BGP Virtual Private Network Commands
This chapter describes the BGP Virtual Private Network (VPN) configuration commands.
bgp external-route-leak
Use this command to control the external route leaking. An external imported route (those received from VPN neighbor and imported to an IP-VRF) is further leaked to another IP-VRF. The route-target exports the source VRF, matches the route-target, and imports the destination VRF.
Use the no parameter with this command to disable external route leaking.
External route leaking is only supported for BGP EVPN routes. It is not support for other types of VPN routes.
Command Syntax
bgp external-route-leak
no bgp external-route-leak
Parameters
None
Default
Enable
Command Mode
Router mode
Applicability
This command was introduced in OcNOS version 6.3.4
Examples
OcNOS#configure terminal
(config)#router bgp 100
(config-router)#no bgp external-route-leak
bgp inbound-route-filter
Use this command to control the filtering of received VPN routes with route-target extended community attributes. The inbound route filtering is applicable for both bgp inbound-route-filter and route-target import commands.
When a router is configured as VPNv4/EVPN Route-Reflector, it exchanges VRF routing information with a route distinguisher and route-target extended communities.
By default, OcNOS discards the received routes that does not match the local IP/MAC VRF’s route-target import value. We can use command no bgp inbound-route-filter to override this behavior.
When the local box is acting as a VPNv4/EVPN route-reflector and not in the forwarding path, it may not be
configured with an IP/MAC VRF terminations. In such case, no bgp inbound-route-filter is required to be configured to keep all the routes into RD (route-distinguisher) table.
Command Syntax
bgp inbound-route-filter
no bgp inbound-route-filter
Parameter
None
Default
By default, OcNOS does not import routing information that does not match the local IP or MAC VRF’s route-target import value.
Command Mode
Router mode
Applicability
This command was introduced before OcNOS version 1.3. Inbound-route-filter support for L2VPN EVPN introduced from OcNOS Version 6.3.0.
Examples
#configure terminal
(config)#router bgp 100
(config-router)#bgp inbound-route-filter
clear bgp * l2vpn vpls
Use this command to reset the session with all neighbors for VPLS address family
Command Syntax
clear bgp * l2vpn vpls
Parameters
None
Command Mode
Privileged Exec Modes
Applicability
This command was introduced before OcNOS version 1.3.
Example
#clear bgp * l2vpn vpls
clear ip bgp * vpnv4
Use this command to reset a VPNv4 BGP connection for all peers. This command clears the BGP connection and dynamically resets the outbound routing table. This frees up additional memory required for storing updates to generate new updates.
Note: The soft in or in and soft out or out in the BGP commands performs the same functionality. User can use any of the commands to soft reset.
Command Syntax
clear ip bgp * vpnv4 unicast in
clear ip bgp * vpnv4 unicast out
clear ip bgp * vpnv4 unicast soft
clear ip bgp * vpnv4 unicast soft in
clear ip bgp * vpnv4 unicast soft out
Parameters
in
Clear incoming advertised routes
out
Clear outgoing advertised routes
soft
Clear both incoming and outgoing routes
in
Soft reconfig inbound update
out
Soft reconfig outbound update
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#clear ip bgp *
#clear ip bgp * vpnv4 unicast out
clear bgp <1-4294967295> l2vpn vpls
Use this command to reset the session for the neighbors with a specific ASN number for L2VPN VPLS.
Command Syntax
Clear bgp <1-4294967295> l2vpn vpls
Parameters
<1-4294967295>
Autonomous System number of the BGP neighbor.
Command Mode
Privileged Exec Modes
Applicability
This command was introduced before OcNOS version 1.3.
Example
#clear bgp 100 l2vpn vpls
clear ip bgp <1-4294967295> vpnv4
Use this command to reset a BGP connection for all VPN peers in a specified Autonomous System.
Note: The soft in or in and soft out or out in the BGP commands performs the same functionality. User can use any of the commands to soft reset.
Command Syntax
clear ip bgp <1-4294967295> vpnv4 unicast in
clear ip bgp <1-4294967295> vpnv4 unicast out
clear ip bgp <1-4294967295> vpnv4 unicast soft
clear ip bgp <1-4294967295> vpnv4 unicast soft in
clear ip bgp <1-4294967295> vpnv4 unicast soft out
Parameters
<1-4294967295>
Clear peers with this AS number
in
Clear incoming advertised routes
out
Clear outgoing advertised routes
soft
Clear both incoming and outgoing routes
in
Soft reconfig inbound update
out
Soft reconfig outbound update
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#clear ip bgp 500 vpnv4 unicast soft out
clear bgp A.B.C.D l2vpn vpls
Use this command to reset the session for neighbor with address A.B.C.D.
Command Syntax
clear bgp A.B.C.D l2vpn vpls
Parameters
A.B.C.D
BGP neighbor address.
Command Mode
Privileged Exec Modes
Applicability
This command was introduced before OcNOS version 1.3.
Example
#clear bgp 192.168.0.3 l2vpn vpls
clear ip bgp A.B.C.D vpnv4
Use this command to reset an VPNv4 BGP connection for a specific IPv4 address.
Note: The soft in or in and soft out or out in the BGP commands performs the same functionality. User can use any of the commands to soft reset.
Command Syntax
clear ip bgp A.B.C.D vpnv4 unicast in
clear ip bgp A.B.C.D vpnv4 unicast out
clear ip bgp A.B.C.D vpnv4 unicast soft
clear ip bgp A.B.C.D vpnv4 unicast soft in
clear ip bgp A.B.C.D vpnv4 unicast soft out
Parameters
in
Clear incoming advertised routes
out
Clear outgoing advertised routes
soft
Clear both incoming and outgoing routes
in
Soft reconfig inbound update
out
Soft reconfig outbound update
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#clear ip bgp 10.10.0.12 vpnv4 unicast soft
#clear ip bgp 10.10.0.10 vpnv4 unicast out
debug bgp mpls
Use this command to enable the display of MPLS related information.
Use the no parameter with this command to disable this function.
Note: This command is available only when vrf option is enabled.
Command Syntax
debug bgp mpls
no debug bgp mpls
Parameters
None
Command Mode
Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
debug bgp mpls
export map
This command assigns a route map to the VRF. This map is applied for routing information exported to another PE or VRF.
Use this command when an application requires finer control over the routes exported to another VRF or PE than provided by the import and export extended communities. You can filter routes that are eligible for export to another VRF or PE through the use of a route map. The route map can deny access to selected routes from a community that is on the export list.
Note: Only match rules (deny/permit) are applied for exported routes, set rules will not apply.
Use the no command to remove the map.
Command Syntax
export map WORD
no export map
Parameters
WORD
Route map
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced in OcNOS version 4.1.
Examples
(config)#ip vrf myVRF
(config-vrf)#export map set-pref
(config-vrf)#
import map
This command assigns a route map to the VRF. This map is applied for routing information imported from another PE or VRF.
Use this command when an application requires finer control over the routes imported into a VRF than provided by the import and export extended communities. You can filter routes that are eligible for import into a VRF through the use of a route map. The route map can deny access to selected routes from a community that is on the import list.
Use the no command to remove the map.
Command Syntax
import map WORD
no import map
Parameters
WORD
Route map
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced in OcNOS version 4.1.
Examples
(config)#ip vrf myVRF
(config-vrf)#import map set-pref
(config-vrf)#
ip vrf
Use this command to assign a VPN Routing Forwarding (VRF) instance.
Use the no option with this command to remove the VRF from the instance.
Command Syntax
ip vrf WORD
no ip vrf WORD
Parameter
WORD
Name of the VRF instance
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Command Example
(config)#ip vrf myVRF
(config-vrf)#
neighbor allow-ebgp-vpn
Use this command to allow an eBGP neighbor to be a VPN peer. By default, BGP VPN functionality is allowed only for iBGP peers.
Use the no parameter with this command to remove the configuration.
Command Syntax
neighbor (A.B.C.D|X:X::X:X|WORD) allow-ebgp-vpn
no neighbor (A.B.C.D|X:X::X:X|WORD) allow-ebgp-vpn
Parameters
A.B.C.D
Address of the BGP neighbor in IPv4 format
X:X::X:X
Address of the BGP neighbor in IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
Default
By default, BGP VPN functionality is allowed only for iBGP peers
Command Mode
Address Family-vpnv4 mode and Address Family-vpnv6 mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#router bgp 200
(config-router)#neighbor 66.66.66.66 remote-as 100
(config-router)#neighbor 66.66.66.66 update-source lo
(config-router)#address-family vpnv4 unicast
(config-router-af)#neighbor 66.66.66.66 allow-ebgp-vpn
(config-router-af)#neighbor 66.66.66.66 activate
(config-router-af)#exit-address-family
neighbor as-override
Use this command to configure a provider edge (PE) router to override the autonomous system number (ASN) of a site with the ASN of a provider. BGP normally ignores routes from the same autonomous system. However, this command is used so that the Customer Edge (CE) routers router accepts and installs routes from the same autonomous system.
Typically, this command is used when CE routers have the same ASN in some or all sites. As per BGP requirement, a BGP speaker rejects a route that has the same ASN as itself in the AS_PATH attribute. Thus the CE routers having the same ASN do not accept routes from each other. Giving this command on the PE router removes the CE neighbor’s ASN from the AS_PATH attribute allowing CE routers with the same ASN to accept routes from each other.
Use the no parameter with this command to remove VPN IPv4 prefixes from a specified router.
Command Syntax
neighbor (A.B.C.D|X:X::X:X|WORD) as-override
no neighbor (A.B.C.D|X:X::X:X|WORD) as-override
Parameters
A.B.C.D
Address of the BGP neighbor in IPv4 format
X:X::X:X
Address of the BGP neighbor in IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
Default
By default, neighbor as override is disabled
Command Mode
Address Family-vrf mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#router bgp 7657
(config-router)#address-family ipv4 vrf VRF_A
(config-router-af)#neighbor 10.10.0.1 as-override
#configure terminal
(config)#router bgp 7657
(config-router)#address-family ipv6 vrf VRF_A
(config-router-af)#neighbor 3ffe:15:15:15:15::0 as-override
neighbor send-community
Use this command to send the extended-community attribute to a customer edge router. In VPN, the route-distinguisher and route-target are encoded in BGP extended-community.
Command Syntax
no neighbor (A.B.C.D|X:X::X:X|WORD) send-community
no neighbor (A.B.C.D|X:X::X:X|WORD) send-community (both|extended|standard)
neighbor (A.B.C.D|X:X::X:X|WORD) send-community
neighbor (A.B.C.D|X:X::X:X|WORD) send-community (both|extended|standard)
Parameters
A.B.C.D
Address of the BGP neighbor in an IPv4 format
X:X::X:X
Address of the BGP neighbor in an IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
both
Send standard and extended community attributes
extended
Send extended community attributes
standard
Send standard community attributes
Default
By default, both communities (standard and extended) are sent to every BGP neighbor.
Command Mode
Address Family Unicast mode and Address Family VRF mode.
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#router bgp 100
(config-router)#address-family ipv4 vrf VRF_A
(config-router-af)#neighbor 10.10.10.1 remote-as 200
(config-router-af)#no neighbor 10.10.0.1 send-community extended
neighbor soo
Use this command to enable the site-of-origin (SOO) feature. If the customer AS is multi-homed to the ISP, this command ensures that the PE does not advertise the routes back to the same AS.
Use the no parameter with this command to disable this feature.
Command Syntax
neighbor (A.B.C.D|X:X::X:X|WORD) soo AS:nn_or_IP:nn
no neighbor (A.B.C.D|X:X::X:X|WORD) soo
Parameters
A.B.C.D
Address of the BGP neighbor in IPv4 format
X:X::X:X
Address of the BGP neighbor in IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
ASN:nn_or_IP-address:nn
An AS number and an arbitrary number (for example, 100:1), or a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).
Default
By default, the site-of-origin (SOO) feature is disabled.
Command Mode
Address Family VRF mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#router bgp 100
(config-router)#address-family ipv4 vrf VRF_A
(config-router-af)#neighbor 1.1.1.1 remote-as 200
(config-router-af)#neighbor 10.10.0.1 soo 100:1
rd (route distinguisher)
Use this command to assign a route distinguisher (RD) for the VRF. The route distinguisher value must be a unique value on the router.
This command creates routing and forwarding tables and specifies the default RD for a VPN. The RD is added to the customer's IPv4 prefixes, changing them into globally unique VPN-IPv4 prefixes.
Use no form command to remove the RD configuration.
Note: RD configuration cannot be changed, it needs to be removed and added back with new value. When RD configuration is removed the RT configuration is also lost and needs to be reconfigured.
Command Syntax
rd ASN:nn_or_IP-address:nn
no rd ASN:nn_or_IP-address:nn
Parameters
ASN:nn_or_IP-address:nn
AS number and an arbitrary number (for example, 100:1). Otherwise, specify a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#ip vrf VRF_A
(config-vrf)#rd 100:1
route-target
Use this command to add a list of import and export route-target extended communities to the VRF.
This command creates lists of import and export route-target extended communities for the VRF. It specifies a target VPN extended community. Execute the command once for each community. All routes with the specific route-target extended community are imported into all VRFs with the same extended community as an import route-target.
Use the no parameter with this command to delete a route target.
Route-target values on a MAC-VRF can be manually configured or auto derived from BGP.
Note: Auto-RT is supported only with ASN of 2bytes.
Command Syntax
route-target (import|export|both) (ASN:nn_or_IP-address:nn|evpn-auto-rt)
no route-target (import|export|both) (ASN:nn_or_IP-address:nn|evpn-auto-rt)
Parameters
import
Import routing information
export
Export routing information
both
Import and export routing information
ASN:nn_or_IP-address:nn
AS number and an arbitrary number (for example, 100:1). Otherwise, specify a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).
evpn-auto-rt
route-target auto-derived from BGP
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced before OcNOS version 1.3 and evpn-auto-rt option for mac-vrf is introduced from in OcNOS version 6.0.0.
Examples
(config)#ip vrf VRF_A
(config-vrf)#route-target both 100:10
(config)#ip vrf VRF_A
(config-vrf)#route-target import 100:20
(config)#mac vrf l2vrf1
(config-vrf)#route-target both evpn-auto-rt