rate command values to be deleted. A queue’s rate may dynamically be changed back and forth from a percentage to an explicit rate at anytime.

An egress port queue group queue rate override may be expressed as either a percentage or an explicit rate independent on how the queue's template rate is expressed.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the percent-rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns the queue to its default shaping rate and cir rate. When no percent-rate is defined within a port egress queue group queue override, the queue reverts to the defined shaping and CIR rates within the egress queue group template associated with the queue.

Parameters 
pir-percent
Specifies the queue’s shaping rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Values—
0.01 to 100.00

 

Default—
100.00
cir-percent—
Specifies the queue’s committed scheduling rate as a percentage of line rate. The line rate associated with the queue’s port may dynamically change due to configuration or auto-negotiation. The line rate may also be affected by an egress port scheduler defined max-rate.
Values—
0.00 to 100.00

 

Default—
100.00

rate

Syntax 
rate pir-rate [cir cir-rate]
no rate
Context 
config>service>vprn>if>sap>egress>queue-override>queue
config>service>vprn>if>sap>ingress>queue-override>queue
Description 

This command can be used to override specific attributes of the specified queue’s Peak Information Rate (PIR) and the Committed Information Rate (CIR) parameters. The PIR defines the maximum rate that the queue can transmit packets out an egress interface (for SAP egress queues). Defining a PIR does not necessarily guarantee that the queue can transmit at the intended rate. The actual rate sustained by the queue can be limited by oversubscription factors or available egress bandwidth.

The CIR defines the rate at which the system prioritizes the queue over other queues competing for the same bandwidth. In-profile packets are preferentially queued by the system at egress and at subsequent next hop nodes where the packet can traverse. To be properly handled throughout the network, the packets must be marked accordingly for profiling at each hop.

The CIR can be used by the queue’s parent commands cir-level and cir-weight parameters to define the amount of bandwidth considered to be committed for the child queue during bandwidth allocation by the parent scheduler.

The rate command can be executed at any time, altering the PIR and CIR rates for all queues created through the association of the SAP egress QoS policy with the queue-id.

This command is ignored for egress HSQ queue group queues which are attached to an HS WRR group within an associated HS attachment policy. In this case, the configuration of the rate is performed under the hs-wrr-group within the SAP egress QoS policy.

The no form of this command returns all queues created with the queue-id by association with the QoS policy to the default PIR and CIR parameters (max, 0).

Default 

rate max cir 0

Parameters 
pir-rate—
Defines the administrative PIR rate, in kb/s, for the queue. When the rate command is executed, a valid PIR setting must be explicitly defined. When the rate command has not been executed, the default PIR of max is assumed.

Fractional values are not allowed and must be given as a positive integer.

The actual PIR rate is dependent on the queue’s adaptation-rule parameters and the actual hardware where the queue is provisioned.

Values—
1 to 6400000000, max

 

Default—
max
cir-rate—
Defines the administrative CIR rate, in kb/s, for the queue. The cir parameter overrides the default administrative CIR used by the queue. When the rate command is executed, a CIR setting is optional. When the rate command has not been executed or the cir parameter is not explicitly specified, the default CIR (0) is assumed.

Fractional values are not allowed and must be given as a positive integer.

Values—
0 to 6400000000, max

 

Default—
0

scheduler-override

Syntax 
[no] scheduler-override
Context 
config>service>vprn>if>sap>egress
config>service>vprn>if>sap>ingress
Description 

This command specifies the set of attributes whose values have been overridden via management on this virtual scheduler. Clearing a given flag will return the corresponding overridden attribute to the value defined on the SAP's ingress scheduler policy.

scheduler

Syntax 
scheduler scheduler-name [create]
no scheduler scheduler-name
Context 
config>service>vprn>if>sap>egress>sched-override
config>service>vprn>if>sap>ingress>sched-override
Description 

This command can be used to override specific attributes of the specified scheduler name.

A scheduler defines a bandwidth controls that limit each child (other schedulers, policers, and queues) associated with the scheduler. Scheduler objects are created within the hierarchical tiers of the policy. It is assumed that each scheduler created will have policers, queues, or other schedulers defined as child associations. The scheduler can be a child which takes bandwidth from a scheduler in a higher tier. A total of 32 schedulers can be created within a single scheduler policy with no restriction on the distribution between the tiers.

Each scheduler must have a unique name within the context of the scheduler policy; however the same name can be reused in multiple scheduler policies. If scheduler-name already exists within the policy tier level (regardless of the inclusion of the keyword create), the context changes to that scheduler name for the purpose of editing the scheduler parameters. Modifications made to an existing scheduler are executed on all instantiated schedulers created through association with the policy of the edited scheduler. This can cause queues or schedulers to become orphaned (invalid parent association) and adversely affect the ability of the system to enforce service level agreements (SLAs).

If the scheduler-name exists within the policy on a different tier (regardless of the inclusion of the keyword create), an error occurs and the current CLI context will not change.

If the scheduler-name does not exist in this or another tier within the scheduler policy, it is assumed that an attempt is being made to create a scheduler of that name. The success of the command execution is dependent on the following:

  1. The maximum number of schedulers has not been configured.
  2. The provided scheduler-name is valid.
  3. The create keyword is entered with the command if the system is configured to require it (enabled in the environment create command).

When the maximum number of schedulers has been exceeded on the policy, a configuration error occurs and the command will not execute, nor will the CLI context change.

If the provided scheduler-name is invalid according to the criteria below, a name syntax error will occur, the command will not execute, and the CLI context will not change.

Parameters 
scheduler-name—
Specifies the name of the scheduler.
Values—
Valid names consist of any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

 

create—
Specifies that it is acceptable to create a scheduler with the given scheduler-name. If the create keyword is omitted, scheduler-name is not created when the system environment variable create is set to true. This safeguard is meant to avoid accidental creation of system objects (such as schedulers) while attempting to edit an object with a mistyped name or ID. The keyword has no effect when the object already exists.

parent

Syntax 
parent [weight weight] [cir-weight cir-weight]
no parent
Context 
config>service>vprn>if>sap>ingress>sched-override>scheduler
config>service>vprn>if>sap>egress>sched-override>scheduler
Description 

This command can be used to override the scheduler’s parent weight and cir-weight information. The weights apply to the associated level/cir-level configured in the applied scheduler policy. The scheduler name must exist in the scheduler policy applied to the ingress or egress of the SAP or multi-service site.

The override weights are ignored if the scheduler does not have a parent command configured in the scheduler policy – this allows the parent of the scheduler to be removed from the scheduler policy without having to remove all of the SAP/MSS overrides. If the parent scheduler does not exist causing the configured scheduler to be fostered on an egress port scheduler, the override weights will be ignored and the default values used; this avoids having non default weightings for fostered schedulers.

The no form of this command returns the scheduler’s parent weight and cir-weight to the value configured in the applied scheduler policy.

Default 

no parent

Parameters 
weight weight
Weight defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same strict level defined by the level parameter in the applied scheduler policy. Within the level, all weight values from active children at that level are summed and the ratio of each active child’s weight to the total is used to distribute the available bandwidth at that level. A weight is considered to be active when the policer, queue, or scheduler the weight pertains to has not reached its maximum rate and still has packets to transmit.

A 0 (zero) weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict level.

Values—
0 to 100

 

cir-weight cir-weight
The cir-weight keyword defines the relative weight of this scheduler in comparison to other child schedulers and queues at the same cir-level defined by the cir-level parameter in the applied scheduler policy. Within the strict cir-level, all cir-weight values from active children at that level are summed and the ratio of each active child’s cir-weight to the total is used to distribute the available bandwidth at that level. A cir-weight is considered to be active when the policer, queue, or scheduler that the cir-weight pertains to has not reached the CIR and still has packets to transmit.

A 0 (zero) cir-weight value signifies that the child scheduler will receive bandwidth only after bandwidth is distributed to all other non-zero weighted children in the strict cir-level.

Values—
0 to 100

 

rate

Syntax 
rate pir-rate [cir cir-rate]
no rate
Context 
config>service>vprn>if>sap>egress>sched-override>scheduler
config>service>vprn>if>sap>ingress>sched-override>scheduler
Description 

This command can be used to override specific attributes of the specified scheduler rate. The rate command defines the maximum bandwidth that the scheduler can offer its child queues or schedulers. The maximum rate is limited to the amount of bandwidth the scheduler can receive from its parent scheduler. If the scheduler has no parent, the maximum rate is assumed to be the amount available to the scheduler. When a parent is associated with the scheduler, the CIR parameter provides the amount of bandwidth to be considered during the parent scheduler’s ‘within CIR’ distribution phase.

The actual operating rate of the scheduler is limited by bandwidth constraints other than its maximum rate. The scheduler’s parent scheduler may not have the available bandwidth to meet the scheduler’s needs or the bandwidth available to the parent scheduler could be allocated to other child schedulers or child policers and queues on the parent based on higher priority. The children of the scheduler may not need the maximum rate available to the scheduler due to insufficient offered load or limits to their own maximum rates.

When a scheduler is defined without specifying a rate, the default rate is max. If the scheduler is a root scheduler (no parent defined), the default maximum rate must be changed to an explicit value. Without this explicit value, the scheduler will assume that an infinite amount of bandwidth is available and allow all child queues and schedulers to operate at their maximum rates.

The no form of this command returns the scheduler's PIR and CIR parameters to the value configured in the applied scheduler policy.

Parameters 
pir-rate—
Specifies the PIR rate for the scheduler. The pir parameter accepts a value in kb/s, or the max keyword. Any other value will result in an error without modifying the current PIR rate.
Values—
1 to 6400000000, max

 

cir-rate—
Specifies the CIR rate for the scheduler. The cir parameter accepts a value in kb/s, or the max or sum keywords. Any other value will result in an error without modifying the current CIR rate.

If the cir is set to max, then the CIR rate is set to infinity, but is limited by the pir-rate.

If the cir is set to sum, then the CIR rate is set to the summed CIR values of the children schedulers, policers, or queues.

Values—
0 to 6400000000, max, sum

 

3.8.2.15. Interface Anti-Spoofing Commands

anti-spoof

Syntax 
anti-spoof {ip | mac | ip-mac | nh-mac}
no anti-spoof-type
Context 
config>service>vprn>if>sap
Description 

This command enables anti-spoof filtering and optionally changes the anti-spoof matching type for the interface.

The type of anti-spoof filtering defines what information in the incoming packet is used to generate the criteria to lookup an entry in the anti-spoof filter table. The type parameter (ip, mac, ip-mac, nh-mac) defines the anti-spoof filter type enforced by the SAP when anti-spoof filtering is enabled.

The no form of this command reverts to the default.

Default 

Filter type default types:

  1. anti-spoof ip (Non-Ethernet encapsulated SAP)
  2. anti-spoof ip-mac (Ethernet encapsulated SAP)
  3. no anti-spoof-type (other SAPs)
Parameters 
ip—
Configures SAP anti-spoof filtering to use only the source IP address in its lookup. If a static host exists on the SAP without an IP address specified, the anti-spoof type ip command fails.
mac—
Configures SAP anti-spoof filtering to use only the source MAC address in its lookup. Setting the anti-spoof filter type to mac is not allowed on non-Ethernet encapsulated SAPs. If a static host exists on the SAP without a specified MAC address, the anti-spoof type mac command fails. The anti-spoof type mac command will also fail if the SAP does not support Ethernet encapsulation.
ip-mac—
Configures SAP anti-spoof filtering to use both the source IP address and the source MAC address in its lookup. If a static host exists on the SAP without both the IP address and MAC address specified, the anti-spoof type ip-mac command fails. This is also true if the default anti-spoof filter type of the SAP is ip-mac and the default is not overridden. The anti-spoof type ip-mac command will also fail if the SAP does not support Ethernet encapsulation.
nh-mac—
Indicates that the ingress anti-spoof is based on the source MAC address and the egress anti-spoof is based on the nh-ip-address.

app-profile

Syntax 
app-profile app-profile-name
no app-profile
Context 
config>service>vprn>if>sap
config>service>vprn>if>sap>static-host
Description 

This command configures the application profile name.

Parameters 
app-profile-name—
Specifies an existing application profile name configured in the config>app-assure>group>policy context.

arp-limit

Syntax 
arp-limit limit [log-only] [threshold percent]
no arp-limit
Context 
config>service>vprn>if
Description 

This command configures the maximum amount of dynamic IPv4 ARP entries that can be learned on an IP interface.

When the number of dynamic ARP entries reaches the configured percentage of this limit, an SNMP trap is sent. When the limit is exceeded, no new entries are learned until an entry expires and traffic to these destinations will be dropped. Entries that have already been learned will be refreshed.

The no form of this command removes the arp-limit.

Default 

90 percent

Parameters 
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, entries above the limit will be learned.
percent—
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 to 100

 

limit—
The number of entries that can be learned on an IP interface expressed as a decimal integer. If the limit is set to 0, dynamic ARP learning is disabled and no dynamic ARP entries are learned.
Values—
0 to 524288

 

arp-populate

Syntax 
[no] arp-populate
Context 
config>service>vprn>if
Description 

This command enables populating static and dynamic hosts into the system ARP cache. When enabled, the host’s IP address and MAC address are placed in the system ARP cache as a managed entry. Static hosts must be defined on the interface using the host command. Dynamic hosts are enabled on the system through enabling lease-populate in the IP interface DHCP context. In the event that both a static host and a dynamic host share the same IP and MAC address, the system’s ARP cache retains the host information until both the static and dynamic information are removed. Both static and dynamic hosts override static ARP entries. Static ARP entries are marked as inactive when they conflict with static or dynamic hosts and will be repopulated once all static and dynamic host information for the IP address are removed. Since static ARP entries are not possible when static subscriber hosts are defined or when DHCP lease state table population is enabled, conflict between static ARP entries and the arp-populate function is not an issue.

The arp-populate command fails if an existing static subscriber host on the SAP does not have both MAC and IP addresses specified.

Once arp-populate is enabled, creating a static subscriber host on the SAP without both an IP address and MAC address fails.

arp-populate can only be enabled on VPRN interfaces supporting Ethernet encapsulation.

Use the no form of this command to disable ARP cache population functions for static and dynamic hosts on the interface. All static and dynamic host information in the systems ARP cache will be removed. Any existing static ARP entries previously inactive due to static or dynamic hosts will be populated in the system ARP cache.

When arp-populate is enabled, the system will not send out ARP Requests for hosts that are not in the ARP cache. Only statically configured and DHCP learned hosts are reachable through an IP interface with arp-populate enabled.

Default 

no arp-populate

arp-retry-timer

Syntax 
arp-retry-timer timer-multiple
no arp-retry-timer
Context 
config>service>vprn>if
config>service>vprn>network-interface
Description 

This command allows the arp retry timer to be configured to a specific value.

The timer value is entered as a multiple of 100 ms. So a timer value of 1, means the ARP timer will be set to 100 ms.

The no form of this command removes the command from the active configuration and returns the ARP retry timer to its default value of 5 s.

Default 

arp-retry-timer 50

Parameters 
timer-multiple
Specifies the multiple of 100 ms that the ARP retry timer will be configured as.
Values—
1 to 300 (equally a timer range of 100 ms to 30 000 ms)

 

arp-timeout

Syntax 
arp-timeout seconds
no arp-timeout [seconds]
Context 
config>service>vprn>if
Description 

This command configures the minimum time in seconds an ARP entry learned on the IP interface will be stored in the ARP table. ARP entries are automatically refreshed when an ARP request or gratuitous ARP is seen from an IP host, otherwise, the ARP entry is aged from the ARP table. If arp-timeout is set to a value of zero seconds, ARP aging is disabled.

The no form of this command restores arp-timeout to the default value.

Default 

arp-timeout 14400

Parameters 
seconds—
The minimum number of seconds a learned ARP entry will be stored in the ARP table, expressed as a decimal integer. A value of zero specifies that the timer is inoperative and learned ARP entries will not be aged.
Values—
0 to 65535

 

authentication-policy

Syntax 
authentication-policy name
no authentication-policy
Context 
config>service>vprn>if
Description 

This command assigns an authentication policy to the interface.

The no form of this command removes the policy name from the group interface configuration.

Default 

no authentication-policy

Parameters 
name —
Specifies the authentication policy name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

bandwidth

Syntax 
bandwidth bandwidth
no bandwidth
Context 
config>service>vprn>if>sap
Description 

This command specifies the admin bandwidth assigned to SAPs, ports and LAGs which is used by SAP bandwidth CAC.

SAP: Attempts to increase the SAP admin bandwidth will fail if there is insufficient available admin bandwidth on its port or LAG, otherwise the port or LAG available admin bandwidth will be reduced by the incremental SAP admin bandwidth. Reducing the SAP admin bandwidth will increase the available admin bandwidth on its port or LAG. This is not supported for PW-SAPs, Ethernet tunnels or subscriber group interface SAPs.

The no version of the command reverts to the default value.

Default 

no bandwidth

Parameters 
bandwidth—
Specifies the admin bandwidth assigned to the SAP, port or LAG, in kb/s.
Values—
1 to 6400000000

 

calling-station-id

Syntax 
calling-station-id calling-station-id
no calling-station-id
Context 
config>service>vprn>if>sap
Description 

This command enables the inclusion of the calling-station-id attribute in RADIUS authentication requests and RADIUS accounting messages. The value inserted is set at the SAP level. If no value is set at the SAP level, an empty string is included.

Default 

no calling-station-id

host

Syntax 
[no] host {[ip ip-address [mac ieee-address]} [subscriber sub-ident-string] [sub-profile sub-profile-name] [sla-profile sla-profile-name]
no host {[ip ip-address] [mac ieee-address]}
Context 
config>service>vprn>if>sap
Description 

This command creates a static host for the SAP. Applications within the system that make use of static host entries include anti-spoof, and source MAC population into the VPLS forwarding database.

Multiple static hosts can be defined on the SAP. Each host is identified by a source IP address, a source MAC address, or both a source IP and source MAC address. When anti-spoof in enabled on the SAP, the host information will be populated into the SAP’s anti-spoof table, allowing ingress packets matching the entry access to the SAP. When the MAC address exists in the host definition, the MAC address is populated into the VPLS forwarding database and associates it with the SAP. The static host definition overrides any static MAC entries using the same MAC and prevents dynamic learning of the MAC on another interface.

Defining a static host identical to an existing static host has no effect and will not generate a log or error message.

Every static host definition must have at least one address defined, IP or MAC.

Static hosts may exist on the SAP even with anti-spoof and arp-populate (VPRN) features disabled. When enabled, each feature has different requirements for static hosts.

Default 

There are no default static entries.

Parameters 
anti-spoof—
When enabled, this feature uses static and dynamic host information to populate entries into an anti-spoof filter table. The anti-spoof filter entries generated will be of the same type as specified in the anti-spoof type parameter. If the SAP anti-spoof filter is defined as mac, each static host definition must specify a MAC address. If the SAP anti-spoof filter is defined as ip, each static host definition must specify an IP address. If the SAP anti-spoof filter is defined as ip-mac, each static host definition must specify both an IP address and MAC address. If definition of a static host is attempted without the appropriate addresses specified for the enabled anti-spoof filter, the static host definition fails.
arp-populate—
When enabled, this feature uses static and dynamic host information to populate entries into the system’s ARP cache. This is only available on the VPRN service SAPs. Both a MAC address and IP address are required to populate an ARP entry in the system. If definition of a static host is attempted without both a MAC and IP address specified when arp -populate is enabled, the static host definition fails.
fdb-populate—
This is an implicit feature that uses the static host definition as a static MAC in the VPLS forwarding database. It cannot be enabled or disabled and has no effect on the ability to create static hosts without a MAC address specified. When a MAC address is specified for a static host, it will automatically be populated into the VPLS forwarding database associated with the SAP on which the host is created. The static host MAC address will override any static MAC entries using the same MAC and prevent dynamic learning of the MAC on another interface. Existing static MAC entries with the same MAC address as a static host are marked as inactive but not deleted. If all static hosts are removed from the SAP, the static MAC may be populated. New static MAC definitions for the VPLS instance may be created while a static host exists associated with the static MAC address.

The no form of this command removes a static entry from the system. The specified ip address and mac address must match the host’s exact IP and MAC addresses as defined when it was created. When a static host is removed from the SAP, the effect of its removal on the anti-spoof filter, ARP cache or the VPLS forwarding database is also evaluated.

ip ip-address
Specifies this optional parameter when defining a static host. The IP address must be specified for anti-spoof ip and anti-spoof ip-mac commands. Only one static host can be configured on the SAP with a given IP address.

The following rules apply to configure static hosts using an IP address:

  1. Only one static host can be defined using a specific IP address.
  2. Defining a static host with the same IP address as a previous static host overwrites the previous static host.
  3. If a static host has an IP address assigned, the MAC address for the host is optional (depending on the features enabled on the SAP).
mac mac-address
Specifies this optional parameter when defining a static host. The MAC address must be specified for anti-spoof mac, and anti-spoof ip-mac. Multiple static hosts may be configured with the same MAC address given that each definition is distinguished by a unique IP address. The following rules apply to configuring static hosts using a MAC address:
  1. Multiple static hosts may share the same MAC address.
  2. Executing the host command with the same MAC address but a different IP address as an existing static host will create a new static host.
  3. If a static host has a MAC address assigned, the IP address for the host is optional (depending on the features enabled on the SAP).
Values—
8k static and dynamic hosts per 10G forwarding complex. 64k8k per system.

 

subscriber sub-ident-string —
This optional parameter specifies an existing subscriber identification profile to be associated with the static subscriber host. The subscriber identification profile is configured in the config>subscr-mgmt>sub-ident-policy context. The subscriber information is used by the VPRN SAP arp-reply-agent to determine the proper handling of received ARP requests from subscribers.
  1. For VPRN SAPs with arp-reply-agent enabled with the optional sub-ident parameter, the static subscriber host’s sub-ident-string is used to determine whether an ARP request received on the SAP is sourced from a host belonging to the same subscriber as the destination host. When both the destination and source hosts from the ARP request are known on the SAP and the subscriber identifications do not match, the ARP request may be forwarded to the rest of the VPRN destinations.

If the static subscriber host’s sub-ident string is not defined, the host is not considered to belong to the same subscriber as another host on the SAP.

If source or destination host is unknown, the hosts are not considered to belong to the same subscriber. ARP messages from unknown hosts are subject to anti-spoof filtering rules applied at the SAP.

If sub-ident is not enabled on the SAP arp-reply-agent, subscriber identification matching is not performed on ARP requests received on the SAP.

ARP requests are never forwarded back to the same SAP or within the receiving SAP’s split horizon group.

sub-profile sub-profile-name
Specifies this optional parameter to specify an existing subscriber profile name to be associated with the static subscriber host. The subscriber profile is configured in the config>subscr-mgmt>sub-profile context.
sla-profile sla-profile-name
Specifies this optional parameter to specify an existing SLA profile name to be associated with the static subscriber host. The SLA profile is configured in the config>subscr-mgmt>sla-profile context.

frame-relay

Syntax 
frame-relay
Context 
config>service>vprn>if>sap
Description 

This command enters the context to configure Frame Relay parameters on the SAP.

frf-12

Syntax 
[no] frf-12
Context 
config>service>vprn>if>sap
Description 

This command enables the use of FRF12 headers.

The no form of this command disables the use of FRF12 headers.

ete-fragment-threshold

Syntax 
ete-fragment-threshold threshold
no ete-fragment-threshold
Context 
config>service>vprn>if>sap>frf-12
Description 

This command specifies the maximum length of a fragment to be transmitted.

The no form of this command reverts to the default.

Parameters 
threshold—
Specifies the maximum length of a fragment to be transmitted.
Values—
128 to 512

 

Default—
0

interleave

Syntax 
[no] interleave
Context 
config>service>vprn>if>sap>frame-relay>frf.12
Description 

This command enables interleaving of high priority frames and low-priority frame fragments within a FR SAP using FRF.12 end-to-end fragmentation.

When this option is enabled, only frames of the FR SAP non expedited forwarding class queues are subject to fragmentation. The frames of the FR SAP expedited queues are interleaved, with no fragmentation header, among the fragmented frames. In effect, this provides a behavior like in MLPPP Link Fragment Interleaving (LFI).

When this option is disabled, frames of all the FR SAP forwarding class queues are subject to fragmentation. The fragmentation header is however not included when the frame size is smaller than the user configured fragmentation size. In this mode, the SAP transmits all fragments of a frame before sending the next full or fragmented frame.

The receive direction of the FR SAP supports both modes of operation concurrently, with and without fragment interleaving.

The no form of this command restores the default mode of operation.

Default 

no interleave

scheduling-class

Syntax 
scheduling-class class-id
no scheduling-class
Context 
config>service>vprn>if>sap
Description 

This command specifies the scheduling class to use for this SAP.

Parameters 
class-id—
Specifies the scheduling class to use for this SAP.
Values—
0 to 3

 

Default—
0

fwd-wholesale

Syntax 
fwd-wholesale
Context 
config>service>vprn>if>sap
Description 

This command enables the context to select specific protocols ingressing on the SAP to be redirected to another service. The command is applicable to static SAPs as well as PW-SAPs.

pppoe

Syntax 
pppoe service-id
no pppoe
Context 
config>service>vprn>if>sap>fwd-wholesale
Description 

This command specifies that PPPoE packets on ingress on Ethertypes 0x8863 and 0x8864 will be redirected to the specified service. The service referred to by svc-id must be an Epipe service. Redirection to VC-switching Epipe services is not supported.

The no form of this command removes the redirect.

Parameters 
service-id—
Specifies the service ID of the Epipe to which packets are redirected.
Values—
1 to 2147483647 | svc-name up to 64 characters

 

host-lockout-policy

Syntax 
host-lockout-policy policy-name
no host-lockout-policy
Context 
config>service>vprn>if>sap
Description 

This command configures a host lockout policy.

The no form of this command removes the policy name from the configuration.

host-shutdown

Syntax 
[no] host-shutdown
Context 
config>service>vprn>if>sap
Description 

This command administratively enables host creation on this SAP.

ip-tunnel

Syntax 
ip-tunnel name [create]
no ip-tunnel name
Context 
config>service>vprn>if>sap
Description 

This command is used to configure an IP-GRE or IP-IP tunnel and associate it with a private tunnel SAP within an IES or VPRN service.

The no form of this command deletes the specified IP/GRE or IP-IP tunnel from the configuration. The tunnel must be administratively shut down before issuing the no ip-tunnel command.

Default 

No IP tunnels are defined.

Parameters 
ip-tunnel-name—
Specifies the name of the IP tunnel. Tunnel names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

backup-remote-ip

Syntax 
backup-remote-ip ip-address
no backup-remote-ip
Context 
config>service>vprn>if>sap>ip-tunnel
Description 

This command sets the backup destination IPv4 address of GRE encapsulated packets associated with a particular GRE tunnel. If the primary destination address is not reachable in the delivery service (there is no route) or not defined then this is the destination IPv4 address of GRE encapsulated packets sent by the delivery service.

The no form of this command deletes the backup-destination address from the GRE tunnel configuration.

Parameters 
ip-address—
Specifies the destination IPv4 address of the GRE tunnel.
Values—
1.0.0.0 to 223.255.255.255

 

clear-df-bit

Syntax 
[no] clear-df-bit
Context 
config>service>vprn>if
Description 

This command specifies whether to clear the Do not Fragment (DF) bit in the outgoing packets in this tunnel.

delivery-service

Syntax 
delivery-service service-id
delivery-service name service-name
no delivery-service
Context 
config>service>vprn>if>sap>ip-tunnel
Description 

This command sets the delivery service for GRE encapsulated packets associated with a particular GRE tunnel. This is the IES or VPRN service where the GRE encapsulated packets are injected and terminated. The delivery service may be the same service that owns the private tunnel SAP associated with the GRE tunnel. The GRE tunnel does not come up until a valid delivery service is configured.

The no form of this command deletes the delivery-service from the GRE tunnel configuration.

Parameters 
service-id—
identifies the service used to originate and terminate the GRE encapsulated packets belonging to the GRE tunnel.

This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The delivery-service name service-name variant can be used in all configuration modes.

Values—
{id | svc-name}

id:

1 to 2147483647

svc-name:

up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration).

 

service-name—
identifies the service used to originate and terminate the GRE encapsulated packets belonging to the GRE tunnel.
Values—
1 to 64 characters

 

dest-ip

Syntax 
[no] dest-ip ip-address
Context 
config>service>vprn>if>sap>ip-tunnel
config>service>vprn>sap>ipsec-tunnel
Description 

This command configures a private IPv4 or IPv6 address of the remote tunnel endpoint. A tunnel can have up to 16 dest-ip commands. At least one dest-ip address is required in the configuration of a tunnel. A tunnel does not come up operationally unless all dest-ip addresses are reachable (part of a local subnet).

Unnumbered interfaces are not supported.

Parameters 
ip-address —
Specifies the private IPv4 or IPv6 address of the remote IP tunnel endpoint. If this remote IP address is not within the subnet of the IP interface associated with the tunnel then the tunnel will not come up.
Values—

<ip-address>

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x - [0 to FFFF]H

d - [0 to 255]D

 

dscp

Syntax 
dscp dscp-name
no dscp
Context 
config>service>vprn>if>sap>ip-tunnel
Description 

This command sets the DSCP code-point in the outer IP header of GRE encapsulated packets associated with a particular GRE tunnel. The default, set using the no form of this command, is to copy the DSCP value from the inner IP header (after remarking by the private tunnel SAP egress qos policy) to the outer IP header.

Default 

no dscp

Parameters 
dscp—
Specifies the DSCP code-point to be used.
Values—
be, cp1, cp2, cp3, cp4, cp5, cp6, cp7, cs1, cp9, af11, cp11, af12, cp13, af13, cp15, cs2, cp17, af21, cp19, af22, cp21, af23, cp23, cs3, cp25, af31, cp27, af32, cp29, af33, cp31, cs4, cp33, af41, cp35, af42, cp37, af43, cp39, cs5, cp41, cp42, cp43, cp44, cp45, ef, cp47, nc1, cp49, cp50, cp51, cp52, cp53, cp54, cp55, nc2, cp57, cp58, cp59, cp60, cp61, cp62, cp63

 

encapsulated-ip-mtu

Syntax 
encapsulated-ip-mtu bytes
no encapsulated-ip-mtu
Context 
config>service>vprn>if>sap>ip-tunnel
Description 

This command specifies the maximum size of encapsulated tunnel packet for the ipsec-tunnel, ip-tunnel, or the dynamic tunnels terminated on the ipsec-gw. If the encapsulated IPv4 or IPv6 tunnel packet exceeds the encapsulated-ip-mtu, then the system fragments the packet against the encapsulated-ip-mtu.

The no form of this command reverts to the default.

Default 

no encapsulated-ip-mtu

Parameters 
bytes—
Specifies the maximum size in bytes.
Values—
512 to 9000

 

gre-header

Syntax 
gre-header send-key send-key receive-key receive-key
no gre-header
Context 
config>service>ies>sap>ip-tunnel
config>service>vprn>sap>ip-tunnel
Description 

This command configures the type of the IP tunnel. If the gre-header command is configured then the tunnel is a GRE tunnel with a GRE header inserted between the outer and inner IP headers. If the no form of this command is configured then the tunnel is a simple IP-IP tunnel.

Default 

no gre-header

Parameters 
send-key send-key
Specifies a 32-bit unsigned integer.
Values—
0 to 4294967295

 

receive-key receive-key
Specifies a 32-bit unsigned integer.
Values—
0 to 4294967295

 

icmp6-generation

Syntax 
icmp6-generation
Context 
config>service>vprn>if>sap>ip-tunnel
config>service>vprn>if>sap>ipsec-tunnel
Description 

This command enables the ICMPv6 packet generation configuration context.

packet-too-big

Syntax 
packet-too-big
packet-too-big number [10..1000] seconds [1..60]
no packet-too-big
Context 
config>service>vprn>if>ipsec>ipsec-tunnel>icmp6-gen
config>service>vprn>if>sap>ipsec-tun>icmp6-gen
Description 

This command enables the system to send ICMPv6 PTB (Packet Too Big) messages on the private side and optionally specifies the rate.

With this command configured, the system sends PTB back if it received an IPv6 packet on the private side that is bigger than 1280 bytes and also exceeds the private MTU of the tunnel.

The ip-mtu command (under ipsec-tunnel or tunnel-template) specifies the private MTU for the ipsec-tunnel or dynamic tunnel.

The no form of this command reverts interval and message-count values to their default values.

private-tcp-mss-adjust

Syntax 
private-tcp-mss-adjust octets
no private-tcp-mss-adjust
Context 
config>service>vprn>if>sap>ipsec-tunnel
config>service>vprn>if>sap>ip-tunnel
Description 

This command enables TCP MSS adjust for L2TPv3 tunnels on the private side of the service level. When this command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the private side.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

The no form of this command disables TCP MSS adjust on the private side.

Default 

no private-tcp-mss-adjust

Parameters 
octets—
Specifies the new TCP MSS value in octets.
Values—
512 to 9000

 

public-tcp-mss-adjust

Syntax 
public-tcp-mss-adjust octets
public-tcp-mss-adjust auto
no public-tcp-mss-adjust
Context 
config>service>vprn>if>sap>ipsec-tunnel
config>service>vprn>if>sap>ip-tunnel
Description 

This command enables TCP MSS adjust for L2TPv3 tunnels on the public side on the service level. When the command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the public side that is encapsulated in the L2TPv3 tunnel.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

The no form of this command disables TCP MSS adjust on the public side.

Default 

no public-tcp-mss-adjust

Parameters 
octets—
Specifies the new TCP MSS value in octets
Values—
512 to 9000

 

auto —
Specifies to automatically derive the new TCP MSS value.

reassembly

Syntax 
reassembly [wait-msecs]
no reassembly
Context 
config>service>vprn>if>sap>ip-tunnel
Description 

This command configures the maximum number of seconds to wait to receive all fragments of a particular IPsec or GRE packet for reassembly.

The no form of this commands removes the wait time from the configuration.

Default 

no reassembly

Parameters 
wait-msecs—
Specifies the reassembly wait time in 100 increments.
Values—
1 to 5000 ms

 

remote-ip

Syntax 
remote-ip ip-address
no remote-ip
Context 
config>service>vprn>if>sap>ip-tunnel
Description 

This command sets the primary destination IPv4 address of GRE encapsulated packets associated with a particular GRE tunnel. If this address is reachable in the delivery service (there is a route) then this is the destination IPv4 address of GRE encapsulated packets sent by the delivery service.

The no form of this command deletes the destination address from the GRE tunnel configuration.

Parameters 
ip-address—
Specifies the destination IPv4 address of the GRE tunnel.
Values—
1.0.0.0 to 223.255.255.255

 

source

Syntax 
source ip-address
no source
Context 
config>service>vprn>if>sap>ip-tunnel
Description 

This command sets the source IPv4 address of GRE encapsulated packets associated with a particular GRE tunnel. It must be an address in the subnet of the associated public tunnel SAP interface. The GRE tunnel does not come up until a valid source address is configured.

The no form of this command deletes the source address from the GRE tunnel configuration. The tunnel must be administratively shut down before issuing the no source command.

Parameters 
ip-address—
Specifies the source IPv4 address of the GRE tunnel.
Values—
1.0.0.0 to 223.255.255.255

 

3.8.2.16. Interface VPLS Commands

vpls

Syntax 
vpls service-name
Context 
config>service
config>service>vprn>if
Description 

The vpls command, within the IP interface context, is used to bind the IP interface to the specified service name.

The system does not attempt to resolve the service name provided until the IP interface is placed into the administratively up state (no shutdown). Once the IP interface is administratively up, the system will scan the available VPLS services that have the allow-ip-int-bind flag set for a VPLS service associated with the name. If the service name is bound to the service name when the IP interface is already in the administratively up state, the system will immediately attempt to resolve the given name.

If a VPLS service is found associated with the name and with the allow-ip-int-bind flag set, the IP interface will be attached to the VPLS service allowing routing to and from the service virtual ports once the IP interface is operational.

A VPLS service associated with the specified name that does not have the allow-ip-int-bind flag set or a non-VPLS service associated with the name will be ignored and will not be attached to the IP interface.

If the service name is applied to a VPLS service after the service name is bound to an IP interface and the VPLS service allow-ip-int-bind flag is set at the time the name is applied, the VPLS service will be automatically resolved to the IP interface if the interface is administratively up or when the interface is placed in the administratively up state.

If the service name is applied to a VPLS service without the allow-ip-int-bind flag set, the system will not attempt to resolve the applied service name to an existing IP interface bound to the name. To rectify this condition, the flag must first be set and then the IP interface must enter or reenter the administratively up state.

While the specified service name may be assigned to only one service context in the system, it is possible to bind the same service name to more than one IP interface. If two or more IP interfaces are bound to the same service name, the first IP interface to enter the administratively up state (if currently administratively down) or to reenter the administratively up state (if currently administratively up) when a VPLS service is configured with the name and has the allow-ip-int-bind flag set will be attached to the VPLS service. Only one IP interface is allowed to attach to a VPLS service context. No error is generated for the remaining non-attached IP interfaces using the service name.

Once an IP interface is attached to a VPLS service, the name associated with the service cannot be removed or changed until the IP interface name binding is removed. Also, the allow-ip-int-bind flag cannot be removed until the attached IP interface is unbound from the service name.

Unbinding the service name from the IP interface causes the IP interface to detach from the VPLS service context. The IP interface may then be bound to another service name or a SAP or SDP binding may be created for the interface using the sap or spoke-sdp commands on the interface.

VPRN Hardware Dependency

When a service name is bound to a VPRN IP interface, all SAPs associated with the VPRN service must be on hardware based on the FlexPath forwarding plane. Currently, these include the IOM3-XP and the various IMM modules. If any SAPs are associated with the wrong hardware type, the service name binding to the VPRN IP interface fails. Once an IP interface within the VPRN service is bound to a service name, attempting to create a SAP on excluded hardware fails.

IP Interface MTU and Fragmentation

A VPLS service is affected by two MTU values; port MTUs and the VPLS service MTU. The MTU on each physical port defines the largest Layer 2 packet (including all DLC headers and CRC) that may be transmitted out a port. The VPLS itself has a service level MTU that defines the largest packet supported by the service. This MTU does not include the local encapsulation overhead for each port (QinQ, Dot1Q, TopQ or SDP service delineation fields and headers) but does include the remainder of the packet. As virtual ports are created in the system, the virtual port cannot become operational unless the configured port MTU minus the virtual port service delineation overhead is greater than or equal to the configured VPLS service MTU. Thus, an operational virtual port is ensured to support the largest packet traversing the VPLS service. The service delineation overhead on each Layer 2 packet is removed before forwarding into a VPLS service. VPLS services do not support fragmentation and must discard any Layer 2 packet larger than the service MTU after the service delineation overhead is removed.

IP interfaces have a configurable up MTU that defines the largest packet that may egress the IP interface without being fragmented. This MTU encompasses the IP portion of the packet and does not include any of the egress DLC header or CRC. This MTU does not affect the size of the largest ingress packet on the IP interface. If the egress IP portion of the packet is larger than the IP interface MTU and the IP header do not fragment flag is not set, the packet is fragmented into smaller packets that will not exceed the configured MTU size. If the do not fragment bit is set, the packet is silently discarded at egress when it exceeds the IP MTU.

When the IP interface is bound to a VPLS service, the IP MTU must be at least 18 bytes less than the VPLS service MTU. This allows for the addition of the minimal Ethernet encapsulation overhead; 6 bytes for the DA, 6 bytes for the SA, 2 bytes for the Etype and 4 bytes for the trailing CRC. Any remaining egress virtual port overhead (Dot1P, Dot1Q, QinQ, TopQ or SDP) required above the minimum is known to be less than the egress ports MTU since the virtual port would not be operational otherwise.

If the IP interface IP MTU value is too large based on the VPLS service MTU, the IP interface will enter the operationally down state until either the IP MTU is adequately lowered or the VPLS service MTU is sufficiently increased.

The no form of this command on the IP interface is used to remove the service name binding from the IP interface. If the service name has been resolved to a VPLS service context and the IP interface has been attached to the VPLS service, the IP interface will also be detached from the VPLS service.

Parameters 
service-name—
The service-name parameter is required when using the IP interface vpls command and specifies the service name that the system will attempt to resolve to an allow-ip-int-bind enabled VPLS service associated with the name. The specified name is expressed as an ASCII string comprised of up to 32 characters. It does not need to already be associated with a service and the system does not check to ensure that multiple IP interfaces are not bound to the same name.

egress

Syntax 
egress
Context 
config>service>vprn>if>vpls
Description 

The egress node under the vpls binding is used to define the optional sap-egress QoS policy that will be used for reclassifying the egress forwarding class or profile for routed packets associated with the IP interface on the attached VPLS service context.

ingress

Syntax 
ingress
Context 
config>service>vprn>if>vpls
Description 

The ingress node in this context under the vpls binding is used to define the routed IPv4 and IPv6 optional filter overrides.

v4-routed-override-filter

Syntax 
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context 
config>service>vprn>if>vpls>egress
Description 

This command configures an IPv4 filter ID that is applied to packets egressing the VPRN R-VPLS interface. The filter overrides the existing egress IPv4 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of this command removes the IPv4 routed override filter from the egress VPRN R-VPLS interface. When removed, egress IPv4 packets will use the IPv4 egress filter applied to VPLS endpoint, if configured.

Parameters 
ip-filter-id—
Specifies the IP filter ID. This parameter is required when executing the v4- routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

v4-routed-override-filter

Syntax 
v4-routed-override-filter ip-filter-id
no v4-routed-override-filter
Context 
config>service>vprn>if>vpls>ingress
Description 

This command configures an IPv4 filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv4 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv4 routed packet’s will use the any existing ingress IPv4 filter on the VPLS virtual port.

The no form of this command removes the IPv4 routed override filter from the ingress IP interface. When removed, the IPv4 ingress routed packets within a VPLS service attached to the IP interface will use the IPv4 ingress filter applied to the packets virtual port, when defined.

Parameters 
ip-filter-id—
Specifies the IP filter ID. This parameter is required when executing the v4-routed-override-filter command. The specified filter ID must exist as an IPv4 filter within the system or the override command fails.

v6-routed-override-filter

Syntax 
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context 
config>service>vprn>if>vpls>egress
Description 

This command configures an IPv6 filter ID that is applied to packets egressing the VPRN R-VPLS interface. The filter overrides existing egress IPv6 filter applied to VPLS service endpoints such as SAPs or SDPs, if configured.

The no form of the command removes the IPv4 routed override filter from the egress VPRN R-VPLS interface. When removed, egress IPv6 packets will use the IPv6 egress filter applied to the VPLS endpoint, if configured.

Parameters 
ipv6-filter-id—
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

v6-routed-override-filter

Syntax 
v6-routed-override-filter ipv6-filter-id
no v6-routed-override-filter
Context 
config>service>vprn>if>vpls>ingress
Description 

This command configures an IPv6 filter ID that is applied to all ingress packets entering the VPLS service. The filter overrides any existing ingress IPv6 filter applied to SAPs or SDP bindings for packets associated with the routing IP interface. The override filter is optional and when it is not defined or it is removed, the IPv6 routed packets use the any existing ingress IPv6 filter on the VPLS virtual port.

The no form of the command removes the IPv6 routed override filter from the ingress IP interface. When removed, the IPv6 ingress routed packets within a VPLS service attached to the IP interface uses the IPv6 ingress filter applied to the packet’s virtual port, when defined.

Parameters 
ipv6-filter-id—
Specifies the IPv6 filter ID. This parameter is required when executing the v6-routed-override-filter command. The specified filter ID must exist as an IPv6 filter within the system or the override command fails.

reclassify-using-qos

Syntax 
reclassify-using-qos policy-id
no reclassify-using-qos
Context 
config>service>vprn>if>vpls>egress
Description 

This command specifies a SAP egress QoS policy that is used to reclassify the forwarding class and profile of egress routed packets on the VPLS service. When routed packets associated with the IP interface egress a VPLS SAP, the reclassification rules within the sap-egress QoS policy applied to the SAP are always ignored (even when reclassify-using-qos is not defined).

Any queues or policers defined within the specified QoS policy are ignored and are not created on the VPLS egress SAPs. Instead, the routed packets continue to use the forwarding class mappings, queues and policers from the SAP egress QoS policy applied to the egress VPLS SAP.

While the specified SAP egress policy ID is applied to an IP interface it cannot be deleted from the system.

The no form of this command removes the SAP egress QoS policy used for reclassification from the egress IP interface. When removed, IP routed packets is not reclassified on the egress SAPs of the VPLS service attached to the IP interface.

Parameters 
policy-id—
Specifies the SAP egress QoS policy ID This parameter is required when executing the reclassify-using-qos command. The specified SAP egress QoS ID must exist within the system or the command fails.

3.8.2.17. Interface VRRP Commands

vrrp

Syntax 
vrrp virtual-router-id [owner] [passive]
no vrrp virtual-router-id
Context 
config>service>vprn>if
Description 

This command creates or edits a Virtual Router ID (VRID) on the service IP interface. A VRID is internally represented in conjunction with the IP interface name. This allows the VRID to be used on multiple IP interfaces while representing different virtual router instances.

Two VRRP nodes can be defined on an IP interface. One, both, or none may be defined as owner. The nodal context of vrrp virtual-router-id is used to define the configuration parameters for the VRID.

The no form of this command removes the specified VRID from the IP interface. This terminates VRRP participation for the virtual router and deletes all references to the VRID. The VRID does not need to be shut down in order to remove the virtual router instance.

Special Cases 
Virtual Router Instance Owner IP Address Conditions—
The virtual router instance owner can be created prior to assigning the parent IP interface primary or secondary IP addresses. In this case, the virtual router instance is not associated with an IP address. The operational state of the virtual router instance is down.
VRRP Owner Command Exclusions—
By specifying the VRRP vrid as owner, the following commands are no longer available:
  1. vrrp priority — The virtual router instance owner is hard-coded with a priority value of 255 and cannot be changed.
  2. vrrp master-int-inherit — Owner virtual router instances do not accept VRRP advertisement messages; the advertisement interval field is not evaluated and cannot be inherited.
  3. ping-reply, telnet-reply and ssh-reply — The owner virtual router instance always allows Ping, Telnet and SSH if the management and security parameters are configured to accept them on the parent IP interface.
  4. vrrp shutdownThe owner virtual router instance cannot be shut down on the vrrp node. If this was allowed, VRRP messages would not be sent, but the parent IP interface address would continue to respond to ARPs and forward IP packets. Another virtual router instance may detect the missing master due to the termination of VRRP advertisement messages and become master. This would result in two routers responding to ARP requests for the same IP addresses. To shut down the owner virtual router instance, use the shutdown command in the parent IP interface context. This will prevent VRRP participation, IP ARP reply and IP forwarding. To continue parent IP interface ARP reply and forwarding without VRRP participation, remove the vrrp vrid instance.
  5. traceroute-reply
VRRP Passive Command Exclusions—
By specifying the VRRP vrid as passive, the following commands related to the master election and processing of VRRP advertisement messages are no longer available:
  1. vrrp priority
  2. policy
  3. preempt
  4. master-int-inherit
  5. standby-forwarding
  6. int-delay
  7. message-interval
  8. authentication-key
  9. bfd-enable
Parameters 
virtual-router-id—
The virtual-router-id parameter specifies a new virtual router ID or one that can be modified on the IP interface.
Values—
1 to 255

 

owner—
Identifies this virtual router instance as owning the virtual router IP addresses. If the owner keyword is not specified at the time of vrid creation, the vrrp backup commands must be specified to define the virtual router IP addresses. The owner keyword is not required when entering the vrid for editing purposes. Once created as owner, a vrid on an IP interface cannot have the owner parameter removed. The vrid must be deleted, and then recreated without the owner keyword, to remove ownership.
passive—
Identifies this virtual router instance as passive, and therefore, owning the virtual router IP addresses. A passive vrid does not send or receive VRRP advertisement messages, and is always in either the master state (if the interface is operational-up), or the init state (if the interface is operational-down). The passive keyword is not required when entering the vrid for editing purposes. Once a vrid on an IP interface is created as passive, the parameter cannot be removed from the vrid. The vrid must be deleted, and then recreated without the passive keyword, to remove parameter.

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context 
config>service>vprn>if>vrrp
Description 

The authentication-key command, within the vrrp virtual-router-id context, is used to assign a simple text password authentication key to generate master VRRP advertisement messages and validate received VRRP advertisement messages.

The authentication-key command is one of the few commands not affected by the presence of the owner keyword. If simple text password authentication is not required, this command is not required. If the command is re-executed with a different password key defined, the new key will be used immediately. If a no authentication-key command is executed, the password authentication key is restored to the default value. The authentication-key command may be executed at any time.

To change the current in-use password key on multiple virtual router instances:

  1. Identify the current master
  2. Shut down the virtual router instance on all backups
  3. Execute the authentication-key command on the master to change the password key
  4. Execute the authentication-key command and the no shutdown command on each backup key

The no form of this command restores the default null string to the value of key.

Parameters 
authentication-key—
The key parameter identifies the simple text password used when VRRP Authentication Type 1 is enabled on the virtual router instance. Type 1 uses a string eight octets long that is inserted into all transmitted VRRP advertisement messages and compared against all received VRRP advertisement messages. The authentication data fields are used to transmit the key.

The key parameter is expressed as a string consisting of up to eight alpha-numeric characters. Spaces must be contained in quotation marks ( “ ” ). The quotation marks are not considered part of the string.

The string is case sensitive and is left-justified in the VRRP advertisement message authentication data fields. The first field contains the first four characters with the first octet (starting with IETF RFC bit position 0) containing the first character. The second field holds the fifth through eighth characters. Any unspecified portion of the authentication data field is padded with the value 0 in the corresponding octet.

Values—
Any 7-bit printable ASCII character.

Exceptions:

Double quote (")

ASCII 34

Carriage Return

ASCII 13

Line Feed

ASCII 10

Tab

ASCII 9

Backspace

ASCII 8

 

hash-key—
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”)

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

backup

Syntax 
[no] backup ip-address
Context 
config>service>vprn>if>vrrp
Description 

This command configures virtual router IP addresses for the interface.

backup

Syntax 
[no] backup ipv6-address
Context 
config>service>vprn>if>ipv6>vrrp
Description 

This command configures virtual router IP addresses for the interface.

bfd-enable

Syntax 
[no] bfd-enable interface interface-name dst-ip ip-address
[no] bfd-enable service-id interface interface-name dst-ip ip-address
[no] bfd-enable interface interface-name dst-ip ip-address name service-name
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This commands assigns a bi-directional forwarding (BFD) session providing heart-beat mechanism for the given VRRP/SRRP instance. There can be only one BFD session assigned to any given VRRP/SRRP instance, but there can be multiple SRRP/VRRP sessions using the same BFD session. If the interface used is configured with centralized BFD, the BFD transmit and receive intervals need to be set to at least 300 ms.

BFD control the state of the associated interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface. The specified interface may not be configured with BFD; when it is, the virtual router will then initiate the BFD session.

The no form of this command removes BFD from the configuration.

Parameters 
svc-id—
Specifies the service ID of the interface running BFD. If no svc-id is specified then it indicates that the interface is a network interface in the Base router instance.

This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The bfd-enable interface interface-name dst-ip ip-address name name variant can be used in all configuration modes.

Values—
{id | svc-name}

id:

1 to 2147483647

svc-name:

Specifies an existing service name up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration)

 

interface interface-name
Specifies the name of the interface running BFD, up to 32 characters.
dst-ip ip-address
Specifies the destination address to be used for the BFD session.
name name
Specifies a service name, up to 64 characters.

init-delay

Syntax 
init-delay seconds
no init-delay
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command configures a VRRP initialization delay timer.

Default 

no init-delay

Parameters 
seconds—
Specifies the initialization delay timer for VRRP, in seconds.
Values—
1 to 65535

 

mac

Syntax 
[no] mac mac-address
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
config>service>vprn>if>sap>eth-cfm>mep
Description 

This command assigns a specific MAC address to an IP interface.

The no form of this command returns the MAC address of the IP interface to the default value.

Default 

The physical MAC address associated with the Ethernet interface that the SAP is configured on.

Parameters 
mac-address—
Specifies the 48-bit MAC address for the static ARP in the form aa:bb:cc:dd:ee:ff or aa-bb-cc-dd-ee-ff where aa, bb, cc, dd, ee and ff are hexadecimal numbers. Allowed values are any non-broadcast, non-multicast MAC and non-IEEE reserved MAC addresses.

master-int-inherit

Syntax 
[no] master-int-inherit
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command allows the master instance to dictate the master down timer (non-owner context only).

Default 

no master-int-inherit

message-interval

Syntax 
message-interval {[seconds] [milliseconds milliseconds]}
no message-interval
Context 
config>service>vprn>if
config>service>vprn>if>ipv6>vrrp
Description 

This command sets the advertisement timer and indirectly sets the master down timer on the virtual router instance. The message-interval setting must be the same for all virtual routers participating as a virtual router. Any VRRP advertisement message received with an Advertisement Interval field different than the virtual router instance configured message-interval value will be silently discarded.

The message-interval command is available in both non-owner and owner vrrp virtual-router-id nodal contexts. If the message-interval command is not executed, the default message interval of 1 second will be used.

The no form of this command restores the default message interval value of 1 second to the virtual router instance.

Parameters 
seconds—
The number of seconds that will transpire before the advertisement timer expires.
Values—
1 to 255

 

Default—
1
milliseconds milliseconds
Specifies the time interval, in milliseconds, between sending advertisement messages. This parameter is not supported on single-slot chassis.
Values—
100 to 900

 

ntp-reply

Syntax 
[no] ntp-reply
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command enables the reception and response to NTP Requests directed at the VRRP virtual IP address. This behavior only applies the router currently acting as the master VRRP router.

The no form of this command disables NTP Requests from being processed.

Default 

no ntp-reply

oper-group

Syntax 
oper-group group-name
no oper-group
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>>ipv6>vrrp
Description 

This command configures VRRP to associate with an operational group. When associated, VRRP notifies the operational group of its state changes so that other protocols can monitor it to provide a redundancy mechanism. When VRRP is the master router (MR), the operational group is up and is down for all other VRRP states.

The no form of this command removes the association.

Default 

no oper-group — No operational group is configured.

Parameters 
group-name—
Specifies the operational group identifier, up to 32 characters in length.

ping-reply

Syntax 
[no] ping-reply
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to ICMP Echo Requests directed at the virtual router instances IP addresses. The ping request can be received on any routed interface.

Ping must not have been disabled at the management security level (either on the parental IP interface or based on the Ping source host address). When ping-reply is not enabled, ICMP Echo Requests to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to ICMP Echo Requests regardless of the setting of ping-reply configuration.

The ping-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ping-reply command is not executed, ICMP Echo Requests to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all ICMP Echo Request messages destined to the non-owner virtual router instance IP addresses.

Default 

no ping-reply

policy

Syntax 
policy vrrp-policy-id
no policy
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command associates a VRRP priority control policy with the virtual router instance (non-owner context only).

Parameters 
vrrp-policy-id—
Specifies a VRRP priority control policy.
Values—
1 to 9999

 

preempt

Syntax 
[no] preempt
Context 
config>service>vprn>if
config>service>vprn>if>ipv6>vrrp
Description 

The preempt mode value controls whether a specific backup virtual router preempts a lower priority master.

When preempt is enabled, the virtual router instance overrides any non-owner master with an “in use” message priority value less than the virtual router instance in-use priority value. If preempt is disabled, the virtual router only becomes master if the master down timer expires before a VRRP advertisement message is received from another virtual router.

The IP address owner will always become master when available. Preempt mode cannot be disabled on the owner virtual router.

The default value for preempt mode is enabled.

Default 

preempt

priority

Syntax 
priority priority
no priority
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

The priority command provides the ability to configure a specific priority value to the virtual router instance. In conjunction with an optional policy command, the base-priority is used to derive the in-use priority of the virtual router instance.

The priority command is only available in the non-owner vrrp virtual-router-id nodal context. The priority of owner virtual router instances is permanently set to 255 and cannot be changed. For non-owner virtual router instances, if the priority command is not executed, the base-priority will be set to 100.

The no form of this command restores the default value of 100 to base-priority.

Parameters 
base-priority—
The base-priority parameter configures the base priority used by the virtual router instance. If a VRRP priority control policy is not also defined, the base-priority will be the in-use priority for the virtual router instance.
Values—
1 to 254

 

Default—
100

ssh-reply

Syntax 
[no] ssh-reply
Context 
config>service>vprn>if>vrrp
Description 

This command enables the non-owner master to reply to SSH Requests directed at the virtual router instance’s IP addresses. The SSH request can be received on any routed interface. SSH must not have been disabled at the management security level (either on the parental IP interface or based on the SSH source host address). Proper login and CLI command authentication is still enforced.

When ssh-reply is not enabled, SSH packets to non-owner master virtual IP addresses are silently discarded. Non-owner backup virtual routers never respond to SSH regardless of the ssh-reply configuration.

The ssh-reply command is only available in non-owner vrrp virtual-router-id nodal context. If the ssh-reply command is not executed, SSH packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all SSH packets destined to the non-owner virtual router instance IP addresses.

Default 

no ssh-reply

standby-forwarding

Syntax 
[no] standby-forwarding
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command allows the forwarding of packets by a standby router.

The no form of this command specifies that a standby router should not forward traffic sent to virtual router's MAC address. However, the standby router should forward traffic sent to the standby router’s real MAC address.

Default 

no standby-forwarding

telnet-reply

Syntax 
[no] telnet-reply
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command enables the non-owner master to reply to TCP port 23 Telnet Requests directed at the virtual router instance’s IP addresses. The Telnet request can be received on any routed interface. Telnet must not have been disabled at the management security level (either on the parental IP interface or based on the Telnet source host address). Proper login and CLI command authentication is still enforced.

When telnet-reply is not enabled, TCP port 23 Telnet packets to non-owner master virtual IP addresses are silently discarded.

Non-owner backup virtual routers never respond to Telnet Requests regardless of the telnet-reply configuration.

The telnet-reply command is only available in non-owner VRRP nodal context. If the telnet-reply command is not executed, Telnet packets to the virtual router instance IP addresses will be silently discarded.

The no form of this command restores the default operation of discarding all Telnet packets destined to the non-owner virtual router instance IP addresses.

Default 

no telnet-reply

traceroute-reply

Syntax 
[no] traceroute-reply
Context 
config>service>vprn>if>vrrp
config>service>vprn>if>ipv6>vrrp
Description 

This command is valid only if the VRRP virtual router instance associated with this entry is a non-owner.

When this command is enabled, a non-owner master can reply to traceroute requests directed to the virtual router instance IP addresses.

A non-owner backup virtual router never responds to such traceroute requests regardless of the trace-route-reply status.

Default 

no traceroute-reply

3.8.2.18. IS-IS Commands

isis

Syntax 
[no] isis isis-instance
Context 
config>service>vprn
Description 

This command creates the context to configure the Intermediate-System-to-Intermediate-System (IS-IS) protocol instance in the VPRN.

The IS-IS protocol instance is enabled with the no shutdown command in the config>service>vprn>isis context. Alternatively, the IS-IS protocol instance is disabled with the shutdown command in the config>service>vprn>isis context.

IS-IS instances are shutdown when created, so that all parameters can be configured prior to the instance being enabled.

The no form of this command disables the ISIS protocol instance from the given VPRN service.

Default 

0

Parameters 
isis-instance—
Specifies the instance ID for an IS-IS instance.
Values—
1 to 31

 

advertise-passive-only

Syntax 
[no] advertise-passive-only
Context 
config>service>vprn>isis
Description 

This command enables and disables IS-IS for the VPRN instance to advertise only prefixes that belong to passive interfaces.

advertise-router-capability

Syntax 
advertise-router-capability {area | as}
no advertise-router-capability
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A new TLV as defined in RFC 4971 advertises the TE Node Capability Descriptor capability.

The parameters (area & as) control the scope of the capabilities advertisements.

The no form of this command disables this capability.

Default 

no advertise-router-capability

Parameters 
area—
Capabilities are only advertised within the area of origin.
as—
Capabilities are only advertised throughout the entire autonomous system.

all-l1isis

Syntax 
all-l1isis ieee-address
no all-l1isis
Context 
config>service>vprn>isis
Description 

This command specifies the MAC address to use for the VPRN instance of the L1 IS-IS routers. The MAC address should be a multicast address.

Default 

all-l1isis 01:80:c2:00:00:14

Parameters 
ieee-address—
Specifies the destination MAC address for all L1 I-IS neighbors on the link for this ISIS instance.

all-l2isis

Syntax 
all-l2isis ieee-address
no all-l2isis
Context 
config>service>vprn>isis
Description 

This command specifies the MAC address to use for L2 IS-IS routers for the VPRN instance. The MAC address should be a multicast address.

Default 

all-l2isis 01:80:c2:00:00:15

Parameters 
ieee-address—
Specifies the destination MAC address for all L2 ISIS neighbors on the link for this ISIS instance.

area-id

Syntax 
[no] area-id area-address
Context 
config>service>vprn>isis
Description 

This command configures the area ID portion of NSAP addresses for the VPRN instance. This identifies a point of connection to the network, such as a router interface, and is called a Network Service Access Point (NSAP). Addresses in the IS-IS protocol are based on the ISO NSAP addresses and Network Entity Titles (NETs), not IP addresses.

A maximum of 3 area addresses can be configured for the VPRN instance.

NSAP addresses are divided into three parts. Only the area ID portion is configurable.

  1. Area ID — A variable length field between 1 and 13 bytes long. This includes the Authority and Format Identifier (AFI) as the most significant byte and the area ID.
  2. System ID — A six-byte system identification. This value is not configurable. The system ID is derived from the system or router ID.
  3. Selector ID — A one-byte selector identification that must contain zeros when configuring a NET. This value is not configurable. The selector ID is always 00.

The NET is constructed like an NSAP but the selector byte contains a 00 value. NET addresses are exchanged in hello and LSP PDUs. All net addresses configured on the node are advertised to its neighbors.

For Level 1 interfaces, neighbors can have different area IDs, but, they must have at least one area ID (AFI + area) in common. Sharing a common area ID, they become neighbors and area merging between the potentially different areas can occur.

For Level 2 (only) interfaces, neighbors can have different area IDs. However, if they have no area IDs in common, they become only Level 2 neighbors and Level 2 LSPs are exchanged.

For Level 1 and Level 2 interfaces, neighbors can have different area IDs. If they have at least one area ID (AFI + area) in common, they become neighbors. In addition to exchanging Level 2 LSPs, area merging between potentially different areas can occur.

If multiple area-id commands are entered, the system ID of all subsequent entries must match the first area address.

The no form of this command removes the area address.

auth-keychain

Syntax 
auth-keychain name
Context 
config>service>vprn>isis>
config>service>vprn>isis>level
Description 

This command configures an authentication keychain to use for the protocol interface for the VPRN instance. The keychain allows the rollover of authentication keys during the lifetime of a session.

Default 

no auth-keychain

Parameters 
name —
Specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions.

authentication-check

Syntax 
[no] authentication-check
Context 
config>service>vprn>isis
Description 

This command sets an authentication check to reject PDUs that do not match the type or key requirements for the VPRN instance.

The default behavior when authentication is configured is to reject all IS-IS protocol PDUs that have a mismatch in either the authentication type or authentication key.

When no authentication-check is configured, authentication PDUs are generated and IS-IS PDUs are authenticated on receipt. However, mismatches cause an event to be generated and will not be rejected.

The no form of this command allows authentication mismatches to be accepted and generate a log event.

Default 

authentication-check — Rejects authentication mismatches.

authentication-key

Syntax 
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command sets the authentication key used to verify PDUs sent by neighboring routers on the interface for the VPRN instance.

Neighboring routers use passwords to authenticate PDUs sent from an interface. For authentication to work, both the authentication key and the authentication type on a segment must match. The OSPF Commands statement must also be included.

To configure authentication on the global level, configure this command in the config>router>isis context. When this parameter is configured on the global level, all PDUs are authenticated including the hello PDU.

To override the global setting for a specific level, configure the authentication-key command in the config>router>isis>level context. When configured within the specific level, hello PDUs are not authenticated.

The no form of this command removes the authentication key.

Default 

no authentication-key — No authentication key is configured.

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 255 characters in length (un-encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

authentication-type

Syntax 
authentication-type {password | message-digest}
no authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables either simple password or message digest authentication or must go in either the global IS-IS or IS-IS level context.

Both the authentication key and the authentication type on a segment must match. The authentication-key statement must also be included.

Configure the authentication type on the global level in the config>router>isis context.

Configure or override the global setting by configuring the authentication type in the config>router>isis>level context.

The no form of this command disables authentication.

Default 

no authentication-type — No authentication type is configured and authentication is disabled.

Parameters 
password—
Specifies that simple password (plain text) authentication is required.
message-digest—
Specifies that MD5 authentication in accordance with RFC2104 is required.

csnp-authentication

Syntax 
[no] csnp-authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables authentication of individual ISIS packets of complete sequence number PDUs (CSNP) type for the VPRN instance.

default-route-tag

Syntax 
default-route-tag tag
no default-route-tag
Context 
config>service>vprn>isis
Description 

This command configures the route tag for default route for the router or VPRN service.

Parameters 
tag—
Assigns a default tag.
Values—
1 — 4294967295

 

export

Syntax 
[no] export policy-name [policy-name...up to 5 max]
Context 
config>service>vprn>isis
Description 

This command configures export routing policies that determine the routes exported from the routing table to IS-IS.

If no export policy is defined, non IS-IS routes are not exported from the routing table manager to IS-IS.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered overrides the previous command. A maximum of five policy names can be specified.

If an aggregate command is also configured in the config>router context, then the aggregation is applied before the export policy is applied.

Routing policies are created in the config>router>policy-options context.

The no form of this command removes the specified policy-name or all policies from the configuration if no policy-name is specified.

Default 

no export — No export policy name is specified.

Parameters 
policy-name—
The export policy name. Up to five policy-name arguments can be specified.

export-limit

Syntax 
export-limit number [log percentage]
no export-limit
Context 
config>service>vprn>isis
Description 

This command configures the maximum number of routes (prefixes) that can be exported into IS-IS from the route table for the VPRN instance.

The no form of this command removes the parameters from the configuration.

Default 

no export-limit - The export limit for routes or prefixes is disabled.

Parameters 
number—
Specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table.
Values—
1 to 4294967295

 

log percentage
Specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent.
Values—
1 to 100

 

graceful-restart

Syntax 
[no] graceful-restart
Context 
config>service>vprn>isis
Description 

This command enables IS-IS graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve IS-IS forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal IS-IS operation. If the grace period expires, then the restarting router is presumed inactive and the IS-IS topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the IS-IS instance.

Default 

no graceful-restart

helper-disable

Syntax 
[no] helper-disable
Context 
config>service>vprn>isis>graceful-restart
Description 

This command disables helper support for IS-IS graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (meaning that the router is helping a neighbor to restart), a restarting router, or both. The router only supports helper mode. It will not act as a restarting router, because the high availability feature set already preserves IS-IS forwarding information such that this functionality is not needed. This command is a historical command and should not be disabled. Configuring helper-disable has the effect of disabling graceful restart, because the router only supports helper mode.

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default 

no helper-disable

hello-authentication

Syntax 
[no] hello-authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>if
config>service>vprn>isis>level
Description 

This command enables authentication of individual IS-IS Hello packets for the VPRN instance.

The no form of this command suppresses authentication of Hello packets.

hello-padding

Syntax 
hello-padding {none | adaptive | loose | strict}
no hello-padding
Context 
config>service>vprn>isis
config>service>vprn>isis>level
config>service>vprn>isis>if
config>service>vprn>isis>if>level
Description 

This command enables the IS-IS Hello (IIH) message padding to ensure that IS-IS LSPs can traverse the link. When this option is enabled, IS-IS Hello messages are padded to the maximum LSP MTU value, which can be set with the lsp-mtu-size command.

The no form of this command disables IS-IS Hello message padding at this level. However, the router may still perform hello padding if it was set at a higher level in the configuration. To ensure that Hello message padding is disabled, set all levels of configuration to no hello-padding.

Default 

no hello-padding

Parameters 
adaptive—
Specifies the adaptive padding option; this option is able to detect MTU asymmetry from one side of the connection but uses more overhead than loose padding.
  1. point-to-point interface—Hello PDUs are padded until the sender declares an adjacency on the link to be in the state up. If the implementation supports RFC 3373/5303, Three-Way Handshake for IS-IS Point-to-Point Adjacencies, then this is when the three-way state is up. If the implementation uses the “classic” algorithm described in ISO 10589, this is when the adjacency state is up. If the neighbor does not support the adjacency state TLV, then padding continues.
  2. broadcast interface—Padding starts until at least one adjacency is up on the interface.
loose—
Specifies the loose padding option; the loose padding may not be able to detect certain conditions such as asymmetrical MTUs between the routing devices.
  1. point-to-point interface—the Hello packet is padded from the initial detection of a new neighbor until the adjacency transitions to the INIT state
  2. broadcast interface—padding starts until at least one adjacency (broadcast only has up/down) is up on the interface
none—
Specifies that the Hello message padding is not enabled at this level, even if it is configured at one of the parent levels.
strict—
Specifies the strict padding option.
  1. point-to-point interface—padding is done for all adjacency states, and is continuous. Strict padding has the most overhead but detects MTU issues on both sides of a link
  2. broadcast interface—padding is done for all adjacency states, and is continuous. Strict padding has the most overhead but detects MTU issues on both sides of a link

ignore-lsp-errors

Syntax 
[no] ignore-lsp-errors
Context 
config>service>vprn>isis
Description 

This command specifies that for this VPRN instance, ISIS will ignore LSP packets with errors. When enabled, IS-IS LSP errors will be ignored and the associated record will not be purged.

This command enables ISIS to ignore the ATT bit and therefore suppress the installation of default routes.

The no form of this command specifies that ISIS will not ignore LSP errors.

ignore-narrow-metric

Syntax 
[no] ignore-narrow-metric
Context 
config>service>vprn>isis
Description 

This command specifies that IS-IS ignores links with narrow metrics when wide-metrics support has been enabled.

The no form of this command specifies that IS-IS does not ignore these links.

iid-tlv-enable

Syntax 
[no] iid-tlv-enable
Context 
config>service>vprn>isis
Description 

This command enables IS-IS multi-instance (MI) as described in draft-ietf-isis-mi-02. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs.

The iid-tlv-enable (based on draft-ietf-isis-mi-02) and standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) commands cannot be configured in the same instance, because the MAC addresses and PDUs in each standard are incompatible.

Default 

no iid-tlv-enable

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>isis
Description 

This command creates the context to configure an IS-IS interface.

When an area is defined, the interfaces belong to that area. Interfaces cannot belong to separate areas.

When the interface is a POS channel, the OSINCP is enabled when the interface is created and removed when the interface is deleted.

The no form of this command removes IS-IS from the interface.

The shutdown command in the config>router>isis>if context administratively disables IS-IS on the interface without affecting the IS-IS configuration.

Default 

no interface — No IS-IS interfaces are defined.

Parameters 
ip-int-name—
Identify the IP interface name created in the config>router>if context. The IP interface name must already exist.

bfd-enable

Syntax 
[no] bfd-enable {ipv4 | ipv6} [include-bfd-tlv]
Context 
config>service>vprn>isis>if
Description 

This command enables the use of bi-directional forwarding (BFD) to control IPv4 adjacencies. By enabling BFD on an IPv4 or IPv6 protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set by the BFD command under the IP interface. This command must be given separately to enable/disable BFD for both IPv4 and IPv6.

The no form of this command removes BFD from the associated adjacency.

Default 

no bfd-enable ipv4

no bfd-enable ipv6

csnp-interval

Syntax 
csnp-interval seconds
no csnp-interval
Context 
config>service>vprn>isis>if
Description 

This command configures the time interval, in seconds, to send complete sequence number (CSN) PDUs from the interface. IS-IS must send CSN PDUs periodically.

The no form of this command reverts to the default value.

Default 

csnp-interval 10 — CSN PDUs are sent every 10 seconds for LAN interfaces.

csnp-interval 5 — CSN PDUs are sent every 5 seconds for point-to-point interfaces.

Parameters 
seconds—
The time interval, in seconds between successive CSN PDUs sent from this interface expressed as a decimal integer.
Values—
1 to 65535

 

default-instance

Syntax 
[no] default-instance
Context 
config>service>vprn>isis>if
Description 

This command enables a non-MI capable router to establish an adjacency and operate with an SR OS in a non-zero instance. If the router does not receive IID-TLVs, it will establish an adjacency in a single instance. Instead of establishing an adjacency in the standard instance 0, the router will establish an adjacency in the configured non-zero instance. The router will then operate in the configured non-zero instance so that it appears to be in the standard instance 0 to its neighbor. This feature is supported on point-to-point interfaces, broadcast interfaces are not supported.

The no form of this command disables the functionality so that the router can only establish adjacencies in the standard instance 0.

Default 

no default-instance

hello-auth-keychain

Syntax 
hello-auth-keychain name
Context 
config>service>vprn>isis>if
config>service>vprn>isis>if>level
Description 

This command configures an authentication keychain to use for the protocol interface. The keychain allows the rollover of authentication keys during the lifetime of a session.

Default 

no hello-auth-keychain

Parameters 
name —
Specifies the name of the keychain, up to 32 characters, to use for the specified protocol session or sessions.

hello-authentication-key

Syntax 
hello-authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no hello-authentication-key
Context 
config>service>vprn>isis>if
config>service>vprn>isis>if>level
Description 

This command configures the authentication key (password) for hello PDUs. Neighboring routers use the password to verify the authenticity of hello PDUs sent from this interface. Both the hello authentication key and the hello authentication type on a segment must match. The hello-authentication-type must be specified.

To configure the hello authentication key in the interface context use the hello-authentication-key in the config>router>isis>if context.

To configure or override the hello authentication key for a specific level, configure the hello-authentication-key in the config>router>isis>if>level context.

If both IS-IS and hello-authentication are configured, Hello messages are validated using hello authentication. If only IS-IS authentication is configured, it will be used to authenticate all IS-IS (including hello) protocol PDUs.

When the hello authentication key is configured in the config>router>isis>if context, it applies to all levels configured for the interface.

The no form of this command removes the authentication-key from the configuration.

Default 

no hello-authentication-key — No hello authentication key is configured.

Parameters 
authentication-key—
The hello authentication key (password). The key can be any combination of ASCII characters up to 254 characters in length (un-encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 342 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

hello-authentication-type

Syntax 
hello-authentication-type {password | message-digest}
no hello-authentication-type
Context 
config>service>vprn>isis>if
config>service>vprn>isis>if>level
Description 

This command enables hello authentication at either the interface or level context. Both the hello authentication key and the hello authentication type on a segment must match. The hello authentication-key statement must also be included.

To configure the hello authentication type at the interface context, use hello-authentication-type in the config>router>isis>if context.

To configure or override the hello authentication setting for a given level, configure the hello-authentication-type in the config>router>isis>if>level context.

The no form of this command disables hello authentication.

Default 

no hello-authentication-type — hello authentication is disabled

Parameters 
password—
Specifies simple password (plain text) authentication is required.
message-digest—
Specifies MD5 authentication in accordance with RFC2104 (HMAC: Keyed-Hashing for Message Authentication) is required.

interface-type

Syntax 
interface-type {broadcast | point-to-point}
no interface-type
Context 
config>service>vprn>isis>if
Description 

This command configures the IS-IS interface type as either broadcast or point-to-point.

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the designated IS-IS overhead if the link is used as a point-to-point.

If the interface type is not known at the time the interface is added to IS-IS and subsequently the IP interface is bound (or moved) to a different interface type, then this command must be entered manually.

The no form of this command reverts to the default value.

Default 

point-to-point — For IP interfaces on SONET channels.

broadcast — For IP interfaces on Ethernet or unknown type physical interfaces.

Special Cases 
SONET—
Interfaces on SONET channels default to the point-to-point type.
Ethernet or Unknown—
Physical interfaces that are Ethernet or unknown default to the broadcast type.
Parameters 
broadcast—
Configures the interface to maintain this link as a broadcast network.
point-to-point—
Configures the interface to maintain this link as a point-to-point link.

ipv4-multicast-disable

Syntax 
[no] ipv4-multicast-disable
Context 
config>service>vprn>isis>if
Description 

This command administratively disables/enables ISIS operation for IPv4.

Default 

no ipv4-multicast-disable

ipv6-unicast-disable

Syntax 
[no] ipv6-unicast-disable
Context 
config>router>isis>if
config>service>vprn>isis>if
Description 

This command disables IS-IS IPv6 unicast routing for the interface.

By default IPv6 unicast on all interfaces is enabled. However, IPv6 unicast routing on IS-IS is in effect when the config>router>isis>ipv6-routing mt command is configured.

The no form of this command enables IS-IS IPv6 unicast routing for the interface.

hello-interval

Syntax 
hello-interval seconds
no hello-interval
Context 
config>router>isis>if>level
config>service>vprn>isis>if>level
Description 

This command configures the interval in seconds between Hello messages sent on the interface at this level.

Note:

The neighbor hold-time is (hello multiplier * hello interval) on point-to-point interfaces, and (hello multiplier * hello interval / 3) on broadcast interfaces. Hello values can be adjusted for faster convergence, but the hold-time should always be > 3 to reduce routing instability.

The no form of this command to reverts to the default value.

Default 

hello-interval 9

Parameters 
seconds—
The hello interval in seconds expressed as a decimal integer.
Values—
1 to 20000

 

hello-multiplier

Syntax 
hello-multiplier multiplier
no hello-multiplier
Context 
config>router>isis>if>level level-number
config>service>vprn>isis>if>level
Description 

This command configures the number of missing hello messages from a neighbor before the router declares the adjacency down.

Note:

The neighbor hold-time is (hello multiplier * hello interval) on point-to-point interfaces, and (hello multiplier * hello interval / 3) on broadcast interfaces. Hello values can be adjusted for faster convergence, but the hold-time should always be > 3 to reduce routing instability.

The no form of this command reverts to the default value.

Default 

hello-multiplier 3

Parameters 
multiplier—
The multiplier for the hello interval expressed as a decimal integer.
Values—
2 to 100

 

ipv4-multicast-metric

Syntax 
ipv4-multicast-metric metric
no ipv4-multicast-metric
Context 
config>service>vprn>isis>if>level
Description 

This command configures IS-IS interface metric for IPv4 multicast for the VPRN instance.

The no form of this command removes the metric from the configuration.

Parameters 
metric—
Specifies the IS-IS interface metric for IPv4 multicast.
Values—
1 to 16777215

 

ipv6-unicast-metric

Syntax 
ipv6-unicast-metric metric
no ipv6-unicast-metric
Context 
config>service>vprn>isis>if>level
Description 

This command configures IS-IS interface metric for IPv6 unicast.

The no form of this command removes the metric from the configuration.

Parameters 
metric—
Specifies the IS-IS interface metric for IPv6 unicast.
Values—
1 to 16777215

 

metric

Syntax 
metric metric
no metric
Context 
config>service>vprn>isis>if>level
Description 

This command configures the metric used for the level on the interface.

In order to calculate the lowest cost to reach a given destination, each configured level on each interface must have a cost. The costs for each level on an interface may be different.

If the metric is not configured, the default of 10 is used unless reference bandwidth is configured.

The no form of this command reverts to the default value.

Default 

no metric

Parameters 
metric—
The metric assigned for this level on this interface.
Values—
1 to 16777215

 

Default—
10

passive

Syntax 
[no] passive
Context 
config>service>vprn>isis>if
config>service>vprn>isis>if>level
Description 

This command adds the passive attribute which causes the interface to be advertised as an IS-IS interface without running the IS-IS protocol. Normally, only interface addresses that are configured for IS-IS are advertised as IS-IS interfaces at the level that they are configured.

When the passive mode is enabled, the interface or the interface at the level ignores ingress IS-IS protocol PDUs and will not transmit IS-IS protocol PDUs.

The no form of this command removes the passive attribute.

Default 

passive (service interfaces defined using the service-prefix command in config>router)

no passive (all other interfaces)

priority

Syntax 
priority number
no priority
Context 
config>service>vprn>isis>if>level
Description 

This command configures the priority of the IS-IS router interface for designated router election on a multi-access network.

This priority is included in hello PDUs transmitted by the interface on a multi-access network. The router with the highest priority is the preferred designated router. The designated router is responsible for sending LSPs with regard to this network and the routers that are attached to it.

The no form of this command reverts to the default value.

Default 

priority 64

Parameters 
number—
Specifies the priority for this interface at this level.
Values—
0 to 127

 

sd-offset

Syntax 
sd-offset offset-value
no sd-offset
Context 
config>service>vprn>isis>if>level
Description 

If the pre-FEC error rate of the associated DWDM port crosses the configured sd-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sd-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default 

no sd-offset

Parameters 
offset-value—
Specifies the amount the interface metric is increased by if the sd-threshold is crossed.
Values—
0 to 16777215

 

sf-offset

Syntax 
sf-offset offset-value
no sf-offset
Context 
config>service>vprn>isis>if>level
Description 

If the pre-FEC error rate of the associated DWDM port crosses the configured sf-threshold, this offset-value is added to the IS-IS interface metric. This parameter is only effective if the interface is associated with a DWDM port and the sf-threshold value is configured under that port.

The no form of this command reverts the offset value to 0.

Default 

no sf-offset

Parameters 
offset-value—
Specifies the amount the interface metric is increased by if the sf-threshold is crossed.
Values—
0 to 16777215

 

lfa-policy-map

Syntax 
lfa-policy-map route-nh-template template-name
no lfa-policy-map
Context 
config>service>vprn>isis>if
Description 

This command applies a route next-hop policy template to the IS-IS interface for the VPRN instance.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it will result in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Parameters 
template-name—
Specifies the name of the template, up to 32 characters.

load-balancing-weight

Syntax 
load-balancing-weight [weight]
no load-balancing-weight
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the weighted ECMP load-balancing weight for an IS-IS, OSPF, and OSPF3 interface. If the interface becomes an ECMP next hop for an IPv4 or IPv6 route, and all the other ECMP next hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the weights. This means that the interface with the largest load-balancing weight receives the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface which effectively disables weighted ECMP for any IP prefix that has this interface as a next hop.

Default 

no load-balancing-weight

Parameters 
weight—
Specifies the load balancing weight.
Values—
1 to 4294967295

 

loopfree-alternate-exclude

Syntax 
[no] loopfree-alternate-exclude
Context 
config>service>vprn>isis>if
config>service>vprn>isis>level
Description 

This command instructs IGP to not include a specific interface or all interfaces participating in a specific IS-IS level or OSPF area in the SPF LFA computation. This provides a way of reducing the LFA SPF calculation where it is not needed.

When an interface is excluded from the LFA SPF in IS-IS, it is excluded in both level 1 and level 2. When it is excluded from the LFA SPF in OSPF, it is excluded in all areas. However, the above OSPF command can only be executed under the area in which the specified interface is primary and once enabled, the interface is excluded in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

The no form of this command re-instates the default value for this command.

Default 

no loopfree-alternate-exclude

load-balancing-weight

Syntax 
load-balancing-weight weight
no load-balancing-weight
Context 
config>service>vprn>isis>if
Description 

This command configures the weighted ECMP load-balancing weight for an IS-IS interface of the VPRN. If the interface becomes an ECMP next-hop for IPv4 or IPv6 route and all the other ECMP next-hops are interfaces with configured (non-zero) load-balancing weights, then the traffic distribution over the ECMP interfaces is proportional to the weights. In other words, the interface with the largest load-balancing-weight should receive the most forwarded traffic if weighted ECMP is applicable.

The no form of this command disables weighted ECMP for the interface and, therefore, effectively disables weighted ECMP for any IP prefix that has this interface as a next-hop.

Default 

no load-balancing-weight

Parameters 
weight—
Specifies the load balancing weight.
Values—
0 to 4294967295

 

lsp-pacing-interval

Syntax 
lsp-pacing-interval milliseconds
no lsp-pacing-interval
Context 
config>service>vprn>isis>if
Description 

This command configures the interval at which LSPs are sent from the interface.To avoid overwhelming neighbors that have less CPU processing power with LSPs, the pacing interval can be configured to limit how many LSPs are sent at the interval. LSPs are sent in bursts at the interval up to the configured limit. If a value of 0 is configured, no LSPs are sent from the interface.

The no form of this command reverts to the default value.

Note:

The IS-IS pacing interval is 100 milliseconds for values < 100 milliseconds, and 1 second for values ≥ 100 milliseconds. For example, a pacing interval of 2 milliseconds means that a maximum of 50 LSPs are sent in a burst at 100 millisecond intervals. The default pacing interval of 100 milliseconds means that a maximum of 10 LSPs are sent in a burst at 1 second intervals.

Default 

lsp-pacing-interval 100 — the pacing interval is 100 milliseconds.

Parameters 
milliseconds—
Specifies the pacing interval in milliseconds at which IS-IS LSPs are sent from the interface at each interval expressed as a decimal integer.
Values—
0 to 65535

 

mesh-group

Syntax 
mesh-group {value | blocked}
no mesh-group
Context 
config>service>vprn>isis>if
Description 

This command assigns an interface to a mesh group. Mesh groups limit the amount of flooding that occurs when a new or changed LSP is advertised throughout an area.

All routers in a mesh group should be fully meshed. When LSPs need to be flooded, only a single copy is received rather than a copy per neighbor.

To create a mesh group, configure the same mesh group value for each interface that is part of the mesh group. All routers must have the same mesh group value configured for all interfaces that are part of the mesh group.

To prevent an interface from flooding LSPs, the optional blocked parameter can be specified. Configure mesh groups carefully. It is easy to create isolated islands that do not receive updates as (other) links fail.

The no form of this command removes the interface from the mesh group.

Default 

no mesh-group — The interface does not belong to a mesh group.

Parameters 
value—
Specifies a unique decimal integer value distinguishes this mesh group from other mesh groups on this or any other router that is part of this mesh group.
Values—
1 to 2000000000

 

blocked—
Prevents an interface from flooding LSPs.

retransmit-interval

Syntax 
retransmit-interval seconds
no retransmit-interval
Context 
config>service>vprn>isis>if
Description 

This command configures the minimum time between LSP PDU retransmissions on a point-to-point interface.

The no form of this command reverts to the default value.

Default 

retransmit-interval 5

Parameters 
seconds—
Specifies the interval in seconds that IS-IS LSPs can be sent on the interface

1 to 65535.

tag

Syntax 
tag tag
no tag
Context 
config>service>vprn>isis>if
Description 

This command configures a route tag to the specified IP address of an interface.

Parameters 
tag—
Specifies the tag value.
Values—
1 to 4294967295

 

ipv4-multicast-routing

Syntax 
ipv4-multicast-routing {native | mt}
[no] ipv4-multicast-routing
Context 
config>service>vprn>isis
Description 

The multicast RTM is used for Reverse Path Forwarding checks. This command controls which IS-IS topology is used to populate the IPv4 multicast RTM.

The no ipv4-multicast-routing form of this command results in none of the IS-IS routes being populated in the IPv4 multicast RTM and would be used if multicast is configured to use the unicast RTM for the RPF check.

Default 

ipv4-multicast-routing native

Parameters 
native—
Causes IPv4 routes from the MT0 topology to be added to the multicast RTM for RPF checks.
mt—
Causes IPv4 routes from the MT3 topology to be added to the multicast RTM for RPF checks.

ipv4-routing

Syntax 
[no] ipv4-routing
Context 
config>service>vprn>isis
Description 

This command specifies whether this IS-IS instance supports IPv4.

The no form of this command disables IPv4 on the IS-IS instance.

Default 

ipv4-routing

ipv6-routing

Syntax 
[no] ipv6-routing {native | mt}
Context 
config>service>vprn>isis
Description 

This command enables IPv6 routing.

The no form of this command disables support for IS-IS IPv6 TLVs for IPv6 routing.

Default 

no ipv6-routing

Parameters 
native—
Enables IS-IS IPv6 TLVs for IPv6 routing and enables support for native IPv6 TLVs.
mt—
Enables IS-IS multi-topology TLVs for IPv6 routing. When this parameter is specified, the support for native IPv6 TLVs is disabled.

level

Syntax 
level level-number
Context 
config>service>vprn>isis>
config>service>vprn>isis>if
config>service>vprn>isis>link-group
Description 

This command creates the context to configure IS-IS Level 1 or Level 2 area attributes.

A router can be configured as a Level 1, Level 2, or Level 1-2 system. A Level 1 adjacency can be established if there is at least one area address shared by this router and a neighbor. A Level 2 adjacency cannot be established over this interface.

Level 1/2 adjacency is created if the neighbor is also configured as Level 1/2 router and has at least one area address in common. A Level 2 adjacency is established if there are no common area IDs.

A Level 2 adjacency is established if another router is configured as Level 2 or a Level 1/2 router with interfaces configured as Level 1/2 or Level 2. Level 1 adjacencies are not established over this interface.

To reset global and/or interface level parameters to the default, the following commands must be entered independently:

level> no hello-authentication-key level> no hello-authentication-type level> no hello-interval level> no hello-multiplier level> no metric level> no passive level> no priority

Default 

level 1 or level 2

Special Cases 
Global IS-IS Level—
The config>router>isis context configures default global parameters for both Level 1 and Level 2 interfaces.
IS-IS Interface Level—
The config>router>isis>if context configures IS-IS operational characteristics of the interface at Level 1 and/or Level 2. A logical interface can be configured on one Level 1 and one Level 2. In this case, each level can be configured independently and parameters must be removed independently.

By default an interface operates in both Level 1 and Level 2 modes.

Parameters 
level-number—
The IS-IS level number.
Values—
1, 2

 

default-ipv4-multicast-metric

Syntax 
default-ipv4-multicast-metric metric
no default-ipv4-multicast-metric
Context 
config>service>vprn>isis>level
Description 

This command configures the default metric to be used for the IS-IS interface in the IPv4 multicast topology (MT3).

The no form of this command deletes the specified default metric and reverts to using the system default of 10.

Default 

default0-ipv4-multicast-metric 10

Parameters 
metric—
Specifies the default metric for interfaces in the IPv4 multicast topology (MT3).
Values—
1 to 16777215

 

default-ipv6-multicast-metric

Syntax 
default-ipv6-multicast-metric metric
no default-ipv6-multicast-metric
Context 
config>service>vprn>isis>level
Description 

This command configures the default metric to be used for the IS-IS interface in the IPv6 multicast topology (MT4).

The no form of this command deletes the specified default metric and reverts to using the system default of 10.

Default 

default-ipv6-multicast-metric 10

Parameters 
metric—
Specifies the default metric for interfaces in the IPv4 multicast topology (MT4).

1 to 16777215

default-ipv6-unicast-metric

Syntax 
default-ipv6-unicast-metric ipv6 metric
no default-ipv6-unicast-metric
Context 
config>service>vprn>isis>level
Description 

This command specifies the default metric for IPv6 unicast.

Default 

default-ipv6-unicast-metric 10

Parameters 
ipv6-metric—
Specifies the default metric for IPv6 unicast.
Values—
1 to 16777215

 

default-metric

Syntax 
default-metric ipv4 metric
no default-metric
Context 
config>service>vprn>isis>level
Description 

This command specifies the configurable default metric used for all IS-IS interfaces on this level. This value is not used if a metric is configured for an interface.

Default 

default-metric 10

Parameters 
ipv4 metric—
Specifies the default metric for IPv4 unicast.
Values—
1 to 16777214

 

external-preference

Syntax 
external-preference preference
no external-preference
Context 
config>service>vprn>isis>level
Description 

This command configures the external route preference for the IS-IS level.

The external-preference command configures the preference level of either IS-IS level 1 or IS-IS level 2 external routes. By default, the preferences are as listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference decides the route to use.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is dependent on the default preference table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of the route to use is determined by the configuration of the ecmp in the config>router context.

Default 

Default preferences are listed in Table 42.

Table 42:  Default Preferences 

Route Type

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

MPLS

7

OSPF internal routes

10

No

IS-IS Level 1 internal

15

Yes 1

IS-IS Level 2 internal

18

Yes 1

OSPF external

150

Yes

IS-IS Level 1 external

160

Yes

IS-IS Level 2 external

165

Yes

BGP

170

Yes

BGP

170

Yes

    Note:

  1. Internal preferences are changed using the preference command in the config>router>isis>level level-number context.
Parameters 
preference—
The preference for external routes at this level as expressed.
Values—
1 to 255

 

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>isis>level
Description 

This command configures the preference level of either IS-IS Level 1 or IS-IS Level 2 internal routes. By default, the preferences are listed in the table below.

A route can be learned by the router by different protocols, in which case, the costs are not comparable. When this occurs, the preference is used to decide to which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the table below. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used. If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision what route to use is determined by the configuration of the ecmp in the config>router context.

Default 

Default preferences are listed in Table 43

Table 43:  Default Preferences 

Route Type

Preference

Configurable

Direct attached

0

No

Static route

5

Yes

MPLS

7

OSPF internal routes

10

No

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes 1

IS-IS level 2 external

165

Yes 1

BGP

170

Yes

    Note:

  1. External preferences are changed using the external-preference command in the config>router>isis>level level-number context.
Parameters 
preference—
The preference for external routes at this level expressed as a decimal integer.
Values—
1 to 255

 

wide-metrics-only

Syntax 
[no] wide-metrics-only
Context 
config>service>vprn>isis>level
Description 

This command enables the exclusive use of wide metrics in the LSPs for the level number. Narrow metrics can have values between 1 and 63. IS-IS can generate two TLVs, one for the adjacency and one for the IP prefix. In order to support traffic engineering, wider metrics are required. When wide metrics are used, a second pair of TLVs are added, again, one for the adjacency and one for the IP prefix.

By default, both sets of TLVs are generated. When wide-metrics-only is configured, IS-IS only generates the pair of TLVs with wide metrics for that level.

The no form of this command reverts to the default value.

level-capability

Syntax 
level-capability {level-1 | level-2 | level-1/2}
no level-capability
Context 
config>service>vprn>isis
config>service>vprn>isis>if
Description 

This command configures the routing level for an instance of the IS-IS routing process.

An IS-IS router and an IS-IS interface can operate at Level 1, Level 2 or both Level 1 and 2.

Table 44 displays configuration combinations and the potential adjacencies that can be formed.

Table 44:  Potential Adjacency Capabilities  

Global Level

Interface Level

Potential Adjacency

L 1/2

L 1/2

Level 1 and/or Level 2

L 1/2

L 1

Level 1 only

L 1/2

L 2

Level 2 only

L 2

L 1/2

Level 2 only

L 2

L 2

Level 2 only

L 2

L 1

none

L 1

L 1/2

Level 1 only

L 1

L 2

none

L 1

L 1

Level 1 only

The no form of this command removes the level capability from the configuration.

Default 

level-capability level-1/2

Special Cases 
IS-IS Router—
In the config>router>isis context, changing the level-capability performs a restart on the IS-IS protocol instance.
IS-IS Interface—
In the config>router>isis>if context, changing the level-capability performs a restart of IS-IS on the interface.
Parameters 
level-1—
Specifies the router/interface can operate at Level 1 only.
level-2—
Specifies the router/interface can operate at Level 2 only.
level-1/2—
Specifies the router/interface can operate at both Level 1 and Level 2.

link-group

Syntax 
[no] link-group link-group-name
Context 
config>service>vprn>isis
Description 

This command configures a link-group for the router or VPRN instance.

The no form of this command removes the specified link-group.

Parameters 
link-group-name—
Name of the link-group to be added or removed from the router or VPRN service.

description

Syntax 
description description-string
no description
Context 
config>service>vprn>isis>link-group
Description 

This command adds a description string to the associated link-group. If the command is issued in the context of a link-group that already contains a description then the previous description string is replaced.

The no form of this command removes the description from the associated link-group.

Default 

no description

Parameters 
string—
Specifies a character string, up to 256 characters, to be associated with the associated link-group.

ipv4-multicast-metric-offset

Syntax 
ipv4-multicast-metric-offset offset-value
no ipv4-multicast-metric-offset
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the offset value for the IPv4 multicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv4 multicast topology

The no form of this command reverts the offset value to 0.

Default 

no ipv4-multicast-metric-offset

Parameters 
offset-value—
Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.
Values—
0 to 6777215

 

ipv4-unicast-metric-offset

Syntax 
ipv4-unicast-metric-offset offset-value
no ipv4-unicast-metric-offset
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the offset value for the IPv4 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric.

The no form of this command reverts the offset value to 0.

Default 

no ipv4-unicast-metric-offset

Parameters 
offset-value—
Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.
Values—
0 to 6777215

 

ipv6-unicast-metric-offset

Syntax 
ipv6-unicast-metric-offset offset-value
no ipv6-unicast-metric-offset
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the offset value for the IPv6 unicast address family. If the number of operational links drops below the oper-members threshold, the configured offset is applied to the interface metric for the IPv6 topology.

The no form of this command reverts the offset value to 0.

Default 

no ipv6-unicast-metric-offset

Parameters 
offset-value—
Specifies the amount the interface metric for the associated address family is to be increased if the number of operational members in the associated link-group drops below the oper-members threshold.
Values—
0 to 6777215

 

member

Syntax 
[no] member interface-name
Context 
config>service>vprn>isis>link-group>level
Description 

This command adds or removes a links to the associated link-group. The interface name should already exist before it is added to a link-group.

The no form of this command removes the specified interface from the associated link-group.

Parameters 
interface-name—
Specifies the name of the interface to be added or removed from the associated link-group.

oper-members

Syntax 
oper-members oper-members
no oper-members
Context 
config>service>vprn>isis>link-group>level
Description 

This command sets the threshold for the minimum number of operational links for the associated link-group. If the number of operational links drops below this threshold, the configured offsets are applied. For example, oper-members=3. The metric of the member interfaces is increased when the number of interfaces is lower than 3.

The no form of this command reverts the oper-members limit to 1.

Default 

no oper-members

Parameters 
oper-members—
Specifies the number of operational members.
Values—
0 to 8

 

revert-members

Syntax 
revert-members revert-members
no revert-members
Context 
config>router>isis>link-group
config>service>vprn>isis>link-group>level
Description 

This command sets the threshold for the minimum number of operational links to return the associated link-group to its normal operating state and remove the associated offsets to the IS-IS metrics. If the number of operational links is equal to or greater than the configured revert-member threshold then the configured offsets are removed.

The no form of this command reverts the revert-members threshold back to the default which is equal to the oper-member threshold value.

Parameters 
revert-members—
Specifies the number of revert members.
Values—
0 to 8

 

loopfree-alternates

Syntax 
[no] loopfree-alternates
Context 
config>service>vprn>isis
Description 

This command enables Loop-Free Alternate (LFA) computation by SPF under the IS-IS routing protocol level or under the OSPF routing protocol instance level.

When this command is enabled, it instructs the IGP SPF to attempt to pre-compute both a primary next-hop and an LFA next-hop for every learned prefix. When found, the LFA next-hop is populated into the routing table along with the primary next-hop for the prefix.

The no form of this command disables the LFA computation by IGP SPF.

Default 

no loopfree-alternates

exclude

Syntax 
exclude
Context 
config>service>vprn>isis>loopfree-alternates
Description 

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.

Note:

Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action of the exclude command, when not explicitly specified by the user in the prefix policy, is a “reject”. Thus, regardless if the user did or did not explicitly add the statement “default-action reject” to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.

The no form of this command deletes the exclude prefix policy.

Default 

no exclude

prefix-policy

Syntax 
prefix-policy prefix-policy [prefix-policy]
no prefix-policy
Context 
config>service>vprn>isis>loopfree-alternates>exclude
Description 

This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this ISIS instance.

The no form of this command deletes the exclude prefix policy.

Default 

no prefix-policy

Parameters 
prefix-policy prefix-policy—
Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.

lsp-lifetime

Syntax 
lsp-lifetime seconds
no lsp-lifetime
Context 
config>service>vprn>isis
Description 

This command sets the time, in seconds, the router wants the LSPs it originates to be considered valid by other routers in the domain.

Each LSP received is maintained in an LSP database until the lsp-lifetime expires unless the originating router refreshes the LSP. By default, each router refreshes its LSPs every 20 minutes (1200 seconds) so other routers will not age out the LSP.

The LSP refresh timer is derived from this formula: lsp-lifetime/2

The no form of this command reverts to the default value.

Default 

lsp-lifetime 1200 — LSPs originated by the router should be valid for 1200 seconds (20 minutes).

Parameters 
seconds—
Specifies the time, in seconds, that the router wants the LSPs it originates to be considered valid by other routers in the domain.
Values—
350 to 65535

 

lsp-minimum-remaining-lifetime

Syntax 
lsp-minimum-remaining-lifetime seconds
no lsp-minimum-remaining-lifetime
Context 
config>service>vprn>isis
Description 

This command configures the minimum value to which the remaining lifetime of the LSP is set. The value is a counter that decrements, in seconds, starting from the value in the received LSP (if not self-originated) or from lsp-lifetime seconds (if self-originated). When the remaining lifetime becomes zero, the contents of the LSP is purged. The remaining lifetime of an LSP is not changed when there is no lsp-minimum-remaining-lifetime value configured.

The configured value must be greater than or equal to the lsp-lifetime value.

The no form of this command removes the seconds value from the configuration.

Default 

no lsp-minimum-remaining-lifetime

Parameters 
seconds—
Specifies the decrementing counter, in seconds. The configured value must be greater than or equal to the locally configured value of lsp-lifetime (MaxAge).
Values—
350 to 65535

 

lsp-mtu-size

Syntax 
lsp-mtu-size size
no lsp-mtu-size
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command configures the LSP MTU size. If the size value is changed from the default using CLI or SNMP, then ISIS must be restarted for the change to take effect. This can be done by performing a shutdown command and then a no shutdown command in the config>router>isis context.

Note:

Using the exec command to execute a configuration file to change the LSP MTU size from its default value will automatically restart IS-IS for the change to take effect.

The no form of this command reverts to the default value.

Default 

lsp-mtu-size 1492

Parameters 
size—
Specifies the LSP MTU size.
Values—
490 to 9778

 

lsp-refresh-interval

Syntax 
lsp-refresh-interval [seconds] [half-lifetime {enable | disable}]
no lsp-refresh-interval
Context 
config>service>vprn>isis
Description 

This command configures the IS-IS LSP refresh timer interval for the VPRN instance. When configuring the LSP refresh interval, the value that is specified for lsp-lifetime must also be considered. The LSP refresh interval cannot be greater than 90% of the LSP lifetime.

The no form of this command reverts to the default (600 seconds), unless this value is greater than 90% of the LSP lifetime. For example, if the LSP lifetime is 400, then the no lsp-refresh-interval command will be rejected.

Default 

lsp-refresh-interval 600 half-lifetime enable

Parameters 
seconds—
Specifies the refresh interval.
Values—
150 to 65535

 

half-lifetime—
Sets the refresh interval to always be half the lsp-lifetime value. When this parameter is set to enable, the configured refresh interval is ignored.
Values—
enable, disable

 

multi-topology

Syntax 
[no] multi-topology
Context 
config>service>vprn>isis
Description 

This command enables IS-IS multi-topology support.

Default 

no multi-topology

ipv4-multicast

Syntax 
[no] ipv4-multicast
Context 
config>service>vprn>isis>multi-topology
Description 

This command enables support for the IPv4 topology (MT3) within the associate IS-IS instance.

The no form of this command disables support for the IPv4 topology (MT3) within the associated IS-IS instance.

Default 

no ipv4-multicast

ipv6-unicast

Syntax 
[no] ipv6-unicast
Context 
config>service>vprn>isis>multi-topology
Description 

This command enables multi-topology TLVs.

The no form of this command disables multi-topology TLVs.

multicast-import

Syntax 
[no] multicast-import
Context 
config>service>vprn>isis
Description 

This command enables ISIS to submit routes into the multicast Route Table Manager (RTM).

The no form of this command disables the submission of routes into the multicast RTM.

Default 

no multicast-import

overload

Syntax 
overload [timeout seconds] [max-metric]
no overload
Context 
config>service>vprn>isis
Description 

This command administratively sets the IS-IS router to operate in the overload state for a specific time period, in seconds, or indefinitely.

During normal operation, the router may be forced to enter an overload state due to a lack of resources. When in the overload state, the router is only used if the destination is reachable by the router and will not be used for other transit traffic.

If a time period is specified, the overload state persists for the configured length of time. If no time is specified, the overload state operation is maintained indefinitely.

The overload command can be useful in circumstances where the router is overloaded or used prior to executing a shutdown command to divert traffic around the router.

The max-metric parameter can be set to advertise transit links with the maximum metric of 0xffffffe (wide metrics) or 0x3f (regular metrics), instead of setting the overload bit when placing the router in overload.

The no form of this command causes the router to exit the overload state.

Default 

no overload

Parameters 
seconds—
Specifies the time, in seconds, that this router must operate in overload state.
Values—
60 to 1800

 

Default—
infinity (overload state maintained indefinitely)
max-metric—
Set the maximum metric instead of overload.

overload-export-external

Syntax 
[no] overload-export-external
Context 
config>service>vprn>isis
Description 

This command enables external routes that are exported with an IS-IS export policy to continue to be advertised when the router is in overload.

The no form of this command causes external routes to be withdrawn when the router is in overload.

Default 

no overload-export-external

overload-export-interlevel

Syntax 
[no] overload-export-interlevel
Context 
config>service>vprn>isis
Description 

This command enables inter-level routes that are exported with an IS-IS export policy to continue to be advertised when the router is in overload.

The no form of this command causes inter-level routes to be withdrawn when the router is in overload.

Default 

no overload-export-interlevel

overload-on-boot

Syntax 
overload-on-boot [timeout seconds] [max-metric]
no overload-on-boot
Context 
config>service>vprn>isis
Description 

When the router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures the IGP upon bootup in the overload state until one of the following events occur:

  1. The timeout timer expires.
  2. A manual override of the current overload state is entered with the config>router>isis>no overload command.
    The no overload command does not affect the overload-on-boot function.

If no timeout is specified, IS-IS will go into overload indefinitely after a reboot. After the reboot, the IS-IS status will display a permanent overload state:

  1. L1 LSDB Overload : Manual on boot (Indefinitely in overload)
  2. L2 LSDB Overload : Manual on boot (Indefinitely in overload)

This state can be cleared with the config>router>isis>no overload command.

When specifying a timeout value, IS-IS will go into overload for the configured timeout after a reboot. After the reboot, the IS-IS status will display the remaining time the system stays in overload:

  1. L1 LSDB Overload : Manual on boot (Overload Time Left : 17)
  2. L2 LSDB Overload : Manual on boot (Overload Time Left : 17)

The overload state can be cleared before the timeout expires with the config>router>isis>no overload command.

The no form of this command removes the overload-on-boot functionality from the configuration.

Use the show router isis status command to display the administrative and operational state as well as all timers.

Default 

no overload-on-boot

Parameters 
timeout seconds
Configure the timeout timer for overload-on-boot in seconds.
Values—
60 to 1800

 

max-metric—
Set the maximum metric instead of overload.

poi-tlv-enable

Syntax 
poi-tlv-enable
no poi-tlv-enable
Context 
config>service>vprn>isis
Description 

Enable use of Purge Originator Identification (POI) TLV for this IS-IS instance. The POI is added to purges and contains the system ID of the router that generated the purge, which simplifies troubleshooting and determining what caused the purge.

The no form of this command removes the POI functionality from the configuration.

Default 

no poi-tlv-enable

prefix-attributes-tlv

Syntax 
[no] prefix-attributes-tlv
Context 
config>service>vprn>isis
Description 

This command enables IS-IS Prefix Attributes TLV support to exchange extended IPv4 and IPv6 reachability information. Extended reachability information is required for traffic engineering features using path computation element (PCE) or optimal route reflection.

The no form of this command removes the prefix-attributes-tlv configuration.

Default 

no prefix-attributes-tlv

psnp-authentication

Syntax 
[no] psnp-authentication
Context 
config>service>vprn>isis
config>service>vprn>isis>level
Description 

This command enables authentication of individual ISIS packets of partial sequence number PDU (PSNP) type.

The no form of this command suppresses authentication of PSNP packets.

prefix-limit

Syntax 
prefix-limit limit [log-only] [threshold percent] [overload-timeout {seconds | forever}]
no prefix-limit
Context 
config>service>vprn>isis
Description 

This command configures the maximum number of prefixes that IS-IS can learn, and use to protect the system from a router that has accidentally advertised a large number of prefixes. If the number of prefixes reaches the configured percentage of this limit, an SNMP trap is sent. If the limit is exceeded, IS-IS will go into overload.

The overload-timeout option controls the length of time that IS-IS is in the overload state when the prefix-limit is reached. The system automatically attempts to restart IS-IS at the end of this duration. If the overload-timeout forever option is used, IS-IS is not restarted automatically and stays in overload until the condition is manually cleared by the administrator. This is also the default behavior when the overload-timeout option is not configured.

The no form of this command removes the prefix-limit.

Default 

forever

Parameters 
log-only—
Enables a warning message to be sent at the specified threshold percentage and also when the limit is exceeded. However, overload is not set when this parameter is configured.
limit—
Specifies the number of prefixes that can be learned, expressed as a decimal integer.
Values—
1 to 4294967296

 

percent—
Specifies the threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 to 100

 

seconds
Specifies the time in minutes before IS-IS is restarted.
Values—
1 to 1800

 

forever—
Specifies that IS-IS should be restarted only after the execution of the clear router isis overload prefix-limit command.

reference-bandwidth

Syntax 
reference-bandwidth bandwidth-in-kbps
reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
no reference-bandwidth
Context 
config>service>vprn>isis
Description 

This command configures the reference bandwidth that provides the basis of bandwidth relative costing.

In order to calculate the lowest cost to reach a specific destination, each configured level on each interface must have a cost. If the reference bandwidth is defined, then the cost is calculated using the following formula:

cost = reference – bandwidth ÷ bandwidth

If the reference bandwidth is configured as 10 Gigabits (10,000,000,000), a 100 M/bps interface has a default metric of 100. In order for metrics in excess of 63 to be configured, wide metrics must be deployed. (See wide-metrics-only in the config>router>isis context.)

If the reference bandwidth is not configured, then all interfaces have a default metric of 10.

The no form of this command reverts to the default value.

Default 

no reference-bandwidth — No reference bandwidth is defined. All interfaces have a metric of 10.

Parameters 
Zetta-bps—
Specifies the reference bandwidth in zettabits per second, expressed as a decimal integer.
Values—
1 to 18

 

Exa-bps—
Specifies the reference bandwidth in exabits per second, expressed as a decimal integer.
Values—
1 to 999

 

Peta-bps—
Specifies the reference bandwidth in petabits per second, expressed as a decimal integer.
Values—
1 to 999

 

bandwidth-in-kbps—
Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.
Values—
1 to 18446744073709551615

 

Tera-bps—
Specifies the reference bandwidth in terabits per second, expressed as a decimal integer.
Values—
1 to 999

 

Giga-bps—
Specifies the reference bandwidth in gigabits per second, expressed as a decimal integer.
Values—
1 to 999

 

Mega-bps—
Specifies the reference bandwidth in megabits per second, expressed as a decimal integer.
Values—
1 to 999

 

Kilo-bps—
Specifies the reference bandwidth in kilobits per second, expressed as a decimal integer.
Values—
1 to 999

 

rib-priority

Syntax 
rib-priority high {prefix-list-name | tag tag}
no rib-priority
Context 
config>service>vprn>isis
Description 

This command enabled RIB prioritization for the IS-IS protocol and specifies the prefix list or IS-IS tag value that will be used to select the specific routes that should be processed through the IS-IS route calculation process at a higher priority.

The no form of this command disables RIB prioritization.

Default 

no rib-priority

Parameters 
prefix-list-name—
Specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process.
tag tag-value—
Specifies the tag value that is used to match IS-IS routes that are to be processed at a higher priority through the route calculation process.
Values—
1 to 4294967295

 

router-id

Syntax 
router-id ip-address
no router-id
Context 
config>service>vprn>isis
Description 

This command sets the router ID for a specific VPRN context.

If neither the router ID nor system interface are defined, the router ID from the base router context is inherited.

The no form of this command removes the router ID definition from the given VPRN context.

Default 

no router-id

Parameters 
ip-address—
The IP address must be given in dotted decimal notation.

standard-multi-instance

Syntax 
[no] standard-multi-instance
Context 
config>service>vprn>isis
Description 

This command enables IS-IS multi-instance (MI) as described in draft-ginsberg-isis-mi-bis-01. Multiple instances allow instance-specific adjacencies to be formed that support multiple network topologies on the same physical interfaces. Each instance has an LSDB, and each PDU contains a TLV identifying the instance and the topology to which the PDU belongs. A single topology is supported in each instance, so the instance-specific topology identifier (ITID) is set to 0 and cannot be changed.

The standard-multi-instance (based on draft-ginsberg-isis-mi-bis-01) and iid-tlv-enable (based on draft-ietf-isis-mi-02) commands cannot be configured in the same instance, because the MAC addresses and PDUs from the two standards are incompatible.

The no form of this command removes the standard-multi-instance configuration.

Default 

no standard-multi-instance

timers

Syntax 
[no] timers
Context 
config>service>vprn>isis
Description 

This command configures the IS-IS timer values.

Default 

n/a

lsp-wait

Syntax 
lsp-wait lsp-wait [lsp-initial-wait initial-wait] [lsp-second-wait second-wait]
Context 
config>service>vprn>isis>timers
Description 

This command is used to customize LSP generation throttling. Timers that determine when to generate the first, second, and subsequent LSPs can be controlled with this command. Subsequent LSPs are generated at increasing intervals of the second lsp-wait timer until a maximum value is reached.

Note:

The timer granularity is 10 ms if the value is < 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Parameters 
lsp-wait —
Specifies the maximum interval, in milliseconds, between two consecutive occurrences of an LSP being generated.
Values—
10 to 120000

 

Default—
5000
initial-wait —
Specifies the initial LSP generation delay, in milliseconds. Values less than 100 ms are internally rounded down to 0, so that there is no added initial LSP generation delay.
Values—
10 to 100000

 

Default—
10
second-wait —
Specifies the hold time, in milliseconds, between the first and second LSP generation.
Values—
10 to 100000

 

Default—
1000

spf-wait

Syntax 
spf-wait spf-wait [spf-initial-wait initial-wait] [spf-second-wait second-wait]
no spf-wait
Context 
config>service>vprn>isis>timers
Description 

This command defines the maximum interval, in milliseconds, between two consecutive SPF calculations. Timers that determine when to initiate the first, second and subsequent SPF calculations after a topology change occurs can be controlled with this command.

Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and the next SPF after that will run after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to the SPF initial-wait value.

Note:

The timer granularity is 100 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Parameters 
spf-wait —
Specifies the maximum interval, in milliseconds, between two consecutive SPF calculations.
Values—
10 to 120000

 

Default—
10000
initial-wait —
Specifies the initial SPF calculation delay, in milliseconds, after a topology change.
Values—
10 to 100000

 

Default—
1000
second-wait —
Specifies the hold time, in milliseconds, between the first and second SPF calculation.
Values—
10 to 100000

 

Default—
1000

strict-adjacency-check

Syntax 
[no] strict-adjacency-check
Context 
config>service>vprn>isis
Description 

This command enables strict checking of address families (IPv4 and IPv6) for IS-IS adjacencies. When enabled, adjacencies will not come up unless both routers have exactly the same address families configured. If there is an existing adjacency with unmatched address families, it will be torn down. This command is used to prevent black-holing traffic when IPv4 and IPv6 topologies are different. When disabled (no strict-adjacency-check) a BFD session failure for either IPv4 or Ipv6 will cause the routes for the other address family to be removed as well.

When disabled (no strict-adjacency-check), both routers only need to have one common address family to establish the adjacency.

Default 

no strict-adjacency-check

summary-address

Syntax 
summary-address {ip-prefix/mask | ip-prefix [netmask]} [level] [tag tag]
no summary-address {ip-prefix/mask | ip-prefix [netmask]}
Context 
config>service>vprn>isis
Description 

This command creates summary-addresses for the specified router or VPRN instance.

Parameters 
ip-prefix/mask—
Specifies information for the specified IP prefix and mask length.
Values—

ip-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

 

netmask—
The subnet mask in dotted decimal notation.
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

 

level—
Specifies IS-IS level area attributes. If no level parameter is specified, the default is level-1/2.
Values—
level-1, level-2, level-1/2

 

tag tag
Assigns a route tag to the summary address.
Values—
1 to 4294967295

 

system-id

Syntax 
system-id isis-system-id
no system-id
Context 
config>service>vprn>isis
Description 

This command configures the IS-IS system ID. The system ID has a fixed length of 6 octets; it is determined using the following preference:

  1. config>service>vprn>isis>system-id
  2. config>service>vprn>isis>router-id
  3. config>service>vprn>router-id
  4. config>service>vprn>if>address
  5. The default system ID 2550.0000.0000, based on the default router ID 255.0.0.0

The system ID is integral to IS-IS; therefore, for the system-id command to take effect, a shutdown and then no shutdown must be performed on the IS-IS instance. This will ensure that the configured and operational system ID are always the same.

The no form of this command removes the system ID from the configuration. The router ID is used when no system ID is specified.

Default 

no system-id

Parameters 
isis-system-id—
12 hexadecimal characters in dotted-quad notation.
Values—
aaaa.bbbb.cccc, where aaaa, bbbb, and cccc are hexadecimal numbers

 

ignore-attached-bit

Syntax 
ignore-attached-bit
no ignore-attached-bit
Context 
config>service>vprn>isis
Description 

This command configures IS-IS to ignore the attached bit on received Level 1 LSPs to disable installation of default routes.

suppress-attached-bit

Syntax 
[no] suppress-attached-bit
Context 
config>service>vprn>isis
Description 

This command configures IS-IS to suppress setting the attached bit on originated Level 1 LSPs to prevent all L1 routers in the area from installing a default route to it.

import

Syntax 
import policy-name [policy-name ... (up to 5 max)]
no import
Context 
config>service>vprn>isis
Description 

This command applies one or more (up to five) route polices as IS-IS import policies.

When a prefix received in an IS-IS LSP is accepted by an entry in an IS-IS import policy, it is installed in the routing table, if it is the most preferred route to the destination.

When a prefix received in an IS-IS LSP is rejected by an entry in an IS-IS import policy, it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination.

The flooding of LSPs is unaffected by IS-IS import policy actions.

The no form of this command removes all policies from the configuration.

Default 

no import

Parameters 
policy-name—
Identifies the export route policy name. Allowed values are any string up to 32 characters, composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. The specified name(s) must already be defined.

unicast-import-disable

Syntax 
[no] unicast-import-disable [ipv4]
[no] unicast-import-disable [ipv6]
[no] unicast-import-disable [both]
Context 
config>service>vprn>isis
Description 

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM. Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured.

Default 

no unicast-import-disable

Parameters 
ipv4—
Allows importation of IPv4 routes only.
ipv6—
Allows importation of IPv6 routes only.
both—
Allows importation of both IPv4 and IPv6 routes.

3.8.2.19. L2TP Commands

l2tp

Syntax 
[no] l2tp
Context 
config>service>vprn
Description 

This command enters the context to configure L2TP parameters. L2TP extends the PPP model by allowing Layer 2 and PPP endpoints to reside on different devices interconnected by a packet-switched network.

avp-hiding

Syntax 
avp-hiding sensitive | always
no avp-hiding
Context 
config>service>vprn>l2tp
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

The no form of this command returns the value to never allow AVP hiding.

Default 

no avp-hiding

Parameters 
avp-hiding—
Specifies the method to be used for the authentication of the tunnels in this L2TP group.
Values—
sensitive — AVP hiding is used only for sensitive information (such as username/password).
always — AVP hiding is always used.

 

calling-number-format

Syntax 
calling-number-format ascii-spec
no calling-number-format
Context 
config>service>vprn>l2tp
Description 

This command what string to put in the Calling Number AVP, for L2TP control messages related to a session in this L2TP protocol instance.

Parameters 
ascii-spec—
Specifies the L2TP calling number AVP.
Values—

ascii-spec

char-specification ascii-spec

char-specification

ascii-char | char-origin

ascii-char

a printable ASCII character

char-origin

%origin

origin

S | c | r | s | l

S

- system name, the value of TIMETRA-CHASSIS-MIB::tmnxChassisName

c

- Agent Circuit Id

r

- Agent Remote Id

s

- SAP ID, formatted as a character string

l

- Logical Line ID

 

challenge

Syntax 
challenge {always | never}
no challenge
Context 
config>service>vprn>l2tp
Description 

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default 

no challenge

Parameters 
always—
Specifies that challenge-response authentication is always used.
never—
Specifies that challenge-response authentication is never used.

cisco-nas-port

Syntax 
cisco-nas-port [ethernet binary-spec] [atm binary-spec]
no cisco-nas-port
Context 
config>service>vprn>l2tp
Description 

This command enables the AVP Cisco-nas-port to include the slot/mda/port along with the pseudowire port ID. If the pseudowire is terminated on a LAG, the slot/mda/port cannot be populated and only the pseudowire ID is included.

The no form of this command enables the AVP Cisco-nas-port.

Default 

no cisco-nas-port

Parameters 
binary-spec—
Specifies the NAS port attribute.
Values—

binary-spec

<bit-specification> <binary-spec>

bit-specification

0 | 1 | <bit-origin>

bit-origin

*<number-of-bits><origin>

number-of-bits

1 to 32

origin

s | m | p | o | i | v | c

s

slot number

m

MDA number

p

port number, lag-id, pw-id or pxc-id

o

outer VLAN ID

i

inner VLAN ID

v

ATM VPI

c

ATM VCI or PXC subport (subport a = 0, subport b = 1)

 

destruct-timeout

Syntax 
destruct-timeout destruct-timeout
no destruct-timeout
Context 
config>service>vprn>l2tp
Description 

This command configures the period of time that the data of a disconnected tunnel will persist before being removed.

The no form of this command removes the value from the configuration.

Default 

no destruct-timeout

Parameters 
destruct-timeout—
Specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active.
Values—
60 to 86400

 

eth-tunnel

Syntax 
eth-tunnel
Context 
config>service>vprn>l2tp
config>service>vprn>l2tp>group
Description 

This command enables the context to provision Ethernet tunnel client parameters.

reconnect-timeout

Syntax 
reconnect-timeout reconnect-timeout
no reconnect-timeout
Context 
config>service>vprn>l2tp>eth-tunnel
Description 

This command configures the number of seconds that the Ethernet tunnel client of L2TPv3 waits before attempting to re-establish a new session after a session setup fails or a session closes.

The no form of this command returns reconnect-timeout to an infinite timeout value, meaning that reconnection is not attempted by the local client.

Default 

no reconnect-timeout  (infinite timeout)

Parameters 
reconnect-timeout—
Specifies the timeout value for the next session setup retry.
Values—
10 to 3600

 

reconnect-timeout

Syntax 
reconnect-timeout reconnect-timeout
reconnect-timeout infinite
no reconnect-timeout
Context 
config>service>vprn>l2tp>group>eth-tunnel
Description 

This command configures the number of seconds that the Ethernet tunnel client of L2TPv3 waits before attempting to re-establish a new session after a session setup fails or a session closes.

The no form of this command returns reconnect-timeout to an infinite timeout value, meaning that reconnection is not attempted by the local client.

Default 

no reconnect-timeout  (infinite timeout)

Parameters 
reconnect-timeout—
Specifies the timeout value for the next session setup retry.
Values—
10 to 3600

 

infinite
Specifies the timeout value for the next session setup retry.

exclude-avps

Syntax 
exclude-avps [calling-number] [initial-rx-lcp-conf-req]
no exclude-avps
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP AVPs to exclude.

Parameters 
calling-number
Specifies to exclude the AVP calling-number.
initial-rx-lcp-conf-req
Specifies to exclude the AVP initial-rx-lcp-conf-req.

ipcp-subnet-negotiation

Syntax 
[no] ipcp-subnet-negotiation
Context 
config>service>vprn>l2tp>group>ppp
config>service>vprn>l2tp>group>tunnel>ppp
Description 

Enables IPCP negotiation for PPPoE hosts. If not enabled (default setting), the current behavior will apply even if subnet is allocated to the host. Enables IPCP negotiation for PPPoE hosts. If not enabled (default setting), the current behavior will apply even if subnet is allocated in the host.

peer-address-change-policy

Syntax 
peer-address-change-policy {accept | ignore | reject}
Context 
config>service>vprn>l2tp
Description 

This command configures the reaction to a change of tunnel peer address in this router.

receive-window-size

Syntax 
receive-window-size window-size
no receive-window-size
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP receive window size.

Parameters 
window-size—
Specifies the window size.
Values—
4 to 1024

 

rtm-debounce-time

Syntax 
rtm-debounce-time debounce-time
no rtm-debounce-time
Context 
config>service>vprn>l2tp
Description 

This command configures the amount of time, in milliseconds, that the system will wait before declaring an L2TP tunnel down when the remote endpoint IP address cannot be resolved to an active IP route in the local routing table.

The default behavior is for the L2TP tunnel to not be declared down based on the remote endpoint IP address reachability.

The no form of this command returns the rtm-debounce-time to the default value of zero.

Default 

no rtm-debounce-time

Parameters 
debounce-time—
Specifies the amount of time, in milliseconds, that the system will wait before declaring the associated L2TP tunnel as down.
Values—
0 to 5000

 

group

Syntax 
group tunnel-group-name [create]
group tunnel-group-name [create] [protocol protocol]
no group tunnel-group-name
Context 
config>service>vprn>l2tp
Description 

This command configures an L2TP tunnel group.

Parameters 
tunnel-group-name—
Specifies a name string to identify a L2TP group up to 63 characters in length.
create—
This keyword is mandatory when creating a tunnel group name. The create keyword requirement can be enabled/disabled in the environment>create context.
protocol—
Specifies the l2tp protocol for use.
Values—
v2, v3, v3draft

 

session-limit

Syntax 
session-limit session-limit
session-limit unlimited
no session-limit
Context 
config>service>vprn>l2tp
Description 

This command configures the L2TP session limit for the router. L2TP is connection-oriented. The L2TP Network Server (LNS) and LAC maintain state for each call that is initiated or answered by an LAC. An L2TP session is created between the LAC and LNS when an end-to-end PPP connection is established between a remote system and the LNS. Datagrams related to the PPP connection are sent over the tunnel between the LAC and LNS. There is a one to one relationship between established L2TP sessions and their associated calls.

Default 

no session-limit

Parameters 
session-limit—
Specifies the number of sessions allowed.
Values—
1 to 131071

 

unlimited—
Specifies the use of the maximum available number of sessions allowed.

avp-hiding

Syntax 
avp-hiding sensitive | always
no avp-hiding
Context 
config>service>vprn>l2tp>group
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

The no form of this command returns the value to never allow AVP hiding.

Default 

no avp-hiding

Parameters 
avp-hiding—
Specifies the method to be used for the authentication of the tunnels in this L2TP group.
Values—
sensitive — AVP hiding is used only for sensitive information (such as username/password).
always — AVP hiding is always used.

 

challenge

Syntax 
challenge always
no challenge
Context 
config>service>vprn>l2tp>group
Description 

This command configures the use of challenge-response authentication.

The no form of this command reverts to the default never value.

Default 

no challenge

Parameters 
always—
Specifies when challenge-response is to be used for the authentication of the tunnels in this L2TP group.
Values—
always

 

destruct-timeout

Syntax 
destruct-timeout destruct-timeout
no destruct-timeout
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the period of time that the data of a disconnected tunnel will persist before being removed.

The no form of this command removes the value from the configuration.

Default 

no destruct-timeout

Parameters 
destruct-timeout—
Specifies the automatic removal of dynamic L2TP sessions, in seconds, that are no longer active.
Values—
60 to 86400

 

hello-interval

Syntax 
hello-interval hello-interval
hello-interval infinite
no hello-interval
Context 
config>service>vprn>l2tp>group
Description 

This command configures the time interval between two consecutive tunnel Hello messages. The Hello message is an L2TP control message sent by either peer of a LAC-LNS control connection. This control message is used as a keepalive for the tunnel.

The no form of this command removes the interval from the configuration.

Default 

no hello-interval

Parameters 
hello-interval—
Specifies the time interval, in seconds, between two consecutive tunnel Hello messages.
Values—
60 to 3600

 

Default—
60
infinite
Specifies to disable l2tp keepalive by setting the hello interval as infinite.

idle-timeout

Syntax 
idle-timeout idle-timeout
idle-timeout infinite
no idle-timeout
Context 
config>service>vprn>l2tp>group
Description 

This command configures the period of time that an established tunnel with no active sessions will persist before being disconnected.

Enter the no form of this command to maintain a persistent tunnel.

The no form of this command removes the idle timeout from the configuration.

Default 

no idle-timeout

Parameters 
idle-timeout—
Specifies the idle timeout value, in seconds until the group is removed.
Values—
0 to 3600

 

infinite
Specifies to allow a tunnel to remain even after the last session over the l2tp tunnel is closed.

l2tpv3

Syntax 
l2tpv3
Context 
config>service>vprn>l2tp
config>service>vprn>l2tp>group
Description 

This command enters the context to configure L2TPv3 parameters.

cookie-length

Syntax 
cookie-length {4 | 8 | default}
no cookie-length
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the length of the optional cookie field.

The no form of this command returns the cookie-length to a default of none.

Default 

no cookie-length

Parameters 
4—
Specifies the cookie length as 4 bytes.
8—
Specifies the cookie length as 8 bytes.
default—
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the cookie-length configuration within the config>service>vprn>l2tp>l2tpv3 context.

digest-type

Syntax 
digest-type {default | none | md5 | sha1}
no digest-type
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the hashing algorithm used to calculate the message digest.

The no form of this command returns the digest-type to none.

Default 

no digest-type

Parameters 
none—
Specifies that no digest should be used.
md5—
Specifies that the MD5 algorithm should be used.
sha1—
Specifies that the SHA1 algorithm should be used.
default—
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the digest-type configuration within the config>service>vprn>l2tp>l2tpv3 context.

nonce-length

Syntax 
nonce-length {length | default}
no nonce-length
Context 
config>service>vprn>l2tp>l2tpv3
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the length for the local L2TPv3 nonce (random number) value used in the Nonce AVP.

The no form of this command returns the nonce-length to a default of none.

Default 

no nonce-length

Parameters 
length—
Specifies the length of the Nonce AVP value.
Values—
16 to 64

 

default—
When specified within the config>service>vprn>l2tp>group>l2tpv3 context, this is referencing to the nonce-length configuration within the config>service>vprn>l2tp>l2tpv3 context.

private-tcp-mss-adjust

Syntax 
private-tcp-mss-adjust octets
private-tcp-mss-adjust default
no private-tcp-mss-adjust
Context 
config>service>vprn>l2tp>l2tpv3
Description 

This command enables TCP MSS adjust for L2TPv3 tunnels on the private side of the service level. When this command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the private side.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

The no form of this command disables TCP MSS adjust on the private side.

Default 

no private-tcp-mcc-adjust

Parameters 
octets—
Specifies the new TCP MSS value in octets.
Values—
512 to 9000

 

default
Specifies that the system use the upper level configuration.

public-tcp-mss-adjust

Syntax 
public-tcp-mss-adjust octets
public-tcp-mss-adjust default
no public-tcp-mss-adjust
Context 
config>service>vprn>l2tp>l2tpv3
Description 

This command enables TCP MSS adjust for L2TPv3 tunnels on the public side on the service level. When the command is configured, the system updates the TCP MSS option value of the received TCP SYN packet on the public side that is encapsulated in the L2TPv3 tunnel.

Note that this command can be overridden by the corresponding configuration on the group or tunnel level.

The no form of this command disables TCP MSS adjust on the public side.

Default 

no public-tcp-mss-adjust

Parameters 
octets—
Specifies the new TCP MSS value in octets
Values—
512 to 9000

 

default
Specifies that the system use the upper level configuration.

pw-cap-list

Syntax 
pw-cap-list {ethernet | ethernet-vlan} [{ethernet | ethernet-vlan}]
no pw-cap-list
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the allowable pseudowire capability list that is advertised to the far end. An empty list results in both pseudowire capabilities being advertised. Up to two capabilities are allowed to be advertised.

The no form of this command removes the list and advertises both pseudowire capabilities to the far end.

Default 

no pw-cap-list

Parameters 
ethernet—
Specifies that the Ethernet pseudo-wire type is advertised.
ethernet-vlan—
Specifies that the Ethernet-VLAN pseudo-wire type is advertised.

rem-router-id

Syntax 
rem-router-id ip-addr
no rem-router-id
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command configures the IP address that should be used within the Remote Router-ID AVP.

The no form of this command removes the configured IP address.

Default 

no rem-router-id

Parameters 
ip-addr—
Specifies an IP address to be used within the Remote Router-ID AVP.

track-password-change

Syntax 
[no] track-password-change
Context 
config>service>vprn>l2tp>group>l2tpv3
Description 

This command enables tracking of password changes, allowing password tunnel passwords to be changed without bringing down active tunnels or sessions. This is only supported with L2TPv3.

The no form of this command disables password change tracking.

Default 

no track-password-change

transport-type

Syntax 
transport-type ip
no transport-type
Context 
config>service>vprn>l2tp>l2tpv3
Description 

This command configures the transport type to be used to carry the L2TPv3 tunnel. Currently, only IP transport is supported.

The no form of this command returns the transport-type to the default value.

Default 

no transport-type

Parameters 
ip—
Specifies that IP should be used as the transport type for the L2TPv3 tunnel.

lns-group

Syntax 
lns-group lns-group-id
no lns-group
Context 
config>service>vprn>l2tp>group
Description 

This command configures the ISA LNS group.

Parameters 
lns-group-id—
Specifies the LNS group ID.
Values—
1 to 4

 

load-balance-method

Syntax 
load-balance-method {per-session | per-tunnel}
no load-balance-method
Context 
config>service>vprn>l2tp>group
Description 

This command specifies how new sessions are assigned to an L2TP ISA MDA.

The no form of this command sets the per session load balancing.

Default 

load-balance-method per-session

Parameters 
session—
Specifies that the lowest granularity for load-balancing is a session; each session can be assigned to a different ISA MDA.
tunnel—
Specifies that the lowest granularity for load-balancing is a tunnel; all sessions associated with the same tunnel are assigned to the same ISA MDA; this may be useful or required in certain cases, for example:
  1. MLPPP with multiple links per bundle
  2. HPol intermediate destination arbiters where the intermediate destination is an L2TP tunnel
  3. local-address

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the local address.

Parameters 
ip-address—
Specifies the IP address used during L2TP authentication.

local-name

Syntax 
local-name host-name
no local-name
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command creates the local host name used by this system for the tunnels in this L2TP group during the authentication phase of tunnel establishment. It can be used to distinguish tunnels.

The no form of this command removes the name from the configuration.

Default 

no local-name

Parameters 
host-name—
Specifies the host name, up to 64 characters in length, that the router will use to identify itself during L2TP authentication.

max-retries-estab

Syntax 
max-retries-estab max-retries
no max-retries-estab
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of retries allowed for this L2TP tunnel while it is established, before its control connection goes down.

The no form of this command removes the value from the configuration.

Default 

no max-retries-estab

Parameters 
max-retries—
Specifies the maximum number of retries for an established tunnel.
Values—
2 to 7

 

max-retries-not-estab

Syntax 
max-retries-not-estab max-retries
no max-retries-not-estab
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of retries allowed for this L2TP tunnel while it is not established, before its control connection goes down.

The no form of this command removes the value from the configuration.

Default 

no max-retries-not-estab

Parameters 
max-retries—
Specifies the maximum number of retries for non-established tunnels.
Values—
2 to 7

 

password

Syntax 
password password [hash | hash2 | custom]
no password
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
config>service>vprn>l2tp>group>l2tpv3
config>service>vprn>l2tp>l2tpv3
Description 

This command configures the password between L2TP LAC and LNS

The no form of this command removes the password.

Default 

no password

Parameters 
password —
Configures the password used for challenge/response calculation and AVP hiding. The maximum length can be up to 20 characters if unhashed, 32 characters if hashed, 54 characters if the hash2 keyword is specified.
hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

ppp

Syntax 
ppp
Context 
config>service>vprn>l2tp>group
Description 

This command configures PPP for the L2TP tunnel group.

authentication

Syntax 
authentication {chap | pap | pref-chap | pref-pap}
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the PPP authentication protocol to negotiate.

authentication-policy

Syntax 
authentication-policy auth-policy-name
no authentication-policy
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the authentication policy.

Parameters 
auth-policy-name—
Specifies the authentication policy name up to 32 characters in length.

chap-challenge-length

Syntax 
chap-challenge-length min length max length
no chap-challenge-length
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the maximum and minimum PPP CHAP challenge length.

The no form of this command reverts to the default value.

Default 

chap-challenge-length min 32 max 64

Parameters 
min length
Specifies the minimum PPP CHAP challenge length.
Values—
8 to 64

 

max length
Specifies the maximum PPP CHAP challenge length.
Values—
8 to 64

 

default-group-interface

Syntax 
default-group-interface ip-int-name service-id service-id
default-group-interface ip-int-name service-name svc-name
no default-group-interface
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the default group interface.

Parameters 
ip-int-name—
Specifies the interface name up to 32 characters in length.
service-id service-id—
Specifies the service.

This variant of the command is only supported in 'classic' configuration-mode (configure system management-interface configuration-mode classic). The default-group-interface ip-int-name service-name svc-name variant can be used in all configuration modes.

Values—
{id | svc-name}

id:

1 to 2147483647

svc-name:

up to 64 characters (svc-name is an alias for input only. The svc-name gets replaced with an id automatically by SR OS in the configuration).

 

service-name svc-name—
Specifies the service name (instead of service ID) up to 64 characters in length.

keepalive

Syntax 
keepalive seconds [hold-up-multiplier multiplier]
no keepalive
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the PPP keepalive interval and multiplier.

Parameters 
seconds—
Specifies in seconds the interval.
Values—
10 to 300

 

multiplier—
Specifies the multiplier.
Values—
1 to 5

 

lcp-force-ack-accm

Syntax 
[no] lcp-force-ack-accm
Context 
config>service>vprn>l2tp>group>ppp
config>service>vprn>l2tp>group>tunnel>ppp
Description 

This command enables or disables the LCP Asynchronous Control Character Map (ACCM) configuration option. When the ACCM configuration option is enabled, the option is acknowledged during the LCP negotiation between the LNS and the PPP client, but no ACCM mapping is performed. By default, the ACCM configuration option is rejected.

The no form of this command reverts to the default value.

Default 

no lcp-force-ack-accm

lcp-ignore-magic-numbers

Syntax 
[no] lcp-ignore-magic-numbers
Context 
config>service>vprn>l2tp>group>tunnel>ppp
Description 

This command disables the magic number validation.

The no form of this command reverts to the default value.

Default 

no lcp-ignore-magic-numbers

mtu

Syntax 
mtu mtu-bytes
no mtu
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the maximum PPP MTU size.

Parameters 
mtu-bytes—
Specifies, in bytes, the maximum PPP MTU size.
Values—
512 to 9212

 

proxy-authentication

Syntax 
[no] proxy-authentication
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the use of the authentication AVPs received from the LAC.

proxy-lcp

Syntax 
[no] proxy-lcp
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the use of the proxy LCP AVPs received from the LAC.

reject-disabled-ncp

Syntax 
[no] reject-disabled-ncp
Context 
config>service>vprn>l2tp>group>ppp
config>service>vprn>l2tp>group>tunnel>ppp
Description 

This command forces an LCP Protocol Reject when receiving an IPv6CP Configure Request message while IPv6 is not configured.

By default, an IPv6CP Configure Request message is silently ignored when IPv6 is not configured.

user-db

Syntax 
user-db local-user-db-name
no user-db
Context 
config>service>vprn>l2tp>group>ppp
Description 

This command configures the local user database to use for PPP PAP/CHAP authentication.

Parameters 
local-user-db-name—
Specifies the local user database name, up to 32 characters.

radius-accounting-policy

Syntax 
radius-accounting-policy policy-name
no radius-accounting-policy
Context 
config>service>vprn>if>sap>ipsec-gw
config>service>vprn>l2tp
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the radius-accounting-policy.

Parameters 
policy-name—
Specifies the RADIUS accounting policy name, up to 32 characters.

session-assign-method

Syntax 
session-assign-method {existing-first | weighted | weighted-random}
no session-assign-method
Context 
config>service>vprn>l2tp>group
Description 

This command specifies how new sessions are assigned to one of the set of suitable tunnels that are available or could be made available.

Default 

session-assign-method existing-first

Parameters 
existing-first—
All new sessions are placed by preference in existing tunnels.
weighted—
Enables weighted preference to tunnels in the group.
weighted-random—
Enhances the weighted algorithm so that when there are multiple tunnels with an equal number of sessions (equal weight), LAC randomly selects a tunnel.

session-limit

Syntax 
session-limit session-limit
session-limit unlimited
no session-limit
Context 
config>service>vprn>l2tp>group
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the session limit. The value controls how many L2TP session will be allowed within a given context (system, group, tunnel).

The no form of this command removes the value from the configuration.

Default 

no session-limit

Parameters 
session-limit—
Specifies the allowed number of sessions within the given context.
Values—
1 to 131071

 

unlimited—
Specifies the use of the maximum available number of sessions allowed.

3.8.2.19.1. Router L2TP Tunnel Commands

tunnel

Syntax 
tunnel tunnel-name [create]
no tunnel tunnel-name
Context 
config>service>vprn>l2tp>group
Description 

This command configures an L2TP tunnel. A tunnel exists between a LAC-LNS pair and consists of a Control Connection and zero or more L2TP sessions. The tunnel carries encapsulated PPP datagrams and control messages between the LAC and the L2TP Network Server (LNS).

Parameters 
tunnel-name—
Specifies a valid string to identify a L2TP up to 32 characters in length.
create—
Mandatory while creating a new tunnel.

auto-establish

Syntax 
[no] auto-establish
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command specifies if this tunnel is to be automatically set up by the system.

Default 

no auto-establish

avp-hiding

Syntax 
avp-hiding {never | sensitive | always}
no avp-hiding
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures Attribute Value Pair (AVP) hiding. This capability can be used to avoid the passing of sensitive data, such as user passwords, as clear text in an AVP.

Caution:

Nokia recommends that sensitive information not be sent in clear text.

The no form of this command removes the parameter of the configuration and indicates that the value on group level will be taken.

Default 

no avp-hiding

Parameters 
avp-hiding—
Specifies the method to be used for the authentication of the tunnel.
Values—
never — AVP hiding is not used.
sensitive — AVP hiding is used only for sensitive information (such as username/password).
always — AVP hiding is always used.

 

challenge

Syntax 
challenge {always | never}
no challenge
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the use of challenge-response authentication.

The no form of this command removes the parameter from the configuration and indicates that the value on group level will be taken.

Default 

no challenge

Parameters 
always—
Specifies that challenge-response authentication should always be used for the tunnel.
never—
Specifies that challenge-response authentication should never be used for the tunnel.

hello-interval

Syntax 
hello-interval hello-interval
hello-interval infinite
no hello-interval
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the number of seconds between sending Hellos for a L2TP tunnel.

The no form removes the parameter from the configuration and indicates that the value on group level will be taken.

Parameters 
hello-interval—
Specifies the time interval, in seconds, between two consecutive tunnel Hello messages.
Values—
60 to 3600

 

infinite—
Specifies that no Hello messages are sent.

idle-timeout

Syntax 
idle-timeout idle-timeout
idle-timeout infinite
no idle-timeout
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the idle timeout to wait before being disconnect.

The no form indicates that the parameter will be removed from the configuration and that the value specified on group level will be taken.

Parameters 
idle-timeout—
Specifies the idle timeout, in seconds.
Values—
0 to 3600

 

infinite—
Specifies that the tunnel will not be closed when idle.

peer

Syntax 
peer ip-address
no peer
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures the peer address.

The no form of this command removes the IP address from the tunnel configuration.

Default 

no peer

Parameters 
ip-address—
Sets the LNS IP address for the tunnel.

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment.

The no form of this command removes the preference value from the tunnel configuration.

Default 

no preference

Parameters 
preference—
Specifies the tunnel preference number with its group. The value 0 corresponds to the highest preference.
Values—
0 to 16777215

 

remote-name

Syntax 
remote-name host-name
no remote-name
Context 
config>service>vprn>l2tp>group>tunnel
Description 

This command configures a string to be compared to the host name used by the tunnel peer during the authentication phase of tunnel establishment.

Parameters 
host-name—
Specifies a remote host name for the tunnel, up to 64 characters.

3.8.2.20. Log Commands

log

Syntax 
log
Context 
config>service>vprn
config>service>vprn>log-id
Description 

This command enters the context to configure event logging within a specific VPRN.

By default, the log events in a VPRN log are a subset of the complete set of possible log events in SR OS. See the config>log>services-all-events command for more details.

filter

Syntax 
[no] filter filter-id
Context 
config>service>vprn>log
config>service>vprn>log>log-id
Description 

This command creates a context for an event filter. An event filter specifies whether to forward or drop an event or trap based on the match criteria.

Filters are configured in the filter filter-id context and then applied to a log in the log-id log-id context. Only events for the configured log source streams destined to the log ID where the filter is applied are filtered.

Any changes made to an existing filter, using any of the sub-commands, are immediately applied to the destinations where the filter is applied.

The no form of this command removes the filter association from log IDs which causes those logs to forward all events.

Default 

No event filters are defined.

Parameters 
filter-id —
The filter ID uniquely identifies the filter.
Values—
1 to 1000

 

default-action

Syntax 
default-action {drop | forward}
no default-action
Context 
config>service>vprn>log>filter
Description 

The default action specifies the action that is applied to events when no action is specified in the event filter entries or when an event does not match the specified criteria.

When multiple default-action commands are entered, the last command overwrites the previous command.

The no form of this command reverts the default action to the default value (forward).

Default 

default-action forward — The events which are not explicitly dropped by an event filter match are forwarded.

Parameters 
drop—
The events which are not explicitly forwarded by an event filter match are dropped.
forward—
The events which are not explicitly dropped by an event filter match are forwarded.

entry

Syntax 
[no] entry entry-id
Context 
config>service>vprn>log>filter
Description 

This command is used to create or edit an event filter entry. Multiple entries may be created using unique entry-id numbers. The SR OS implementation exits the filter on the first match found and executes the action in accordance with the action command.

Comparisons are performed in an ascending entry ID order. When entries are created, they should be arranged sequentially from the most explicit entry to the least explicit. Matching ceases when a packet matches an entry. The entry action is performed on the packet, either drop or forward. To be considered a match, the packet must meet all the conditions defined in the entry.

An entry may not have any match criteria defined (in which case, everything matches) but must have at least the keyword action for it to be considered complete. Entries without the action keyword will be considered incomplete and are rendered inactive.

The no form of this command removes the specified entry from the event filter. Entries removed from the event filter are immediately removed from all log-id’s where the filter is applied.

Default 

No event filter entries are defined. An entry must be explicitly configured.

Parameters 
entry-id—
The entry ID uniquely identifies a set of match criteria corresponding action within a filter. Entry ID values should be configured in staggered increments so you can insert a new entry in an existing policy without renumbering the existing entries.
Values—
1 to 999

 

action

Syntax 
action {drop | forward}
no action
Context 
config>service>vprn>log>filter>entry
Description 

This command specifies a drop or forward action associated with the filter entry. If neither drop nor forward is specified, the default-action will be used for traffic that conforms to the match criteria. This could be considered a No-Op filter entry used to explicitly exit a set of filter entries without modifying previous actions.

Multiple action statements entered will overwrite previous actions.

The no form of this command removes the specified action statement.

Default 

Action specified by the default-action command will apply.

Parameters 
drop—
Specifies packets matching the entry criteria will be dropped.
forward—
Specifies packets matching the entry criteria will be forwarded.

match

Syntax 
[no] match
Context 
config>service>vprn>log>filter>entry
Description 

This command creates context to enter/edit match criteria for a filter entry. When the match criteria is satisfied, the action associated with the entry is executed.

If more than one match parameter (within one match statement) is specified, then all the criteria must be satisfied (AND functional) before the action associated with the match is executed.

Use the match command to display a list of the valid applications.

Match context can consist of multiple match parameters (application, event-number, severity, subject), but multiple match statements cannot be entered per entry.

The no form of this command removes the match criteria for the entry-id.

Default 

no match

application

Syntax 
application {eq | neq} application-id
no application
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an OS application as an event filter match criterion.

An OS application is the software entity that reports the event. Applications include IP, MPLS, OSPF, CLI, SERVICES and so on Only one application can be specified. The latest application command overwrites the previous command.

The no form of this command removes the application as a match criterion.

Default 

no application — no application match criterion is specified

Parameters 
eq | neq—
The operator specifying the type of match.
Values—

eq

equal to

neq

not equal to

 

application-id
The application name string.
Values—
port, ppp, rip, route, policy, rsvp, security, snmp, stp, svcmgr, system, user, vrrp, vrtr

 

message

Syntax 
message {eq | neq} pattern pattern [regexp]
no message
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds system messages as a match criterion.

The no form of this command removes messages as a match criterion.

Parameters 
eq—
Determines if the matching criteria should be equal to the specified value.
neq—
Determines if the matching criteria should not be equal to the specified value.
pattern—
Specifies a message, up to 400 characters, to be used in the match criteria.
regexp—
Specifies the type of string comparison to use to determine if the log event matches the value of message command parameters. When the regexp keyword is not specified, the default matching algorithm used is a basic substring match.

number

Syntax 
number {eq | neq | lt | lte | gt | gte} event-id
no number
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an SR OS application event number as a match criterion.

SR OS event numbers uniquely identify a specific logging event within an application.

Only one number command can be entered per event filter entry. The latest number command overwrites the previous command.

The no form of this command removes the event number as a match criterion.

Default 

no event-number — No event ID match criterion is specified.

Parameters 
eq | neq | lt | lte | gt | gte—
Specifies the type of match. Valid operators are listed below.
Values—

Operator

Note

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

 

event-id
Specifies the event ID, expressed as a decimal integer.
Values—
1 to 4294967295

 

severity

Syntax 
severity {eq | neq | lt | lte | gt | gte} severity-level
no severity
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an event severity level as a match criterion. Only one severity command can be entered per event filter entry. The latest severity command overwrites the previous command.

The no form of this command removes the severity match criterion.

Default 

no severity

Parameters 
eq | neq | lt | lte | gt | gte—
Specifies the type of match. Valid operators are listed below.
Values—

Operator

Notes

eq

equal to

neq

not equal to

lt

less than

lte

less than or equal to

gt

greater than

gte

greater than or equal to

 

severity-name
The ITU severity level name. Table 45 lists severity names and corresponding numbers per ITU standards M.3100 X.733 & X.21 severity levels.
Table 45:  Severity Levels 

Severity Number

Severity Name

1

cleared

2

indeterminate (info)

3

critical

4

major

5

minor

6

warning

Values—
cleared, intermediate, critical, major, minor, warning

 

subject

Syntax 
subject {eq | neq} subject [regexp]
no subject
Context 
config>service>vprn>log>filter>entry>match
Description 

This command adds an event subject as a match criterion.

The subject is the entity for which the event is reported, such as a port. In this case the port-id string would be the subject. Only one subject command can be entered per event filter entry. The latest subject command overwrites the previous command.

The no form of this command removes the subject match criterion.

Default 

no subject

Parameters 
eq | neq—
This operator specifies the type of match. Valid operators are listed below.
Values—

Operator

Notes

eq

equal to

neq

not equal to

 

subject—
A string used as the subject match criterion.
regexp—
Specifies the type of string comparison to use to determine if the log event matches the value of subject command parameters. When the regexp keyword is specified, the string in the subject command is a regular expression string that will be matched against the subject string in the log event being filtered.

When regexp keyword is not specified, the subject command string is matched exactly by the event filter.

log-id

Syntax 
[no] log-id log-id
Context 
config>service>vprn>log
Description 

This command creates a context to configure destinations for event streams.

The log-id context is used to direct events, alarms/traps, and debug information to respective destinations.

A maximum of 30 logs can be configured.

Before an event can be associated with this log-id, the from command identifying the source of the event must be configured.

Only one destination can be specified for a log-id. The destination of an event stream can be an in-memory buffer, console, session, snmp-trap-group, syslog, or file.

Use the event-control command to suppress the generation of events, alarms, and traps for all log destinations.

An event filter policy can be applied in the log-id context to limit which events, alarms, and traps are sent to the specified log-id.

By default, the log events in a VPRN log are a subset of the complete set of possible log events in SR OS. See the config>log>services-all-events command for more details.

The no form of this command deletes the log destination ID from the configuration.

Default 

No log destinations are defined.

Parameters 
log-id—
The log ID number, expressed as a decimal integer.
Values—
1 to 100

 

to snmp

Syntax 
to snmp [size]
Context 
config>service>vprn>log>log-id
Description 

This is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination. This command instructs the alarms and traps to be directed to the snmp-trap-group associated with log-id.

A local circular memory log is always maintained for SNMP notifications sent to the specified snmp-trap-group for the log-id.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.

Parameters 
size—
The size parameter defines the number of events stored in this memory log.
Default—
100
Values—
50 to 1024

 

to syslog

Syntax 
to syslog syslog-id
Context 
config>service>vprn>log>log-id
Description 

This is one of the commands used to specify the log ID destination. This parameter is mandatory when configuring a log destination.

This command instructs the alarms and traps to be directed to a specified syslog. To remain consistent with the standards governing syslog, messages to syslog are truncated to 1k bytes.

The source of the data stream must be specified in the from command prior to configuring the destination with the to command.

The to command cannot be modified or re-entered. If the destination or maximum size of an SNMP or memory log needs to be modified, the log ID must be removed and then re-created.

Parameters 
syslog-id—
Instructs the events selected for the log ID to be directed to the syslog-id. The characteristics of the syslog-id referenced here must have been defined in the config>log>syslog syslog-id context.
Values—
1 to 10

 

from

Syntax 
from [main] [security] [change] [debug-trace]
no from
Context 
config>service>vprn>log>log-id
Description 

This command selects the source stream to be sent to a log destination.

One or more source streams must be specified. The source of the data stream must be identified using the from command before you can configure the destination using the to command. The from command can identify multiple source streams in a single statement (for example: from main change debug-trace).

Only one from command may be entered for a single log-id. If multiple from commands are configured, then the last command entered overwrites the previous from command.

The no form of this command removes all previously configured source streams.

Default 

No source stream is configured.

Parameters 
main—
Instructs all events in the main event stream to be sent to the destination defined in the to command for this destination log-id. The main event stream contains the events that are not explicitly directed to any other event stream. To limit the events forwarded to the destination, configure filters using the filter command.
security—
Instructs all events in the security event stream to be sent to the destination defined in the to command for this destination log-id. The security event stream contains all events that pertain to attempts to breach system security. To limit the events forwarded to the destination, configure filters using the filter command.
change—
Instructs all events in the user activity stream to be sent to the destination configured in the to command for this destination log-id. The change event stream contains all events that directly affect the configuration or operation of this node. To limit the events forwarded to the change stream destination, configure filters using the filter command.
debug-trace—
Instructs all events in the debug-trace event stream to be sent to the destination defined in the to command for this destination log-id. The debug-trace event stream contains all events that pertain to trace or other debugging information. To limit the events forwarded to the destination, configure filters using the filter command.

time-format

Syntax 
time-format {local | utc}
Context 
config>service>vprn>log>log-id
Description 

This command specifies whether the time should be displayed in local or Coordinated Universal Time (UTC) format.

Default 

time-format utc

Parameters 
local —
Specifies that timestamps are written in the system’s local time.
utc—
Specifies that timestamps are written using the UTC value. This was formerly called Greenwich Mean Time (GMT) and Zulu time.

syslog

Syntax 
[no] syslog syslog-id
Context 
config>service>vprn>log
Description 

This command creates the context to configure a syslog target host that is capable of receiving selected syslog messages from this network element.

A valid syslog-id must have the target syslog host address configured.

A maximum of 10 syslog-ids can be configured.

No log events are sent to a syslog target address until the syslog-id has been configured as the log destination (to) in the log-id node.

The syslog ID configured in the configure/service/vprn context has a local VPRN scope and only needs to be unique within the specific VPRN instance. The same ID can be reused under a different VPRN service or in the global log context under config>log.

Default 

No syslog IDs are defined.

Parameters 
syslog-id—
Specifies the syslog ID number for the syslog destination, expressed as a decimal integer.
Values—
1 to 10

 

address

Syntax 
address ip-address
no address
Context 
config>service>vprn>log>syslog
Description 

This command adds the syslog target host IP address to/from a syslog ID.

The ip-address parameter is mandatory. If no address is configured, syslog data cannot be forwarded to the syslog target host.

Only one address can be associated with a syslog-id. If multiple addresses are entered, the last address entered overwrites the previous address.

The same syslog target host can be used by multiple log IDs.

The no form of this command removes the syslog target host IP address.

Default 

no address

Parameters 
ip-address—
Specifies the IP address of the syslog target host in dotted decimal notation.
Values—

ipv4-address

a.b.c.d

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR.

 

facility

Syntax 
facility syslog-facility
no facility
Context 
config>service>vprn>log>syslog
Description 

This command configures the facility code for messages sent to the syslog target host.

Multiple syslog IDs can be created with the same target host but each syslog ID can only have one facility code. If multiple facility codes are entered, the last facility-code entered overwrites the previous facility-code.

If multiple facilities need to be generated for a single syslog target host, then multiple log-id entries must be created, each with its own filter criteria to select the events to be sent to the syslog target host with a given facility code.

The no form of this command reverts to the default value.

Default 

local7 — Syslog entries are sent with the local7 facility code.

Parameters 
syslog-facility—
The syslog facility name represents a specific numeric facility code. The code should be entered in accordance with the syslog RFC. However, the software does not validate if the facility code configured is appropriate for the event type being sent to the syslog target host.
Values—
kernel, user, mail, systemd, auth, syslogd, printer, netnews, uucp, cron, authpriv, ftp, ntp, logaudit, logalert, cron2, local0, local1, local2, local3, local4, local5, local6, local7
Valid responses per RFC3164, The BSD syslog Protocol, are listed in Table 46.
Table 46:  Syslog Facility Codes 

Numerical Code

Facility Code  

0

kernel

1

user

2

mail

3

systemd

4

auth

5

syslogd

6

printer

7

net-news

8

uucp

9

cron

10

auth-priv

11

ftp

12

ntp

13

log-audit

14

log-alert

15

cron2

16

local0

17

local1

18

local2

19

local3

20

local4

21

local5

22

local6

23

local7

Values: 0 to 23

 

log-prefix

Syntax 
log-prefix log-prefix-string
no log-prefix
Context 
config>service>vprn>log>syslog
Description 

This command adds the string prepended to every syslog message sent to the syslog host.

RFC3164, The BSD syslog Protocol, allows an alphanumeric string (tag) to be prepended to the content of every log message sent to the syslog host. This alphanumeric string can, for example, be used to identify the node that generates the log entry. The software appends a colon (:) and a space to the string and it is inserted in the syslog message after the date stamp and before the syslog message content.

Only one string can be entered. If multiple strings are entered, the last string overwrites the previous string. The alphanumeric string can contain lowercase (a-z), uppercase (A-Z) and numeric (0-9) characters.

The no form of this command removes the log prefix string.

Default 

log-prefix "TMNX".

Parameters 
log-prefix-string —
Specifies the alphanumeric string of up to 32 characters. Spaces and colons ( : ) cannot be used in the string.

level

Syntax 
level syslog-level
Context 
config>service>vprn>log>syslog
Description 

This command configures the syslog message severity level threshold. All messages with severity level equal to or higher than the threshold are sent to the syslog target host.

Only a single threshold level can be specified. If multiple levels are entered, the last level entered will overwrite the previously entered commands.

Default 

level info

Parameters 
syslog-—
The threshold severity level name.
Values—
emergency, alert, critical, error, warning, notice, info, debug

Router severity level

Numerical Severity (highest to lowest)

Configured Severity

Definition

0

emergency

system is unusable

3

1

alert

action must be taken immediately

4

2

critical

critical condition

5

3

error

error condition

6

4

warning

warning condition

5

notice

normal but significant condition

1 cleared 2 indeterminate

6

info

informational messages

7

debug

debug-level messages

 

port

Syntax 
port value
no port
Context 
config>service>vprn>log>syslog
Description 

This command configures the UDP port that will be used to send syslog messages to the syslog target host.

The port configuration is needed if the syslog target host uses a port other than the standard UDP syslog port 514.

Only one port can be configured. If multiple port commands are entered, the last entered port overwrites the previously entered ports.

The no form of this command reverts to default value.

Default 

no port

Parameters 
value—
The value is the configured UDP port number used when sending syslog messages.
Values—
1 to 65535

 

snmp-trap-group

Syntax 
[no] snmp-trap-group log-id
Context 
config>service>vprn>log
Description 

This command creates the context to configure a group of SNMP trap receivers and their operational parameters for a given log-id.

A group specifies the types of SNMP traps and specifies the log ID which will receive the group of SNMP traps. A trap group must be configured in order for SNMP traps to be sent.

To suppress the generation of all alarms and traps see the event-control command. To suppress alarms and traps that are sent to this log-id, see the filter command. Once alarms and traps are generated they can be directed to one or more SNMP trap groups. Logger events that can be forwarded as SNMP traps are always defined on the main event source.

The no form of this command deletes the SNMP trap group.

Default 

There are no default SNMP trap groups.

Parameters 
log-id—
The log ID value of a log configured in the log-id context. Alarms and traps cannot be sent to the trap receivers until a valid log-id exists.
Values—
1 to 99

 

trap-target

Syntax 
trap-target name address ip-address [port port] [snmpv1 | snmpv2c | snmpv3] notify-community communityName | snmpv3SecurityName [security-level {no-auth-no-privacy | auth-no-privacy | privacy}] [replay]
no trap-target name
Context 
config>service>vprn>log>snmp-trap-group
Description 

This command adds/modifies a trap receiver and configures the operational parameters for the trap receiver. A trap reports significant events that occur on a network device such as errors or failures.

Before an SNMP trap can be issued to a trap receiver, the log-id, snmp-trap-group, and at least one snmp-trap-group must be configured.

The snmp-trap-group command is used to add or remove a trap receiver from an snmp-trap-group. The operational parameters specified in the command include:

  1. The IP address of the trap receiver
  2. The UDP port used to send the SNMP trap
  3. SNMP version
  4. SNMP community name for SNMPv1 and SNMPv2c receivers.
  5. Security name and level for SNMPv3 trap receivers.

A single snmp-trap-group log-id can have multiple trap-receivers. Each trap receiver can have different operational parameters.

An address can be configured as a trap receiver more than once as long as a different port is used for each instance.

To prevent resource limitations, only configure a maximum of 10 trap receivers.

If the same trap-target name port port parameter value is specified in more than one SNMP trap group, each trap destination should be configured with a different notify-community value. This allows a trap receiving an application, such as NMS, to reconcile a separate event sequence number stream for each router event log when multiple event logs are directed to the same IP address and port destination.

The no form of this command removes the SNMP trap receiver from the SNMP trap group.

Default 

No SNMP trap targets are defined.

Parameters 
name—
specifies the name of the trap target up to 28 characters in length
address ip-address
The IP address of the trap receiver in dotted decimal notation. Only one IP address destination can be specified per trap destination group.
Values—

ipv4-address

a.b.c.d (host bits must be 0)

ipv6-address

x:x:x:x:x:x:x:x[-interface]

x:x:x:x:x:x:d.d.d.d[-interface]

x: [0 to FFFF]H

d: [0 to 255]D

interface: 32 characters maximum, mandatory for link local addresses

The ipv6-address applies to the 7750 SR.

 

port—
Specifies the destination UDP port used to send traps to the destination, expressed as a decimal integer. Only one port can be specified per trap-target statement. If multiple traps need to be issued to the same address then multiple ports must be configured.
Values—
1 to 65535

 

Default—
162
snmpv1 | snmpv2c | snmpv3—
Specifies the SNMP version format to use for traps sent to the trap receiver.

The keyword snmpv1 selects the SNMP version 1 format. When specifying snmpv1, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv1, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv2c selects the SNMP version 2c format. When specifying snmpv2c, the notify-community must be configured for the proper SNMP community string that the trap receiver expects to be present in alarms and traps messages. If the SNMP version is changed from snmpv3 to snmpv2c, then the notify-community parameter must be changed to reflect the community string rather than the security-name that is used by snmpv3.

The keyword snmpv3 selects the SNMP version 3 format. When specifying snmpv3, the notify-community must be configured for the SNMP security-name. If the SNMP version is changed from snmpv1 or snmpv2c to snmpv3, then the notify-community parameter must be changed to reflect the security-name rather than the community string used by snmpv1 or snmpv2c.

Pre-existing conditions are checked before the snmpv3SecurityName is accepted. These are:

  1. The username must be configured.
  2. The v3 access group must be configured.
  3. The v3 notification view must be configured.
Values—
snmpv1, snmpv2c, snmpv3

 

Default—
snmpv3
notify-community community | security-name—
Specifies the community string for snmpv1 or snmpv2c or the snmpv3 security-name. If no notify-community is configured, then no alarms nor traps will be issued for the trap destination. If the SNMP version is modified, the notify-community must be changed to the proper form for the SNMP version.
community—
The community string as required by the snmpv1 or snmpv2c trap receiver. The community string can be an ASCII string up to 31 characters in length.
security-name—
The security-name as defined in the config>system>security>user context for SNMP v3. The security-name can be an ASCII string up to 31 characters in length.
security-level {no-auth-no-privacy | auth-no-privacy | privacy}—
Specifies the required authentication and privacy levels required to access the views configured on this node when configuring an snmpv3 trap receiver.

The keyword no-auth-no-privacy specifies no authentication and no privacy (encryption) are required.

The keyword auth-no-privacy specifies authentication is required but no privacy (encryption) is required. When this option is configured the security-name must be configured for authentication.

The keyword privacy specifies both authentication and privacy (encryption) is required. When this option is configured the security-name must be configured for authentication and privacy.

Values—
no-auth-no-privacy, auth-no-privacy, privacy

 

Default—
no-auth-no-privacy. This parameter can only be configured if SNMPv3 is also configured.
replay—
Enable replay of missed events to target. If replay is applied to an SNMP trap target address, the address is monitored for reachability. Reachability is determined by whether or not there is a route in the routing table by which the target address can be reached. Before sending a trap to a target address, the SNMP module asks the PIP module if there is either an in-band or out-of-band route to the target address. If there is no route to the SNMP target address, the SNMP module saves the sequence-id of the first event that will be missed by the trap target. When the routing table changes again so that there is now a route by which the SNMP target address can be reached, the SNMP module replays (for example, retransmits) all events generated to the SNMP notification log while the target address was removed from the route table. Because of route table change convergence time, it is possible that one or more events may be lost at the beginning or end of a replay sequence. The cold-start-wait and route-recovery-wait timers under config>log>app-route-notifications can help reduce the probability of lost events.

3.8.2.21. Management Commands

management

Syntax 
management [create]
no management
Context 
config>service>vprn
Description 

This command enters the node management configuration within VPRN.

Parameters 
create—
Creates a management server entry.

allow-ftp

Syntax 
[no] allow-ftp
Context 
config>service>vprn>management
Description 

This commands allows access to the FTP server from VPRN.

The no form of this command removes FTP access for this VPRN.

allow-grpc

Syntax 
[no] allow-grpc
Context 
config>service>vprn>management
Description 

This commands allows access to the GRPC server from VPRN.

The no form of this command removes GRPC access for this VPRN.

allow-netconf

Syntax 
[no] allow-netconf
Context 
config>service>vprn>management
Description 

This commands allows access to the NETCONF server from VPRN.

The no form of this command removes NETCONF access for this VPRN.

allow-ssh

Syntax 
[no] allow-ssh
Context 
config>service>vprn>management
Description 

This command allows configuration of the SSH parameters.

The no form of this command disallows configuration of the SSH parameters.

allow-telnet

Syntax 
[no] allow-telnet
Context 
config>service>vprn>management
Description 

This command allows access to the Telnet server from a VPRN.

The no form of this command removes the Telnet access.

allow-telnet6

Syntax 
[no] allow-telnet6
Context 
config>service>vprn>management
Description 

This command allows access to the Telnet IPv6 server from a VPRN.

The no form of this command removes the Telnet IPv6 access.

3.8.2.22. MLD Configuration Commands

mld

Syntax 
[no] mld
Context 
config>service>vprn
Description 

This command enters the context to configure Multicast Listener Discovery (MLD) parameters.

The no form of this command disables MLD.

Default 

no mld

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>mld
Description 

This command enters the context to configure an Multicast Listener Discovery (MLD) interface. The interface is a local identifier of the network interface on which reception of the specified multicast address is to be enabled or disabled.

The no form of this command deletes the MLD interface. The shutdown command in the config>router>mld>if context can be used to disable an interface without removing the configuration for the interface.

Default 

no interface

Parameters 
ip-int-name—
Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service ies interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

disable-router-alert-check

Syntax 
[no] disable-router-alert-check
Context 
config>service>vprn>mld>if
Description 

This command disables router alert checking for MLD messages received on this interface.

The no form of this command enables the router alert checking.

import

Syntax 
import policy-name
no import
Context 
config>service>vprn>mld>if
Description 

This command specifies the import route policy to be used for determining which membership reports are accepted by the router. Route policies are configured in the config>router>policy-options context.

When an import policy is not specified, all the MLD reports are accepted.

The no form of this command removes the policy association from the MLD instance.

Default 

no import

Parameters 
policy-name—
Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

max-groups

Syntax 
max-groups value
no max-groups
Context 
config>service>vprn>mld>if
Description 

This command specifies the maximum number of groups for which MLD can have local receiver information based on received MLD reports on this interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed.

Default 

0 (no limit to the number of groups)

Parameters 
value—
Specifies the maximum number of groups for this interface.
Values—
1 to 16000

 

query-interval

Syntax 
query-interval seconds
no query-interval
Context 
config>service>vprn>mld
config>service>vprn>mld>if
Description 

This command specifies the frequency that the querier router transmits general host-query messages. The host-query messages solicit group membership information and are sent to the all-systems multicast group address, 224.0.0.1.

Default 

query-interval 125

Parameters 
seconds—
The time frequency, in seconds, that the router transmits general host-query messages.
Values—
2 to 1024

 

query-last-listener-interval

Syntax 
query-last-listener-interval seconds
no query-last-listener-interval
Context 
config>service>vprn>mld
config>service>vprn>mld>if
Description 

This command specifies the Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages, and is also the amount of time between Group-Specific Query messages. This value may be tuned to modify the leave latency of the network. A reduced value results in reduced time to detect the loss of the last member of a group.

The no form of this command reverts to the default value.

Default 

query-last-listener-interval 1

Parameters 
seconds—
Specifies the frequency, in seconds, at which Group-Specific-Query packets are transmitted.
Values—
1 to 1023

 

query-last-member-interval

Syntax 
query-last-member-interval seconds
Context 
config>service>vprn>mld
config>service>vprn>mld>if
Description 

This command configures the frequency at which the querier sends group-specific query messages including messages sent in response to leave-group messages. The lower the interval, the faster the detection of the loss of the last member of a group.

Default 

query-last-member-interval 1

Parameters 
seconds—
Specifies the frequency, in seconds, at which query messages are sent.
Values—
1 to 1024

 

query-response-interval

Syntax 
query-response-interval seconds
Context 
config>service>vprn>mld
config>service>vprn>mld>if
Description 

This command specifies how long the querier router waits to receive a response to a host-query message from a host.

Default 

query-response-interval 10

Parameters 
seconds—
Specifies the length of time to wait to receive a response to the host-query message from the host.
Values—
1 to 1023

 

static

Syntax 
static
Context 
config>service>vprn>mld>if
Description 

This command tests multicast forwarding on an interface without a receiver host. When enabled, data is forwarded to an interface without receiving membership reports from host members.

group

Syntax 
[no] group grp-ipv6-address
[no] group start grp-ipv6-address end grp-ipv6-address [step ipv6-address]
Context 
config>service>vprn>mld>if>static
Description 

This command enters the context to add a static multicast group either as a (*,G) or one or more (S,G) records. Use MLD static group memberships to test multicast forwarding without a receiver host. When MLD static groups are enabled, data is forwarded to an interface without receiving membership reports from host members.

When static MLD group entries on point-to-point links that connect routers to a rendezvous point (RP) are configured, the static MLD group entries do not generate join messages toward the RP.

The no form of this command removes the IPv6 address from the configuration.

Parameters 
grp-ipv6-address—
Specifies an MLD multicast group address that receives data on an interface. The IP address must be unique for each static group.
Values—
ipv6-address:
  1. x:x:x:x:x:x:x:x (eight 16-bit pieces)
  2. x:x:x:x:x:x:d.d.d.d
  3. x: [0 to FFFF]H
  4. d: [0 to 255]D

 

start grp-ipv6-address
Specifies the start multicast group address.
Values—
ipv6-address:
  1. x:x:x:x:x:x:x:x (eight 16-bit pieces)
  2. x:x:x:x:x:x:d.d.d.d
  3. x: [0 to FFFF]H
  4. d: [0 to 255]D

 

end grp-ipv6-address
Specifies the end multicast group address.
Values—
ipv6-address:
  1. x:x:x:x:x:x:x:x (eight 16-bit pieces)
  2. x:x:x:x:x:x:d.d.d.d
  3. x: [0 to FFFF]H
  4. d: [0 to 255]D

 

step ipv6-address
Specifies the step increment.

source

Syntax 
[no] source src-ipv6-address
Context 
config>service>vprn>mld>if>static>group
Description 

This command specifies an IPv6 unicast address that sends data on an interface. This enables a multicast receiver host to signal a router the group to receive multicast traffic from, and from the sources that the traffic is expected.

The source command is mutually exclusive with the specification of individual sources for the same group.

The source command, in combination with the group, is used to create a specific (S,G) static group entry.

The no form of this command removes the source from the configuration.

Parameters 
src-ipv6-address—
Specifies the IPv6 unicast address.

starg

Syntax 
[no] starg
Context 
config>service>vprn>mld>if>static>group
Description 

This command adds a static (*,G) entry. This command can only be enabled if no existing source addresses for this group are specified.

Use the no form of this command to remove the starg entry from the configuration.

version

Syntax 
version version
no version
Context 
config>service>vprn>mld>if
Description 

This command specifies the MLD version. If routers run different versions, they will negotiate the lowest common version of MLD that is supported by hosts on their subnet and operate in that version. For MLD to function correctly, all routers on a LAN should be configured to run the same version of MLD on that LAN.

Default 

version 2

Parameters 
version—
Specifies the MLD version number.
Values—
1, 2

 

robust-count

Syntax 
robust-count robust-count
no robust-count
Context 
config>service>vprn>mld
Description 

This command configures the robust count. The robust-count variable allows tuning for the expected packet loss on a subnet. If a subnet anticipates losses, the robust-count variable can be increased.

Default 

robust-count 2

Parameters 
robust-count—
Specifies the robust count value.
Values—
2 to 10

 

ssm-translate

Syntax 
ssm-translate
Context 
config>service>vprn>mld
Description 

This command enters the context to configure group ranges which are translated to SSM (S,G) entries. If the static entry needs to be created, it has to be translated from a IGMPv1 IGMPv2 request to a Source Specific Multicast (SSM) join. An SSM translate source can only be added if the starg command is not enabled. An error message is generated if you try to configure the source command with starg command enabled.

grp-range

Syntax 
[no] grp-range start end
Context 
config>service>vprn>mld>ssm-translate
Description 

This command is used to configure group ranges which are translated to SSM (S,G) entries.

Parameters 
start—
An IP address that specifies the start of the group range.
end—
An IP address that specifies the end of the group range. This value should always be greater than or equal to the value of the start value.

source

Syntax 
[no] source ip-address
Context 
config>service>vprn>mld>ssm-translate>grp-range
Description 

This command specifies the source IP address for the group range. Whenever a (*,G) report is received in the range specified by grp-range start and end parameters, it is translated to an (S,G) report with the value of this object as the source address.

Parameters 
ip-address—
Specifies the IP address that will be sending data.

3.8.2.23. MSDP Configuration Commands

msdp

Syntax 
[no] msdp
Context 
config>service>vprn
Description 

This command enables a Multicast Source Discovery Protocol (MSDP) instance. When an MSDP instance is created, the protocol is enabled. To start or suspend execution of the MSDP protocol without affecting the configuration, use the [no] shutdown command.

For the MSDP protocol to function, at least one peer must be configured.

When MSDP is configured and started, an appropriate event message should be generated.

When the no form of this command is executed, all sessions must be terminated and an appropriate event message should be generated.

When all peering sessions are terminated, an event message per peer is not required.

The no form of this command deletes the MSDP protocol instance, removing all associated configuration parameters.

Default 

no msdp

active-source-limit

Syntax 
active-source-limit number
no active-source-limit
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
config>service>vprn>msdp>source
Description 

This option controls the maximum number of active source messages that will be accepted by Multicast Source Discovery Protocol (MSDP), effectively controlling the number of active sources that can be stored on the system.

The no form of this command reverts the number of source message limit to default operation.

Default 

no active-source-limit

Parameters 
number—
Defines how many active sources can be maintained by MSDP.
Values—
0 to 1000000

 

data-encapsulation

Syntax 
[no] data-encapsulation
Context 
config>service>vprn>msdp
Description 

This command configures a rendezvous point (RP) using Multicast Source Discovery Protocol (MSDP) to encapsulate multicast data received in MSDP register messages inside forwarded MSDP source-active messages.

Default 

data-encapsulation

export

Syntax 
export policy-name [policy-name...(up to 5 max)]
no export
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command specifies the policies to export source active state from the source active list into Multicast Source Discovery Protocol (MSDP).

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default 

no export

Parameters 
policy-name—
Specifies the export policy name, up to 32 characters. Up to five policy-name arguments can be specified.

If you configure an export policy at the global level, each individual peer inherits the global policy. If you configure an export policy at the group level, each individual peer in a group inherits the group’s policy. If you configure an export policy at the peer level, then policy only applies to the peer where it is configured.

group

Syntax 
[no] group group-name
Context 
config>service>vprn>msdp
Description 

This command enables access to the context to create or modify a Multicast Source Discovery Protocol (MSDP) group. To configure multiple MSDP groups, include multiple group statements.

By default, the group’s options are inherited from the global MSDP options. To override these global options, group-specific options within the group statement can be configured.

If the group name provided is already configured then this command only provides the context to configure the options pertaining to this group.

If the group name provided is not already configured, then the group name must be created and the context to configure the parameters pertaining to the group should be provided. In this case, the $ prompt to indicate that a new entity (group) is being created should be used.

For a group to be of use, at least one peer must be configured.

Default 

no group

Parameters 
group-name—
Specifies a unique name for the MSDP group.

import

Syntax 
import policy-name [policy-name...(up to 5 max)]
no import
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command specifies the policies to import source active state from Multicast Source Discovery Protocol (MSDP) into source active list.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

If you configure an import policy at the global level, each individual peer inherits the global policy.

If you configure an import policy at the group level, each individual peer in a group inherits the group’s policy.

If you configure an import policy at the peer level, then policy only applies to the peer where it is configured.

The no form of this command removes all policies from the configuration.

Default 

no import

Parameters 
policy-name—
Specifies the import policy name. Up to five policy-name arguments can be specified.

local-address

Syntax 
local-address ip-address
no local-address
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command configures the local end of a Multicast Source Discovery Protocol (MSDP) session. For MSDP to function, at least one peer must be configured. When configuring a peer, you must include this local-address command to configure the local end of the MSDP session. This address must be present on the node and is used to validate incoming connections to the peer and to establish connections to the remote peer.

If the user enters this command, then the address provided is validated and will be used as the local address for MSDP peers from that point. If a subsequent local-address command is entered, it will replace the existing configuration and existing sessions will be terminated.

Similarly, when the no form of this command is entered, the existing local address will be removed from the configuration and the existing sessions will be terminated.

Whenever a session is terminated, all information pertaining to and learned from that peer will be removed.

Whenever a new peering session is created or a peering session is lost, an event message should be generated.

The no form of this command removes the local address from the configuration.

Default 

no local-address

Parameters 
ip-address—
Specifies an existing address on the node.

mode

Syntax 
mode {mesh-group | standard}
Context 
config>service>vprn>msdp>group
Description 

This command configures groups of peers in a full mesh topology to limit excessive flooding of source-active messages to neighboring peers.

Multicast Source Discovery Protocol (MSDP) peers can be configured grouped in a full-mesh topology that prevents excessive flooding of source-active messages to neighboring peers.

In a meshed configuration, all members of the group must have a peer connection with every other mesh group member. If this rule is not adhered to, then unpredictable results may occur.

Default 

mode standard

Parameters 
mesh-group—
Specifies that source-active message received from a mesh group member are always accepted but are not flooded to other members of the same mesh group. These source-active messages are only flooded to non-mesh group peers or members of other mesh groups.
standard—
Specifies a non-meshed mode.

peer

Syntax 
[no] peer peer-address
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
Description 

This command configures peer parameters. Multicast Source Discovery Protocol (MSDP) must have at least one peer configured. A peer is defined by configuring a local-address that can be used by this node to set up a peering session and the address of a remote MSDP router, It is the address of this remote peer that is configured in this command and it identifies the remote MSDP router address.

After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. It may be required to have multiple peering sessions in which case multiple peer statements should be included in the configurations.

By default, the options applied to a peer are inherited from the global or group-level. To override these inherited options, include peer-specific options within the peer statement.

If the peer address provided is already a configured peer, then this command only provides the context to configure the parameters pertaining to this peer.

If the peer address provided is not already a configured peer, then the peer instance must be created and the context to configure the parameters pertaining to this peer should be provided. In this case, the $ prompt to indicate that a new entity (peer) is being created should be used.

The peer address provided will be validated and, if valid, will be used as the remote address for an MSDP peering session.

When the no form of this command is entered, the existing peering address will be removed from the configuration and the existing session will be terminated. Whenever a session is terminated, all source active information pertaining to and learned from that peer will be removed. Whenever a new peering session is created or a peering session is lost, an event message should be generated.

At least one peer must be configured for MSDP to function.

Parameters 
peer-address—
The address configured in this statement must identify the remote MSDP router that the peering session must be established with.

receive-msdp-msg-rate

Syntax 
receive-msdp-msg-rate number interval seconds [threshold number]
no receive-msdp-msg-rate
Context 
config>service>vprn>msdp
config>service>vprn>msdp>group
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command limits the number of Multicast Source Discovery Protocol (MSDP) messages that are read from the TCP session. It is possible that an MSDP/ RP router may receive a large number of MSDP protocol message packets in a particular source active message.

After the number of MSDP packets (including source active messages) defined in the threshold have been processed, the rate of all other MSDP packets is rate limited by no longer accepting messages from the TCP session until the time (seconds) has elapsed.

The no form of this command reverts this active-source limit to default operation.

Default 

no receive-msdp-msg-rate

Parameters 
number—
Defines the number of MSDP messages (including source active messages) that are read from the TCP session per the number of seconds.
Values—
10 to 10000

 

Default—
0
interval seconds
Defines the time that, together with the number parameter, defines the number of MSDP messages (including source active messages) that are read from the TCP session within the configured number of seconds.
Values—
1 to 600

 

Default—
0
threshold number—
The number of MSDP messages can be processed before the MSDP message rate limiting function described above is activated; this is particularly of use during at system startup and initialization.
Values—
1 to 1000000

 

Default—
0

rpf-table

Syntax 
rpf-table {rtable-m | rtable-u | both}
no rpf-table
Context 
config>service>vprn>msdp
Description 

This command configures the sequence of route tables used to find a Reverse Path Forwarding (RPF) interface for a particular multicast route.

By default, only the unicast route table is looked up to calculate RPF interface towards the source/rendezvous point. However, the operator can specify the following:

  1. use the unicast route table only
  2. use the multicast route table only or
  3. use both the route tables

The no form of this command reverts to the default.

Default 

rpf-table rtable-u

Parameters 
rtable6-m—
Specifies that only the multicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by static routes, ISIS and OSPF.
rtable6-u—
Specifies only that the unicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by all the unicast routing protocols.
both—
Will always look up first in the multicast route table and, if there is a route, it will use it. If PIM does not find a route in the first lookup, it will try to find it in the unicast route table. Rtable-m is checked before rtable6-u.

sa-timeout

Syntax 
sa-timeout seconds
no sa-timeout
Context 
config>service>vprn>msdp
Description 

This command configures the value for the SA entries in the cache. If these entries are not refreshed within the timeout value, they are removed from the cache. Normally, the entries are refreshed at least once a minute. But under high load with many of MSDP peers, the refresh cycle could be incomplete. A higher timeout value (more then 90) could be useful to prevent instabilities in the MSDP cache.

Default 

90

Parameters 
seconds—
Specifies the time, in seconds, to wait for a response from the peer before declaring the peer unavailable.
Values—
90 to 600

 

source

Syntax 
[no] source unicast-ip-prefix/mask
Context 
config>service>vprn>msdp
Description 

This command limits the number of active source messages the router accepts from sources in the specified address range.

If the prefix and mask provided is already a configured then this command only provides the context to configure the parameters pertaining to this active source-message filter.

If the prefix and mask provided is not already a configured, then the source node instance must be created and the context to configure the parameters pertaining to this node should be provided. In this case, the $ prompt to indicate that a new entity (source) is being created should be used.

The source active msdp messages are not rate limited based on the source address range.

The no form of this message removes the source active rate limiter for this source address range.

Parameters 
unicast-ip-prefix—
Specifies the IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area.
Values—
ip-prefix/mask: ip-prefix a.b.c.d (host bits must be 0)

 

mask—
Specifies the subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation.
Values—
0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

 

authentication-key

Syntax 
authentication-key [authentication-key | hash-key] [hash | hash2 | custom]
no authentication-key
Context 
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

This command configures a Message Digest 5 (MD5) authentication key to be used with a specific Multicast Source Discovery Protocol (MSDP) peering session. The authentication key must be configured per peer as such no global or group configuration is possible.

The no form of this command removes the authentication key.

Default 

no authentication-key (All MSDP messages are accepted and the MD5 signature option authentication key is disabled.)

Parameters 
authentication-key—
Specifies the authentication key. Allowed values are any string up to 256 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), enclose the entire string in quotation marks (“ ”).
hash-key—
Specifies the hash key. The key can be any combination of ASCII characters up to 451 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

default-peer

Syntax 
default-peer
no default-peer
Context 
config>service>vprn>msdp>group>peer
config>service>vprn>msdp>peer
Description 

Using the default peer mechanism, a peer can be selected as the default Multicast Source Discovery Protocol (MSDP) peer. As a result, all source-active messages from the peer will be accepted without the usual peer-reverse-path-forwarding (RPF) check.

The MSDP peer-RPF check is different from the normal multicast RPF checks. The peer-RPF check is used to stop source-active messages from looping. A router validates source-active messages originated from other routers in a deterministic fashion.

A set of rules is applied in order to validate received source-active messages, and the first rule that applies determines the peer-RPF neighbor. All source-active messages from other routers are rejected. The rules applied to source-active messages originating at Router S received at Router R from Router N are as follows:

  1. If Router N and router S are one and the same, then the message is originated by a direct peer-RPF neighbor and will be accepted.
  2. If Router N is a configured peer, or a member of the Router R mesh group then its source-active messages are accepted.
  3. If Router N is the Border Gateway Protocol (BGP) next hop of the active multicast RPF route toward Router S then Router N is the peer-RPF neighbor and its source-active messages are accepted.
  4. If Router N is an external BGP peer of Router R and the last autonomous system (AS) number in the BGP AS-path to Router S is the same as Router N’s AS number, then Router N is the peer-RPF neighbor, and its source-active messages are accepted.
  5. If Router N uses the same next hop as the next hop to Router S, then Router N is the peer-RPF neighbor, and its source-active messages are accepted.
  6. If Router N fits none of the above rules, then Router N is not a peer-RPF neighbor, and its source-active messages are rejected.
Default 

no default-peer

3.8.2.24. Multicast VPN Commands

mvpn

Syntax 
mvpn
Context 
config>service>vprn
Description 

This command enters the context to configure MVPN-related parameters for the IP VPN.

auto-discovery

Syntax 
auto-discovery [default | mdt-safi] [source-address ip-address]
Context 
config>service>vprn>mvpn
Description 

This command enables MVPN membership auto-discovery through BGP. When auto-discovery is enabled, PIM peering on the inclusive provider tunnel is disabled. Changing auto-discovery configuration requires shutdown of this VPRN instance.

The no form of this command disables MVPN membership auto-discovery through BGP.

Default 

auto-discovery default

Parameters 
default—
Enables AD route exchange based on format defined in NG-MVPN (RFC6514).
mdt-safi—
Enables AD route exchange based on mdt-safi format defined in draft-rosen-vpn-mcast.

This command optionally specifies a source-address - an IP address to be used by Rosen MVPN or NG-MVPN for core diversity, non-default IGP instances (not using system IP). Two unique IP addresses for PIM or GRE MVPNs are supported. The two unique IP address restriction does not apply to MVPNs with MPLS tunnels (for example, RSVP and MLDP). For instances using default System IP, source address configuration should not be specified to avoid consuming one of the addresses.

Explicitly defining a source-address allows GRE-encapsulated Rosen MVPN or NG-MVPN multicast traffic (Default and Data MDT) to originate from a configured IP address, so the source IP address of the GRE packets will not be the default system IP address.

Value:

ip-address
An IPv4 address. To achieve the desired functionality the address should be a pre-configured non-default ISIS or OSPF loopback address for an IGP instance using loopback address different from the system IP loopback.

c-mcast-signaling

Syntax 
c-mcast-signaling {bgp | pim}
no c-mcast-signaling
Context 
config>service>vprn>mvpn
Description 

This command specifies BGP or PIM, for PE-to-PE signaling of CE multicast states. When this command is set to PIM and neighbor discovery by BGP is disabled, PIM peering will be enabled on the inclusive tree.

Changes may only be made to this command when the mvpn node is shutdown.

The no form of this command reverts it back to the default.

Default 

c-mcast-signaling bgp

Parameters 
bgp —
Specifies to use BGP for PE-to-PE signaling of CE multicast states. Auto-discovery must be enabled.
pim —
Specifies to use PIM for PE-to-PE signaling of CE multicast states.

intersite-shared

Syntax 
intersite-shared [persistent-type5-adv] [kat-type5-adv-withdraw]
no intersite-shared
Context 
config>service>vprn>mvpn
Description 

This command specifies whether to use inter-site shared C-trees or not. Optional parameters allow enabling additional inter-site shared functionality. Not specifying an optional parameter when executing the command disables that parameter.

Default 

n/a

Parameters 
persistent-type5-adv—
When specified for inter-site shared trees enabled, this parameter ensures that Type 5 SA routes are generated for the multicast source even if no joins are present for that source. When the parameter is not specified, the Type 5 SA routes are withdrawn where the prune from the last receiver is received for the multicast source.
kat-type5-adv-withdraw—
When specified for inter-site shared trees, this parameter allows operators to enable KeepAlive Timers (KAT) on source PEs for ng-MVPN inter-site shared deployments. On a multicast source failure, a KAT expiry on source PEs will trigger a withdrawal of Type-5 Source-Active (S-A) route and switch from (C-S,C-G) to (C-*,C-G). When receiver PEs process reflected Type-5 S-A route withdrawals, they will withdraw their Type-7 ng-MVPN routes to the failed multicast source. The following conditions apply:
  1. KAT must only be enabled on source PEs.
  2. Functionality is supported with mLDP and RSVP-TE in the P-instance.
  3. Local receiver per (C-S, C-G) must be configured on source PEs running KAT.

mdt-type

Syntax 
mdt-type {sender-receiver | sender-only | receiver-only}
no mdt-type
Context 
config>service>vprn>mvpn
Description 

This command allows restricting MVPN instance per PE node to a specific role. By default, MVPN instance on a given PE node assumes the role of being a sender as well as receiver. This creates a mesh of MDT/PMSI across all PE nodes from this PE.

This command provides an option to configure either a sender-only or receiver-only mode per PE node. Restricting the role of a PE node prevents creating full mesh of MDT/PMSI across all PE nodes that are participating in MVPN instance.

auto-rp-discovery cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.

The no version of this command restores the default (sender-receiver).

Default 

mdt-type sender-receiver

Parameters 
sender-receiver—
MVPN has both sender and receivers connected to PE node.
sender-only—
MVPN has only senders connected to PE node.
receiver-only—
MVPN has only receivers connected to PE node.

red-source-list

Syntax 
red-source-list
Context 
config>service>vprn>mvpn
Description 

This command enables context to configure list of redundant source prefixes for preferred source selection.

src-prefix

Syntax 
src-prefix ip-address/mask [ip-address/mask]
no src-prefix ip-address/mask
Context 
config>service>vprn>mvpn>red-source-list
Description 

This command configures multicast source IPv4 prefixes for preferred source selection. Single or multi-line inputs are allowed.

The no form of this command deletes specified prefix from the list.

Default 

No prefixes are specified.

Parameters 
ip-address/mask—
IPv4 address prefix with mask. Up to 8 maximum.

ipv6

Syntax 
ipv6
Context 
config>service>vprn>mvpn>red-source-list
Description 

This command enables context to configure list of redundant IPv6 source prefixes for preferred source selection.

src-prefix

Syntax 
src-prefix ipv6-ip-address/prefix-length [ipv6-address/prefix-length]
no ipv6-ip-address/prefix-length
Context 
config>service>vprn>mvpn>red-source-list>ipv6
Description 

This command configures multicast source IPv6 prefixes for preferred source selection. Single or multi-line inputs are allowed.

The no form of this command deletes specified prefix from the list

Default 

No prefixes are specified.

Parameters 
ipv6-ip-address/mask—
IPv6 address prefix with prefix-length. Up to 8 maximum.

rpf-select

Syntax 
rpf-select
Context 
config>service>vprn>mvpn
Description 

This command enables context for VRF extranet mapping for C-instance receivers in this receiver MVPN instance to multicast streams in P-instance core MVPN instances.

core-mvpn

Syntax 
[no] core-mvpn service-id
Context 
config>service>vprn>mvpn>rpf-select
Description 

This command enables context for VRF extranet mapping for C-instance receivers in this receiver MVPN instance to multicast streams in the specified P-instance core MVPN instance.

group-prefix

Syntax 
group-prefix ip-address/mask [ip-address/mask] [starg]
no group-prefix ip-address/mask
Context 
config>service>vprn>mvpn>rpf-select>core-mvpn
Description 

This command configures multicast group IPv4 prefixes for the MVPN with per-group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored.

When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.

The no form of this command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.

Parameters 
ip-address/mask—
Specifies the IPv4 multicast address prefix with mask. Up to 8 addresses can be specified in a single statement.

provider-tunnel

Syntax 
provider-tunnel
Context 
config>service>vprn>mvpn
Description 

This command enables context to configure tunnel parameters for the MVPN.

inclusive

Syntax 
inclusive
Context 
config>service>vprn>mvpn>provider-tunnel
Description 

This command enters the context for specifying inclusive provider tunnels.

bier

Syntax 
[no] bier
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive
config>service>vprn>mvpn>provider-tunnel>selective
Description 

This command creates a BIER inclusive or selective provider tunnel.

The no form of this command deletes the tunnel.

shutdown

Syntax 
shutdown
no shutdown
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>bier
config>service>vprn>mvpn>provider-tunnel>selective>bier
Description 

This command administratively disables and enables use of BIER for the provider tunnel.

Default 

no shutdown

sub-domain

Syntax 
sub-domain sub-domain
no sub-domain
Context 
config>service>vprn>mvpn>provider-tunnel>inclusive>bier
config>service>vprn>mvpn>provider-tunnel>selective>bier
Description 

This command sets the sub-domain used to attach the BIER provider tunnel. Both PMSI within the MVPN need to have the same sub-domain.

The no form of this command removes the sub-domain.

Parameters 
sub-domain—
The identifier of the sub-domain.
Values—
0 to 255

 

bsr

Syntax 
bsr {unicast | spmsi}
no bsr
Context 
config>service>vprn>mvpn>pt>inclusive
Description 

This command configures the type of BSR signaling used.

The no form of this command restores the default.

Default 

no bsr

Parameters 
unicast—
BSR PDUs are sent/forwarded using unicast PDUs (default).
spmsi—
BSR PDUs are sent/forwarded using S-PMSI full mesh.

mldp

Syntax 
[no] mldp
Context 
config>service>vprn>mvpn>pt>inclusive
Description 

This command enables use of mLDP LSP for the provider tunnel.

Default 

no mldp

shutdown

Syntax 
shutdown
no shutdown
Context 
config>service>vprn>mvpn>pt>inclusive>mldp
Description 

This command administratively disables and enables use of mLDP LSP for the provider tunnel.

Default 

no shutdown

pim

Syntax 
pim {asm | ssm} grp-ip-address
no pim
Context 
config>service>vprn>mvpn>pt>inclusive
Description 

This command specifies the PIM mode to use, ASM or SSM, for PIM-based inclusive provider tunnels and the multicast group address to use. Also enables the context for specifying parameters for PIM peering on the inclusive provider tunnel.

Auto-discovery must be enabled in order for SSM to operate.

The no form of this command removes the pim context including the statements under the context.

Default 

no pim

Parameters 
asm—
Specifies to use PIM ASM for inclusive provider tunnels.
ssm —
Specifies to u PIM SSM for inclusive provider tunnels.
group-address —
Specifies the multicast group address to use.

hello-interval

Syntax 
hello-interval hello-interval
no hello-interval
Context 
config>service>vprn>mvpn>pt>inclusive>pim
Description 

This command configures the frequency at which PIM Hello messages are transmitted on this interface.

The no form of this command resets the configuration to the default value.

Default 

hello-interval 30

Parameters 
hello-interval—
Specifies the hello interval in seconds. A 0 (zero) value disables the sending of Hello messages (the PIM neighbor will never timeout the adjacency).
Values—
0 to 255 seconds

 

hello-multiplier

Syntax 
hello-multiplier deci-units
no hello-multiplier
Context 
config>service>vprn>mvpn>pt>inclusive>pim
Description 

This command configures the multiplier to determine the holdtime for a PIM neighbor on this interface.

The hello-multiplier in conjunction with the hello-interval determines the holdtime for a PIM neighbor.

Parameters 
deci-units—
Specify the value, specified in multiples of 0.1, for the formula used to calculate the holdtime based on the hello-multiplier:

(hello-interval * hello-multiplier) / 10

This allows the PIMv2 default hello-multiplier of 3.5 and the default timeout of 105 seconds to be supported.

Values—
20 to 100

 

Default—
35

improved-assert

Syntax 
[no] improved-assert
Context 
config>service>vprn>mvpn>pt>inclusive>pim
Description 

This command enables improved assert procedure on the PIM inclusive provider tunnel.

The no form of this command disables improved assert procedure.

Default 

enabled

three-way-hello

Syntax 
[no] three-way-hello
Context 
config>service>vprn>mvpn>pt>inclusive>pim
Description 

This command enables PIM three-way hello on the inclusive provider tunnel.

The no form of this command disables the PIM three-way hello.

Default 

disabled

tracking-support

Syntax 
[no] tracking-support
Context 
config>service>vprn>mvpn>pt>inclusive>pim
Description 

This command enables the setting of the T bit in the LAN Prune Delay option of the Hello message. This indicates the router's capability to disable Join message suppression.

The no form of this command disables the setting.

Default 

no tracking-support

rsvp

Syntax 
rsvp
no rsvp
Context 
config>service>vprn>mvpn>pt>inclusive
Description 

This command enters the context for specifying RSVP P2MP LSP for the provider tunnel. The no form of this command removes the rsvp context including all the statements in the context.

Default 

no rsvp

enable-bfd-root

Syntax 
enable-bfd-root transmit-interval [multiplier multiplier]
no enable-bfd-root
Context 
config>service>vprn>mvpn>pt>inclusive>rsvp
Description 

This command enables unidirectional multi-point BFD session on a sender (Root) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

Parameters 
transmit-interval
Sets the transmit interval, in milliseconds.
Values—
10 to 100000

 

Default—
100
multiplier—
Sets the multiplier for the BFD session.
Values—
3 to 20

 

Default—
3

enable-bfd-leaf

Syntax 
[no] enable-bfd-leaf
Context 
config>service>vprn>mvpn>pt>inclusive>rsvp
Description 

This command enables unidirectional multi-point BFD session on a receiver (leaf) PE node for upstream fast failure detection over RSVP-TE P2MP LSP.

lsp-template

Syntax 
lsp-template
no lsp-template
Context 
config>service>vprn>mvpn>pt>inclusive>rsvp
Description 

This command specifies the use of automatically created P2MP LSP as the provider tunnel. The P2MP LSP will be signaled using the parameters specified in the template, such as bandwidth constraints, and so on.

Default 

no lsp-template

shutdown

Syntax 
shutdown
no shutdown
Context 
config>service>vprn>mvpn>pt>inclusive>rsvp>lsp-template
Description 

This command administratively disables and enables use of RSVP P2MP LSP for the provider tunnel.

Default 

no shutdown

wildcard-spmsi

Syntax 
wildcard-spmsi
no wildcard-spmsi
Context 
config>service>vprn>mvpn>pt>inclusive
Description 

This command enables RFC 6625 (C-*, C-*) S-PMSI functionality for NG-MVPN. When enabled, (C-*, C-*) S-PMSI is used instead of I-PMSI for this MVPN. Wildcard S-PMSI uses the I-PMSI LSP template.

auto-rp-discovery cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.

The no form disables the (C-*, C-*) S-PMSI functionality.

Default 

no wildcard-spmsi

selective

Syntax 
selective
Context 
config>service>vprn>mvpn>provider-tunnel
Description 

This command enters the context to specify selective provider tunnel parameters.

auto-discovery-disable

Syntax 
[no] auto-discovery-disable
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command disables C-trees to P-tunnel binding auto-discovery through BGP so it is signaled using PIM join TLVs.

This command requires the c-mcast-signaling parameter to be set to PIM.

For multi-stream S-PMSI, this command must be enabled for BGP auto-discovery to function.

The no form of this command enables multicast VPN membership auto-discovery through BGP.

Default 

auto-discovery-disable

data-delay-interval

Syntax 
data-delay-interval value
no data-delay-interval
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command specifies the interval, in seconds, before a PE router connected to the source switches traffic from the inclusive provider tunnel to the selective provider tunnel.

This command is not applicable to multi-stream S-PMSI.

The no form of this command reverts the value to the default.

Default 

data-delay-interval 3

Parameters 
value —
Specifies the data delay interval, in seconds.
Values—
3 to 180

 

data-threshold

Syntax 
data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask} s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
data-threshold c-grp-ipv6-addr/prefix-length s-pmsi-threshold [pe-threshold-add pe-threshold-add] [pe-threshold-delete pe-threshold-delete]
no data-threshold {c-grp-ip-addr/mask | c-grp-ip-addr netmask}
no data-threshold c-grp-ipv6-addr/prefix-length
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command specifies the data rate threshold that triggers the switch from the inclusive provider tunnel to the selective provider tunnel for (C-S, C-G) within the group range. Optionally, PE thresholds for creating/deleting ng-MVPN S-PMSI may also be specified. Omitting the PE thresholds, preserves the currently set value (or defaults if never set). Multiple statements (one per a unique group) are allowed in the configuration.

This command is not applicable to multi-stream S-PMSI.

The no form of this command removes the values from the configuration.

Default 

no data-threshold

Parameters 
group-address/mask —
Specifies a multicast group address and netmask length.
c-grp-ip-addr/mask | c-grp-ip-addr netmask—
Specifies an IPv4 multicast group address and netmask length or network mask.
c-grp-ipv6-addr/prefix-length—
Specifies an IPv6 multicast group address and prefix length.
s-pmsi-threshold —
Specifies the rate, in kb/s. If the rate for a (C-S, C-G)) within the specified group range exceeds the threshold, traffic for the (C-S, C-G) is switched to the selective provider tunnel. Threshold 0 is supported. When threshold 0 is configured, the (C-S, C-G) switches to S-PMSI as soon as it is learned in the MVPN and without traffic flowing for that (C-S, C-G).
s-pmsi-threshold-add —
Specifies the number of receiver PEs for creating S-PMSI. When the number of receiver PEs for a given multicast group configuration is non-zero and below the threshold and BW threshold is satisfied, S-PMSI is created.
s-pmsi-threshold-delete—
Specifies the number of receiver PEs for deleting S-PMSI. When the number of receiver PEs for a given multicast group configuration is above the threshold, S-PMSI is deleted and the multicast group is moved to I-PMSI or a wildcard S-PMSI. It is recommended that the delete threshold be significantly larger than the add threshold, to avoid re-signaling of S-PMSI as the receiver PE count fluctuates.
Values—

c-grp-ip-addr

: multicast group address a.b.c.d

mask

[4 to 32]

netmask

: a.b.c.d (network bits all 1 and host bits all 0)

s-pmsi-threshold

: [0 to 4294967294] (threshold in kb/s)

c-grp-ipv6-addr

: multicast ipv6-address x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length [1 to 128]

pe-threshold-add:

[1 to 65535], if never specified, 65535 is used (add threshold always met)

pe-threshold-delete:

[2 to 65535], if never specified, 65535 is used (delete threshold never met)

 

join-tlv-packing-disable

Syntax 
[no] join-tlv-packing-disable
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command enables packing of MDT join TLVs into a single PDU to improve efficiency, if multiple join TLVs are available at the time of transmission.

The no form of this command disables packing of MDT join TLVs into a single PDU.

Default 

no join-tlv-packing-disable

multistream-spmsi

Syntax 
multistream-spmsi index [create]
no multistream-spmsi index
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command creates a multi-stream S-PMSI policy. Having multiple multi-stream S-PMSIs per MVPN creates a link list, in which the first match (lowest index) will be chosen for a multicast stream. The number of configured multi-stream S-PMSIs cannot exceed the configured maximum S-PMSI for a given MVPN.

Parameters 
index—
Specifies the index number.
Values—
1 to 1024

 

group

Syntax 
[no] group ip-address [/mask]
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi
Description 

This command creates group prefixes that map to the multicast stream. At least one source must be specified for the policy to be active.

Parameters 
Ip-address/mask—
Specifies the IP address.
Values—

ipv4-prefix

a.b.c.d

ipv4-prefix-le

[0..32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

ipv6-prefix-le

[0..128]

 

source

Syntax 
[no] source ip-address [/mask]
[no] source any
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi>group
Description 

This command creates source prefixes for specific groups that map to the multicast stream.

Parameters 
Ip-address/mask—
Specifies the IP address of the group.
Values—

ipv4-prefix

a.b.c.d

ipv4-prefix-le

[0..32]

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x

[0..FFFF]H

d

[0..255]D

ipv6-prefix-le

[0..128]

 

lsp-template

Syntax 
lsp-template name
no lsp-template
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi
Description 

This command creates a RSVP-TE LSP template for S-PMSI. Multi-stream S-PMSIs can share a single template or can each use their own template.

Parameters 
name—
Specifies the LSP template name, up to 32 characters.

mdt-pim

Syntax 
mdt-pim mode {asm | ssm} group-address group-ip-address
no mdt-pim
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi
Description 

This command creates a multi-stream MDT that could match many (C-S,C-G)s into a single data MDT.

Parameters 
group-ip-address—
Specifies the group address of this data MDT, that is the provider group address.

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>mvpn>pt>selective>multistream-spmsi
Description 

This commands enables multi-stream S-PSMI. At least one group must be active in a policy.

pim-asm

Syntax 
pim-asm {grp-ip-address/mask | grp-ip-address netmask}
no pim-asm
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command specifies the range of PIM-ASM groups to use on the sender PE to setup ASM multicast tree for draft Rosen based Data MDT.

Parameters 
grp-ip-address—
Specifies the multicast group address.
mask—
Defines the mask of the multicast-ip-address.
Values—
4 to 32

 

netmask—
The subnet mask in dotted decimal notation.
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

 

rsvp

Syntax 
[no] rsvp
Context 
config>service>vprn>mvpn>pt>inclusive
config>service>vprn>mvpn>pt>selective
Description 

This command enables use of P2MP RSVP as the inclusive or selective provider tunnel.

Default 

no rsvp

lsp-template

Syntax 
lsp-template lsp-template
no lsp-template
Context 
config>service>vprn>mvpn>pt>inclusive
config>service>vprn>mvpn>pt>selective>rsvp
Description 

This command specifies the use of automatically created P2MP LSP as the inclusive or selective provider tunnel. The P2MP LSP will be signaled using the parameters specified in the template, such as bandwidth constraints, and so on

Default 

no lsp-template

Parameters 
lsp-template—
Specifies the LSP template name, up to 32 characters.

mldp

Syntax 
[no] mldp
Context 
config>service>vprn>mvpn>pt>inclusive
config>service>vprn>mvpn>pt>selective
Description 

This command enables use of P2MP mLDP LSP as inclusive or selective PMSI tunnels.

For multi-stream S-PMSI, either LDP or RSVP-TE must first be configured before multi-stream policy can be configured.

Default 

no mldp

maximum-p2mp-spmsi

Syntax 
maximum-p2mp-spmsi range
no maximum-p2mp-spmsi
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command specifies the maximum number of RSVP P2MP or LDP P2MP S-PMSI tunnels for the mVPN. When the limit is reached, no more RSVP P2MP S-PMSI or LDP P2MP S-PMSI is created and traffic over the data-threshold will stay on I-PMSI.

Default 

10

Parameters 
range—
Specifies the maximum number of RSVP P2MP or LDP P2MP S-PMSI tunnel for the mVPN.
Values—
1 to 4000

 

Default—
10

shutdown

Syntax 
[no] shutdown
Context 
config>service>vprn>mvpn>pt>inclusive>rsvp>lsp-template
config>service>vprn>mvpn>pt>inclusive>mldp
config>service>vprn>mvpn>pt>selective>rsvp
config>service>vprn>mvpn>pt>selective>mldp
Description 

This command administratively disables/enables use of P2MP RSVP LSP template or mLDP LSP for inclusive or selective PMSI tunnels.

Default 

no shutdown

enable-asm-mdt

Syntax 
[no] enable-asm-mdt
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command enables Data MDT with PIM-ASM mode on the receiver PE node. PIM-ASM or PIM-SSM operation mode is derived based on the locally configured SSM range on the node.

If asm-mode is disabled using this command, then PIM-SSM mode is enabled for all groups, independent of the configured SSM range on the node.

pim-ssm

Syntax 
pim-ssm {grp-ip-address/mask | grp-ip-address netmask}
no pim-ssm
Context 
config>service>vprn>mvpn>pt>selective
Description 

This command specifies the PIM SSM groups to use for the selective provider tunnel.

Parameters 
group-address/mask —
Specifies a multicast group address and netmask length.

umh-pe-backup

Syntax 
umh-pe-backup
Context 
config>service>vprn>mvpn
Description 

This command enables context to configure primary and standby upstream PE association for the MVPN.

umh-pe

Syntax 
umh-pe ip-address standby ip-address
no umh-pe ip-address
Context 
config>service>vprn>mvpn>umh-pe-backup
Description 

This command assigns a standby PE to each primary PE that must be selected as an alternative PE in case the UFD session on tunnel from primary PE is detected down. Standby for a PE cannot be modified without shutting down the MVPN instance.

If a primary PE is not assigned a standby PE then the UMH selection would fall back to the default method.

umh-selection

Syntax 
umh-selection {highest-ip | hash-based | tunnel-status | unicast-rt-pref}
no umh-selection
Context 
config>service>vprn>mvpn
Description 

This command specifies which UMH selection mechanism to use, highest IP address, hash based or provider tunnel status.

The no form of this command resets it back to default.

Default 

umh-selection highest-ip

Parameters 
highest-ip—
Specifies that the highest next-hop IP address is selected as UMH. The RTM may have just one next-hop to the source, but highest-ip uses all of the next-hops available to BGP that appear in the BGP database.
hash-based—
Specifies that the UMH selection is based on hash-based procedures set out in RFC6513, section 5.1.3. The RTM may have just one next-hop to the source, but hash-based uses all of the next-hops available to BGP that appear in the BGP database.
tunnel-status—
Specifies that UMH selection is based on the state of the tunnel as well as the available unicast routes through the tunnel. Not supported for IPv6.
unicast-rt-pref—
When selected, best unicast route will decide which UMH is chosen. All PE routers shall prefer the same route to the UMH for the UMH selection criterion (for example BGP path selection criteria must not influence one PE to choose different UMH from another PE).

vrf-export

Syntax 
vrf-export {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr]]}
no vrf-export
Context 
config>service>vprn>mvpn
Description 

This command specifies the export policy to control MVPN routes exported from the local VRF to other VRFs on the same or remote PE routers.

Default 

vrf-export unicast

Parameters 
unicast—
Specifies to use unicast VRF export policy for the MVPN.
plcy-or-long-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 255 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
plcy-or-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Up to 14 policies can be specified in a single statement.

vrf-import

Syntax 
vrf-import {unicast | plcy-or-long-expr [plcy-or-expr [plcy-or-expr]}
no vrf-import
Context 
config>service>vprn>mvpn
Description 

This command specifies the import policy to control MVPN routes imported to the local VRF from other VRFs on the same or remote PE routers.

Default 

vrf-import unicast

Parameters 
unicast—
Specifies to use a unicast VRF import policy for the MVPN.
plcy-or-long-expr—
Specifies the route policy name (up to 64 characters) or a policy logical expression (up to 255 characters). Allowed values are any string up to 255 characters in length composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
plcy-or-expr—
Specifies the route policy statement name or a policy logical expression. Allowed values are any string up to 64 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Up to 14 policies can be specified in a single statement.

vrf-target

Syntax 
vrf-target {unicast | ext-community | export unicast | ext-community | import unicast | ext-community}
no vrf-target
Context 
config>service>vprn>mvpn
Description 

This command specifies the route target to be added to the advertised routes or compared against the received routes from other VRFs on the same or remote PE routers. vrf-import or vrf-export policies override the vrf-target policy.

The no form of this command removes the vrf-target.

Default 

no vrf-target

Parameters 
unicast—
Specifies to use unicast vrf-target ext-community for the multicast VPN.
ext-comm—
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

 

import ext-community
Specifies communities allowed to be accepted from remote PE neighbors.
export ext-community
Specifies communities allowed to be sent to remote PE neighbors.

export

Syntax 
export {unicast | ext-community}
Context 
config>service>vprn>mvpn>vrf-target
Description 

This command specifies communities to be sent to peers.

Parameters 
unicast—
Specifies to use unicast vrf-target ext-community for the multicast VPN.
ext-comm—
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

 

import

Syntax 
import {unicast | ext-community}
Context 
config>service>vprn>mvpn>vrf-target
Description 

This command specifies communities to be accepted from peers.

Parameters 
unicast—
Specifies to use unicast vrf-target ext-community for the multicast VPN.
ext-comm—
An extended BGP community in the type:x:y format. The value x can be an integer or IP address. The type can be the target or origin. x and y are 16-bit integers.
Values—

target:{ip-address:comm-val | 2byte-asnumber:ext-comm-val | 4byte-asnumber:comm-val}

ip-address:

a.b.c.d

comm-val:

0 to 65535

2byte-asnumber:

1 to 65535

4byte-asnumber

0 to 4294967295

 

3.8.2.25. NAT Commands

nat

Syntax 
[no] nat
Context 
config>service>vprn
config>router
Description 

This command configures, creates or deletes a NAT instance.

inside

Syntax 
inside
Context 
config>service>vprn>nat
config>router>nat
Description 

This command enters the “inside” context to configure the inside NAT instance.

destination-prefix

Syntax 
destination-prefix ip-prefix/length [nat-policy nat-policy-name]
no destination-prefix ip-prefix/length
Context 
config>service>vprn>nat>inside
config>router>nat>inside
Description 

This command configures a destination prefix. An (internal) static route will be created for this prefix. All traffic that hits this route will be subject to NAT. The system will not allow a destination-prefix to be configured if the configured nat-policy refers to an IP pool that resides in the same service (as this would result in a routing loop).

Parameters 
ip-prefix—
Specifies the IP prefix; host bits must be zero (0).
Values—
a.b.c.d

 

length—
Specifies the prefix length.
Values—
0 to 32

 

nat-policy-name—
Specifies the NAT policy name, up to 32 characters.

dual-stack-lite

Syntax 
dual-stack-lite
Context 
config>service>vprn>nat
config>router>nat>inside
Description 

This command enters the context to configure Dual-Stack Lite (DS-Lite) NAT parameters.

address

Syntax 
[no] address ipv6-address
Context 
config>service>vprn>nat>inside>dslite
Description 

This command configures a DS-Lite IPv6 address

The no form of this command removes the value from the configuration.

Parameters 
ipv6-address—
Specifies the IPv6 address on the interface.
Values—

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

 

tunnel-mtu

Syntax 
tunnel-mtu mtu-bytes
no tunnel-mtu
Context 
config>service>vprn>nat>inside>dslite>address
Description 

This command configures the DS-Lite tunnel MTU for this DS-Lite address.

The no form of this command reverts the default.

Default 

tunnel-mtu 1500

Parameters 
mtu-bytes—
Specifies the DS-Lite tunnel MTU.
Values—
512 to 9212

 

subscriber-prefix-length

Syntax 
subscriber-prefix-length prefix-length
no subscriber-prefix-length
Context 
config>service>vprn>nat>inside>dslite
Description 

This command configures the IPv6 prefix length of the DS-Lite subscribers.

The no form of this command reverts the default.

Default 

subscriber-prefix-length 128

Parameters 
prefix-length prefix-length
Specifies the IPv6 prefix length of the DS-Lite subscriber.
Values—
32 to 64, 128

 

Default—
128

l2-aware

Syntax 
l2-aware
Context 
config>services>vprn>nat>inside
Description 

This command enters the context to configure parameters specific to Layer 2-aware NAT.

address

Syntax 
[no] address ip-address/mask
Context 
config>services>vprn>nat>inside>l2-aware
Description 

This command configures a Layer 2-aware NAT address. This address will act as a local address of the system. Hosts connected to the inside service will be able to ARP for this address. To verify connectivity, a host can also ping the address. This address is typically used as next hop of the default route of a Layer 2-aware host. The given mask defines a Layer 2-aware subnet. The (inside) IP address used by a Layer 2-aware host must match one of the subnets defined here or it will be rejected.

Parameters 
ip-address—
Specifies the IP address in a.b.c.d format.
mask—
Specifies the mask.
Values—
16 to 32

 

nat-policy

Syntax 
nat-policy nat-policy-name
no nat-policy
Context 
config>services>vprn>nat>inside
config>router>nat>inside
Description 

This command configures the NAT policy that will be used for large-scale NAT in this service.

Parameters 
nat-policy-name—
Specifies the NAT policy name.
Values—
32 chars max

 

redundancy

Syntax 
redundancy
Context 
config>service>vprn>nat>inside
config>service>vprn>nat>outside>pool
Description 

This command enters the context to configure redundancy parameters.

peer

Syntax 
peer ip-address
no peer
Context 
config>service>vprn>nat>inside>redundancy
Description 

This command configures the IP address of the NAT redundancy peer in the realm of this virtual router instance.

steering-route

Syntax 
steering-route ip-prefix/length
no steering-route
Context 
config>service>vprn>nat>inside>redundancy
Description 

This command configures specifies the IP address and prefix length of the steering route. The steering route is used in the realm of this virtual router instance as an indirect next-hop for all the traffic that must be routed to the large scale NAT function.

outside

Syntax 
outside
Context 
config>service>vprn>nat
config>router>nat
Description 

This command enters the “outside” context to configure the outside NAT instance.

pool

Syntax 
pool nat-pool-name [nat-group nat-group-id type pool-type [applications applications] [create]
no pool nat-pool-name
Context 
config>service>vprn>nat>outside
config>router>nat>outside
Description 

This command configures a NAT pool.

Parameters 
nat-pool-name—
Specifies the NAT pool name.
Values—
32 chars max

 

nat-group-id—
Specifies the NAT group ID.
Values—
1 to 4

 

create—
This parameter must be specified to create the instance.
pool-type—
Specifies the pool type.
Values—
large-scale, l2-aware, wlan-gw-anchor

 

applications—
Specifies the application.
Values—
agnostic

 

create—
Keyword used to create the pool.

address-range

Syntax 
address-range start-ip-address end-ip-address [create]
no address-range start-ip-address end-ip-address
Context 
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool
Description 

This command configures a NAT address range.

Parameters 
start-ip-address—
Specifies the beginning IP address in a.b.c.d form.
end-ip-address—
Specifies the ending IP address in a.b.c.d. form.
create—
Keyword used to create the address range instance.

description

Syntax 
description description-string
no description
Context 
config>service>vprn>nat>outside>pool>address-range
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool>address-range
config>router>nat>outside>pool
Description 

This command configures the description for the NAT address range.

Parameters 
description-string—
Specifies the NAT address range description.
Values—
80 chars max

 

drain

Syntax 
[no] drain
Context 
config>service>vprn>nat>outside>pool>address-range
config>router>nat>outside>pool>address-range
Description 

This command starts or stops draining this NAT address range. When an address-range is being drained, it will not be used to serve new hosts. Existing hosts, however, will still be able to use the address that was assigned to them even if it is being drained. An address-range can only be deleted if the parent pool is shut down or if the range itself is effectively drained (no hosts are using the addresses anymore).

mode

Syntax 
mode {auto | napt | one-to-one}
no mode
Context 
config>service>vprn>nat>outside>pool
Description 

This command configures the mode of operation of this NAT address pool.

The mode value is only relevant while the value of pool type is equal to largeScale; while the value of pool type is equal to l2Aware, the mode of operation is always NAPT.

port-forwarding-range

Syntax 
port-forwarding-range range-end
no port-forwarding-range
Context 
config>service>vprn>nat>outside>pool
Description 

This command configures the end of the port range available for port forwarding. The start of the range is always equal to one.

The actual maximum value of the range end may be restricted to less than 65535 depending on the value of the objects port reservation type and port reservation value and on system specifications.

Default 

port-forwarding-range 1023

Parameters 
range-end—
Specifies the mode of operation of this NAT pool.
Values—
1023 to 65535

 

port-reservation

Syntax 
port-reservation blocks num-blocks
port-reservation ports num-ports
no port-reservation
Context 
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool
Description 

This command configures the size of the port-block that will be assigned to a host that is served by this pool. The number of ports configured here will be available to UDP, TCP and ICMP (as identifiers).

Parameters 
num-blocks—
Specifies the number of port-blocks per IP address. Setting this parameter to one (1) for large scale NAT will enable 1:1 NAT for IP addresses in this pool.
Values—
1 to 64512

 

num-ports—
Specifies the number of ports per block.
Values—
1 to 32256

 

export

Syntax 
export ip-prefix/length
no export
Context 
config>service>vprn>nat>outside>pool>redundancy
Description 

This command installs the export route in the routing table for active NAT pools.

Once the export route is in the routing table, it can be advertised in the network via a routing protocol. NAT pools in the standby or disabled state will not advertise the export route.

A NAT pool becomes active when it becomes operationally UP, and there is no monitoring route (which is also the export route from the peer) present in the routing node (as received from the network). The pool will transition into standby state in case that the monitoring route (or export route from the peer) is already present in the routing table. In other words, the monitoring route is already advertised as an export route from the peering node with active NAT pool.

The export route can be advertised only from:

  1. The active lead pool.
  2. Active pool for which fate-sharing is disabled.
Default 

no export

Parameters 
ip-prefix/length—
Specifies the IP prefix and length.

Syntax:

ip-prefix/length:

ip-prefix

a.b.c.d

ip-prefix-length

0 to 32

Values—
0, 4, 16

 

follow

Syntax 
follow router router-instance pool name
no follow
Context 
config>service>vprn>nat>outside>pool>redundancy
config>router> nat>outside>pool>redundancy
Description 

This command implicitly enables Pool Fate-Sharing Group (PFSG) which is required in case of multiple NAT policies per inside routing context. A NAT pool configured with this command will not advertise or monitor any route in order to change its (activity) state but instead it will directly follow the state of the lead pool in the PFSG. Once the lead pool changes its (activity) state, all the remaining pools following the lead pool will change their state accordingly.

Default 

no follow

Parameters 
router router-instance
Specifies the routing instance where the lead pool resides.
Values—
<router-name> | <service-id>
router-name - Base
service-id - 1 to 2147483647

 

pool name
Specifies the pool whose activity state is being shared up to 32 characters in length.

monitor

Syntax 
monitor ip-prefix/length
no monitor
Context 
config>service>vprn>nat>outside>pool>redundancy
config>router>nat>outside>pool>redundancy
Description 

This command configures the monitoring route based on which the NAT multi-chassis switchover is triggered. Monitoring route of a NAT pool on the local node must match the export route of a corresponding NAT pool on the peering node. Presence of the monitoring route in the routing table is an indication that the peering NAT pool is active (since it is advertising its export route). The disappearance of the monitoring route from the routing table is an indication that the peering pool has failed and consequently the nodal switchover is triggered, the local pool becomes active and its export route is consequently advertised. The export route can be advertised only from:

  1. The active lead pool.
  2. Active pool for which fate-sharing is disabled.
Parameters 
ip-prefix/length—
Specifies the IP prefix and length.

Syntax:

ip-prefix/length:

ip-prefix

a.b.c.d

ip-prefix-length

0 to 32

subscriber-limit

Syntax 
subscriber-limit limit
no subscriber-limit
Context 
config>service>vprn>nat>outside>pool
Description 

This command configures the maximum number of subscribers per outside IP address.

If multiple port blocks per subscriber are used, the block size is typically small; all blocks assigned to a given subscriber belong to the same IP address; the subscriber limit guarantees that any subscriber can get a minimum number of ports.

Parameters 
limit—
Specifies the maximum number of subscribers per outside IP address.
Values—
1 to 65535

 

watermarks

Syntax 
watermarks high percentage-high low percentage-low
no watermarks
Context 
config>service>vprn>nat>outside>pool
config>router>nat>outside>pool
Description 

This command configures the watermarks for this NAT pool.

Parameters 
percentage-high—
Specifies the high percentage.
Values—
2 to 100

 

percentage-low—
Specifies the low percentage.
Values—
1 to 99

 

3.8.2.26. Network Ingress Commands

network

Syntax 
network
Context 
config>service>vprn
Description 

This command enters the context to configure network parameters for the VPRN service.

ingress

Syntax 
ingress
Context 
config>service>vprn>network
Description 

This command enters the context to configure network ingress parameters for the VPRN service.

qos

Syntax 
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
no qos
Context 
config>service>vprn>network>ingress
Description 

This command is used to redirect unicast packets arriving on an automatically (using the auto-bind-tunnel command) or manually configured (using a spoke-sdp command, but not the spoke-sdp command under the VPRN IP interface) binding in a VPRN to a policer in an ingress forwarding plane queue-group for the purpose of rate-limiting.

For the policer to be used, the following must be true:

  1. The configured queue group template name must be applied to the forwarding plane on which the ingress traffic arrives using the instance id specified.
  2. The policer referenced in the FC-to-policer mappings in the ingress context of a network QoS policy must be present in the specified queue group template.

The command fails if the queue group template name does not exist or if the policer specified in the network QoS policy does not exist in the queue group template. If the queue group template name with the specified instance is not applied to the forwarding plane on which the VPRN binding unicast traffic arrives then this traffic uses the ingress network queues related to the network interface, however, the ingress classification is still based on the applied network QoS policy.

The unicast traffic can be redirected to a policer under the forwarding class fp-redirect-group command in the ingress section of a network QoS policy; any fp-redirect-group multicast-policer, broadcast-policer or unknown-policer commands are ignored for this traffic. Multicast traffic would use the ingress network queues or queue group related to the network interface.

Ingress classification is based on the configuration of the ingress section of the specified network QoS policy, noting that the dot1p and exp classification is based on the outer Ethernet header and MPLS label whereas the DSCP applies to the outer IP header if the tunnel encapsulation is GRE, or the DSCP in the first IP header in the payload if ler-use-dscp is enabled in the ingress section of the referenced network QoS policy.

When this command is applied, it overrides the QoS applied to the related network interfaces for unicast traffic arriving on bindings in that VPRN.

The no version of this command removes the redirection of VPRN binding traffic to the queue-group policers.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535

 

fp-redirect-group queue-group-name
Specifies the name of the queue group template up to 32 characters in length.
instance instance-id
Specifies the identification of a specific instance of the queue-group.
Values—
1 to 65535

 

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
Context 
config>service>vprn>network>ingress
Description 

This command configures a network ingress filter for IPv4 or IPv6 traffic arriving over explicitly defined spokes or auto-bind network interfaces for the VPRN service.

The no form of this command removes an IPv4, IPv6, or both filters.

Default 

no filter

Parameters 
ip-filter-id/ipv6-filter-id—
Specifies an existing IP/IPv6 filter policy of a scope template.
Values—
1 to 65535, name
name: 64 characters maximum

 

urpf-check

Syntax 
urpf-check
no urpf-check
Context 
config>service>vprn>network>ingress
Description 

This command enables the unicast RPF (uRPF) check of network ingress traffic to include traffic associated with the VPRN if the incoming network interface is configured with the urpf-selected-vprns command

If the command is not configured, then traffic associated with this VPRN that arrives on a network interface with urpf-selected-vprns configured bypasses the uRPF checking options specified for that network interface.

Default 

no urpf-check

3.8.2.27. Network Interface Commands

network-interface

Syntax 
network-interface interface-name [create]
no network-interface interface-name
Context 
config>service>vprn
Description 

This command configures a network interface in a VPRN that acts as a CSC interface to a CSC-CE in a Carrier Supporting Carrier IP VPN deployment model.

Parameters 
interface-name—
Specifies the name of the interface to be added.
create—
Keyword used to create the network interface.

3.8.2.28. Network Time Protocol Commands

ntp

Syntax 
[no] ntp
Context 
config>service>vprn
Description 

This command enters the context to configure Network Time Protocol (NTP) and its operation. It also enables NTP server mode within the VPRN routing instance so that the router will respond to NTP requests from external clients received inside the VPRN.

The no form of this command stops the execution of NTP and removes its configuration.

authenticate

Syntax 
[no] authenticate
Context 
config>service>vprn>ntp
Description 

This command enables authentication for the NTP server.

authentication-check

Syntax 
[no] authentication-check
Context 
config>service>vprn>ntp
Description 

This command provides the option to skip the rejection of NTP PDUs that do not match the authentication key-id, type or key requirements. The default behavior when authentication is configured is to reject all NTP protocol PDUs that have a mismatch in either the authentication key-id, type or key.

When authentication-check is enabled, NTP PDUs are authenticated on receipt. However, mismatches cause a counter to be increased, one counter for type and one for key-id, one for type, value mismatches. These counters are visible in a show command.

The no form of this command allows authentication mismatches to be accepted; the counters however are maintained.

Default 

authentication-check — Rejects authentication mismatches.

authentication-key

Syntax 
authentication-key key-id key key [hash | hash2 | custom] type {des | message-digest}
no authentication-key key-id
Context 
config>service>vprn>ntp
Description 

This command sets the authentication key-id, type and key used to authenticate NTP PDUs sent by the broadcast server function toward external clients or to authenticate NTP PDUs received from external unicast clients within the VPRN routing instance. For authentication to work, the authentication key-id, type, and key value must match.

The no form of this command removes the authentication key.

Parameters 
key-id—
Configure the authentication key-id that will be used by the node when transmitting or receiving Network Time Protocol packets.

Entering the authentication-key command with a key-id value that matches an existing configuration key will result in overriding the existing entry.

Recipients of the NTP packets must have the same authentication key-id, type, and key value in order to use the data transmitted by this node. This is an optional parameter.

Values—
1 to 255

 

key —
The authentication key associated with the configured key-id, the value configured in this parameter is the actual value used by other network elements to authenticate the NTP packet.

The key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“.”).

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.
type —
This parameter determines if DES or message-digest authentication is used.

This is a required parameter; either DES or message-digest must be configured.

Values—
des — Specifies that DES authentication is used for this key. The des value is not supported in FIPS-140-2 mode.
message-digest — Specifies that MD5 authentication in accordance with RFC 2104 is used for this key.

 

broadcast

Syntax 
broadcast {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]
no broadcast {interface ip-int-name}
Context 
config>service>vprn>ntp
Description 

This command configures the node to transmit NTP packets on a given interface. Broadcast and multicast messages can easily be spoofed, thus, authentication is strongly recommended.

The no form of this command removes the address from the configuration.

Parameters 
ip-int-name—
Specifies the local interface on which to transmit NTP broadcast packets. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
Values—
32 character maximum

 

key-id key-id
Identifies the configured authentication key and authentication type used by this node to receive and transmit NTP packets to and from an NTP server and peers. If an NTP packet is received by this node both authentication key and authentication type must be valid otherwise the packet will be rejected and an event/trap generated.
Values—
1 to 255

 

version version
Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode in which case all versions will be accepted.
Values—
2 to 4

 

Default—
4
ttl ttl
Specifies the IP Time To Live (TTL) value.
Values—
1 to 255

 

3.8.2.29. OSPF Commands

ospf

Syntax 
ospf [router-id]
no ospf
Context 
config>service>vprn
Description 

This command enables access to the context to enable an OSPF protocol instance.

OSPF instances are shutdown when created, so that all parameters can be configured prior to the instance being enabled.

The no form of this command deletes the OSPF protocol instance removing all associated configuration parameters.

Default 

no ospf

Parameters 
router-id—
Specifies the OSPF router ID to be used with the associated OSPF instance. The router-id must be given a dot decimal notation format.
Values—
a.b.c.d

 

ospf3

Syntax 
ospf3 [instance-id] [router-id]
[no] ospf3 instance-id
Context 
config>service>vprn
Description 

This command creates an OSPFv3 routing instance and then enters the associated context to configure associated protocol parameters.

OSPF instances are shutdown when created, so that all parameters can be configured prior to the instance being enabled.

The no form of this command deletes the OSPFv3 protocol instance, removing all associated configuration parameters.

Default 

no ospf3

Parameters 
instance-id—
Specifies the instance ID for the OSPFv3 instance being created or modified. The instance ID must match the specified range based on the address family. For ipv6-unicast, the instance id must be between 0 and 31. For ipv4-unicast the instance id must be between 64 and 95.
Values—
0 to 31: IPV6 unicast
64 to 95: IPV4 unicast

 

router-id—
Specifies the IP address.

advertise-router-capability

Syntax 
advertise-router-capability
advertise-router-capability {link | area | as}
no advertise-router-capability
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
config>service>vprn>ospf>area
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command enables advertisement of a router's capabilities to its neighbors for informational and troubleshooting purposes. A Router Information (RI) LSA as defined in RFC 4970 advertises the following capabilities:

  1. OSPF graceful restart capable: no
  2. OSPF graceful restart helper: yes, when enabled
  3. OSPF Stub Router support: yes
  4. OSPF Traffic Engineering support: yes, when enabled
  5. OSPF point-to-point over LAN: yes
  6. OSPF Experimental TE: no

The parameters (link, area & as) control the scope of the capabilities advertisements.

The no form of this command disables this capability.

Default 

no advertise-router-capability

Parameters 
link—
Capabilities are only advertised over local link and not flooded beyond.
area—
Capabilities are only advertised within the area of origin.
as—
Capabilities are only advertised throughout the entire autonomous system.

area

Syntax 
[no] area area-id
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command creates the context to configure an OSPF area. An area is a collection of network segments within an AS that have been administratively grouped together. The area ID can be specified in dotted decimal notation or as a 32-bit decimal integer.

The no form of this command deletes the specified area from the configuration. Deleting the area also removes the OSPF configuration of all the interfaces, virtual-links, sham-links, and address-ranges and so on, that are currently assigned to this area.

Default 

no area — No OSPF areas are defined.

Parameters 
area-id—
The OSPF area ID expressed in dotted decimal notation or as a 32-bit decimal integer.
Values—
0.0.0.0 to 255.255.255.255 (dotted decimal)
0 to 4294967295 (decimal integer)

 

advertise-ne-profile

Syntax 
advertise-ne-profile name
no advertise-ne-profile
Context 
config>service>vprn>ospf>area
Description 

This command enables advertising of a specific NE profile using OSPFv2 LSA type 10 opaque.

The no version of this command disables advertising of NE profiles.

Default 

no advertise-ne-profile

Parameters 
name—
Specifies the name of the NE profile to be advertised, up to 32 characters.

area-range

Syntax 
area-range ip-prefix/prefix-length [advertise | not-advertise]
no area-range ip-prefix/mask
area-range ipv6-prefix/prefix-length [advertise | not-advertise]
no area-range ipv6-prefix/prefix-length
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description 

This command creates ranges of addresses on an Area Border Router (ABR) for the purpose of route summarization or suppression. When a range is created, the range is configured to be advertised or not advertised into other areas. Multiple range commands may be used to summarize or hide different ranges. In the case of overlapping ranges, the most specific range command applies.

ABRs send summary link advertisements to describe routes to other areas. To minimize the number of advertisements that are flooded, you can summarize a range of IP addresses and send reachability information about these addresses in an LSA.

The no form of this command deletes the range (non) advertisement.

Default 

no area-range

Special Cases 
NSSA Context—
In the NSSA context, the option specifies that the range applies to external routes (via type-7 LSAs) learned within the NSSA when the routes are advertised to other areas as type-5 LSAs.
Area Context—
If this command is not entered under the NSSA context, the range applies to summary LSAs even if the area is an NSSA.
Parameters 
ipv6-prefix/prefix-length—
The IP prefix in dotted decimal notation for the range used by the ABR to advertise that summarizes the area into another area.
Values—

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

 

mask—
The subnet mask for the range expressed as a decimal integer mask length or in dotted decimal notation.
Values—
0 to 32 (mask length), 0.0.0.0 to 255.255.255.255 (dotted decimal)

 

advertise | not-advertise—
Specifies whether or not to advertise the summarized range of addresses into other areas. The advertise keyword indicates the range will be advertised, and the keyword not-advertise indicates the range will not be advertised.

The default is advertise.

blackhole-aggregate

Syntax 
[no] blackhole-aggregate
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command installs a low priority blackhole route for the entire aggregate. Existing routes that make up the aggregate will have a higher priority and only the components of the range for which no route exists are blackholed.

It is possible that when performing area aggregation, addresses may be included in the range for which no actual route exists. This can cause routing loops. To avoid this problem configure the blackhole aggregate option.

The no form of this command removes this option.

Default 

blackhole-aggregate

export

Syntax 
export policy-name [policy-name...(up to 5 max)]
no export
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command configures ABR export policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, in order to only permit the specified routes from being exported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default 

no export

Parameters 
policy-name—
Specifies the export route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified names must already be defined.

import

Syntax 
import policy-name [policy-name...(up to 5 max)]
no import
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command configures ABR import policies to filter OSPFv2 Type 3 Summary-LSAs or OSPFv3 Inter-Area-Prefix-LSA between areas, in order to only permit the specified routes from being imported into an area.

This command cannot be used in OSPF area 0.

The no form of this command reverts to the default value.

Default 

no import

Parameters 
policy-name—
Specifies the export route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

The specified names must already be defined.

interface

Syntax 
interface ip-int-name [secondary]
no interface ip-int-name
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command creates a context to configure an OSPF interface.

By default interfaces are not activated in any interior gateway protocol such as OSPF unless explicitly configured.

The no form of this command deletes the OSPF interface configuration for this interface. The shutdown command in the config>router>ospf>if context can be used to disable an interface without removing the configuration for the interface.

Default 

no interface

Parameters 
ip-int-name—
Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

If the IP interface exists in a different area it will be moved to this area.

secondary—
Allows multiple secondary adjacencies to be established over a single IP interface.

sham-link

Syntax 
sham-link ip-int-name ip-address
Context 
config>service>vprn>ospf>area
Description 

This command is similar to a virtual link with the exception that metric must be included in order to distinguish the cost between the MPLS-VPRN link and the backdoor.

Parameters 
ip-int-name—
The local interface name used for the sham-link. This is a mandatory parameter and interface names must be unique within the group of defined IP interfaces for config>router>if, config>service>ies>if and config>service>vprn>if commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters, the entire string must be enclosed between double quotes. If the IP interface name does not exist or does not have an IP address configured, an error message will be returned.
ip-address—
The IP address of the sham-link neighbor in IP address dotted decimal notation. This parameter is the remote peer of the sham link’s IP address used to set up the sham-link. This is a mandatory parameter and must be a valid IP address.

advertise-subnet

Syntax 
[no] advertise-subnet
Context 
config>service>vprn>ospf>area>if
Description 

This command enables advertising point-to-point interfaces as subnet routes (network number and mask). When disabled, point-to-point interfaces are advertised as host routes.

This command is not supported in the OSPF3 context.

The no form of this command disables advertising point-to-point interfaces as subnet routes meaning they are advertised as host routes.

Default 

advertise-subnet — Advertises point-to-point interfaces as subnet routes.

auth-keychain

Syntax 
auth-keychain name
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
Description 

This command enables the authentication keychain.

Parameters 
name —
Specifies the name of the authentication keychain, up to 32 characters.

authentication

Syntax 
authentication bidirectional sa-name
authentication inbound sa-name outbound sa-name
no authentication
Context 
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
Description 

This command configures OPSFv3 confidentiality authentication.

The no form of this command removes the SA name from the configuration.

Parameters 
bidirectional sa-name
Specifies the IPsec security association name in case the OSPFv3 traffic on the interface has to be authenticated.
inbound sa-name
Specifies the IPsec security association name in case the OSPFv3 traffic on the interface has to be authenticated.
outbound sa-name
Specifies the IPsec security association name in case the OSPFv3 traffic on the interface has to be authenticated.

authentication-key

Syntax 
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the password used by the OSPF interface or virtual-link to send and receive OSPF protocol packets on the interface when simple password authentication is configured.

This command is not valid in the OSPF3 context.

All neighboring routers must use the same type of authentication and password for proper protocol communication. If the authentication-type is configured as password, then this key must be configured.

By default, no authentication key is configured.

This command is not supported in the OSPF context.

The no form of this command removes the authentication key.

Default 

no authentication-key — No authentication key is defined.

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 8 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 22 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

authentication-type

Syntax 
authentication-type {password | message-digest}
no authentication-type
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>sham-link
config>service>vprn>ospf>area>virtual-link
Description 

This command enables authentication and specifies the type of authentication to be used on the OSPF interface, virtual-link, and sham-link.

This command is not valid in the OSPF3 context.

Both simple password and message-digest authentication are supported.

The no form of this command disables authentication on the interface.

Default 

no authentication-type — No authentication is enabled on an interface.

Parameters 
password—
This keyword enables simple password (plain text) authentication. If authentication is enabled and no authentication type is specified in the command, simple password authentication is enabled.
message-digest—
This keyword enables message digest MD5 authentication in accordance with RFC1321. If this option is configured, then at least one message-digest-key must be configured.

bfd-enable

Syntax 
bfd-enable [remain-down-on-failure]
no bfd-enable
Context 
config>service>vprn>ospf>if
config>service>vprn>ospf3>area>if
Description 

This command enables the use of bi-directional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface.

The no form of this command removes BFD from the associated IGP protocol adjacency.

Default 

no bfd-enable

Parameters 
remain-down-on-failure—
Forces adjacency down on BFD failure.

dead-interval

Syntax 
dead-interval seconds
no dead-interval
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the time, in seconds, that OSPF waits before declaring a neighbor router down. If no hello packets are received from a neighbor for the duration of the dead interval, the router is assumed to be down. The minimum interval must be two times the hello interval.

The no form of this command reverts to the default value.

Default 

dead-interval 40

Special Cases 
OSPF Interface—
If the dead-interval configured applies to an interface, then all nodes on the subnet must have the same dead interval.
Virtual Link—
If the dead-interval configured applies to a virtual link, then the interval on both termination points of the virtual link must have the same dead interval.

Sham-link — If the dead-interval configured applies to a sham-link, then the interval on both endpoints of the sham-link must have the same dead interval.

Parameters 
seconds—
The dead interval expressed as a decimal integer.
Values—
2 to 2147483647 seconds

 

graceful-restart

Syntax 
[no] graceful-restart
Context 
config>service>vprn>ospf
Description 

This command enables OSPF graceful restart (GR) to minimize service interruption. When the control plane of a GR-capable router fails or restarts, the neighboring routers (GR helpers) temporarily preserve OSPF forwarding information. Traffic continues to be forwarded to the restarting router using the last known forwarding tables. If the control plane of the restarting router becomes operationally and administratively up within the grace period, the restarting router resumes normal OSPF operation. If the grace period expires, then the restarting router is presumed inactive and the OSPF topology is recalculated to route traffic around the failure.

The no form of this command disables graceful restart and removes the graceful restart configuration from the OSPF instance.

Default 

no graceful-restart

helper-disable

Syntax 
[no] helper-disable
Context 
config>service>vprn>ospf>graceful-restart
config>service>vprn>ospf3>graceful-restart
Description 

This command disables helper support for OSPF graceful restart (GR).

When graceful-restart is enabled, the router can be a helper (meaning that the router is helping a neighbor to restart), a restarting router, or both. The router only supports helper mode. It will not act as a restarting router, because the high availability feature set already preserves OSPF forwarding information such that this functionality is not needed. This command is a historical command and should not be disabled. Configuring helper-disable has the effect of disabling graceful restart, because the router only supports helper mode.

The no helper-disable command enables helper support and is the default when graceful restart is enabled.

Default 

no helper-disable

strict-lsa-checking

Syntax 
[no] strict-lsa-checking
Context 
config>service>vprn>ospf>graceful-restart
config>service>vprn>ospf3>graceful-restart
Description 

This command indicates whether an OSPF restart helper should terminate graceful restart when there is a change to an LSA that would be flooded to the restarting router during the restart process.

The default OSPF behavior is to terminate a graceful restart if an LSA changes, which causes the OSPF neighbor to go down.

The no strict-lsa-checking command disables strict LSA checking.

Default 

strict-lsa-checking

ignore-dn-bit

Syntax 
[no] ignore-dn-bit
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command specifies whether to suppress the setting of the DN bit for OSPF or OSPF3 LSA packets generated by this instance of OSPF or OSPF3 on the router.

The no form of this command enables the OSPF or OSPF3 router to follow the normal procedure to determine whether to set the DN bit.

Default 

no ignore-dn-bit

import

Syntax 
import policy-name [policy-name...(up to 5 max)]
no import
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command applies one or more (up to 5) route polices as OSPF import policies. When a prefix received in an OSPF LSA is accepted by an entry in an OSPF import policy it is installed in the routing table if it is the most preferred route to the destination. When a prefix received in an OSPF LSA is rejected by an entry in an OSPF import policy it is not installed in the routing table, even if it has the lowest preference value among all the routes to that destination. The flooding of LSAs is unaffected by OSPF import policy actions. This command only applies to the 7750 SR.

Default 

If an OSPF route has the lowest preference value among all routes to a destination it is installed in the routing table.

Parameters 
policy-name—
Specifies the import route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

hello-interval

Syntax 
hello-interval seconds
no hello-interval
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the interval between OSPF hellos issued on the interface, virtual link, or sham-link.

The hello interval, in combination with the dead-interval, is used to establish and maintain the adjacency. Use this parameter to edit the frequency that hello packets are sent.

Reducing the interval, in combination with an appropriate reduction in the associated dead-interval, allows for faster detection of link and/or router failures at the cost of higher processing costs.

The no form of this command reverts to the default value.

Default 

hello-interval 10 — a 10-second hello interval

Special Cases 
OSPF Interface—
If the hello-interval configured applies to an interface, then all nodes on the subnet must have the same hello interval.
Virtual Link—
If the hello-interval configured applies to a virtual link, then the interval on both termination points of the virtual link must have the same hello interval.
Sham Link —
If the hello-interval configured applies to a sham-link, then the interval on both endpoints of the sham-link must have the same hello interval.
Parameters 
seconds—
The hello interval in seconds expressed as a decimal integer.
Values—
1 to 65535

 

interface-type

Syntax 
interface-type {broadcast | point-to-point | non-broadcast}
no interface-type
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the interface type to be one of broadcast, point-to-point, or non-broadcast.

Use this command to set the interface type of an Ethernet link to point-to-point to avoid having to carry the broadcast adjacency maintenance overhead if the Ethernet link provided the link is used as a point-to-point.

If the interface type is not known at the time the interface is added to OSPF and subsequently the IP interface is bound (or moved) to a different interface type, this command must be entered manually.

The no form of this command reverts to the default value.

Default 

point-to-point — If the physical interface is SONET.

broadcast — If the physical interface is Ethernet or unknown.

Special Cases 
Virtual-Link—
A virtual link is always regarded as a point-to-point interface and is not configurable.
Parameters 
broadcast—
Configures the interface as a broadcast network. To significantly improve adjacency forming and network convergence, configure the network as point-to-point if only two routers are connected, even if the network is a broadcast media such as Ethernet.
point-to-point—
Configures the interface as a point-to-point link.
non-broadcast—
Configures the interface as a non-broadcast network.

loopfree-alternate-exclude

Syntax 
[no] loopfree-alternate-exclude
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command instructs IGP to not include a specific interface or all interfaces participating in a specific IS-IS level or OSPF area in the SPF LFA computation. This provides a way of reducing the LFA SPF calculation where it is not needed.

When an interface is excluded from the LFA SPF in IS-IS, it is excluded in both level 1 and level 2. When it is excluded from the LFA SPF in OSPF, it is excluded in all areas. However, the above OSPF command can only be executed under the area in which the specified interface is primary and once enabled, the interface is excluded in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

The no form of this command re-instates the default value for this command.

Default 

no loopfree-alternate-exclude

lsa-filter-out

Syntax 
lsa-filter-out [all | except-own-rtrlsa | except-own-rtrlsa-and-defaults]
no lsa-filter-out
Context 
config>router>ospf>area>if
config>router>ospf3>area>if
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command enables filtering of outgoing OSPF LSAs on the selected OSPFv2 or OSPFv3 interface. Three filtering options are provided:

  1. Do not flood any LSAs out the interface. This option is suitable if the neighbor is simply-connected and has a statically configured default route with the address of this interface as next-hop.
  2. Flood the router’s own router-LSA out the interface and suppress all other flooded LSAs. This option is suitable if the neighbor is simply-connected and has a statically configured default route with a loopback or system interface address (contained in the router-LSA) as next-hop.
  3. Flood the router’s own router-LSA and all self-generated type-3, type-5 and type-7 LSAs advertising a default route (0/0) out the interface; suppress all other flooded LSAs. This option is suitable if the neighbor is simply-connected and does not have a statically configured default route.

The no form of this command disables OSPF LSA filtering (normal operation).

Default 

no lsa-filter-out

multicast-import

Syntax 
[no] multicast-import
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables the submission of routes into the multicast Route Table Manager (RTM) by OSPF.

The no form of this command disables the submission of routes into the multicast RTM.

Default 

no multicast-import

message-digest-key

Syntax 
message-digest-key keyid md5 [key | hash-key] [hash | hash2 | custom]
no message-digest-key keyid
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures a message digest key when MD5 authentication is enabled on the interface, virtual-link or sham-link. Multiple message digest keys can be configured.

This command is not valid in the OSPF3 context.

The no form of this command removes the message digest key identified by the key-id.

Default 

No message digest keys are defined.

Parameters 
keyid—
The keyid is expressed as a decimal integer.
Values—
1 to 255

 

md5 key
The MD5 key. The key can be any alphanumeric string up to 16 characters in length.
md5 hash-key—
The MD5 hash key. The key can be any combination of ASCII characters up to 32 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

metric

Syntax 
metric metric
no metric
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
config>service>vprn>ospf>area>sham-link
Description 

This command configures an explicit route cost metric for the OSPF interface that overrides the metrics calculated based on the speed of the underlying link.

The no form of this command deletes the manually configured interface metric, so the interface uses the computed metric based on the reference-bandwidth command setting and the speed of the underlying link.

Default 

no metric

Parameters 
metric—
The metric to be applied to the interface expressed as a decimal integer.
Values—
1 to 65535

 

mtu

Syntax 
mtu mtu-bytes
no mtu
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the OSPF packet size used on this interface. If this parameter is not configured, OSPF derives the MTU value from the MTU configured (default or explicitly) in the following contexts:

config>port>ethernet config>port>sonet-sdh>path config>port>tdm>t3-e3 config>port>tdm>t1-e1>channel-group

If this parameter is configured, the smaller value between the value configured here and the MTU configured (default or explicitly) in an above-mentioned context is used.

To determine the actual packet size add 14 bytes for an Ethernet packet and 18 bytes for a tagged Ethernet packet to the size of the OSPF (IP) packet MTU configured in this command.

Use the no form of this command to revert to default value derived from the MTU configured in the config>port context.

Default 

no mtu

Parameters 
mtu-bytes—
Specifies the MTU to be used by OSPF for this logical interface, in bytes.
Values—
512 to 9786

 

passive

Syntax 
[no] passive
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command adds the passive property to the OSPF interface where passive interfaces are advertised as OSPF interfaces but do not run the OSPF protocol.

By default, only interface addresses that are configured for OSPF will be advertised as OSPF interfaces. The passive parameter allows an interface to be advertised as an OSPF interface without running the OSPF protocol.

While in passive mode, the interface will ignore ingress OSPF protocol packets and not transmit any OSPF protocol packets.

The no form of this command removes the passive property from the OSPF interface.

Default 

passive (service interfaces defined in config>router>service-prefix)

no passive (all other interfaces)

neighbor

Syntax 
[no] neighbor ip-address
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures an OSPF non-broadcast multi-access (NBMA) neighbor. The OSPF interface must be configured as an NBMA interface with the interface-type non-broadcast command. An NBMA network has no broadcast or multicast capabilities, so the router cannot discover its neighbors dynamically. All neighbors must be configured statically with the neighbor command.

In addition to configuring the OSPF NBMA neighbor’s IP address, the neighbor’s MAC address may need to be configured with the config>service>vprn>interface>static-arp command for OSPFv2 neighbors using its IPv4 address, and the config>service>vprn>interface>ipv6>neighbor command for OSPFv3 neighbors using its IPv6 link-local address.

The no form of this command removes the neighbor configuration.

Default 

No OSPF NBMA neighbors are configured.

Parameters 
ip-address—
Specifies the OSPFv2 neighbor’s IPv4 address or the OSPFv3 neighbor’s IPv6 link-local address.
Values—

ipv4-address:

a.b.c.d

ipv6-address:

x:x:x:x:x:x:x:x [-interface]

x:x:x:x:x:x:d.d.d.d [-interface]

x: [0..FFFF]H

d: [0..255]D

interface —32 characters max, for link local addresses.

 

poll-interval

Syntax 
poll-interval seconds
no poll-interval
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the poll interval, in seconds. The poll interval is the time between two Hello packets to a dead (non-adjacent) OSPF NBMA neighbor. The default value of the poll interval timer is higher than the hello interval timer to avoid wasting bandwidth on non-broadcast networks, since OSPF messages are unicast to each configured neighbor. The poll interval timer is used only on non-broadcast interface types and has no effect if configured on other interface types.

The no form of this command removes the poll-interval configuration.

Default 

120

Parameters 
seconds—
Specifies the poll interval, in seconds.
Values—
0 to 4294967295

 

priority

Syntax 
priority number
no priority
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command configures the priority of the OSPF interface that is used to elect the designated router on the subnet.

This parameter is only used if the interface is of type broadcast. The router with the highest priority interface becomes the designated router. A router with priority 0 is not eligible to be the designated router or backup designated router.

The no form of this command resets the interface priority to the default value.

Default 

priority 1

Parameters 
number—
The interface priority expressed as a decimal integer. A value of 0 indicates the router is not eligible to be the Designated Router of Backup Designated Router on the interface subnet.
Values—
0 to 255

 

retransmit-interval

Syntax 
retransmit-interval seconds
no retransmit-interval
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>if
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command specifies the length of time, in seconds, that OSPF will wait before retransmitting an unacknowledged link state advertisement (LSA) to an OSPF neighbor.

The value should be longer than the expected round trip delay between any two routers on the attached network. Once the retransmit-interval expires and no acknowledgment has been received, the LSA will be retransmitted.

The no form of this command reverts to the default interval.

Default 

retransmit-interval 5

Parameters 
seconds—
The retransmit interval in seconds expressed as a decimal integer.
Values—
1 to 3600

 

rib-priority

Syntax 
[no] rib-priority
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command enables RIB prioritization for the OSPF/OSPFv3 protocol. When enabled at the OSPF interface level, all routes learned through the associated OSPF interface will be processed through the OSPF route calculation process at a higher priority.

The no form of rib-priority command disables RIB prioritization at the associated level.

Default 

no rib-priority

transit-delay

Syntax 
transit-delay seconds
no transit-delay
Context 
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
config>service>vprn>ospf>area>virtual-link
config>service>vprn>ospf3>area>virtual-link
config>service>vprn>ospf>area>sham-link
Description 

This command configures the estimated time, in seconds, that it takes to transmit a link state advertisement (LSA) on the interface or virtual link or sham-link.

The no form of this command reverts to the default delay time.

Default 

transit-delay 1

Parameters 
seconds—
The transit delay in seconds expressed as a decimal integer.
Values—
0 to 3600

 

key-rollover-interval

Syntax 
key-rollover-interval key-rollover-interval
Context 
config>service>vprn>ospf3>area
Description 

This command configures the key rollover interval.

The no form of this command reverts to the default.

Default 

key-rollover-interval 10

Parameters 
key-rollover-interval—
Specifies the time, in seconds, after which a key rollover will start.
Values—
10 to 300

 

loopfree-alternate-exclude

Syntax 
[no] loopfree-alternate-exclude
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command specifies whether or not the OSPF/OSPF3 area should be excluded during LFA calculations. When enabled, the OSPF/OSPF3 area is excluded from LFA calculations. When disabled (the default), the OSPF/OSPF3 area is included in LFA calculations.

The no form of this command includes the OSPF/OSPF3 area in LFA calculations.

Default 

no loopfree-alternate-exclude

nssa

Syntax 
[no] nssa
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command creates the context to configure an OSPF Not So Stubby Area (NSSA) and adds/removes the NSSA designation from the area.

NSSAs are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is an NSSA has the capability to flood external routes that it learns throughout its area and via an ABR to the entire OSPF domain.

Existing virtual links of a non-stub or NSSA area will be removed when the designation is changed to NSSA or stub.

An area can be designated as stub or NSSA but never both at the same time.

By default, an area is not configured as an NSSA area.

The no form of this command removes the NSSA designation and configuration context from the area.

Default 

no nssa — The OSPF area is not an NSSA.

originate-default-route

Syntax 
originate-default-route [type-nssa] [adjacency-check]
no originate-default-route
Context 
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description 

This command specifies whether when configuring an NSSA with no summaries, the Area Border Router (ABR) injects a type-7 LSA default route into the NSSA area. The default behavior is to inject a type-3 LSA default route, but some older implementations expect a type-7 LSA default route.

When configuring an NSSA with no summaries, the ABR will inject a type 3 LSA default route into the NSSA area. Some older implementations expect a type 7 LSA default route.

The no form of this command disables origination of a default route.

Default 

no originate-default-route — A default route is not originated.

Parameters 
type-nssa—
Specifies that a type 7 LSA should be used for the default route.

Configure this parameter to inject a type 7 LSA default route into an NSSA configured with no summaries, instead of a type 3 LSA.

To revert to a type 3 LSA, execute the originate-default-route command without the type-nssa parameter.

Default—
type 3 LSA default route
adjacency-check—
Specifies whether adjacency checks are performed before originating a default route. If this parameter is configured, then no area 0 adjacency is required for the ABR to advertise the default route.
Default—
Adjacency checks are performed, and an area 0 adjacency is required for the ABR to advertise the default route

redistribute-external

Syntax 
[no] redistribute-external
Context 
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf3>area>nssa
Description 

This command enables the redistribution of external routes into the Not So Stubby Area (NSSA) or an NSSA area border router (ABR) that is exporting the routes into non-NSSA areas.

NSSA or Not So Stubby Areas are similar to stub areas in that no external routes are imported into the area from other OSPF areas. The major difference between a stub area and an NSSA is that the NSSA has the capability to flood external routes that it learns (providing it is an ASBR) throughout its area and via an Area Border Router to the entire OSPF domain.

The no form of this command disables the default behavior to automatically redistribute external routes into the NSSA area from the NSSA ABR.

Default 

redistribute-external — External routes are redistributed into the NSSA.

summaries

Syntax 
[no] summaries
Context 
config>service>vprn>ospf>area>nssa
config>service>vprn>ospf>area>stub
config>service>vprn>ospf3>area>nssa
Description 

This command enables sending summary (type 3) advertisements into a stub area or Not So Stubby Area (NSSA) on an Area Border Router (ABR). This parameter is particularly useful to reduce the size of the routing and Link State Database (LSDB) tables within the stub or nssa area. By default, summary route advertisements are sent into the stub area or NSSA.

The no form of this command disables sending summary route advertisements and, for stub areas, only the default route is advertised by the ABR.

Default 

summaries — Summary routes are advertised by the ABR into the stub area or NSSA.

stub

Syntax 
[no] stub
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command enables access to the context to configure an OSPF stub area and adds/removes the stub designation from the area. External routing information is not flooded into stub areas. All routers in the stub area must be configured with the stub command. An OSPF area cannot be both an NSSA and a stub area. Existing virtual links of a non STUB or NSSA area will be removed when its designation is changed to NSSA or STUB.

By default, an area is not a stub area.

The no form of this command removes the stub designation and configuration context from the area.

Default 

no stub — The area is not configured as a stub area.

default-metric

Syntax 
default-metric metric
no default-metric
Context 
config>service>vprn>ospf>area>stub
config>service>vprn>ospf3>area>stub
Description 

This command configures the metric used by the area border router (ABR) for the default route into a stub area. The default metric should only be configured on an ABR of a stub area. An ABR generates a default route if the area is a stub area.

The no form of this command reverts to the default value.

Default 

default-metric 1

Parameters 
metric—
The metric expressed as a decimal integer for the default route cost to be advertised into the stub area.
Values—
1 to 16777214

 

virtual-link

Syntax 
[no] virtual-link router-id transit-area area-id
Context 
config>service>vprn>ospf>area
config>service>vprn>ospf3>area
Description 

This command configures a virtual link to connect area border routers to the backbone via a virtual link. The backbone area (area 0.0.0.0) must be contiguous and all other areas must be connected to the backbone area. If it is not practical to connect an area to the backbone (see area 0.0.0.2 in Figure 53), then the area border routers (routers 1 and 2 in Figure 53) must be connected using a virtual link. The two area border routers will form a point-to-point like adjacency across the transit area (area 0.0.0.1 in Figure 53). A virtual link can only be configured while in the area 0.0.0.0 context.

The router-id specified in this command must be associated with the virtual neighbor. The transit area cannot be a stub area or a Not So Stubby Area (NSSA).

The no form of this command deletes the virtual link.

Default 

No virtual link is defined.

Parameters 
router-id—
The router ID of the virtual neighbor in IP address dotted decimal notation.
transit-area area-id
The area-id specified identifies the transit area that links the backbone area with the area that has no physical connection with the backbone.

The OSPF backbone area, area 0.0.0.0, must be contiguous and all other areas must be connected to the backbone area. The backbone distributes routing information between areas. If it is not practical to connect an area to the backbone (see Area 0.0.0.5 in Figure 53) then the area border routers (such as routers Y and Z) must be connected via a virtual link. The two area border routers form a point-to-point-like adjacency across the transit area (see Area 0.0.0.4).

Figure 53:  OSPF Areas 

compatible-rfc1583

Syntax 
[no] compatible-rfc1583
Context 
config>service>vprn>ospf
Description 

This command enables OSPF summary and external route calculations in compliance with RFC 1583 and earlier RFCs.

RFC 1583 and earlier RFCs use a different method to calculate summary and external route costs. To avoid routing loops, all routers in an OSPF domain should perform the same calculation method.

Although it would be favorable to require all routers to run a more current compliance level, this command allows the router to use obsolete methods of calculation.

This command is not supported in OSPF3.

The no form of this command enables the post-RFC1583 method of summary and external route calculation.

Default 

compatible-rfc1583 — RFC 1583 compliance is enabled.

export

Syntax 
export policy-name [policy-name]
no export
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command associates export route policies to determine which routes are exported from the route table to OSPF. Export polices are only in effect if OSPF is configured as an ASBR.

If no export policy is specified, non-OSPF routes are not exported from the routing table manager to OSPF.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default 

no export — No export route policies specified.

Parameters 
policy-name—
Specifies the export route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

The specified name(s) must already be defined.

external-db-overflow

Syntax 
external-db-overflow limit interval
no external-db-overflow
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables limits on the number of non-default AS-external-LSA entries that can be stored in the LSDB and specifies a wait timer before processing these after the limit is exceeded.

The limit value specifies the maximum number of non-default AS-external-LSA entries that can be stored in the link-state database (LSDB). Placing a limit on the non-default AS-external-LSAs in the LSDB protects the router from receiving an excessive number of external routes that consume excessive memory or CPU resources. If the number of routes reach or exceed the limit, the table is in an overflow state. When in an overflow state, the router will not originate any new AS-external-LSAs. In fact, it withdraws all the self-originated non-default external LSAs.

The interval specifies the amount of time to wait after an overflow state before regenerating and processing non-default AS-external-LSAs. The waiting period acts like a dampening period preventing the router from continuously running Shortest Path First (SPF) calculations caused by the excessive number of non-default AS-external LSAs.

The external-db-overflow must be set identically on all routers attached to any regular OSPF area. OSPF stub areas and not-so-stubby areas (NSSAs) are excluded.

The no form of this command disables limiting the number of non-default AS-external-LSA entries.

Default 

no external-db-overflow — No limit on non-default AS-external-LSA entries.

Parameters 
limit—
The maximum number of non-default AS-external-LSA entries that can be stored in the LSDB before going into an overflow state expressed as a decimal integer.
Values—
-1 to 2147483647
Note:

Setting a value of -1 is equivalent to no external-db-overflow.

 

interval—
The number of seconds after entering an overflow state before attempting to process non-default AS-external-LSAs expressed as a decimal integer.
Values—
0 to 2147483647

 

external-preference

Syntax 
external-preference preference
no external-preference
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command configures the preference for OSPF external routes.

A route can be learned by the router from different protocols in which case the costs are not comparable; when this occurs the preference is used to decide which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the following table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of this command reverts to the default value.

Default 

external-preference 150 — OSPF external routes have a default preference of 150.

Parameters 
preference—
The preference for external routes expressed as a decimal integer.

Route Type

Preference

Configurable  

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes 1

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

    Note:

  1. Preference for OSPF internal routes is configured with the preference command.
Values—
1 to 255

 

ignore-dn-bit

Syntax 
[no] ignore-dn-bit
Context 
config>service>vprn>ospf
Description 

This command specifies whether to ignore the DN bit for OSPF LSA packets for this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets will be ignored. When disabled, the DN bit will not be ignored for OSPF LSA packets.

loopfree-alternates

Syntax 
[no] loopfree-alternates
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enables Loop-Free Alternate (LFA) computation by SPF under the IS-IS routing protocol level, or under the OSPF routing protocol instance level.

When this command is enabled, it instructs the IGP SPF to attempt to pre-compute both a primary next-hop and an LFA next-hop for every learned prefix. IS-IS computes the primary SPF first and then computes the LFA SPF. The LFA backup next-hop is only available after the LFA SPF is completed. When found, the LFA next-hop is populated into the routing table along with the primary next-hop for the prefix.

The no form of this command disables the LFA computation by IGP SPF.

Default 

no loopfree-alternates

exclude

Syntax 
exclude
Context 
config>service>vprn>ospf>loopfree-alternates
config>service>vprn>ospf3>loopfree-alternates
Description 

This command excludes from LFA SPF calculation prefixes that match a prefix entry or a tag entry in a prefix policy.

The implementation already allows the user to exclude an interface in IS-IS or OSPF, an OSPF area, or an IS-IS level from the LFA SPF.

If a prefix is excluded from LFA, then it will not be included in LFA calculation regardless of its priority. The prefix tag will, however, be used in the main SPF.

Note:

Prefix tags are defined for the IS-IS protocol but not for the OSPF protocol.

The default action of the exclude command, when not explicitly specified by the user in the prefix policy, is a “reject”. Thus, regardless if the user did or did not explicitly add the statement “default-action reject” to the prefix policy, a prefix that did not match any entry in the policy will be accepted into LFA SPF.

The no form of this command deletes the exclude prefix policy.

Default 

no exclude

prefix-policy

Syntax 
[no] prefix-policy prefix-policy [prefix-policy]
Context 
config>service>vprn>ospf>loopfree-alternates>exclude
config>service>vprn>ospf3>loopfree-alternates>exclude
Description 

This command specifies the name of the policy for the prefixes to exclude from the LFA SPF calculation in this OSPF or OSPF3 instance.

The no form of this command deletes the exclude prefix policy.

Default 

no prefix-policy

Parameters 
prefix-policy prefix-policy—
Specifies the name of the prefix policy, up to 32 characters. Up to five prefix policies can be specified. The specified name must have been already defined.

overload

Syntax 
overload [timeout seconds]
no overload
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command changes the overload state of the local router so that it appears to be overloaded. When overload is enabled, the router can participate in OSPF routing, but is not used for transit traffic. Traffic destined to directly attached interfaces continue to reach the router.

To put the IGP in an overload state enter a timeout value. The IGP will enter the overload state until the timeout timer expires or a no overload command is executed.

If the overload command is encountered during the execution of an overload-on-boot command then this command takes precedence. This could occur as a result of a saved configuration file where both parameters are saved. When the file is saved by the system the overload-on-boot command is saved after the overload command.

Use the no form of this command to return to the default. When the no overload command is executed, the overload state is terminated regardless the reason the protocol entered overload state.

Default 

no overload

Parameters 
timeout seconds—
Specifies the number of seconds to reset overloading.
Values—
60 to1800

 

Default—
60

if-attribute

Syntax 
if-attribute
Context 
config>router
config>router>if
config>service>ies>if
config>service>vprn>if
Description 

This command creates the context to configure or apply IP interface attributes such as administrative group (admin-group) or Shared Risk Loss Group (SRLG).

admin-group

Syntax 
admin-group group-name [group-name...(up to 5 max)]
no admin-group group-name [group-name...(up to 5 max)]
no admin-group
Context 
config>router>if>if-attribute
config>service>ies>if>if-attribute
config>service>vprn>if>if-attribute
config>router>mpls>if
Description 

This command configures the admin group membership of an interface. The user can apply admin groups to an IES, VPRN, network IP, or MPLS interface.

Each single operation of the admin-group command allows a maximum of five (5) groups to be specified at a time. However, a maximum of 32 groups can be added to a given interface through multiple operations. Once an admin group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured admin-group membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the admin groups bound to an MPLS interface are advertised in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the admin-group memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group with up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain.

srlg-group

Syntax 
srlg-group group-name [group-name...(up to 5 max)]
no srlg-group group-name [group-name...(up to 5 max)]
no srlg-group
Context 
config>router>if>if-attribute
config>service>ies>if>if-attribute
config>service>vprn>if>if-attribute
config>router>mpls>if
Description 

This command configures the SRLG membership of an interface. The user can apply SRLGs to an IES, VPRN, network IP, or MPLS interface.

An interface can belong to up to 64 SRLG groups. However, each single operation of the srlg-group command allows a maximum of five (5) groups to be specified at a time. Once an SRLG group is bound to one or more interface, its value cannot be changed until all bindings are removed.

The configured SRLG membership will be applied in all levels/areas the interface is participating in. The same interface cannot have different memberships in different levels/areas.

Only the SRLGs bound to an MPLS interface are advertised in TE link TLVs and sub-TLVs when the traffic-engineering option is enabled in IS-IS or OSPF. IES and VPRN interfaces do not have their attributes advertised in TE TLVs.

The no form of this command deletes one or more of the SRLG memberships of an interface. The user can also delete all memberships of an interface by not specifying a group name.

Parameters 
group-name—
Specifies the name of the group, up to 32 characters. The association of group name and value should be unique within an IP/MPLS domain.

lfa-policy-map

Syntax 
lfa-policy-map route-nh-template template-name
no lfa-policy-map
Context 
config>router>ospf>area>if
config>router>ospf3>area>if
config>router>isis>if
config>service>vprn>ospf>area>if
config>service>vprn>ospf3>area>if
Description 

This command applies a route next-hop policy template to an OSPF or IS-IS interface.

When a route next-hop policy template is applied to an interface in IS-IS, it is applied in both level 1 and level 2. When a route next-hop policy template is applied to an interface in OSPF, it is applied in all areas. However, the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the interface is secondary. If the user attempts to apply it to an area where the interface is secondary, the command fails.

If the user excluded the interface from LFA using the command loopfree-alternate-exclude, the LFA policy, if applied to the interface, has no effect.

Finally, if the user applied a route next-hop policy template to a loopback interface or to the system interface, the command will not be rejected, but it results in no action being taken.

The no form deletes the mapping of a route next-hop policy template to an OSPF or IS-IS interface.

Parameters 
template-name—
Specifies the name of the template, up to 32 characters.

overload-include-ext-1

Syntax 
[no] overload-include-ext-1
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command controls whether routes should be re-advertised with a maximum metric value when the system goes into overload state for any reason. When this command is enabled and the router is in overload, all external type-1 routes are advertised with the maximum metric.

The no form of this command reverts to the default value.

Default 

no overload-include-ext-1

overload-include-ext-2

Syntax 
[no] overload-include-ext-2
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command controls whether external type-2 routes should be re-advertised with a maximum metric value when the system goes into overload state for any reason. When this command is enabled and the router is in overload, all external type-2 routes is advertised with the maximum metric.

The no form of this command reverts to the default value.

Default 

no overload-include-ext-2

overload-include-stub

Syntax 
[no] overload-include-stub
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command controls whether the OSPF stub networks should be advertised with a maximum metric value when the system goes into overload state for any reason. When enabled, the system uses the maximum metric value. When this command is enabled and the router is in overload, all stub interfaces, including loopback and system interfaces, will be advertised at the maximum metric.

The no form of this command reverts to the default value.

Default 

no overload-include-stub

overload-on-boot

Syntax 
overload-on-boot [timeout seconds]
no overload
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

When the router is in an overload state, the router is used only if there is no other router to reach the destination. This command configures the IGP upon bootup in the overload state until one of the following events occur:

  1. The timeout timer expires.
  2. A manual override of the current overload state is entered with the no overload command.

The no overload command does not affect the overload-on-boot function.

The no form of this command removes the overload-on-boot functionality from the configuration.

Default 

no overload-on-boot

Parameters 
timeout seconds—
Specifies the number of seconds to reset overloading.
Values—
60 to1800

 

Default—
60

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command configures the preference for OSPF internal routes.

A route can be learned by the router from different protocols in which case the costs are not comparable, when this occurs the preference is used to decide to which route will be used.

Different protocols should not be configured with the same preference, if this occurs the tiebreaker is per the default preference table as defined in the following table. If multiple routes are learned with an identical preference using the same protocol, the lowest cost route is used.

If multiple routes are learned with an identical preference using the same protocol and the costs (metrics) are equal, then the decision of what route to use is determined by the configuration of the ecmp in the config>router context.

The no form of this command reverts to the default value.

Default 

preference 10 — OSPF internal routes have a preference of 10.

Parameters 
preference—
The preference for internal routes expressed as a decimal integer. Defaults for different route types are listed in the following table.

Route Type

Preference

Configurable

Direct attached

0

No

Static routes

5

Yes

OSPF internal

10

Yes 1

IS-IS level 1 internal

15

Yes

IS-IS level 2 internal

18

Yes

RIP

100

Yes

OSPF external

150

Yes

IS-IS level 1 external

160

Yes

IS-IS level 2 external

165

Yes

BGP

170

Yes

    Note:

  1. Preference for OSPF internal routes is configured with the preference command.
Values—
1 to 255

 

reference-bandwidth

Syntax 
reference-bandwidth bandwidth-inkbps
reference-bandwidth [zbps Zetta-bps] [ebps Exa-bps] [pbps Peta-bps] [tbps Tera-bps] [gbps Giga-bps] [mbps Mega-bps] [kbps Kilo-bps]
no reference-bandwidth
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command configures the reference bandwidth in kilobits per second (kb/s) that provides the reference for the default costing of interfaces based on their underlying link speed.

The default interface cost is calculated as follows:

cost = reference–bandwidth ÷ bandwidth

The default reference-bandwidth is 100,000,000 kb/s or 100 Gb/s, so the default auto-cost metrics for various link speeds are as follows:

  1. 10 Mb/s link default cost of 10000
  2. 100 Mb/s link default cost of 1000
  3. 1 Gb/s link default cost of 100
  4. 10 Gb/s link default cost of 10
  5. 40 Gb/s link default cost of 2
  6. 100 Gb/s link default cost of 1
  7. 400 Gb/s link default cost of 1
Note:

The default reference-bandwidth value must be manually configured to a higher value if interface speeds are greater than 100 Gb/s, and metrics based on link speed are used. When the default reference-bandwidth value is used, a metric of 1 is set on all interface speeds ≥ 100 Gb/s. For example, 100 GE, 100 GE LAG, 400 GE, and 400 GE LAG interfaces will all have a metric of 1.

If the reference bandwidth is configured as 10 Gb (reference-bandwidth 10000000000), a 100 Mb/s interface has a default metric of 100.

When a very large reference bandwidth value is configured, a metric calculation may result in a value higher than the supported protocol cost value. If this occurs, OSPF automatically reverts to the maximum configurable cost metric.

The reference-bandwidth command assigns a default cost to the interface based on the interface speed. To override this default cost on a particular interface, use the metric metric command configured in the config>router>ospf>area>if ip-int-name context.

The no form of this command reverts the reference-bandwidth to the default value.

Default 

reference-bandwidth 100000000

Parameters 
bandwidth-in-kbps—
Specifies the reference bandwidth in kilobits per second expressed as a decimal integer.
Values—
1 to 4000000000

 

tbps Tera-bps—
Specifies the reference bandwidth in terabits per second expressed as a decimal integer.
Values—
1 to 4

 

gbps Giga-bps
Specifies the reference bandwidth in gigabits per second expressed as a decimal integer.
Values—
1 to 999

 

mbps Mega-bps
Specifies the reference bandwidth in megabits per second expressed as a decimal integer.
Values—
1 to 999

 

kbps Kilo-bps
Specifies the reference bandwidth in kilobits per second expressed as a decimal integer.
Values—
1 to 999

 

rib-priority

Syntax 
rib-priority {high} prefix-list-name
no rib-priority
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enabled RIB prioritization for the OSPF protocol and specifies the prefix list that will be used to select the specific routes that should be processed through the OSPF route calculation process at a higher priority.

The no form of rib-priority command disables RIB prioritization at the associated level.

Default 

no rib-priority

Parameters 
prefix-list-name—
Specifies the prefix list which is used to select the routes that are processed at a higher priority through the route calculation process.

rtr-adv-lsa-limit

Syntax 
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent]
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout forever
rtr-adv-lsa-limit [1..4294967295] [log-only] [threshold percent] overload-timeout seconds
no rtr-adv-lsa-limit
Context 
config>service>vprn>ospf
Description 

This command configures the maximum number of LSAs OSPF can learn from another router, in order to protect the system from a router that accidentally advertises a large number of LSAs. When the number of advertised LSAs reaches the configured percentage of this limit, an SNMP trap is sent. If the limit is exceeded, OSPF goes into overload.

The overload-timeout option allows the administrator to control how long OSPF is in overload as a result of the advertised LSA limit being reached. At the end of this duration of time the system automatically attempts to restart OSPF. One possible value for the overload-timeout is forever, which means OSPF is never restarted automatically and this corresponds to the default behavior when the overload-timeout option is not configured.

The no form of this command removes the rtr-adv-lsa-limit.

Default 

rtr-adv-lsa-limit forever

Parameters 
log-only—
Enables the warning message to be sent at the specified threshold percentage, and also when the limit is exceeded. However, overload is not set.
percent—
The threshold value (as a percentage) that triggers a warning message to be sent.
Values—
0 to 100

 

seconds—
Specifies duration in seconds before restarting OSPF.
Values—
1 to 1800

 

super-backbone

Syntax 
[no] super-backbone
Context 
config>service>vprn>ospf
Description 

This command specifies whether CE-PE functionality is required or not. The OSPF super backbone indicates the type of the LSA generated as a result of routes redistributed into OSPF. When enabled, the redistributed routes are injected as summary, external or NSSA LSAs. When disabled, the redistributed routes are injected as either external or NSSA LSAs only.

Default 

no super-backbone

suppress-dn-bit

Syntax 
[no] suppress-dn-bit
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command specifies whether to suppress the setting of the DN bit for OSPF LSA packets generated by this instance of OSPF on the router. When enabled, the DN bit for OSPF LSA packets generated by this instance of the OSPF router will not be set. When disabled, this instance of the OSPF router will follow the normal procedure to determine whether to set the DN bit.

Default 

no suppress-dn-bit

timers

Syntax 
timers
Context 
config>service>vprn>ospf
config>service>vprn>ospf3
Description 

This command enters the context that allows for the configuration of OSPF timers. Timers control the delay between receipt of a link state advertisement (LSA) requiring a Dijkstra (Shortest Path First (SPF)) calculation and the minimum time between successive SPF calculations.

Changing the timers affect CPU utilization and network reconvergence times. Lower values reduce convergence time but increase CPU utilization. Higher values reduce CPU utilization but increase reconvergence time.

incremental-spf-wait

Syntax 
incremental-spf-wait incremental-spf-wait
no incremental-spf-wait
Context 
config>router>ospf>timers
config>router>ospf3>timers
Description 

This command sets the delay before an incremental SPF calculation is performed when LSA types 3, 4, 5, or 7 are received. This allows multiple updates to be processed in the same SPF calculation. Type 1 or type 2 LSAs are considered a topology change and will always trigger a full SPF calculation.

The no form of this command resets the timer value back to the default value.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default 

incremental-spf-wait 1000

Parameters 
incremental-spf-wait—
Specifies the OSPF incremental SPF calculation delay, in milliseconds.
Values—
0 to 1000

 

lsa-accumulate

Syntax 
lsa-accumulate lsa-accum-time
no lsa-accumulate
Context 
config>router>ospf>timers
config>router>ospf3>timers
Description 

This commands sets the internal OSPF delay to allow for the accumulation of multiple LSA so OSPF messages can be sent as efficiently as possible. The lsa-accumulate timer applies to all LSAs, except Type 1 and Type 2 LSAs which are sent immediately.

LSAs are accumulated and then sent when:

  1. Its size reaches the MTU size of the interface.
  2. A new LSA is received on the interface.
  3. The lsa-accumulate timer expires.

Shorting this delay can speed up the advertisement of LSAs to OSPF neighbors but may increase the number of OSPF messages sent.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default 

lsa-accumulate 1000

Parameters 
lsa-accum-time—
Specifies the LSA accumulation delay in milliseconds.
Values—
0 to 1000

 

lsa-arrival

Syntax 
lsa-arrival lsa-arrival-time
no lsa-arrival
Context 
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description 

This parameter defines the minimum delay that must pass between receipt of the same Link State Advertisements (LSAs) arriving from neighbors.

It is recommended that the neighbor’s configured lsa-generate lsa-second-wait interval is equal to or greater than the lsa-arrival timer configured here.

Use the no form of this command to return to the default.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default 

lsa-arrival 1000

Parameters 
lsa-arrival-time—
Specifies the timer in milliseconds.
Values—
0 to 600000

 

lsa-generate

Syntax 
lsa-generate max-lsa-wait [lsa-initial-wait lsa-initial-wait [lsa-second-wait lsa-second-wait]]
no lsa-generate-interval
Context 
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description 

This parameter customizes the throttling of OSPF LSA-generation. Timers that determine when to generate the first, second, and subsequent LSAs can be controlled with this command. Subsequent LSAs are generated at increasing intervals of the lsa-second-wait timer until a maximum value is reached.

Configuring the lsa-arrival interval to equal or less than the lsa-second-wait interval configured in the lsa-generate command is recommended.

The no form of this command reverts to the default.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Parameters 
max-lsa-wait—
Specifies the maximum interval, in milliseconds, between two consecutive occurrences of an LSA being generated.
Values—
10 to 600000

 

Default—
5000
lsa-initial-wait—
Specifies the first waiting period between link-state advertisements (LSA) originate(s), in milliseconds. When the LSA exceeds the lsa-initial-wait timer value and the topology changes, there is no wait period and the LSA is immediately generated.

When an LSA is generated, the initial wait period commences. If, within the specified lsa-initial-wait period and another topology change occurs, then the lsa-initial-wait timer applies.

Values—
10 to 600000

 

Default—
5000
lsa-second-wait—
Specifies the hold time in milliseconds between the first and second LSA generation. The next topology change is subject to this second wait period. With each subsequent topology change, the wait time doubles (this is 2x the previous wait time). This assumes that each failure occurs within the relevant wait period.
Values—
10 to 600000

 

Default—
5000

redistribute-delay

Syntax 
redistribute-delay redist-wait
no redistribute-delay
Context 
config>router>ospf>timers
config>router>ospf3>timers
Description 

This command sets the internal OSPF hold down timer for external routes being redistributed into OSPF.

Shorting this delay can speed up the advertisement of external routes into OSPF but can result in additional OSPF messages if that source route is not yet stable.

The no redistribute-delay form of this command resets the timer value back to the default value.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Default 

redistribute-delay 1000

Parameters 
redist-wait—
Specifies the OSPF redistribution hold down timer, in milliseconds, for external routes being advertised into OSPF.
Values—
0 to 1000

 

spf-wait

Syntax 
spf-wait max-spf-wait [spf-initial-wait spf-initial-wait] [spf-second-wait spf-second-wait]
no spf-wait
Context 
config>service>vprn>ospf>timers
config>service>vprn>ospf3>timers
Description 

This command defines the maximum interval between two consecutive SPF calculations in milliseconds. Timers that determine when to initiate the first, second, and subsequent SPF calculations after a topology change occurs can be controlled with this command. Subsequent SPF runs (if required) will occur at exponentially increasing intervals of the spf-second-wait interval. For example, if the spf-second-wait interval is 1000, then the next SPF will run after 2000 milliseconds, and then next SPF will run after 4000 milliseconds, and so on, until it reaches the spf-wait value. The SPF interval will stay at the spf-wait value until there are no more SPF runs scheduled in that interval. After a full interval without any SPF runs, the SPF interval will drop back to spf-initial-wait.

Use the no form of this command to return to the default.

Note:

The timer granularity is 10 ms if the value is less than 500 ms, and 100 ms if the value is ≥ 500 ms. Timer values are rounded down to the nearest granularity, for example a configured value of 550 ms is internally rounded down to 500 ms.

Parameters 
max-spf-wait—
Specifies the maximum interval in milliseconds between two consecutive SPF calculations.
Values—
10 to 120000

 

Default—
10000
spf-initial-wait —
Specifies the initial SPF calculation delay in milliseconds after a topology change.
Values—
10 to 100000

 

Default—
1000
spf-second-wait —
Specifies the hold time in milliseconds between the first and second SPF calculation.
Values—
10 to 100000

 

Default—
1000

unicast-import-disable

Syntax 
[no] unicast-import-disable
Context 
config>service>vprn>ospf
Description 

This command allows one IGP to import its routes into RPF RTM while another IGP imports routes only into the unicast RTM.

Import policies can redistribute routes from an IGP protocol into the RPF RTM (the multicast routing table). By default, the IGP routes will not be imported into RPF RTM as such an import policy must be explicitly configured

Default 

no unicast-import-disable

vpn-domain

Syntax 
vpn-domain [type {0005 | 0105 | 0205 | 8005}] id id
no vpn-domain
Context 
config>service>vprn>ospf
Description 

This command specifies type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance. The parameters are mandatory and can be entered in either order. This command is not applicable in the config>service>vprn>ospf3 context.

This command is not supported in OSPF3.

Default 

no vpn-domain

Parameters 
id—
Specifies the OSPF VPN domain in the “xxxx.xxxx.xxxx” format. This is exchanged using BGP in the extended community attribute associated with a prefix. This object applies to VPRN instances of OSPF only.
type—
Specifies the type of the extended community attribute exchanged using BGP to carry the OSPF VPN domain ID.
Values—
0005, 0105, 0205, 8005

 

vpn-tag

Syntax 
vpn-tag vpn-tag
no vpn-tag
Context 
config>service>vprn>ospf
Description 

This command specifies the route tag for an OSPF VPN on a PE router. This field is set in the tag field of the OSPF external LSAs generated by the PE. This is mainly used to prevent routing loops. This applies to VPRN instances of OSPF only. An attempt to modify the value of this object will result in an inconsistent value error when is not a VPRN instance.

This command is not supported in OSPF3.

Default 

vpn-tag 0

3.8.2.30. PIM Commands

pim

Syntax 
[no] pim
Context 
config>service>vprn
Description 

This command configures a Protocol Independent Multicast (PIM) instance in the VPRN service. When an PIM instance is created, the protocol is enabled. PIM is used for multicast routing within the network. Devices in the network can receive the multicast feed requested and non-participating routers can be pruned. The router supports PIM sparse mode (PIM-SM).

The no form of this command deletes the PIM protocol instance removing all associated configuration parameters.

apply-bgp-nh-override

Syntax 
[no] apply-bgp-nh-override
Context 
config>service>vprn>pim
Description 

This command forces the RPF check to be performed via IPv4 VPN AF next-hop and not via IPv4 VPN AF VRF import extended community.

Default 

no apply-bgp-nh-override

apply-to

Syntax 
apply-to {all | none}
Context 
config>service>vprn>pim
Description 

This command creates a PIM interface with default parameters.

If a manually created interface or modified interface is deleted, the interface will be recreated when the apply-to command is executed. If PIM is not required on a specific interface, then execute a shutdown command.

The apply-to command is saved first in the PIM configuration structure, all subsequent commands either create new structures or modify the defaults as created by the apply-to command.

Default 

apply-to none

Parameters 
all—
Specifies that all VPRN and non-VPRN interfaces are automatically applied in PIM.
none—
No interfaces are automatically applied in PIM. PIM interfaces must be manually configured.

grt-extranet

Syntax 
[no] grt-extranet
Context 
config>service>vprn>pim
Description 

This command enters the context to configure GRT/VRF extranet for this MVPN instance.

group-prefix

Syntax 
group-prefix ip-address/mask [ip-address/mask...(up to 8 max)] [starg]
group-prefix any
no group-prefix ip-address/mask
no group-prefix any
Context 
config>service>vprn>pim>rpf-select>grt-extranet
Description 

This command configures multicast group IPv4 prefixes for the multicast GRT/VRF with per group mapping extranet functionality. Multiple lines are allowed. Duplicate prefixes are ignored. Operator can either configure specific groups for extranet or specify all groups by using key-word any. The two options are mutually exclusive in configuration.

When the starg option is specified, extranet functionality is enabled for PIM ASM as for the specified group. When the option is not specified (not recommended with PIM ASM), the PIM ASM join will be mapped and data plane will be established, but the control plane will not be updated on SPT switchover, unless the switchover is driven by a CPE router on a receiver side.

The no form of this command deletes specified prefix from the list, or removes mapping of all prefixes if group-prefix any was specified.

Parameters 
ip-address/mask —
Specifies the IPv4 multicast address prefix with mask.

import

Syntax 
import {join-policy | register-policy} policy-name [policy-name ...(up to 5 max)]
no import {join-policy | register-policy}
Context 
config>service>vprn>pim
Description 

This command specifies the import route policy to be used for determining which routes are accepted from peers. Route policies are configured in the config>router>policy-options context. When an import policy is not specified, BGP routes are accepted by default.

The no form of this command removes the policy association from the IGMP instance.

Default 

no import join-policy

no import register-policy

Parameters 
join-policy—
Use this command to filter PIM join messages which prevents unwanted multicast streams from traversing the network.
register-policy—
This keyword filters register messages. PIM register filters prevent register messages from being processed by the RP. This filter can only be defined on an RP. When a match is found, the RP immediately sends back a register-stop message.
policy-name—
Specifies the route policy name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. Route policies are configured in the config>router>policy-options context.

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>pim
Description 

This command enables PIM on an interface and enables the context to configure interface-specific parameters. By default interfaces are activated in PIM based on the apply-to command, and do not have to be configured on an individual basis unless the default values must be changed.

The no form of this command deletes the PIM interface configuration for this interface. If the apply-to command parameter is configured, then the no interface form must be saved in the configuration to avoid automatic (re)creation after the next apply-to is executed as part of a reboot.

The shutdown command can be used to disable an interface without removing the configuration for the interface.

Default 

Interfaces are activated in PIM based on the apply-to command.

Parameters 
ip-int-name—
Specifies the interface name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

assert-period

Syntax 
assert-period assert-period
no assert-period
Context 
config>service>vprn>pim>if
Description 

This command configures the period in seconds for periodic refreshes of PIM Assert messages on an interface.

The no form of this command reverts to the default.

Default 

assert-period 60

Parameters 
assert-period—
Specifies the period, in seconds, for periodic refreshes of PIM Assert messages on an interface.
Values—
1 to 300

 

bfd-enable

Syntax 
[no] bfd-enable [ipv4 | ipv6]
Context 
config>service>vprn>pim>if
Description 

This command enables the use of bi-directional forwarding (BFD) to control the state of the associated protocol interface. By enabling BFD on a given protocol interface, the state of the protocol interface is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set via the BFD command under the IP interface.

The no form of this command removes BFD from the associated IGP protocol adjacency.

Default 

no bfd-enable

bsm-check-rtr-alert

Syntax 
[no] bsm-check-rtr-alert
Context 
config>service>vprn>pim>if
Description 

This command enables the checking of router alert option in the bootstrap messages received on this interface.

Default 

no bsm-check-rtr-alert

hello-interval

Syntax 
hello-interval hello-interval
no hello-interval
Context 
config>service>vprn>pim>if
Description 

This command configures the frequency at which PIM Hello messages are transmitted on this interface.

The no form of this command resets the configuration to the default value.

Default 

hello-interval 30

Parameters 
hello-interval—
Specifies the hello interval in seconds. A 0 (zero) value disables the sending of Hello messages (the PIM neighbor will never timeout the adjacency).
Values—
0 to 255 seconds

 

hello-multiplier

Syntax 
hello-multiplier deci-units
no hello-multiplier
Context 
config>service>vprn>pim>if
Description 

This command configures the multiplier to determine the holdtime for a PIM neighbor on this interface.

The hello-multiplier in conjunction with the hello-interval determines the holdtime for a PIM neighbor.

Default 

hello-multiplier 35

Parameters 
deci-units—
Specify the value, specified in multiples of 0.1, for the formula used to calculate the holdtime based on the hello-multiplier:

(hello-interval * hello-multiplier) / 10

This allows the PIMv2 default hello-multiplier of 3.5 and the default timeout of 105 seconds to be supported.

Values—
20 to 100

 

improved-assert

Syntax 
[no] improved-assert
Context 
config>service>vprn>pim>if
Description 

This command enables improved assert processing on this interface. The PIM assert process establishes a forwarder for a LAN and requires interaction between the control and forwarding planes.

The assert process is started when data is received on an outgoing interface. This could impact performance if data is continuously received on an outgoing interface.

When enabled, the PIM assert process is done entirely on the control-plane with no interaction between the control and forwarding plane.

Default 

improved-assert

instant-prune-echo

Syntax 
[no] instant-prune-echo
Context 
config>service>vprn>pim>if
Description 

This command enables PIM to send an instant prune echo when the router starts the prune pending timer for a group on the interface. All downstream routers will see the prune message immediately, and can send a join override if they are interested in receiving the group. Configuring instant-prune-echo is recommended on broadcast interfaces with more than one PIM neighbor to optimize multicast convergence.

The no form of this command disables instant Prune Echo on the PIM interface.

Default 

no instant-prune-echo

max-groups

Syntax 
max-groups value
no max-groups
Context 
config>service>vprn>pim>if
Description 

This command configures the maximum number of groups for which PIM can have downstream state based on received PIM Joins on this interface. This does not include IGMP local receivers on the interface. When this configuration is changed dynamically to a value lower than the currently accepted number of groups, the groups that are already accepted are not deleted. Only new groups will not be allowed. When this object has a value of 0, there is no limit to the number of groups.

Parameters 
value—
Specifies the maximum number of groups for this interface.
Values—
1 to 16000

 

monitor-oper-group

Syntax 
monitor-oper-group group-name family {ipv4 | ipv6} add [1..4294967295]
monitor-oper-group group-name family {ipv4 | ipv6} set [1..4294967295]
monitor-oper-group group-name family {ipv4 | ipv6} subtract [1..4294967295]
no monitor-oper-group [family {ipv4 | ipv6}]
Context 
config>service>vprn>pim>if
Description 

This command configures PIM to monitor the state of an operational group to provide a redundancy mechanism. PIM monitors the operational group and changes its DR priority to the specified value when the status of the operational group is up. This enables the router to become the PIM DR only when the operational group is up. If the operational group status changes to down, PIM changes its DR priority to the default or the value configured with priority under config>service>vprn>pim>if. The oper-group group-name must already be configured under the config>service context before its name is referenced in this command. Two operational groups are supported per PIM interface.

The no form of this command removes the operational group from the configuration.

Parameters 
group-name—
Specifies the operational group identifier up to 32 characters in length.
family—
Specifies the address family.
ipv4—
Specifies the IPv4 designated router priority.
ipv6—
Specifies the IPv6 designated router priority.
add—
Specifies that the value is to be added to the existing priority to become the designated router.
subtract—
Specifies that the value is to be subtracted from the existing priority to become the designated router.
set—
Specifies the priority to become the designated router.
value—
Specifies the priority modifier expressed as a decimal integer.
Values—
1 to 4294967295

 

multicast-senders

Syntax 
multicast-senders {auto | always | never}
no multicast-senders
Context 
config>service>vprn>pim>if
Description 

This command configures the way subnet matching is done for incoming data packets on this interface. An IP multicast sender is an user entity to be authenticated in a receiving host.

Parameters 
auto—
Subnet matching is automatically performed for incoming data packets on this interface.
always—
Subnet matching is always performed for incoming data packets on this interface.
never—
Subnet matching is never performed for incoming data packets on this interface.

p2mp-ldp-tree-join

Syntax 
p2mp-ldp-tree-join
p2mp-ldp-tree-join ipv4
p2mp-ldp-tree-join ipv6
p2mp-ldp-tree-join ipv4 ipv6
no p2mp-ldp-tree-join [ipv4] [ipv6]
Context 
config>service>vprn>pim>if
Description 

This command configures the option to join P2MP LDP tree towards the multicast source for the VPRN service. If p2mp-ldp-tree-join is enabled, a PIM multicast join received on an interface is processed to join P2MP LDP LSP using the in-band signaled P2MP tree for the same multicast flow. LDP P2MP tree is setup towards the multicast source. Route to source of the multicast node is looked up from the RTM. The next-hop address for the route to source is set as the root of LDP P2MP tree.

The no form of command disables joining P2MP LDP tree for IPv4 or IPv6 or both (if both or none is specified).

Default 

no p2mp-ldp-tree-join

Parameters 
ipv4—
Enables dynamic mLDP in-band signaling for IPv4 PIM joins. IPv4 multicast must be enabled; see ipv4-multicast-disable. For backward compatibility p2mp-ldp-tree-join is equivalent to p2mp-ldp-tree-join ipv4.
ipv6—
Enables dynamic mLDP in-band signaling for IPv6 PIM joins. IPv6 multicast must be enabled; see ipv6-multicast-disable.

priority

Syntax 
priority dr-priority
no priority
Context 
config>service>vprn>pim>if
Description 

This command sets the priority value to become the rendezvous point (RP) that is included in bootstrap messages sent by the router. The RP is sometimes called the bootstrap router. The priority command indicates whether the router is eligible to be a bootstrap router.

The no form of this command disqualifies the router to participate in the bootstrap election.

Default 

priority 1 (The router is the least likely to become the designated router.)

Parameters 
dr-priority—
Specifies the priority to become the designated router. The higher the value, the higher the priority.
Values—
1 to 4294967295

 

sticky-dr

Syntax 
sticky-dr [priority dr-priority]
no sticky-dr
Context 
config>service>vprn>pim>if
Description 

This command enables sticky-dr operation on this interface. When enabled, the priority in PIM hellos sent on this interface when elected as the designated router (DR) is modified to the value configured in dr-priority. This is done to avoid the delays in forwarding caused by DR recovery, when switching back to the old DR on a LAN when it comes back up.

By enabling sticky-dr on this interface, it will continue to act as the DR for the LAN even after the old DR comes back up.

The no form of this command disables sticky-dr operation on this interface.

Default 

no sticky-dr

Parameters 
priority dr-priority
Sets the DR priority to be sent in PIM Hello messages following the election of that interface as the DR, when sticky-dr operation is enabled.
Values—
1 to 4294967295

 

three-way-hello

Syntax 
[no] three-way-hello
Context 
config>service>vprn>pim>if
Description 

This command configures the compatibility mode for enabling the three way hello.

tracking-support

Syntax 
[no] tracking-support
Context 
config>service>vprn>pim>if
Description 

This command sets the T bit in the LAN Prune Delay option of the Hello Message. This indicates the router's capability to disable Join message suppression.

Default 

no tracking-support

ipv4-multicast-disable

Syntax 
[no] ipv4-multicast-disable
Context 
config>service>vprn>pim
config>service>vprn>pim>if
Description 

This command administratively disables/enables PIM operation for IPv4.

Default 

no ipv4-multicast-disable

ipv6-multicast-disable

Syntax 
ipv6-multicast-disable
Context 
config>service>vprn>pim
config>service>vprn>pim>if
Description 

This command administratively disables/enables PIM operation for IPv6.

Default 

ipv6-multicast-disable (config>service>vprn>pim)

no ipv6-multicast-disable (config>service>vprn>pim>if)

mc-ecmp-balance

Syntax 
[no] mc-ecmp-balance
Context 
config>service>vprn>pim
Description 

This command enables multicast balancing of traffic over ECMP links based on the number of (S, G) distributed over each link. When enabled, each new multicast stream that needs to be forwarded over an ECMP link is compared to the count of (S, G) already using each link, so that the link with the fewest (S, G) is chosen.

This command cannot be used together with the mc-ecmp-hashing-enabled command.

The no form of this command disables multicast ECMP balancing.

mc-ecmp-balance-hold

Syntax 
mc-ecmp-balance-hold minutes
no mc-ecmp-balance-hold
Context 
config>service>vprn>pim
Description 

This command configures the hold time for multicast balancing over ECMP links.

Parameters 
minutes—
Specifies the hold time, in minutes, that applies after an interface has been added to the ECMP link.

mc-ecmp-hashing-enabled

Syntax 
mc-ecmp-hashing-enabled [rebalance]
no mc-ecmp-hashing-enabled
Context 
config>service>vprn>pim
Description 

This command enables hash-based multicast balancing of traffic over ECMP links and causes PIM joins to be distributed over the multiple ECMP paths based on a hash of S and G (and possibly next-hop IP address). When a link in the ECMP set is removed, the multicast flows that were using that link are redistributed over the remaining ECMP links using the same hash algorithm. When a link is added to the ECMP set new joins may be allocated to the new link based on the hash algorithm, but existing multicast flows using the other ECMP links stay on those links until they are pruned.

Hash-based multicast balancing is supported for both IPv4 and IPv6.

This command cannot be used together with the mc-ecmp-balance command. Using this command and the lag-usage-optimization command on mixed port speed LAGs is not recommended, because some groups may be forwarded incorrectly.

The no form of this command disables the hash-based multicast balancing of traffic over ECMP links.

The no form of this command means that the use of multiple ECMP paths if enabled at the config>router or config>service>vprn context is controlled by the existing implementation and CLI commands mc-ecmp-balance.

Default 

no mc-ecmp-hashing-enabled

Parameters 
rebalance—
Specifies to rebalance flows to newly added links immediately, instead of waiting until they are pruned.

mtu-over-head

Syntax 
mtu-over-head mtu-value
no mtu-over-head
Context 
config>service>vprn>pim
Description 

This commands subtracts the specified value from the MVPN MTU to allow a BIER header to be added without exceeding the network MTU.

Default 

no mtu-over-head

Parameters 
mtu-value
Specifies the value subtracted from the MVPN MTU.
Values—
44, 76, 140, 268, 536

 

non-dr-attract-traffic

Syntax 
[no] non-dr-attract-traffic
Context 
config>service>vprn>pim
Description 

This command specifies whether the router should ignore the designated router state and attract traffic even when it is not the designated router.

An operator can configure an interface (router or IES or VPRN interfaces) to IGMP and PIM. The interface IGMP state will be synchronized to the backup node if it is associated with the redundant peer port. The interface can be configured to use PIM which will cause multicast streams to be sent to the elected DR only. The DR will also be the router sending traffic to the DSLAM. Since it may be required to attract traffic to both routers a flag non-dr-attract-traffic can be used in the PIM context to have the router ignore the DR state and attract traffic when not DR. While using this flag, the router may not send the stream down to the DSLAM while not DR.

When enabled, the designated router state is ignored. When disabled, no non-dr-attract-traffic, the designated router value is honored.

Default 

no non-dr-attract-traffic

rpf6-table

Syntax 
rpf6-table {rtable6-m | rtable6-u | both}
no rpf6-table
Context 
config>service>vprn>pim
Description 

This command configures the sequence of route tables used to find a Reverse Path Forwarding (RPF) interface for a specific multicast route.

By default, only the unicast route table is looked up to calculate the RPF interface toward the source/rendezvous point. However, the operator can specify to use the following:

  1. unicast route table only
  2. multicast route table only
  3. both route tables
Default 

rpf6-table rtable6-u

Parameters 
rtable6-m—
Specifies that only the multicast route table will be used by the multicast protocol (PIM) for IPv6 RPF checks. This route table will contain routes submitted by static routes, ISIS and OSPF.
rtable6-u—
Specifies that only the unicast route table will be used by the multicast protocol (PIM) for IPv6 RPF checks. This route table will contain routes submitted by all unicast routing protocols.
both—
Specifies that the multicast route table will be used first by the multicast protocol (PIM) for IPv6 RPF checks, then the unicast route table will be used if the multicast route table lookup fails.

rp

Syntax 
rp
Context 
config>service>vprn>pim
Description 

This command enables access to the context to configure the rendezvous point (RP) of a PIM protocol instance.

A Nokia PIM router acting as an RP must respond to a PIM register message specifying an SSM multicast group address by sending stop register message(s) to the first hop router. It does not build an (S, G) shortest path tree toward the first hop router. An SSM multicast group address can be either from the SSM default range of 232/8 or from a multicast group address range that was explicitly configured for SSM.

Default 

rp enabled when PIM is enabled.

anycast

Syntax 
[no] anycast rp-ip-address
Context 
config>service>vprn>pim>rp
Description 

This command configures a PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.

The no form of this command removes the anycast instance from the configuration.

Parameters 
rp-ip-address—
Configure the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address will be replaced with the new address. If no ip-address is entered then the command is simply used to enter the anycast CLI level.
Values—
Any valid loopback address configured on the node.

 

rp-set-peer

Syntax 
[no] rp-set-peer ip-address
Context 
config>service>vprn>pim>rp>anycast
Description 

This command configures a peer in the anycast RP-set. The address identifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.

This is a manual procedure. Caution should be taken to produce a consistent configuration of an RP-set for a given multicast group address range. The priority should be identical on each node and be a higher value than any other configured RP candidate that is not a member of this RP-set.

Although there is no set maximum of addresses that can be configured in an RP-set, up to 15 multicast addresses is recommended.

The no form of this command removes an entry from the list.

Parameters 
ip-address—
Specifies the address used by the other node as the RP candidate address for the same multicast group address range as configured on this node.

auto-rp-discovery

Syntax 
[no] auto-rp-discovery
Context 
config>service>vprn>pim>rp
Description 

This command enables auto-RP protocol in discovery mode. In discovery mode, RP-mapping and RP-candidate messages are received and forwarded to downstream nodes. RP-mapping messages are received locally to learn about availability of RP nodes present in the network. In a VPRN configuration, it is recommended that a local loopback interface be created with the same IP address as the system IP address.

Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together. bsr-candidate for IPv6 and auto-rp-discovery for IPv4 can be enabled together. auto-rp-discovery cannot be enabled together with mdt-type sender-only or mdt-type receiver-only, or wildcard-spmsi configurations.

The no form of this command disables auto-RP.

Default 

no auto-rp-discovery

bootstrap-export

Syntax 
bootstrap-export policy-name [policy-name]
no bootstrap-export
Context 
config>service>vprn>pim>rp
Description 

This command exports policies to control the flow of bootstrap messages from the RP. Up to five policies can be defined.

The no form of this command removes the specified policy names from the configuration.

Parameters 
policy-name—
Specifies up to five policy names. The policy statement must already be configured in the config>router>policy-options context.

bootstrap-import

Syntax 
bootstrap-import policy-name [policy-name... up to five]
no bootstrap-import policy-name [policy-name... up to five]
Context 
config>service>vprn>pim>rp
Description 

This command imports policies to control the flow of bootstrap messages into the RP. Up to five policies can be defined.

The no form of this command removes the specified policy names from the configuration.

Parameters 
policy-name—
Specifies the policy name. The policy statement must already be configured in the config>router>policy-options context.

bsr-candidate

Syntax 
bsr-candidate
Context 
config>service>vprn>pim>rp
config>service>vprn>pim>rp>ipv6
Description 

This command enters the context to configure Candidate Bootstrap (BSR) parameters.

Either bsr-candidate for IPv4 or auto-rp-discovery can be configured; the two mechanisms cannot be enabled together. bsr-candidate for IPv6 and auto-rp-discovery for IPv4 can be enabled together.

The no form of this command disables BSR.

Default 

no bsr-candidate

address

Syntax 
[no] address ip-address
Context 
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>rp-candidate
Description 

This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.

Use the no form of this command to remove the static RP from the configuration.

Default 

No IP address is specified.

Parameters 
ip-address—
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Values—
1.0.0.0 to 223.255.255.255

 

address

Syntax 
[no] address ipv6-address
Context 
config>service>vprn>pim>rp>ipv6>bsr-candidate
config>service>vprn>pim>rp>ipv6>rp-candidate
Description 

This command configures a static bootstrap or rendezvous point (RP) as long as the source is not directly attached to this router.

Use the no form of this command to remove the static RP from the configuration.

Default 

No IP address is specified.

Parameters 
ipv6-address—
The static IP address of the RP. The ip-address portion of the address command specifies the IP host address that will be used by the IP interface within the subnet. This address must be unique within the subnet and specified in dotted decimal notation.
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

 

hash-mask-len

Syntax 
hash-mask-len hash-mask-length
no hash-mask-len
Context 
config>service>vprn>pim>rp>bsr-candidate
Description 

This command is used to configure the length of a mask that is to be combined with the group address before the hash function is called. All groups with the same hash map to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

Default 

hash-mask-len 30

Parameters 
hash-mask-length—
The hash mask length.
Values—
0 to 32

 

hash-mask-len

Syntax 
hash-mask-len hash-mask-length
no hash-mask-len
Context 
config>service>vprn>pim>rp>ipv6>bsr-candidate
Description 

This command is used to configure the length of a mask that is to be combined with the group address before the hash function is called. All groups with the same hash map to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This mechanism is used to map one group or multiple groups to an RP.

Default 

hash-mask-len 126

Parameters 
hash-mask-length—
The hash mask length.
Values—
0 to 128

 

priority

Syntax 
priority bootstrap-priority
Context 
config>service>vprn>pim>rp>bsr-candidate
config>service>vprn>pim>rp>ipv6>bsr-candidate
Description 

This command defines the priority used to become the rendezvous point (RP). The higher the priority value the more likely that this router becomes the RP. If there is a tie, the router with the highest IP address is elected.

Parameters 
bootstrap-priority—
The priority to become the bootstrap router.
Values—
0 to 255

 

Default—
0 (the router is not eligible to be the bootstrap router)

ipv6

Syntax 
ipv6
Context 
config>service>vprn>pim>rp
Description 

This command enables access to the context to configure the rendezvous point (RP) of a PIM IPv6 protocol instance.

A Nokia IPv6 PIM router acting as an RP must respond to an IPv6 PIM register message specifying an SSM multicast group address by sending to the first hop router stop register message(s). It does not build an (S, G) shortest path tree toward the first hop router. An SSM multicast group address can be either from the SSM default range or from a multicast group address range that was explicitly configured for SSM.

Default 

ipv6 RP enabled when IPv6 PIM is enabled.

anycast

Syntax 
anycast ipv6-address
no anycast ipv6-address
Context 
config>service>vprn>pim>rp>ipv6
Description 

This command configures an IPv6 PIM anycast protocol instance for the RP being configured. Anycast enables fast convergence when a PIM RP router fails by allowing receivers and sources to rendezvous at the closest RP.

The no form of this command removes the anycast instance from the configuration.

Parameters 
ipv6-address—
Configures the loopback IP address shared by all routes that form the RP set for this anycast instance. Only a single address can be configured. If another anycast command is entered with an address then the old address will be replaced with the new address. If no address is entered then the command is simply used to enter the anycast CLI context.
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

 

rp-set-peer

Syntax 
[no] rp-set-peer ipv6-address
Context 
config>service>vprn>pim>rp>ipv6>anycast
Description 

This command configures an IPv6 peer in the anycast rp-set. The address identifies the address used by the other node as the RP candidacy address for the same multicast group address range as configured on this node.

This is a manual procedure. Caution should be taken to produce a consistent configuration of an RP- set for a given multicast group address range. The priority should be identical on each node and be a higher value than any other configured RP candidate that is not a member of this rp-set.

Although there is no set maximum of addresses that can be configured in an rp-set, up to 15 multicast addresses is recommended.

The no form of this command removes an entry from the list.

Parameters 
ipv6-address—
Specifies the address used by the other node as the RP candidacy address for the same multicast group address range as configured on this node.
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

 

embedded-rp

Syntax 
embedded-rp
Context 
config>service>vprn>pim>rp>ipv6
Description 

This command enables context to configure IPv6 embedded RP parameters.

group-range

Syntax 
[no] group-range {ipv6-address/prefix-length}
Context 
config>service>vprn>pim>rp>ipv6>embedded-rp
config>service>vprn>pim>rp>ipv6>rp-candidate
Description 

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

The no form of this command removes the group address or range of group addresses for which this router can be the RP from the configuration.

Parameters 
ipv6-address—
Specifies the addresses or address ranges that this router can be an RP.
prefix-length —
Specifies the address prefix length.
Values—

ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[8 to 128] // for embedded-rp

prefix-length

[16 to 128] // for rp-candidate

 

group-prefix

Syntax 
[no] group-prefix grp-ipv6-address/prefix-length
Context 
config>service>vprn>pim>rp>ipv6>static
Description 

The group-prefix for a static-rp defines a range of multicast-ip-addresses for which this static RP is applicable.

The no form of this command removes the criterion.

Parameters 
grp-ipv6-address—
Specifies the multicast IPv6 address.
prefix-length —
Specifies the address prefix length.
Values—

grp-ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[8 to 128]

 

rp-candidate

Syntax 
rp-candidate
Context 
config>service>vprn>pim>rp
config>service>vprn>pim>rp>ipv6
Description 

This command enters the context to configure the candidate rendezvous point (RP) parameters.

Default 

enabled when PIM is enabled

group-range

Syntax 
[no] group-range {ip-prefix/mask | ip-prefix netmask}
Context 
config>service>vprn>pim>rp>rp-candidate
config>service>vprn>pim>ssm
Description 

This command configures the group address or range of group addresses for which this router can be the rendezvous point (RP).

Use the no form of this command to remove the group address or range of group addresses for which this router can be the RP from the configuration.

Parameters 
ip-prefix—
Specifies the addresses or address ranges that this router can be an RP.
Values—
ipv4-prefix - a.b.c.d ipv4-prefix-le - [0 to 32] ipv6-prefix - x:x:x:x:x:x:x:x (eight 16-bit pieces) x:x:x:x:x:x:d.d.d.d x - [0 to FFFF]H d - [0 to 255]D ipv6-prefix-le - [0 to 128]

 

mask—
Specifies the address mask with the address to define a range of addresses.
netmask—
Specifies the subnet mask in dotted decimal notation.
Values—
:a.b.c.d (network bits all 1 and host bits all 0)

 

holdtime

Syntax 
holdtime holdtime
no holdtime
Context 
config>service>vprn>pim>rp>rp-candidate
config>service>vprn>pim>rp>ipv6>rp-candidate
Description 

Use this command to define the length of time neighboring router consider this router to be up.

Use the no form of this command to revert to the default value.

Default 

holdtime 150

Parameters 
holdtime—
Specifies the length of time, in seconds, that neighbor should consider the sending router to be operational.
Values—
0 to 255

 

priority

Syntax 
priority priority
no priority
Context 
config>service>vprn>pim>rp>rp-candidate
Description 

This command defines the priority used to become the rendezvous point (RP). The higher the priority value, the more likely that this router will become the RP.

Use the no form of this command to revert to the default value.

Default 

priority 192

Parameters 
priority—
Specifies the priority to become the designated router. The higher the value the more likely the router will become the RP.
Values—
0 to 255

 

static

Syntax 
static
Context 
config>service>vprn>pim>rp
Description 

This command enables access to the context to configure a static rendezvous point (RP) of a PIM-SM protocol instance.

address

Syntax 
[no] address ip-address
Context 
config>service>vprn>pim>rp>static
Description 

This command configures the static rendezvous point (RP) address.

The no form of this command removes the static RP entry from the configuration.

group-prefix

Syntax 
[no] group-prefix {grp-ip-address/mask | grp-ip-address netmask}
Context 
config>service>vprn>pim>rp>static
Description 

The group-prefix for a static-rp defines a range of multicast-ip-addresses for which a certain RP is applicable.

The no form of this command removes the criterion.

Parameters 
grp-ip-address—
Specifies the multicast IP address.
mask—
Defines the mask of the multicast-ip-address.
Values—
4 to 32

 

netmask—
The subnet mask in dotted decimal notation.
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

 

override

Syntax 
[no] override
Context 
config>service>vprn>pim>rp>static
Description 

This command changes the precedence of static RP over dynamically learned Rendezvous Point (RP).

When enabled, the static group-to-RP mappings take precedence over the dynamically learned mappings.

Default 

no override

rpf-table

Syntax 
rpf-table {rtable-m | rtable-u | both}
no rpf-table
Context 
config>service>vprn>pim
config>router>msdp
Description 

This command configures the sequence of route tables used to find a Reverse Path Forwarding (RPF) interface for a particular multicast route.

By default, only the unicast route table is looked up to calculate RPF interface towards the source/rendezvous point. However, the operator can specify the following:

  1. use the unicast route table only
  2. use the multicast route table only
  3. use both the route tables
Default 

rpf-table rtable-u

Parameters 
rtable-m—
Specifies that only the multicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by static routes, IS-IS and OSPF.
rtable-u—
Specifies only that the unicast route table will be used by the multicast protocol (PIM) for IPv4 RPF checks. This route table will contain routes submitted by all the unicast routing protocols.
both—
Specifies that the multicast route table will be used first by the multicast protocol (PIM) for checks, and then the unicast route table will be used if the multicast route table lookup fails. rtable-m is checked before rtable-u.

spt-switchover-threshold

Syntax 
spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask} spt-threshold
spt-switchover-threshold grp-ipv6-addr/prefix-length spt-threshold
no spt-switchover-threshold {grp-ip-address/mask | grp-ip-address netmask}
no spt-switchover-threshold grp-ipv6-addr/prefix-length
Context 
config>service>vprn>pim
Description 

This command configures a shortest path tree (SPT tree) switchover threshold for a group prefix.

Parameters 
grp-ip-address—
Specifies the multicast group address.
grp-ipv6-address—
Specifies the multicast group address.
prefix-length —
Specifies the address prefix length.
Values—

grp-ipv6-address

: x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

prefix-length

[1 to 128]

 

mask—
Defines the mask of the multicast-ip-address.
Values—
4 to 32

 

netmask—
The subnet mask in dotted decimal notation.
Values—
0.0.0.0 to 255.255.255.255 (network bits all 1 and host bits all 0)

 

spt-threshold—
Specifies the configured threshold in kilobits per second (kb/s) for the group to which this (S,G) belongs. For a group G configured with a threshold, switchover to SPT for an (S,G) is attempted only if the (S,G)'s rate exceeds this configured threshold.

ssm-assert-compatible-mode

Syntax 
ssm-assert-compatible-mode [enable | disable]
Context 
config>service>vprn>pim
Description 

This command specifies whether SSM assert is enabled in compatibility mode for this PIM protocol instance. When enabled, for SSM groups, PIM will consider the SPT bit to be implicitly set to compute the value of CouldAssert (S,G,I) as defined in RFC 4601, Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised). When disabled, for SSM groups, PIM will not assume the SPT bit to be set. The SPT bit will be set by Update_SPTbit(S,G,iif) macro defined in RFC 4601.

Default 

ssm-assert-compatible-mode disable

Parameters 
enable—
enables SSM assert in compatibility mode for this PIM protocol instance
disable—
disabled SSM assert in compatibility mode for this PIM protocol instance

ssm-default-range-disable

Syntax 
ssm-default-range-disable ipv4
Context 
config>service>vprn>pim
Description 

This command specifies whether to disable the use of default range (232/8) for SSM so that it can be used by ASM to process (*,G). When enabled, the use of default range is disabled for SSM and it can be used by ASM. When disabled, the SSM default range is enabled.

Default 

ssm-default-range-disable

ssm-groups

Syntax 
[no] ssm-groups
Context 
config>service>vprn
Description 

This command enables access to the context to enable a source-specific multicast (SSM) configuration instance.

3.8.2.31. Redundant Interface Commands

redundant-interface

Syntax 
redundant-interface ip-int-name [create]
no redundant-interface ip-int-name
Context 
config>service>vprn
Description 

This command configures a redundant interface.

Parameters 
ip-int-name—
Specifies the name of the IP interface. Interface names can be from 1 to 32 alphanumeric characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.
create—
Keyword used to create the redundant interface.

address

Syntax 
address {ip-address/mask | ip-address netmask} [remote-ip ip-address]
no address
Context 
config>service>vprn>redundant-interface
Description 

This command assigns an IP address mask or netmask and a remote IP address to the interface.

Parameters 
ip-address/mask—
Assigns an IP address/IP subnet format to the interface.
ip-address netmask—
Specifies a string of 0s and 1s that mask or screen out the network part of an IP address so that only the host computer part of the address remains.

Assigns an IP address netmask to the interface.

remote-ip ip-address
Assigns a remote IP to the interface.

3.8.2.32. RIP Commands

rip

Syntax 
[no] rip
Context 
config>service>vprn
Description 

This command enables the RIP protocol on the given VPRN IP interface.

The no form of this command disables the RIP protocol from the given VPRN IP interface.

Default 

no rip

ripng

Syntax 
[no] ripng
Context 
config>router
Description 

This command creates the context to configure the RIPng protocol instance.

When a RIPng instance is created, the protocol is enabled by default. To start or suspend execution of the RIP protocol without affecting the configuration, use the [no] shutdown command.

The no form of this command deletes the RIP protocol instance removing all associated configuration parameters.

Default 

no ripng

authentication-key

Syntax 
authentication-key {authentication-key | hash-key} [hash | hash2 | custom]
no authentication-key
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description 

This command sets the authentication password to be passed between RIP neighbors.

The authentication type and authentication key must match exactly for the RIP message to be considered authentic and processed.

The no form of this command removes the authentication password from the configuration and disables authentication.

Default 

no authentication-key

Parameters 
authentication-key—
The authentication key. The key can be any combination of ASCII characters up to 16 characters in length (unencrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).
hash-key—
The hash key. The key can be any combination of ASCII characters up to 33 characters in length (encrypted). If spaces are used in the string, enclose the entire string in quotation marks (“ ”).

This is useful when a user must configure the parameter, but, for security purposes, the actual unencrypted key value is not provided.

hash—
Specifies the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified
hash2—
Specifies the key is entered in a more complex encrypted form that involves more variables than the key value alone, meaning that the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
custom—
Specifies the custom encryption to management interface.

authentication-type

Syntax 
authentication-type {none | password | message-digest | message-digest-20}
no authentication-type
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
Description 

This command defines the type of authentication to be used between RIP neighbors. The type and password must match exactly for the RIP message to be considered authentic and processed.

The no form of this command removes the authentication type from the configuration and effectively disables authentication.

Default 

no authentication-type

Parameters 
none
No authentication is used.
password
A simple clear-text password is sent.
message-digest
MD5 authentication is used.
message-digest-20
MD20 authentication is used.

bfd-enable

Syntax 
[no] bfd-enable
Context 
config> service>vprn>rip
config> service>vprn>rip>group
config> service>vprn>rip>group>neighbor
config> service>vprn>ripng
config> service>vprn>ripng>group
config> service>vprn>ripng>group>neighbor
Description 

This command enables bi-directional forwarding (BFD) to control the state of the associated protocol adjacency. By enabling BFD on a given protocol interface, the state of the RIP neighbor is tied to the state of the BFD session between the local node and the remote node. The parameters used for the BFD are set using the bfd command under the IP interface configuration context.

The no form of this command removes BFD from the associated IGP/BGP protocol adjacency.

check-zero

Syntax 
check-zero {enable | disable}
no check-zero
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command enables checking for zero values in fields specified to be zero by the RIPv1 and RIPv2 specifications.

The no form of this command disables this check and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

Default 

no check-zero

Parameters 
enable—
Enables checking of the mandatory zero fields in the RIPv1 and RIPv2 specifications and rejecting non-compliant RIP messages.
disable—
Disables the checking and allows the receipt of RIP messages even if the mandatory zero fields are non-zero.

split-horizon

Syntax 
split-horizon {enable | disable}
no split-horizon
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command enables the use of split-horizon. RIP uses split-horizon with poison-reverse to protect from such problems as “counting to infinity”. Split-horizon with poison reverse means that routes learned from a neighbor through a given interface are advertised in updates out of the same interface but with a metric of 16 (infinity).

The split-horizon disable command enables split horizon without poison reverse. This allows the routes to be re-advertised on interfaces other than the interface that learned the route, with the advertised metric equaling an increment of the metric-in value.

This configuration parameter can be set at three levels: global level (applies to all groups and neighbor interfaces), group level (applies to all neighbor interfaces in the group) or neighbor level (only applies to the specified neighbor interface). The most specific value is used. In particular if no value is set (no split-horizon), the setting from the less specific level is inherited by the lower level.

The no form of this command disables split horizon command which allows the lower level to inherit the setting from an upper level.

Default 

split-horizon enable

export

Syntax 
export policy-name [policy-name...(up to 5 max)]
no export
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command specifies the export route policies used to determine which routes are exported to RIP. If no export policy is specified, non-RIP routes will not be exported from the routing table manager to RIP; RIP-learned routes will be exported to RIP neighbors.

If multiple policy names are specified, the policies are evaluated in the order they are specified. The first policy that matches is applied. If multiple export commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default 

no export

Parameters 
policy-name —
The export route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the string must be enclosed between double quotes. The specified names must already be defined.

export-limit

Syntax 
export-limit number [log percentage]
no export-limit
Context 
config>service>vprn>rip
config>service>vprn>ripng
Description 

This command configures the maximum number of routes (prefixes) that can be exported into RIP from the route table.

The no form of this command removes the parameters from the configuration.

Default 

no export-limit

Parameters 
number—
Specifies the maximum number of routes (prefixes) that can be exported into RIP from the route table.
Values—
1 to 4294967295

 

log percentage
Specifies the percentage of the export-limit, at which a warning log message and SNMP notification would be sent.
Values—
1 to 100

 

import

Syntax 
import policy-name [policy-name...(up to 5 max)]
no import
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command configures import route policies to determine routes that will be accepted from RIP neighbors. If no import policy is specified, RIP accepts all routes from configured RIP neighbors. Import policies can be used to limit or modify the routes accepted and their corresponding parameters and metrics.

If multiple policy names are specified, the policies are evaluated in the order that they are specified. The first policy that matches is applied. If multiple import commands are issued, the last command entered will override the previous command. A maximum of five policy names can be specified.

The no form of this command removes all policies from the configuration.

Default 

no import

Parameters 
policy-name —
The import route policy name. Allowed values are any string up to 32 characters in length and composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes. The specified names must already be defined.

message-size

Syntax 
message-size max-num-of-routes
no message-size
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the maximum number of routes per RIP update message.

The no form of this command resets the maximum number of routes back to the default of 25.

Default 

no message-size

Parameters 
size —
An Integer.
Values—
25 to 255

 

Default—
25

metric-in

Syntax 
metric-in metric
no metric-in
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the metric added to routes that were received from a RIP neighbor.

The no form of this command reverts the metric value back to the default.

Default 

no metric-in

Parameters 
metric—
The value added to the metric of routes received from a RIP neighbor, expressed as a decimal integer.
Values—
1 to 16

 

metric-out

Syntax 
metric-out metric
no metric-out
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the metric added to routes that were exported into RIP and advertised to RIP neighbors.

The no form of this command removes the command from the config and resets the metric-in value back to the default.

Default 

no metric-out

Parameters 
metric—
The value added to the metric for routes exported into RIP and advertised to RIP neighbors, expressed as a decimal integer.
Values—
1 to 16

 

preference

Syntax 
preference preference
no preference
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the route preference assigned to RIP routes. This value can be overridden by route policies.

The no form of this command resets the preference to the default.

Default 

no preference

Parameters 
preference—
Specifies the preference value.
Values—
1 to 255

 

Default—
100

propagate-metric

Syntax 
[no] propagate-metric
Context 
config>service>vprn>rip
config>service>vprn>ripng
Description 

This command enables the BGP MED to be used to configure the RIP metric at the BGP to RIP transition on egress routers. BGP always configures the BGP MED to the RIP metric at the ingress router. When propagate-metric is configured, the RIP metric at egress routers is configured as the BGP MED attribute added to the optional value configured with the metric-out command.

The no version of this command sets the RIP metric to the optional value configured with the metric-out command plus 1.

Default 

no propagate-metric

receive

Syntax 
receive {both | none | version-1 | version-2}
no receive
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command configures the type(s) of RIP updates that will be accepted and processed.

If both or version-2 is specified, the RIP instance listens for and accepts packets sent to the broadcast and multicast (224.0.0.9) addresses.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

This control can be issued at the global, group or interface level. The default behavior accepts and processes both RIPv1 and RIPv2 messages.

The no form of this command resets the type of messages accepted to both.

Default 

no receive

Parameters 
both—
Receive RIP updates in either Version 1 or Version 2 format.
none—
Do not accept and RIP updates.
version-1—
Router should only accept RIP updates in Version 1 format.
version-2—
Router should only accept RIP updates in Version 2 format.

send

Syntax 
send {broadcast | multicast | none | version-1 | both}
no send
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command specifies the type of RIP messages sent to RIP neighbors. This control can be issued at the global, group or interface level. The default behavior sends RIPv2 messages with the multicast (224.0.0.9) destination address.

If version-1 is specified, the router only listens for and accepts packets sent to the broadcast address.

The no form of this command resets the type of messages sent back to the default value.

Default 

no send

Parameters 
broadcast—
Send RIPv2 formatted messages to the broadcast address.
multicast—
Send RIPv2 formatted messages to the multicast address.
none—
Do not send any RIP messages (i.e. silent listener).
version-1—
Send RIPv1 formatted messages to the broadcast address.
both—
Send both RIP v1 & RIP v2 updates to the broadcast address.

timers

Syntax 
timers update timeout flush
no timers
Context 
config>service>vprn>rip
config>service>vprn>rip>group
config>service>vprn>rip>group>neighbor
config>service>vprn>ripng
config>service>vprn>ripng>group
config>service>vprn>ripng>group>neighbor
Description 

This command sets the values for the update, timeout, and flush timers.

  1. Update timer — Determines how often RIP updates are sent.
  2. Timeout timer — If a router is not updated by the time the timer expires, the route is declared invalid, but maintained in the RIP database.
  3. Flush timer — Determines how long a route is maintained in the RIP database, after it has been declared invalid. Once this timer expires it is flushed from the RIP database completely.

The no form of this command resets all timers to their default values of 30, 180, and 120 seconds respectively.

Default 

no timers

Parameters 
update—
The RIP update timer value in seconds.
Values—
1 to 600

 

Default—
30
timeout—
The RIP timeout timer value in seconds.
Values—
1 to 1200

 

Default—
180
flush—
The RIP flush timer value in seconds.
Values—
1 to 1200

 

Default—
120

unicast-address

Syntax 
[no] unicast-address ip-address
Context 
config>service>vprn>rip>group>neighbor
Description 

This command configures the unicast IPv4 address, RIP updates messages will be sent to if the RIP send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv4 address.

The no form of this command deletes the specified IPv4 unicast address from the configuration.

Parameters 
ip-address—
Specifies the unicast IPv4 address in a.b.c.d format.

unicast-address

Syntax 
[no] unicast-address ipv6-address
Context 
config>service>vprn>ripng>group>neighbor
Description 

This command configures the unicast IPv6 address, RIPng updates messages will be sent to if the RIPng send command is set to send unicast.

Multiple unicast-address entries can be configured, in which case unicast messages will be sent to each configured unicast IPv6 address.

The no form of this command deletes the specified IPv6 unicast address from the configuration.

Parameters 
ipv6-address—
Specifies the unicast IPv6 address.
Values—

ipv6-address

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x [0 to FFFF]H

d [0 to 255]D

 

group

Syntax 
[no] group group-name
Context 
config>service>vprn>rip
config>service>vprn>ripng
Description 

This command creates a context for configuring a RIP group of neighbors. RIP groups are a way of logically associating RIP neighbor interfaces to facilitate a common configuration for RIP interfaces.

The no form of this command deletes the RIP neighbor interface group. Deleting the group will also remove the RIP configuration of all the neighbor interfaces currently assigned to this group.

Default 

no group

Parameters 
group-name—
Specifies the RIP group name. Allowed values are any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

neighbor

Syntax 
[no] neighbor ip-int-name
Context 
config>service>vprn>rip>group
config>service>vprn>ripng>group
Description 

This command creates a context for configuring a RIP neighbor interface.

By default, interfaces are not activated in any interior gateway protocol such as RIP unless explicitly configured.

The no form of this command deletes the RIP interface configuration for this interface. The shutdown command in the config>router>rip>group group-name>neighbor ip-int-name context can be used to disable an interface without removing the configuration for the interface.

Default 

no neighbor

Parameters 
ip-int-name—
Specifies the IP interface name. Interface names must be unique within the group of defined IP interfaces for config router interface and config service vprn interface commands. An interface name cannot be in the form of an IP address. Interface names can be any string up to 32 characters composed of printable, 7-bit ASCII characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

If the IP interface name does not exist or does not have an IP address configured an error message will be returned.

3.8.2.33. Router Advertisement Commands

router-advertisement

Syntax 
[no] router-advertisement
Context 
config>service>vprn
Description 

This command configures router advertisement properties. By default, it is disabled for all IPv6 enabled interfaces.

The no form of this command disables all IPv6 interface. However, the no interface interface-name command disables a specific interface.

Default 

no router-advertisement

dns-options

Syntax 
[no] dns-options
Context 
config>service>vprn>router-advertisement
config>service>vprn>router-advert>if
Description 

This command enters the context for configuration of DNS information for Stateless Address Auto-Configuration (SLAAC) hosts.

When specified at the router-advertisement level in the routing context, this command allows configuration of service-wide parameters. These can then be inherited at the interface level by specifying the config>service>vprn>router-advert>if>dns-options>include-dns command.

The no form of this command disables configuration of DNS information for Stateless Address Auto-Configuration (SLAAC) hosts.

Default 

no dns-options

include-dns

Syntax 
[no] include-dns
Context 
config>service>vprn>router-advert>if>dns-options
Description 

This command enables the Recursive DNS Server (RDNSS) Option in router advertisements. This must be enabled for each interface on which the RDNSS option is required in router advertisement messages.

The no form of this command disables the RDNSS option in router advertisements.

Default 

no include-dns

rdnss-lifetime

Syntax 
rdnss-lifetime {seconds | infinite}
no rdnss-lifetime
Context 
config>service>vprn>router-advert>dns-options
config>service>vprn>router-advert>if>dns-options
Description 

This command specifies the maximum time that the RDNSS address may be used for name resolution by the client. The RDNSS Lifetime must be no more than twice MaxRtrAdvLifetime with a maximum of 3600 seconds.

Default 

rdnss-lifetime infinite

Parameters 
infinite—
Specifies an infinite RDNSS lifetime.
seconds—
Specifies the time in seconds.
Values—
4to 3600

 

server

Syntax 
server ipv6-address [ipv6-address]
no server
Context 
config>service>vprn>router-advert>dns-options
config>service>vprn>router-advert>if>dns-options
Description 

This command specifies the IPv6 DNS servers to include in the RDNSS option in Router Advertisements. When specified at the router advertisement level this applies to all interfaces that have include-dns enabled, unless the interfaces have more specific dns-options configured.

Parameters 
ipv6-address—
Specifies the IPv6 address of the DNS server(s), up to a maximum of four, specified as eight 16-bit hexadecimal pieces.

interface

Syntax 
[no] interface ip-int-name
Context 
config>service>vprn>router-advertisement
Description 

This command configures router advertisement properties on a specific interface. The interface must already exist in the config>router>if context.

Default 

No interfaces are configured by default.

Parameters 
ip-int-name—
Specifies the interface name. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed between double quotes.

current-hop-limit

Syntax 
current-hop-limit number
no current-hop-limit
Context 
config>service>vprn>router-advert>if
Description 

This command configures the current-hop-limit in the router advertisement messages. It informs the nodes on the subnet about the hop-limit when originating IPv6 packets.

Default 

current-hop-limit 64

Parameters 
number—
Specifies the hop limit.
Values—
0 to 255. A value of zero means there is an unspecified number of hops.

 

managed-configuration

Syntax 
[no] managed-configuration
Context 
config>service>vprn>router-advert>if
Description 

This command sets the managed address configuration flag. This flag indicates that DHCPv6 is available for address configuration in addition to any address autoconfigured using stateless address autoconfiguration. See RFC 3315, Dynamic Host Configuration Protocol (DHCP) for IPv6.

Default 

no managed-configuration

max-advertisement-interval

Syntax 
[no] max-advertisement-interval seconds
Context 
config>service>vprn>router-advert>if
Description 

This command configures the maximum interval between sending router advertisement messages.

Default 

max-advertisement-interval 600

Parameters 
seconds—
Specifies the maximum interval in seconds between sending router advertisement messages.
Values—
4 to 1800

 

min-advertisement-interval

Syntax 
[no] min-advertisement-interval seconds
Context 
config>service>vprn>router-advert>if
Description 

This command configures the minimum interval between sending ICMPv6 neighbor discovery router advertisement messages.

Default 

min-advertisement-interval 200

Parameters 
seconds—
Specifies the minimum interval in seconds between sending ICMPv6 neighbor discovery router advertisement messages.
Values—
3 to 1350

 

mtu

Syntax 
[no] mtu mtu-bytes
Context 
config>service>vprn>router-advert>if
Description 

This command configures the MTU for the nodes to use to send packets on the link.

Default 

no mtu — The MTU option is not sent in the router advertisement messages.

Parameters 
mtu-bytes—
Specifies the MTU for the nodes to use to send packets on the link.
Values—
1280 to 9800

 

other-stateful-configuration

Syntax 
[no] other-stateful-configuration
Context 
config>service>vprn>router-advert>if
Description 

This command sets the "Other configuration" flag. This flag indicates that DHCPv6lite is available for autoconfiguration of other (non-address) information such as DNS-related information or information about other servers in the network. See RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) for IPv6.

Default 

no other-stateful-configuration

prefix

Syntax 
[no] prefix ipv6-prefix/prefix-length
Context 
config>service>vprn>router-advert>if
Description 

This command configures an IPv6 prefix in the router advertisement messages. To support multiple IPv6 prefixes, use multiple prefix statements. No prefix is advertised until explicitly configured using prefix statements.

Parameters 
ipv6-prefix—
Specifies the IP prefix for prefix list entry in dotted decimal notation.
Values—

ipv4-prefix

a.b.c.d (host bits must be 0)

ipv4-prefix-length

0 to 32

ipv6-prefix

x:x:x:x:x:x:x:x (eight 16-bit pieces)

x:x:x:x:x:x:d.d.d.d

x: [0 to FFFF]H

d: [0 to 255]D

ipv6-prefix-length

0 to 128

 

prefix-length
Specifies a route must match the most significant bits and have a prefix length.
Values—
1 to 128

 

autonomous

Syntax 
[no] autonomous
Context 
config>service>vprn>router-advert>if>prefix
Description 

This command specifies whether the prefix can be used for stateless address autoconfiguration.

Default 

autonomous

on-link

Syntax 
[no] on-link
Context 
config>service>vprn>router-advert>if>prefix
Description 

This command specifies whether the prefix can be used for onlink determination.

Default 

on-link

preferred-lifetime

Syntax 
[no] preferred-lifetime {seconds | infinite}
Context 
config>service>vprn>router-advert>if
Description 

This command configures the remaining length of time in seconds that this prefix will continue to be preferred, such as, time until deprecation. The address generated from a deprecated prefix should not be used as a source address in new communications, but packets received on such an interface are processed as expected.

Default 

preferred-lifetime 604800

Parameters 
seconds—
Specifies the remaining length of time in seconds that this prefix will continue to be preferred.
Values—
0 to 4294967294

 

infinite—
Specifies that the prefix will always be preferred. A value of 4,294,967,295 represents infinity.

valid-lifetime

Syntax 
valid-lifetime {seconds | infinite}
Context 
config>service>vprn>router-advert>if
Description 

This command specifies the length of time in seconds that the prefix is valid for the purpose of on-link determination. A value of all one bits (0xffffffff) represents infinity.

The address generated from an invalidated prefix should not appear as the destination or source address of a packet.

Default 

valid-lifetime 2592000

Parameters 
seconds—
Specifies the remaining length of time in seconds that this prefix will continue to be valid.
Values—
0 to 429496729

 

infinite—
Specifies that the prefix will always be valid. A value of 4,294,967,295 represents infinity.

reachable-time

Syntax 
reachable-time seconds
no reachable-time
Context 
config>service>vprn>router-advert>if
config>service>vprn>ipv6
config>service>vprn>if>ipv6
Description 

This command configures how long this router should be considered reachable by other nodes on the link after receiving a reachability confirmation.

Default 

no reachable-time

Parameters 
seconds—
Specifies the length of time, in seconds the router should be considered reachable.
Values—
30 to 3600

 

retransmit-time

Syntax 
retransmit-timer milli-seconds
no retransmit-timer
Context 
config>service>vprn>router-advert>if
Description 

This command configures the retransmission frequency of neighbor solicitation messages.

Default 

no retransmit-time

Parameters 
milli-seconds—
Specifies how often the retransmission should occur.
Values—
0 to 1800000

 

router-lifetime

Syntax 
router-lifetime seconds
no router-lifetime
Context 
config>service>vprn>router-advert>if
Description 

This command sets the router lifetime.

Default 

router-lifetime 1800

Parameters 
seconds—
The length of time, in seconds, (relative to the time the packet is sent) that the prefix is valid for route determination.
Values—
0, 4 to 9000 seconds. 0 means that the router is not a default router on this link.

 

use-virtual-mac

Syntax 
[no] use-virtual-mac
Context 
config>service>vprn>router-advert>if
Description 

This command enables sending router advertisement messages using the VRRP virtual MAC address, provided that the virtual router is currently the master.

If the virtual router is not the master, no router advertisement messages are sent.

The no form of this command disables sending router advertisement messages.

Default 

no use-virtual-mac

3.8.2.34. SDP Commands

spoke-sdp

Syntax 
spoke-sdp sdp-id[:vc-id] [create]
no spoke-sdp sdp-id[:vc-id]
Context 
config>service>vprn
Description 

This command binds a service to an existing Service Distribution Point (SDP). A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a VPRN service. If the SDP-ID is not already configured, an error message is generated. If the SDP-ID does exist, a binding between that SDP-ID and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Special Cases 
VPRN—
Several SDPs can be bound to a VPRN service. Each SDP must be destined to a different router. If two SDP-ID bindings terminate on the same router, an error occurs and the second SDP binding is rejected.
Parameters 
sdp-id—
The SDP identifier. Allowed values are integers in the range of 1 and 17407 for existing SDPs.
vc-id—
The virtual circuit identifier.
Values—
1 to 4294967295

 

create—
Keyword used to create the binding.

spoke-sdp

Syntax 
spoke-sdp sdp-id [:vc-id] [vc-type vc-type] [create]
no spoke-sdp sdp-id [:vc-id]
Context 
config>service>vprn>if
config>service>vprn>red-if
Description 

This command binds a service to an existing Service Distribution Point (SDP).

A spoke SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke SDP is replicated on all other “ports” (other spoke and mesh SDPs or SAPs) and not transmitted on the port it was received.

The SDP has an operational state which determines the operational state of the SDP within the service. For example, if the SDP is administratively or operationally down, the SDP for the service will be down.

The SDP must already be defined in the config>service>sdp context in order to associate an SDP with a service. If the SDP-ID is not already configured, an error message is generated. If the SDP ID does exist, a binding between that SDP ID and the service is created.

SDPs must be explicitly associated and bound to a service. If an SDP is not bound to a service, no far-end devices can participate in the service.

Class-based forwarding is not supported on a spoke SDP used for termination on an IES or VPRN services. All packets are forwarded over the default LSP.

The no form of this command removes the SDP binding from the service. The SDP configuration is not affected; only the binding of the SDP to a service. Once removed, no packets are forwarded to the far-end router.

Special Cases 
VPRN—
Several SDPs can be bound to a VPRN service. Each SDP must be destined to a different 7750 SR OS. If two SDP-ID bindings terminate on the same 7750 SR, an error occurs and the second SDP is binding is rejected.
Parameters 
sdp-id—
Specifies the SDP identifier.
Values—
1 to 17407

 

vc-id—
Specifies the virtual circuit identifier.
Values—
1 to 4294967295

 

vc-type—
The encapsulation and pseudowire type for the spoke SDP.
Values—
ether—Ethernet pseudowire.
ipipe—IP pseudowire.

 

Default—
ether
create—
Keyword used to create the SDP.

egress

Syntax 
egress
Context 
config>service>vprn>if>spoke-sdp
config>service>vprn>red-if>spoke-sdp
Description 

This command configures an SDP context.

entropy-label

Syntax 
[no] entropy-label
Context 
config>service>vprn
config>service>vprn>if>spoke-sdp
Description 

This command enables or disables the use of entropy labels for spoke SDPs on a VPRN.

If entropy-label is configured, the entropy label and ELI are inserted in packets for which at least one LSP in the stack for the far-end of the tunnel used by the service has advertised entropy-label-capability. If the tunnel is RSVP type, entropy-label can also be controlled under the config>router>mpls or config>router>mpls>lsp contexts.

The entropy label and the hash label features are mutually exclusive. The entropy label cannot be configured on a spoke SDP or service where the hash label feature has already been configured.

Default 

no entropy-label

hash-label

Syntax 
hash-label
hash-label signal-capability
no hash-label
Context 
config>service>vprn
config>service>vprn>spoke-sdp
config>service>vprn>if>spoke-sdp
Description 

This command enables the use of the hash label on a VLL, VPLS, or VPRN service bound to any MPLS-type encapsulated SDP as well as to a VPRN service using auto-bind-tunnel with the resolution-filter configured as any MPLS tunnel type. This feature is not supported on a service bound to a GRE SDP or for a VPRN service using the autobind mode with the gre option.

When this feature is enabled, the ingress data path is modified such that the result of the hash on the packet header is communicated to the egress data path for use as the value of the label field of the hash label. The egress data path appends the hash label at the bottom of the stack (BoS) and sets the S-bit to 1 to indicate that.

In order to allow for applications whereby the egress LER infers the presence of the Hash Label implicitly from the value of the label, the Most Significant Bit (MSB) of the result of the hash is set before copying into the Hash Label. This means that the value of the hash label will always be in the range [524,288 - 1,048,575] and will not overlap with the signaled/static LSP and signaled/static service label ranges. This also guarantees that the hash label will not match a value in the reserved label range.

The (unmodified) result of the hash continues to be used for the purpose of ECMP and LAG spraying of packets locally on the ingress LER. For VLL services, the result of the hash is overwritten and the ECMP and LAG spraying will be based on service-id when ingress SAP shared queuing is not enabled. However, the hash label will still reflect the result of the hash such that an LSR can use it to perform fine grained load balancing of VLL pseudowire packets.

Packets that are generated in CPM and forwarded labeled within the context of a service (for example, OAM packets) must also include a Hash Label at the BoS and set the S-bit accordingly.

The TTL of the hash label is set to a value of 0.

The no form of this command disables the use of the hash label.

Default 

no hash-label

Parameters 
signal-capability—
Specifies whether the service should send the Stack Capability and check whether the capability is received from the peer via LDP interface parameters.

ingress

Syntax 
ingress
Context 
config>service>vprn>if>spoke-sdp
config>service>vprn>red-if>spoke-sdp
Description 

This command configures the SDP context.

qos

Syntax 
qos network-policy-id fp-redirect-group queue-group-name instance instance-id
no qos
Context 
config>service>vprn>if>spoke-sdp>ingress
Description 

This command is used to redirect pseudowire packets to an ingress forwarding plane queue-group for the purpose of rate-limiting.

The ingress pseudowire rate-limiting feature uses a policer in queue-group provisioning model. This model allows the mapping of one or more pseudowires to the same instance of policers, which are defined in a queue-group template.

Operationally, the provisioning model in the case of the ingress pseudowire shaping feature consists of the following steps:

  1. Create an ingress queue-group template and configure policers for each FC that needs to be redirected and optionally, for each traffic type (unicast, broadcast, unknown, or multicast).
  2. Apply the queue-group template to the network ingress forwarding plane where there exists a network IP interface to which the pseudowire packets can be received. This creates one instance of the template on the ingress of the FP. One or more instances of the same template can be created.
  3. Configure FC-to-policer mappings together with the policer redirect to a queue-group in the ingress context of a network QoS policy. No queue-group name is specified in this step, which means the same network QoS policy can redirect different pseudowires to different queue-group templates.
  4. Apply this network QoS policy to the ingress context of a spoke-SDP inside a service, or to the ingress context of a pseudowire template, and specify the redirect queue-group name.
  5. One or more spoke-SDPs can have their FCs redirected to use policers in the same policer queue-group instance.

The following are the constraints and rules of this provisioning model when used in the ingress pseudowire rate-limiting feature:

  1. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name does not exist, the association is failed at the time the user associates the ingress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the FP.
  2. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name exists but the policer-id is not defined in the queue-group template, the association is failed at the time the user associates the ingress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the FP.
  3. When a pseudowire FC is redirected to use a policer in a named policer queue-group and the queue-group name exists and the policer-id is defined in the queue-group template, it is not required to check that an instance of that queue-group exists in all ingress FPs which have network IP interfaces. The handling of this is dealt with in the data path as follows:
    1. When a pseudowire packet for that FC is received and an instance of the referenced queue-group name exists on that FP, the packet is processed by the policer and will then feed the per-FP ingress shared queues referred to as policer-output-queues.
    2. When a pseudowire packet for that FC is received and an instance of the referenced queue-group name does not exist on that FP, the pseudowire packets will be fed directly into the corresponding ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the FP.
  4. If a network QoS policy is applied to the ingress context of a pseudowire, any pseudowire FC which is not explicitly redirected in the network QoS policy will have the corresponding packets feed directly the ingress network shared queue for that FC defined in the network-queue policy applied to the ingress of the FP.
  5. If no network QoS policy is applied to the ingress context of the pseudowire, all packets of the pseudowire will feed:
    1. the ingress network shared queue for the packet FC defined in the network-queue policy applied to the ingress of the FP. This is the default behavior.
    2. a queue-group policer followed by the per-FP ingress shared queues referred to as policer-output-queues if the ingress context of the network IP interface from which the packet is received is redirected to a queue-group (csc-policing). The only exceptions to this behavior are for packets received from a IES/VPRN spoke interface and from an R-VPLS spoke-SDP, which is forwarded to the R-VPLS IP interface. In these two cases, the ingress network shared queue for the packet FC defined in the network-queue policy applied to the ingress of the FP is used.

When a pseudowire is redirected to use a policer queue-group, the classification of the packet for the purpose of FC and profile determination is performed according to default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the pseudowire. This is true regardless of whether an instance of the named policer queue-group exists on the ingress FP on which the pseudowire packet is received. The user can apply a QoS filter matching the dot1p in the VLAN tag corresponding to the Ethernet port encapsulation, the EXP in the outer label when the tunnel is an LSP, the DSCP in the IP header if the tunnel encapsulation is GRE, and the DSCP in the payload IP header if the user enabled the ler-use-dscp option and the pseudowire terminates in IES or VPRN service (spoke-interface).

When the policer queue-group name the pseudowire is redirected does not exist, the redirection command is failed. In this case, the packet classification is performed according to default classification rule or the QoS filters defined in the ingress context of the network QoS policy applied to the network IP interface on which the pseudowire packet is received.

The no form of this command removes the redirection of the pseudowire to the queue-group.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535

 

fp- redirect-group queue-group-name
Specifies the name of the queue group template up to 32 characters in length.
ingress-instance instance-id
Specifies the identification of a specific instance of the queue-group.
Values—
1 to 16384

 

vc-label

Syntax 
vc-label egress-vc-label
no vc-label [egress-vc-label]
Context 
config>service>vprn>if>spoke-sdp>egress
config>service>vprn>red-if>spoke-sdp>egress
Description 

This command configures the egress VC label.

Parameters 
vc-label—
A VC egress value that indicates a specific connection.
Values—
16 to 1048575

 

vc-label

Syntax 
vc-label ingress-vc-label
no vc-label [ingress-vc-label]
Context 
config>service>vprn>if>spoke-sdp>ingress
config>service>vprn>red-if>spoke-sdp>ingress
Description 

This command configures the ingress VC label.

Parameters 
vc-label—
A VC ingress value that indicates a specific connection.
Values—
2048 to 18431

 

egress

Syntax 
egress
Context 
config>service>vprn>network-interface
Description 

This command enters the context to configure egress network filter policies for the interface.

filter

Syntax 
filter ip ip-filter-id
filter ipv6 ipv6-filter-id
no filter [ip ip-filter-id] [ipv6 ipv6-filter-id]
Context 
config>service>vprn>nw-if>egress
config>service>vprn>if>spoke-sdp>egress
config>service>vprn>if>spoke-sdp>ingress
config>service>vprn>red-if>spoke-sdp>ingress
config>service>vprn>red-if>spoke-sdp>egress
config>service>vprn>nw-if>egress
Description 

This command associates an IP filter policy with an ingress or egress Service Access Point (SAP) or IP interface. An IP filter policy can be associated with spoke SDPs. Filter policies control the forwarding and dropping of packets based on IP or MAC matching criteria.

The filter command is used to associate a filter policy with a specified ip-filter-id with an ingress or egress SAP. The ip-filter-id must already be defined before the filter command is executed. If the filter policy does not exist, the operation fails and an error message returned.

In general, filters applied to SAPs (ingress or egress) apply to all packets on the SAP. One exception is non-IP packets are not applied to IP match criteria, so the default action in the filter policy applies to these packets.

The no form of this command removes any configured filter ID association with the SAP or IP interface. The filter ID itself is not removed from the system unless the scope of the created filter is set to local. To avoid deletion of the filter ID and only break the association with the service object, use scope command within the filter definition to change the scope to local or global. The default scope of a filter is local.

Parameters 
ip ip-filter-id
Specifies IP filter policy. The filter ID must already exist within the created IP filters.
Values—
1 to 65535

 

qos

Syntax 
qos network-policy-id port-redirect-group queue-group-name [instance instance-id]
no qos [network-policy-id]
Context 
config>service>pw-template>egress
config>service>vprn>if>spoke-sdp>egress
config>service>ies>if>spoke-sdp>egress
Description 

This command is used to redirect pseudowire packets to an egress port queue-group for the purpose of shaping.

The egress pseudowire shaping provisioning model allows the mapping of one or more pseudowires to the same instance of queues, or policers and queues, which are defined in the queue-group template.

Operationally, the provisioning model consists of the following steps:

  1. Create an egress queue-group template and configure queues only or policers and queues for each FC that needs to be redirected.
  2. Apply the queue-group template to the network egress context of all ports where there exists a network IP interface on which the pseudowire packets can be forwarded. This creates one instance of the template on the egress of the port. One or more instances of the same template can be created.
  3. Configure FC-to-policer or FC-to-queue mappings together with the redirect to a queue-group in the egress context of a network QoS policy. No queue-group name is specified in this step, which means the same network QoS policy can redirect different pseudowires to different queue-group templates.
  4. Apply this network QoS policy to the egress context of a spoke-SDP inside a service or to the egress context of a pseudowire template and specify the redirect queue-group name.

One or more spoke-SDPs can have their FCs redirected to use queues only or queues and policers in the same queue-group instance.

The following are the constraints and rules of this provisioning model:

  1. When a pseudowire FC is redirected to use a queue or a policer and a queue in a queue-group and the queue-group name does not exist, the association is failed at the time the user associates the egress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will be fed directly to the corresponding egress queue for that FC used by the IP network interface on which the pseudowire packet is forwarded. This queue can be a queue-group queue, or the egress shared queue for that FC defined in the network-queue policy applied to the egress of this port. This is the existing implementation and default behavior for a pseudowire packet.
  2. When a pseudowire FC is redirected to use a queue or a policer, and a queue in a queue-group and the queue-group name exists, but the policer-id and/or the queue-id is not defined in the queue-group template, the association is failed at the time the user associates the egress context of a spoke-SDP to the named queue-group. In such a case, the pseudowire packet will be fed directly to the corresponding egress queue for that FC used by the IP network interface the pseudowire packet is forwarded on.
  3. When a pseudowire FC is redirected to use a queue, or a policer and a queue in a queue-group, and the queue-group name exists and the policer-id or policer-id plus queue-id exist, it is not required to check that an instance of that queue-group exists in all egress network ports which have network IP interfaces. The handling of this is dealt with in the data path as follows:
    1. When a pseudowire packet for that FC is forwarded and an instance of the referenced queue-group name exists on that egress port, the packet is processed by the queue-group policer and will then be fed to the queue-group queue.
    2. When a pseudowire packet for that FC is forwarded and an instance of the referenced queue-group name does not exist on that egress port, the pseudowire packet will be fed directly to the corresponding egress shared queue for that FC defined in the network-queue policy applied to the egress of this port.
  4. If a network QoS policy is applied to the egress context of a pseudowire, any pseudowire FC, which is not explicitly redirected in the network QoS policy, will have the corresponding packets feed directly the corresponding the egress shared queue for that FC defined in the network-queue policy applied to the egress of this port.

When the queue-group name the pseudowire is redirected to exists and the redirection succeeds, the marking of the packet DEI/dot1p/DSCP and the tunnel DEI/dot1p/DSCP/EXP is performed; according to the relevant mappings of the (FC, profile) in the egress context of the network QoS policy applied to the pseudowire. This is true regardless, whether an instance of the queue-group exists or not on the egress port to which the pseudowire packet is forwarded. If the packet profile value changed due to egress child policer CIR profiling, the new profile value is used to mark the packet DEI/dot1p and the tunnel DEI/dot1p/EXP, and the DSCP/prec will be remarked if enable-dscp-prec-marking is enabled under the policer.

When the queue-group name the pseudowire is redirected does not exist, the redirection command is failed. In this case, the marking of the packet DEI/dot1p/DSCP and the tunnel DEI/dot1p/DSCP/EXP fields is performed according to the relevant commands in the egress context of the network QoS policy applied to the network IP interface to which the pseudowire packet is forwarded.

The no version of this command removes the redirection of the pseudowire to the queue-group.

Parameters 
network-policy-id—
Specifies the network policy identification. The value uniquely identifies the policy on the system.
Values—
1 to 65535

 

port-redirect-group queue-group-name
This optional parameter specifies that the queue-group-name will be used for all egress forwarding class redirections within the network QoS policy ID. The specified queue-group-name must exist as a port egress queue group on the port associated with the IP interface.
egress-instance instance-id
Specifies the identification of a specific instance of the queue-group.
Values—
1 to 16384