- Notes, cautions, and warnings
- About this guide
- Change history
- Getting Started with Dell SmartFabric OS10
- Switch with factory-installed OS10
- Baremetal switch with only ONIE installed
- Downgrade to Release 10.5.0.0 or earlier releases
- Downgrade to Release 10.5.1.0 or later releases
- Startup configuration during upgrade or downgrade
- Switch deployment options
- Remote access
- HTTPS support for HTTP services
- Scheduled reload
- CLI Basics
- CONFIGURATION mode
- Check device status
- Command help
- Candidate configuration
- Copy running configuration
- Restore startup configuration
- Reload system image
- Filter show commands
- Common OS10 commands
- boot
- commit
- configure
- copy
- delete
- dir
- discard
- do
- end
- exit
- hostname
- license
- lock
- management route
- move
- no
- ping
- ping6
- reload
- show boot
- show candidate-configuration
- show environment
- show inventory
- show ip management-route
- show ipv6 management-route
- show license status
- show running-configuration
- show startup-configuration
- show system
- show version
- start
- system
- system-cli disable
- system-user linuxadmin disable
- system identifier
- terminal
- traceroute
- unlock
- username password role
- write
- Advanced CLI tasks
- Dell SmartFabric OS10 zero-touch deployment
- Dell SmartFabric OS10 provisioning
- System management
- Network load balancing
- System banners
- User session management
- Telnet server
- Simple Network Management Protocol
- System clock
- Network Time Protocol
- Precision Time Protocol
- Supported platforms
- Standards compliance
- PTP installation scale and limits
- Configuration notes
- Precision Time Protocol Limitations
- Hybrid clocking
- Configure Precision Time Protocol
- View PTP information
- Example: Configure boundary clock with L2 transport method
- Example: Configure boundary clock with IPv4 multicast transport method
- Example: Configure boundary clock with IPv4 unicast transport method
- Example: Configure end-to-end transparent clock
- Example: Configure boundary clock with IPv4 unicast transport method and L3 VLAN
- Example: Configure PTP in a multinode setup
- PTP commands
- clear ptp counters
- debug ptp
- master
- ptp announce
- ptp clock
- ptp delay-mechanism
- ptp delay-req-min-interval
- ptp domain
- ptp egress-delay-asymmetry
- ptp enable
- ptp ingress-delay-asymmetry
- ptp local-priority
- ptp priority1
- ptp priority2
- ptp role
- ptp source
- ptp sync-interval
- ptp system-time enable
- ptp transport
- ptp vlan
- show ptp
- show ptp clock
- show ptp counters
- show ptp foreign-masters
- show ptp interface
- show ptp parent
- show ptp peer
- show ptp servo
- show ptp time-properties
- slave
- source
- Synchronous Ethernet (SyncE)
- Supported platforms
- Standards compliance
- Clock source selection
- Manage clock selection
- Standby clock source states
- Restrictions and limitations
- Sample configurations
- SyncE commands
- clear sync-e counters
- clear sync-e lockout
- clear sync-e switch
- clear sync-e wait-restore-time
- debug sync-e
- show debug sync-e
- show sync-e
- show sync-e counters
- show sync-e esmc
- show sync-e interface
- sync-e enable
- sync-e esmc
- sync-e esmc-ext-ql-tlv disable
- sync-e hold-off-time
- sync-e lockout
- sync-e mode
- sync-e priority
- sync-e quality-level
- sync-e ssm-network-option
- sync-e switch force
- sync-e switch manual
- sync-e vlan
- sync-e wait-to-restore-time
- Dynamic Host Configuration Protocol
- Packet format and options
- DHCP server
- Automatic address allocation
- Hostname resolution
- Manual binding entries
- View DHCP Information
- DHCP relay agent
- Enable or disable DHCP Option-82
- DHCP relay agent options
- DHCPv4 relay counters
- DHCP relay without route leaking
- DHCP relay custom source IP
- VRRP Virtual IP as Server Override (sub option 11)
- DHCP snooping
- System domain name and list
- DHCP commands
- DHCP relay commands
- clear ip dhcp-relay-counters
- ip helper-address
- ipv6 helper-address
- ip dhcp-relay information-option
- ip dhcp-relay vss
- ip dhcp-relay vss-info
- ip dhcp-relay link-selection
- ip dhcp-relay source-interface
- ip dhcp-relay server-override
- ip dhcp-relay source-interface
- ip dhcp-relay server-override
- ipv6 dhcp-relay interface-id
- ipv6 dhcp-relay prefix
- ipv6 dhcp-relay remote-id
- ipv6 dhcp-relay prefix remote-id
- ipv6 dhcp-relay hostname
- ipv6 dhcp-relay interface-id
- ipv6 dhcp-relay source-interface
- show ip dhcp-relay
- show ipv6 dhcp-relay
- show ip dhcp-relay-counters
- show vlt mismatch dhcp-relay
- show vlt mismatch dhcpv6-relay
- show vlt mismatch
- DHCP server commands
- DHCP snooping commands
- arp inspection
- arp inspection-trust
- arp inspection violation logging
- clear ip arp inspection statistics
- clear ip dhcp snooping binding
- ip dhcp snooping (global)
- ip dhcp snooping (interface)
- ip dhcp snooping binding
- ip dhcp snooping trust
- ip dhcp snooping verify mac-address
- show ip arp inspection database
- show ip arp inspection statistics
- show ip arp inspection logging
- show ip dhcp snooping binding
- DHCP relay commands
- DNS commands
- Containers
- Low Latency Modes
- Interfaces
- Ethernet interfaces
- Unified port groups
- Z9264F-ON port-group profiles
- Port-groups on S5200F-ON switches
- L2 mode configuration
- L3 mode configuration
- Fibre Channel interfaces
- Management interface
- VLAN interfaces
- User-configured default VLAN
- VLAN scale profile
- Loopback interfaces
- Port-channel interfaces
- Configure interface ranges
- Support for north-bound external interfaces
- Switch-port profiles
- Configure negotiation modes on interfaces
- Configure breakout mode
- Breakout auto-configuration
- Reset default configuration
- Forward error correction
- Energy-efficient Ethernet
- View interface configuration
- Viewing journal logs
- High-power optical modules
- Digital optical monitoring
- Default MTU Configuration
- Configure polling interval for Ethernet interface counters
- Interface commands
- channel-group
- default interface
- default vlan-id
- description (Interface)
- duplex
- enable dom
- enable dom traps
- feature auto-breakout
- fec
- interface breakout
- interface ethernet
- interface loopback
- interface mgmt
- interface null
- interface port-channel
- interface range
- interface vlan
- hardware l2 host-mode wide
- link-bundle-utilization
- link-bundle-monitor
- mode
- mode l3
- mtu
- negotiation
- no switchport access vlan
- port mode Eth
- port-group
- profile
- scale-profile vlan
- show hardware l2 host-mode
- show interface
- show interface description
- show interface phy-eth
- show interface switchport
- show inventory media
- show inventory media details
- show link-bundle-utilization
- show port-channel summary
- show port-group
- show switch-port-profile
- show system
- show vlan
- shutdown
- speed (Fibre Channel)
- speed (Management)
- stats-monitor
- switch-port-profile
- switchport access vlan
- switchport mode
- switchport trunk allowed vlan
- wavelength
- default mtu
- show default mtu
- Fibre Channel
- Fibre Channel over Ethernet
- Terminology
- Virtual fabric
- Fibre Channel zoning
- F_Port on Ethernet
- Pinning FCoE traffic to a specific port of a port-channel
- Multiswitch fabric (E Port)
- Configure multiswitch fabric (E Port)
- Verify multiswitch fabric (E Port) configuration
- Multiswitch fabric (E Port) CLI commands
- show fc fspf interface
- clear fc fabric statistics
- clear fc flow-control-statistics
- clear fc fspf statistics
- clear fc ns switch statistics
- domain-id
- e_d_tov
- fc port-mode F | E
- feature fc
- fspf cost
- fspf dead-interval
- fspf hello-interval
- fspf hold-time
- fspf retransmit-interval
- principal-priority
- r_a_tov
- show fc fabric
- show fc fabric interface
- show fc fabric statistics
- show fc flow-control-statistics
- show fc fspf database
- show fc fspf neighbor
- show fc fspf route
- show fc ns fabric
- show fc ns fabric brief
- show fc ns switch statistics
- show fc switch
- show interface fibre channel
- show vfabric
- show vfabric fspf
- Multi-hop FIP-snooping bridge
- Configuration guidelines
- NPIV Proxy Gateway cascading
- Support for untagged VLAN in FCoE
- Single FCF per vFabric
- F_Port commands
- NPG commands
- F_Port and NPG commands
- FIP-snooping commands
- FCoE commands
- clear fcoe database
- clear fcoe statistics
- fcoe delay fcf-adv
- fcoe-pinned-port
- fcoe max-sessions-per-enodemac
- fcoe priority-bits
- lldp tlv-select dcbxp-appln fcoe
- re-balance fc npg sessions vfabric
- show fcoe enode
- show fcoe fcf
- show fcoe pinned-port
- show fcoe sessions
- show fcoe statistics
- show fcoe system
- show fcoe vlan
- show npg node-interface
- show npg uplink-interface
- Debug FC commands
- Layer 2
- 802.1X
- Far-end failure detection
- Link Aggregation Control Protocol
- LACP individual
- LACP individual port feature interactions
- LACP individual port - Use case
- VxRail VSS to VDS migration scaling numbers
- VxRail deployment use cases
- PXE booting use case
- Modes
- Configuration
- Interfaces
- Rates
- Sample configuration
- LACP fallback
- LACP commands
- channel-group
- clear lacp counters
- lacp individual
- lacp fallback enable
- lacp fallback preemption
- lacp fallback timeout
- lacp max-bundle
- Lacp port-priority
- lacp rate
- lacp system-priority
- show interface port-channel
- show lacp counter
- show lacp interface
- show lacp neighbor
- show lacp port channel
- show lacp system-identifier
- Link Layer Discovery Protocol
- Mandatory TLVs
- Optional TLVs
- Configure LLDP
- Example: Advertise TLVs configuration
- View LLDP configuration
- View LLDP neighbor advertisements
- LLDP-MED
- LLDP commands
- clear lldp counters
- clear lldp table
- lldp enable
- lldp holdtime-multiplier
- lldp med fast-start-repeat-count
- lldp med
- lldp med network-policy
- lldp med network-policy (Interface)
- lldp med tlv-select
- lldp port-description-tlv advertise
- lldp receive
- lldp reinit
- lldp timer
- lldp tlv-select basic-tlv
- lldp management-addr-tlv virtual-ip
- lldp tlv-select dot1tlv
- lldp tlv-select dot3tlv
- lldp transmit
- lldp vlan-name-tlv allowed vlan
- show lldp interface
- show lldp errors
- show lldp med
- show lldp neighbors
- show lldp timers
- show lldp tlv-select interface
- show lldp traffic
- show network-policy profile
- Media Access Control
- Spanning-tree protocol
- Introduction to STP
- Supported STP modes
- Change STP modes
- Mode specific functionality
- Enable and disable STP
- Backward compatibility and interoperability
- BPDU extensions
- Recover from BPDU guard violations
- MAC flush optimization
- Spanning-tree link type for rapid state transitions
- Dynamic path cost calculation
- Debug facilities
- EdgePort
- Common STP commands
- clear spanning-tree counters
- debug spanning-tree
- errdisable detect cause bpduguard
- errdisable recovery cause bpduguard
- errdisable recovery interval
- clear spanning-tree detected-protocol
- spanning-tree bpdufilter
- spanning-tree bpduguard
- spanning-tree disable
- spanning-tree guard
- spanning-tree link-type
- spanning-tree mac-flush-timer
- spanning-tree mode rstp
- spanning-tree port
- show errdisable
- show spanning-tree interface
- Rapid per-VLAN spanning-tree
- RSTP/MSTP/Rapid-PVST Force Version
- Load balance and root selection
- Enable Rapid-PVST
- Select the root bridge
- Root assignment
- Global parameters
- Rapid-PVST commands
- show spanning-tree vlan
- spanning-tree vlan cost
- spanning-tree vlan disable
- spanning-tree vlan forward-time
- spanning-tree vlan force-version
- spanning-tree vlan hello-time
- spanning-tree vlan mac-flush-threshold
- spanning-tree vlan max-age
- spanning-tree vlan priority
- spanning-tree vlan priority (Interface)
- spanning-tree vlan root
- spanning-tree rapid-pvst default behavior
- show spanning-tree compatibility-mode
- spanning-tree rapid-pvst force-version
- Rapid Spanning-Tree Protocol
- Multiple Spanning-Tree
- Configure MSTP
- Create instances
- Root selection
- Non-Dell Technologies hardware
- Region name or revision
- Modify parameters
- Interface parameters
- MST commands
- instance
- name
- revision
- spanning-tree mst
- spanning-tree msti
- spanning-tree mst configuration
- spanning-tree mst disable
- spanning-tree mst force-version
- spanning-tree mst forward-time
- spanning-tree mst hello-time
- spanning-tree mst mac-flush-threshold
- spanning-tree mst max-age
- spanning-tree mst max-hops
- show spanning-tree mst
- show spanning-tree msti
- Introduction to STP
- Virtual LANs
- Private VLANs
- PVLAN components
- Limitations
- Configuration notes
- Configure a PVLAN domain
- Extend PVLAN domain to another switch
- Configure PVLAN ports in a regular VLAN
- Configure an IPv4 address and local proxy ARP on a PVLAN interface
- Convert a secondary or promiscuous port to a regular L2 port
- Delete the primary and secondary VLANs
- View PVLAN information
- Interaction with other features
- PVLAN commands
- ip local-proxy-arp
- private-vlan mapping secondary-vlans
- private-vlan mode (VLAN mode)
- private-vlan mode (Port mode)
- show interface private-vlan
- show vlan private-vlan
- show vlan private-vlan primary
- show vlan private-vlan isolated
- show vlan private-vlan community
- show vlan private-vlan interface
- show vlan private-vlan mapping
- Example: PVLAN deployment with L2-L3 boundary at the spine layer
- Example: PVLAN deployment with L2-L3 boundary at the leaf layer
- Port monitoring
- Layer 3
- Virtual routing and forwarding
- Configure management VRF
- Configure non-default VRF instances
- VRF configuration
- View VRF instance information
- Static route leaking
- Dynamic route leaking
- Administrative distance for leaked routes
- VRF commands
- interface management
- ip domain-list vrf
- ip domain-name vrf
- ip vrf
- ip ftp vrf
- ip host vrf
- ip http vrf
- ip name-server vrf
- ip route-import
- ip route-export
- ipv6 route-import
- ipv6 route-export
- ip scp vrf
- ip sftp vrf
- ip tftp vrf
- ip vrf management
- match source-protocol
- redistribute imported-bgp-routes
- redistribute imported-ospf-routes
- redistribute l2vpn evpn
- set distance
- show hosts vrf
- show ip vrf
- update-source-ip
- Bidirectional Forwarding Detection
- BFD session states
- BFD three-way handshake
- BFD configuration
- Configure BFD globally
- BFD for BGP
- BFD for OSPF
- BFD for Static routes
- Establishing BFD Sessions for IPv4 Static Routes
- Establishing BFD Sessions for IPv4 Static Routes in a non-default VRF instance
- Changing IPv4 static route session parameters
- Disabling BFD for IPv4 Static Routes
- Establishing BFD Sessions for IPv6 Static Routes
- Establishing BFD Sessions for IPv6 Static Routes in a non-default VRF instance
- Changing IPv6 static route session parameters
- Enable BFD for specific static routes
- Disabling BFD for IPv6 Static Routes
- BFD commands
- Border Gateway Protocol
- Sessions and peers
- Martian addresses
- Route reflectors
- Multiprotocol BGP
- Attributes
- Disable announcement of ASN values
- Selection criteria
- Weight and local preference
- Multiexit discriminators
- Origin
- AS path and next-hop
- Best path selection
- More path support
- Advertise cost
- 4-Byte AS numbers
- AS number migration
- Graceful restart
- Configure Border Gateway Protocol
- Enable BGP
- BGP unnumbered
- Constructing the Next Hop field
- Link-local-only-nexthop command at ROUTER BGP level
- Link-local-only-nexthop command at the BGP neighbor or template level
- Behavior of iBGP unnumbered with cumulus
- BGP over unnumbered interfaces
- Auto-unnumbered interfaces for BGP
- Configure Dual Stack
- Configure administrative distance
- Peer templates
- Neighbor fall-over
- Configure password
- Fast external fallover
- Passive peering
- Local AS
- AS number limit
- Additional paths
- Redistribute routes
- MED attributes
- Local preference attribute
- Weight attribute
- Enable multipath
- Route-map filters
- Route reflector clusters
- Aggregate routes
- Confederations
- Route dampening
- Timers
- Neighbor soft-reconfiguration
- Redistribute iBGP route to OSPF
- View BGP routes information
- Debug BGP
- Configuring BGP template
- Example - BGP in a VLT topology
- Example - Three-tier CLOS topology with eBGP
- Example - Routing on the host with BGP
- BGP commands
- activate
- add-path
- add-path
- address-family
- advertisement-interval
- advertisement-start
- aggregate-address
- allowas-in
- always-compare-med
- as-notation
- bestpath as-path
- bestpath med
- bestpath router-id
- bgp dampening
- bgp redistribute-internal
- clear ip bgp
- clear ip bgp *
- clear ip bgp dampening
- clear ip bgp flap-statistics
- connection-retry-timer
- confederation
- client-to-client
- cluster-id
- debug ip bgp
- description
- default-metric
- default-originate
- distance bgp
- distribute-list
- bgp default local-preference
- ebgp-multihop
- enforce-first-as
- fall-over
- fast-external-fallover
- graceful-restart
- ibgp-ecmp-next-hop-self
- inherit
- inherit template
- ipv6 bgp unnumbered
- link-local-only-nexthop (Global level)
- link-local-only-nexthop (BGP neighbor level)
- link-local-only-nexthop (BGP template level)
- listen
- local-as
- log-neighbor-changes
- maximum-paths
- maximum-prefix
- neighbor
- network
- next-hop-self
- non-deterministic-med
- outbound-optimization
- password
- redistribute
- remote-as
- remove-private-as
- route-map
- route-reflector-client
- router bgp
- router-id
- send-community
- sender-side-loop-detection
- show ip bgp
- show ip bgp community
- show ip bgp community-list
- show ip bgp dampened-paths
- show ip bgp extcommunity-list
- show ip bgp filter-list
- show ip bgp flap-statistics
- show ip bgp ipv4 unicast
- show ip bgp ipv6 unicast
- show ip bgp neighbors
- show ip bgp peer-group
- show ip bgp summary
- show ip route
- show ipv6 route
- soft-reconfiguration inbound
- soft-reconfiguration inbound
- template
- timers
- update-source
- vrf
- weight
- Equal cost multi-path
- Load balancing
- Maximum ECMP groups and paths
- ECMP commands
- enhanced-hashing resilient-hashing
- enhanced-hashing symmetric-hashing
- hash-algorithm
- ip ecmp-group maximum-paths
- link-bundle-utilization trigger-threshold
- load-balancing
- show enhanced-hashing resilient-hashing
- show enhanced-hashing symmetric-hashing
- show hash-algorithm
- show ip ecmp-group details
- show load-balance
- IPv4 routing
- IPv6 routing
- Enable or disable IPv6
- IPv6 addresses
- Stateless autoconfiguration
- Neighbor Discovery
- Duplicate address discovery
- DNS Search List
- Recursive DNS server addresses
- Static IPv6 routing
- IPv6 destination unreachable
- IPv6 hop-by-hop options
- IPv6 Routing Header Type 0
- View IPv6 information
- IPv6 RA Guard
- Configure IPv6 RA guard
- IPv6 RA guard commands
- clear ipv6 nd ra-guard statistics
- device-role
- ipv6 nd ra-guard attach-policy
- ipv6 nd ra-guard enable
- ipv6 nd ra-guard logging enable
- ipv6 nd ra-guard policy
- mtu
- managed-config-flag
- match ra
- other-config-flag
- reachable-time
- retrans-timer
- router-lifetime
- router-preference maximum
- show config
- show ipv6 nd ra-guard policy
- show ipv6 nd ra-guard statistics
- show ipv6 nd ra-guard violation-details
- show vlt mismatch
- IPv6 commands
- clear ipv6 neighbors
- clear ipv6 route
- ipv6 address
- ipv6 address autoconfig
- ipv6 address dhcp
- ipv6 enable
- ipv6 address eui-64
- ipv6 address link-local
- ipv6 hop-by-hop
- ipv6 nd dad
- ipv6 nd hop-limit
- ipv6 nd managed-config-flag
- ipv6 nd max-ra-interval
- ipv6 nd mtu
- ipv6 nd other-config-flag
- ipv6 nd prefix
- ipv6 nd ra-dns search-list
- ipv6 nd ra-dns search-list suppress
- ipv6 nd ra-dns server
- ipv6 nd ra-dns server suppress
- ipv6 nd ra-lifetime
- ipv6 nd reachable-time
- ipv6 nd retrans-timer
- ipv6 nd send-ra
- ipv6 route
- ipv6 routing-header-type0 deny
- ipv6 unreachables
- show ipv6 interface brief
- show ipv6 nd ra-dns search-list
- show ipv6 nd ra-dns server
- show ipv6 neighbors
- show ipv6 route
- Open shortest path first
- Autonomous system areas
- Areas, networks, and neighbors
- Router types
- Designated and backup designated routers
- Link-state advertisements
- Router priority
- Shortest path first throttling
- Redistribute routes
- OSPFv2
- Enable OSPFv2
- Enable OSPFv2 in a non-default VRF instance
- Assign router identifier
- Stub areas
- Passive interfaces
- Fast convergence
- Interface parameters
- Default route
- Summary address
- Graceful restart
- OSPFv2 authentication
- Troubleshoot OSPFv2
- Debug OSPF
- OSPFv2 commands
- area default-cost
- area nssa
- area range
- area stub
- auto-cost reference-bandwidth
- clear ip ospf process
- clear ip ospf statistics
- debug ip ospfv2
- default-information originate
- default-metric
- fast-converge
- graceful-restart
- ip ospf area
- ip ospf authentication-key
- ip ospf cost
- ip ospf dead-interval
- ip ospf hello-interval
- ip ospf message-digest-key
- ip ospf mtu-ignore
- ip ospf network
- ip ospf passive
- ip ospf priority
- ip ospf retransmit-interval
- ip ospf transmit-delay
- log-adjacency-changes
- max-metric router-lsa
- maximum-paths
- redistribute
- router-id
- router ospf
- show ip ospf
- show ip ospf asbr
- show ip ospf database
- show ip ospf database asbr-summary
- show ip ospf database external
- show ip ospf database network
- show ip ospf database nssa external
- show ip ospf database opaque-area
- show ip ospf database opaque-as
- show ip ospf database opaque-link
- show ip ospf database router
- show ip ospf database summary
- show ip ospf interface
- show ip ospf routes
- show ip ospf statistics
- show ip ospf topology
- summary-address
- timers lsa arrival
- timers spf
- timers throttle lsa all
- OSPFv3
- Enable OSPFv3
- Enable OSPFv3 in a non-default VRF instance
- Assign Router ID
- Configure Stub Areas
- Enable Passive Interfaces
- Interface OSPFv3 Parameters
- Default route
- OSPFv3 IPsec authentication and encryption
- Support for OSPFv3 route summarization
- Troubleshoot OSPFv3
- OSPFv3 Commands
- area authentication
- area encryption
- area range
- area stub
- auto-cost reference-bandwidth
- clear ipv6 ospf process
- clear ipv6 ospf statistics
- debug ip ospfv3
- default-information originate
- ipv6 ospf area
- ipv6 ospf authentication
- ipv6 ospf cost
- ipv6 ospf dead-interval
- ipv6 ospf encryption
- ipv6 ospf hello-interval
- ipv6 ospf mtu-ignore
- ipv6 ospf network
- ipv6 ospf passive
- ipv6 ospf priority
- log-adjacency-changes
- maximum-paths
- redistribute
- router-id
- router ospfv3
- show ipv6 ospf
- show ipv6 ospf database
- show ipv6 ospf interface
- show ipv6 ospf neighbor
- show ipv6 ospf statistics
- summary-address
- timers spf (OSPFv3)
- Object tracking manager
- Policy-based routing
- Virtual Router Redundancy Protocol
- BFD tracking support in VRRP groups
- Configuring BFD session tracking under VRRP group
- Configuration
- Create virtual router
- Group version
- Virtual IP addresses
- Configure virtual IP address
- Configure virtual IP address in a VRF
- Set group priority
- Authentication
- Disable preempt
- Advertisement interval
- Interface/object tracking
- Configure tracking
- VRRP commands
- Virtual routing and forwarding
- Multicast
- Important notes
- Configure multicast routing
- Multicast route optimization
- Multicast Commands
- IPv4 multicast routing
- Internet Group Management Protocol
- Standards compliance
- Important notes
- Supported IGMP versions
- Query interval
- Last member query interval
- Maximum response time
- IGMP immediate leave
- Select an IGMP version
- IGMP commands
- clear ip igmp groups
- ip igmp immediate-leave
- ip igmp last-member-query-interval
- ip igmp query-interval
- ip igmp query-max-resp-time
- ip igmp snooping enable
- ip igmp snooping
- ip igmp snooping fast-leave
- ip igmp snooping last-member-query-interval
- ip igmp snooping mrouter
- ip igmp snooping querier
- ip igmp snooping query-interval
- ip igmp snooping query-max-resp-time
- ip igmp version
- show ip igmp groups
- show ip igmp interface
- show ip igmp snooping groups
- show ip igmp snooping groups detail
- show ip igmp snooping interface
- show ip igmp snooping mrouter
- show ip igmp snooping summary
- Protocol Independent Multicast
- PIM terminology
- Standards compliance
- PIM-SM
- PIM-SSM
- Configure expiry timers for S, G entries
- Configure static rendezvous point
- Configure dynamic RP using the BSR mechanism
- Configure designated router priority
- Update RP mapping cache with new RP configuration
- PIM join filters
- PIM neighbor filters
- PIM register filters
- PIM commands
- clear ip pim rp-mapping
- clear ip pim tib
- ip multicast-routing
- ip pim bsr-candidate
- ip pim bsr-candidate-timers
- ip pim bsr-timeout
- ip pim dr-priority
- ip pim join-filter
- ip pim neighbor-filter
- ip pim query-interval
- ip pim register-filter
- ip pim rp-address
- ip pim rp-candidate
- ip pim rp-candidate-timers
- ip pim sparse-mode
- ip pim sparse-mode sg-expiry-timer
- ip pim ssm-range
- show ip pim bsr-router
- show ip pim interface
- show ip pim mcache
- show ip pim neighbor
- show ip pim register-filter
- show ip pim rp
- show ip pim ssm-range
- show ip pim summary
- show ip pim tib
- show ip rpf
- Sample configuration: Multicast VRF using PIM-SM
- Anycast RP using PIM
- VLT multicast routing
- Internet Group Management Protocol
- IPv4 multicast traffic reduction
- IPv6 multicast traffic reduction
- Multicast Listener Discovery Protocol
- MLD snooping
- MLD snooping commands
- ipv6 mld snooping
- ipv6 mld snooping enable
- ipv6 mld snooping fast-leave
- ipv6 mld snooping last-member-query-interval
- ipv6 mld snooping mrouter
- ipv6 mld snooping querier
- ipv6 mld snooping query-interval
- ipv6 mld query-max-resp-time
- ipv6 mld version
- show ipv6 mld snooping groups
- show ipv6 mld snooping groups detail
- show ipv6 mld snooping interface
- show ipv6 mld snooping mrouter
- show ipv6 mld snooping summary
- Multicast Listener Discovery Protocol
- VXLAN
- VXLAN concepts
- VXLAN as NVO solution
- Configure VXLAN
- L3 VXLAN route scaling
- DHCP relay on VTEPs
- View VXLAN configuration
- VXLAN MAC addresses
- VXLAN commands
- arp-nd-suppression
- hardware overlay-routing-profile
- interface virtual-network
- ip virtual-router address
- ip virtual-router mac-address
- member-interface
- nve
- remote-vtep
- show hardware overlay-routing-profile mode
- show interface virtual-network
- show nve remote-vtep
- show nve remote-vtep counters
- show nve vxlan-vni
- show virtual-network
- show virtual-network counters
- show virtual-network interface counters
- show virtual-network interface
- show virtual-network vlan
- show vlan (virtual network)
- source-interface loopback
- virtual-network
- virtual-network untagged-vlan
- vxlan-vni
- VXLAN MAC commands
- clear mac address-table dynamic nve remote-vtep
- clear mac address-table dynamic virtual-network
- show mac address-table count extended
- show mac address-table count nve
- show mac address-table count virtual-network
- show mac address-table extended
- show mac address-table nve
- show mac address-table virtual-network
- Example: VXLAN with static VTEP
- BGP EVPN for VXLAN
- BGP EVPN compared to static VXLAN
- VXLAN BGP EVPN operation
- Configure BGP EVPN for VXLAN
- BGP EVPN with VXLAN overlay - Multi tenancy
- Enabling EVPN services
- EVPN constructs
- VXLAN BGP EVPN routing
- BGP EVPN with VLT
- ARP suppression
- EVPN route selection based on AS path length
- VXLAN BGP commands
- VXLAN EVPN commands
- Example: VXLAN with BGP EVPN with asymmetric IRB
- Example: VXLAN BGP EVPN — Multiple AS topology with asymmetric IRB
- Example: VXLAN BGP EVPN — Centralized L3 gateway with asymmetric IRB
- Example: VXLAN BGP EVPN — Border leaf gateway with asymmetric IRB
- Example: VXLAN BGP EVPN—Symmetric IRB
- Example - VXLAN BGP EVPN symmetric IRB with unnumbered BGP peering
- Example: Migrating from Asymmetric IRB to Symmetric IRB
- Example - Route leaking across VRFs in a VXLAN BGP EVPN symmetric IRB topology
- Controller-provisioned VXLAN
- UFT modes
- Security
- Switch security
- User management
- User accounts
- Privilege levels
- Passwords for user accounts
- User management commands
- disable
- enable
- enable password priv-lvl
- password-attributes
- password-attributes max-retry lockout-period console-exempt
- privilege
- service simple-password
- service obscure-password
- show users
- show privilege
- show running-configuration privilege
- system-user linuxadmin password
- system-user linuxadmin disable
- userrole inherit
- username password role
- AAA
- Boot security
- Bootloader protection
- Secure Boot
- Boot security commands
- boot protect disable username
- boot protect enable username password
- show boot protect
- show secure-boot pki-certificates
- show secure-boot
- secure-boot grub-key
- secure-boot verify
- secure-boot revoke key
- secure-boot protect startup-config
- secure-boot enable
- image verify
- image secure-install
- image gpg-key key-server
- Switch management access
- SSH server
- RESTCONF API
- Restrict SNMP access
- Limit concurrent login sessions
- Virtual terminal line ACLs
- Initiate an SSH session with another switch
- Switch management access
- ip ssh client cli enable
- ip ssh server enable
- ip ssh server challenge-response-authentication
- ip ssh server cipher
- ip ssh server hostbased-authentication
- ip ssh server kex
- ip ssh server mac
- ip ssh server password-authentication
- ip ssh server port
- ip ssh server pubkey-authentication
- ip ssh server vrf
- show ip ssh
- ssh
- show crypto ssh-key
- username sshkey
- username sshkey filename
- crypto ssh-key generate
- login concurrent-session limit
- line vty
- ipv6 access-class
- ip access-class
- Switch management statistics
- X.509v3 certificates
- X.509v3 concepts
- PKI certificate validation
- Public key infrastructure
- Manage CA certificates
- Certificate revocation
- Request and install host certificates
- Self-signed certificates
- Security profiles
- Cluster security
- SSH Smart Card Authentication
- Remote user authentication with a password
- Local user authentication with a password
- Local user authentication without a password
- General X.509v3 configuration for X.509v3 SSH authentication
- Configure remote user authentication with a password
- Configure local user authentication with a password
- Configure local user authentication without a password
- Security profile settings used by X.509v3 authentication
- Example: Configure RADIUS over TLS with X.509v3 certificates
- X.509v3 commands
- certificate
- crypto cert validate
- cluster security-profile
- crypto ca-cert delete
- crypto ca-cert install
- crypto cdp add
- crypto cdp delete
- crypto cert delete
- crypto cert generate
- crypto cert install
- crypto crl delete
- crypto crl install
- crypto fips enable
- crypto security-profile
- peer-name-check
- revocation-check
- show crypto ca-certs
- show crypto cdp
- show crypto cert
- show crypto crl
- ip ssh server x509v3-authentication security-profile
- ocsp-check [ocsp-url]
- User management
- Network security
- Access control lists
- DHCP snooping
- 802.1X port access control
- Port security
- Port-security on VLT
- Restrictions and limitations
- Port security commands
- clear mac address-table secure
- errdisable recovery cause
- errdisable reset cause
- disable
- mac-learn
- mac-learn limit violation
- mac-move allow
- mac-move violation
- mac address-table static
- show switchport port-security
- switchport port-security (interface)
- switchport port-security (global)
- sticky
- aging
- show mac address-table secure
- show errdisable
- show mac address-table count
- Switch security
- OpenFlow
- OpenFlow logical switch instance
- OpenFlow controller
- OpenFlow version 1.3
- Ports
- Flow table
- Group table
- Meter table
- Instructions
- Action set
- Action types
- Counters
- OpenFlow protocol
- Connection setup TCP
- Supported controllers
- Flow table modification messages
- Message types
- Flow match fields
- Action structures
- Capabilities supported by the data path
- Multipart message types
- Switch description
- Property type
- Group configuration
- Controller roles
- Packet-in reasons
- Flow-removed reasons
- Error types from switch to controller
- OpenFlow use cases
- Configure OpenFlow
- OpenFlow commands
- OpenFlow-only mode commands
- Access Control Lists
- IP ACLs
- MAC ACLs
- Control-plane ACLs
- IP fragment handling
- L3 ACL rules
- Assign sequence number to filter
- Delete ACL rule
- L2 and L3 ACLs
- Assign and apply ACL filters
- Ingress ACL filters
- Egress ACL filters
- VTY ACLs
- SNMP ACLs
- Clear access-list counters
- IP prefix-lists
- Route-maps
- Match routes
- Set conditions
- Continue clause
- ACL flow-based monitoring
- Enable flow-based monitoring
- View ACL table utilization report
- ACL logging
- ACL commands
- clear ip access-list counters
- clear ipv6 access-list counters
- clear mac access-list counters
- deny
- deny (IPv6)
- deny (MAC)
- deny icmp
- deny icmp (IPv6)
- deny ip
- deny ipv6
- deny tcp
- deny tcp (IPv6)
- deny udp
- deny udp (IPv6)
- description
- ip access-group
- ip access-list
- ip as-path access-list
- ip community-list standard deny
- ip community–list standard permit
- ip extcommunity-list standard deny
- ip extcommunity-list standard permit
- ip prefix-list description
- ip prefix-list deny
- ip prefix-list permit
- ip prefix-list seq deny
- ip prefix-list seq permit
- ipv6 access-group
- ipv6 access-list
- ipv6 prefix-list deny
- ipv6 prefix-list description
- ipv6 prefix-list permit
- ipv6 prefix-list seq deny
- ipv6 prefix-list seq permit
- logging access-list mgmt burst
- logging access-list mgmt rate
- mac access-group
- mac access-list
- permit
- permit (IPv6)
- permit (MAC)
- permit icmp
- permit icmp (IPv6)
- permit ip
- permit ipv6
- permit tcp
- permit tcp (IPv6)
- permit udp
- permit udp (IPv6)
- remark
- seq deny
- seq deny (IPv6)
- seq deny (MAC)
- seq deny icmp
- seq deny icmp (IPv6)
- seq deny ip
- seq deny ipv6
- seq deny tcp
- seq deny tcp (IPv6)
- seq deny udp
- seq deny udp (IPv6)
- seq permit
- seq permit (IPv6)
- seq permit (MAC)
- seq permit icmp
- seq permit icmp (IPv6)
- seq permit ip
- seq permit ipv6
- seq permit tcp
- seq permit tcp (IPv6)
- seq permit udp
- seq permit udp (IPv6)
- show access-group
- show access-lists
- show acl-table-usage detail
- show control-plane logging
- show ip as-path-access-list
- show ip prefix-list
- show logging access-list
- Route-map commands
- continue
- match as-path
- match community
- match extcommunity
- match inactive-path-additive
- match interface
- match ip address
- match ip next-hop
- match ipv6 address
- match ipv6 next-hop
- match metric
- match origin
- match route-type
- match tag
- route-map
- set comm-list add
- set comm-list delete
- set community
- set extcomm-list add
- set extcomm-list delete
- set extcommunity
- set local-preference
- set metric
- set metric-type
- set next-hop
- set origin
- set tag
- set weight
- show route-map
- Quality of service
- Classification
- Marking Traffic
- Queuing
- Policing traffic
- Coloring traffic
- Modifying packet fields
- Shaping traffic
- Bandwidth allocation
- Strict priority queuing
- Rate adjustment
- Configure quality of service
- Example 1: Traffic classification and bandwidth allocation in VXLAN topology using CoS value
- Example 2: Traffic classification and bandwidth allocation in VXLAN topology using CoS value on access ports and DSCP value on network ports
- Buffer management
- Congestion avoidance
- Storm control
- RoCE for faster access and lossless connectivity
- Port to port-pipe and MMU mapping
- QoS VXLAN usecases
- QoS VXLAN examples
- QoS commands
- bandwidth
- buffer-statistics-tracking
- class
- class-map
- clear qos statistics
- clear qos statistics type
- control-plane
- control-plane-buffer-size
- flowcontrol
- hardware deep-buffer-mode
- match
- match cos
- match dscp
- match precedence
- match queue
- match vlan
- mtu
- pause
- pfc-cos
- pfc-max-buffer-size
- pfc-shared-buffer-size
- pfc-shared-headroom-buffer-size
- police
- policy-map
- priority
- priority-flow-control mode
- qos-group dot1p
- qos-group dscp
- qos-map traffic-class
- qos-rate-adjust
- queue-limit
- queue bandwidth
- queue qos-group
- queue qos-group (Z9332F-ON)
- random-detect (interface)
- random-detect (queue)
- random-detect color
- random-detect ecn
- random-detect ecn
- random-detect pool
- random-detect weight
- service-policy
- set cos
- set dscp
- set qos-group
- shape
- show class-map
- show control-plane buffers
- show control-plane buffer-stats
- show control-plane info
- show control-plane statistics
- show hardware deep-buffer-mode
- show interface priority-flow-control
- show qos interface
- show policy-map
- show qos control-plane
- show qos egress buffers interface
- show qos egress buffer-statistics-tracking
- show qos egress buffer-stats interface
- show qos headroom-pool buffer-statistics-tracking
- show qos ingress buffers interface
- show qos ingress buffer-statistics-tracking
- show qos ingress buffer-stats interface
- show qos maps
- show qos maps (Z9332F-ON)
- show qos port-map details
- show qos-rate-adjust
- show qos service-pool buffer-statistics-tracking
- show qos system
- show qos system buffers
- show qos wred-profile
- show queuing statistics
- system qos
- trust dot1p-map
- trust dscp-map
- trust-map
- wred
- Virtual Link Trunking
- Terminology
- VLT domain
- VLT interconnect
- Graceful LACP with VLT
- Configure VLT
- Configure VRRP Active-Active mode
- Migrate VMs across data centers with eVLT
- View VLT information
- Delay-restore for orphan ports
- Example: Configure RSPAN in VLT network
- BFD in VLT Domain
- PBR in VLT Domain
- VLT commands
- backup destination
- delay-restore
- delay-restore-port enable
- delay-restore-port timeout
- discovery-interface
- ip pbr disable
- ipv6 pbr disable
- peer-routing
- peer-routing-timeout
- primary-priority
- show running-configuration vlt
- show spanning-tree virtual-interface
- show delay-restore-port
- show vlt
- show vlt domain-id delay restore orphan port
- show vlt backup-link
- show vlt egress-mask-rule
- show vlt error-disabled-ports
- show vlt mac-inconsistency
- show vlt mismatch
- show vlt pbr
- show vlt role
- show vlt vlt-port-detail
- vlt-domain
- vlt delay-restore orphan-port enable
- vlt delay-restore orphan-port ignore vlti-failure
- vlt-port-channel
- vlt-mac
- vrrp mode active-active
- Uplink Failure Detection
- Converged data center services
- sFlow®
- Telemetry
- RESTCONF API
- Troubleshoot Dell SmartFabric OS10
- Diagnostic tools
- Recover Linux password
- Recover OS10 user name password
- Restore factory defaults
- SupportAssist
- Important notes
- Configure SupportAssist
- Set company name
- Set contact information
- Schedule activity
- View status
- View warranty information
- View SupportAssist logs
- List of country names and codes
- Connect to SupportAssist server
- SupportAssist commands
- Support bundle
- System monitoring
- Monitor CPU Utilization
- Monitor Memory Utilization
- Log into OS10 device
- Frequently asked questions
- Support resources
Dell SmartFabric OS10 User Guide Release 10.5.3
Dynamic route leaking
Dynamic route leaking enables routes that are configured in the default or a nondefault VRF instance to be made available to another VRF instance. You can leak routes from a source VRF instance to a destination VRF instance.
OS10 supports leaking routes for static and dynamic routes. The leaked routes retain the type of the route, whether they are static, OSPF, BGP, or connected routes in the destination VRF. For example, leaked OSPF routes from one VRF are imported as OSPF routes in the destination VRF. You can use a route map for route filtering when importing routes to a VRF.
The routes must be leaked in both source and destination VRFs to achieve end-to-end traffic flow.
NOTE: Dell Technologies recommends configuring unique route targets in every VRF.
Restrictions for route leaking
- BFD attributes are not carried over to a leaked static route. If BFD removes a static route from the VRF that leaks the route, the leaked route is removed from the VRF that imports it. When the static route is restored in the VRF that leaks the route, the leaked route is restored in the VRF that imports it.
- Using route targets does not leak /32 prefixes on loopback interfaces. You can use static route leaking to leak /32 prefixes on loopback interfaces.
- The following lists the maximum number of leaked routes supported by the system with ECMP:
- 4000 IPv4 routes and 2000 IPv6 routes with 64 ECMP paths.
- 2000 IPv4 routes and 1000 IPv6 routes with 128 ECMP paths.
| Route map option | Attribute | Protocol |
|---|---|---|
| set | as-path | BGP |
| set | community | BGP |
| set | comm-list | BGP |
| set | tag | OSPF |
| set | extcommunity | BGP |
| set | extcomm-list | BGP |
| set | local-preference | BGP |
| set | origin | BGP |
| set | metric-type | BGP |
| set | weight | BGP |
| set | route-type local | BGP |
| Route map option | Attribute |
|---|---|
| set | ip next-hop |
| set | ipv6 next-hop |
| set | ip vrf next hop |
| set | ipv6 vrf next hop |
| Route map option | Attribute | Protocol |
|---|---|---|
| match | route-type | OSPF |
| match | tag | OSPF |
| match | ip | IP prefix list |
| match | ipv6 | IPv6 prefix list |
| match | origin | BGP |
| match | metric | routes matched against route's metric |
| match | interface | routes matched against Source VRF egress interface of the domain |
| match | source-protocol | routes matched against Source Protocol |
| Attribute | Routing protocol |
|---|---|
| route-type | OSPF |
| tag | OSPF |
| origin | BGP |
| metric | OSPF |
Prerequisites for dynamic route leaking
When BGP route is leaked from a parent VRF to child VRF, a BGP instance must be present in the child VRF for route leaking to work. This prerequisite is applicable to OSPF and EVPN routes as well.
| Protocol | Dynamic routing protocol instance configuration in parent VRF | Dynamic routing protocol instance configuration in child VRF | Behavior of dynamic route leaking feature |
|---|---|---|---|
| BGP |
| Configure BGP instance in the child VRF.
! router bgp 100 ! vrf dell | When BGP instance is not configured in the child VRF, BGP routes in the default VRF are not leaked to the child VRF. However, when the child VRF is configured under router BGP, the leaked BGP routes are installed in the child routing table manager (RTM).
NOTE:
|
| OSPFv2 |
| Configure OSPF instance in the child VRF.
router ospf 11 vrf dell | In this scenario, when OSPF routes in the default VRF are leaked to the child VRF, they are not honored in the child VRF. When OSPF instance is configured in the child VRF, the leaked OSPF routes are installed in the child RTM.
NOTE:
|
| OSPFv3 |
| Configure OSPFv3 instance in the child VRF.
router ospfv3 11 vrf dell | In this scenario, when OSPFv3 routes in the default VRF are leaked to the child VRF, the leaked routes are not honored in the child VRF. When OSPFv3 instance is configured in the child VRF, the leaked OSPFv3 routes are installed in the child RTM.
NOTE:
|
| EVPN | Configure route leaking from default VRF to the child VRF.
! ip vrf default ip route-export 1:1 ! ip vrf red ip route-import 1:1 | Configure a EVPN instance in the child VRF.
evpn ! vrf dell | When a child VRF is configured under EVPN, the leaked EVPN routes are installed in the child RTM.
NOTE:
|
Route selection in the leaked VRF
- If a route is present in the local VRF and the same route is leaked from another VRF, OS10 prefers the route with the lowest administrative distance.
- If a route is present in the local VRF and the same route is leaked from another VRF with the same administrative distance, OS10 prefers the local route.
When OS10 compares routes that are received from different sources, the software prefers routes with the lowest administrative distance. If the administrative distance is the same, the software prefers the route with lowest metric value. If the metric is also the same, the software prefers the local route, if available.
- If a VRF receives the same route from multiple VRFs, OS10 prefers the route that it received first. When the active route fails, OS10 applies the route that it received after the first route to the routing table.
- If a VRF receives the same route from multiple VRFs with the same route target values, OS10 prefers the route that it received first.
- If a VRF receives ECMP paths from another VRF, the VRF that receives the routes treats the routes as ECMP paths.
Redistribution of leaked routes
After you configure the system to leak routes from one VRF instance to another VRF instance, you can redistribute the leaked routes to the same routing protocol. The following lists the commands that you use for redistribution of leaked routes:
- Redistribute leaked BGP routes to BGP—Use the redistribute imported-bgp-routes vrf vrf-name command.
- Redistribute leaked OSPF routes to OSPF—Use the redistribute imported-ospf-routes command.
- Redistribute leaked BGP EVPN routes to the BGP peer—Use the redistribute l2vpn evpn command.
Leak all IPv4 routes from one VRF to another VRF
Use the following procedure to export (leak) all IPv4 routes from all routing protocols from one VRF instance to another VRF instance:
- Enter the VRF from which you want to leak routes in CONFIGURATION mode.
ip vrf source-vrf-name
- Export all routes that belong to one VRF instance in VRF-CONFIGURATION mode.
ip route-export route-target
- Enter the VRF instance to which you want to leak routes in CONFIGURATION mode.
ip vrf destination-vrf-name
- Import routes from another VRF instance in VRF-CONFIGURATION mode using the same route target.
ip route-import route-target
- Export routes from the second VRF instance to the first VRF instance in VRF-CONFIGURATION mode using a different route target.
ip route-import route-target
- Import routes to the first VRF instance from the second VRF instance in VRF-CONFIGURATION mode using the same route target that you use to export from the second VRF instance.
ip route-import route-target
Example - Leak all IPv4 routes
OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2
Leak all IPv6 routes from one VRF to another VRF
Use the following procedure to export (leak) all IPv6 routes from all routing protocols from one VRF instance to another VRF instance:
- Enter the VRF from which you want to leak routes in CONFIGURATION mode.
ip vrf source-vrf-name
- Export all routes that belong to one VRF instance in VRF-CONFIGURATION mode.
ipv6 route-export route-target
- Enter the VRF instance to which you want to leak routes in CONFIGURATION mode.
ip vrf destination-vrf-name
- Import routes from another VRF instance in VRF-CONFIGURATION mode using the same route target.
ipv6 route-import route-target
- Export routes from the second VRF instance to the first VRF instance in VRF-CONFIGURATION mode using a different route target.
ipv6 route-import route-target
- Import routes to the first VRF instance from the second VRF instance in VRF-CONFIGURATION mode using the same route target that you use to export from the second VRF instance.
ip route-import route-target
Example - Leak all IPv6 routes
OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2
Leak specific IPv4 routes from one VRF to another VRF
Use the following procedure to export (leak) specific IPv4 routes from one VRF instance to another VRF instance:
NOTE: You can apply a route map either at the source VRF instance or the destination VRF instance.
- Create a route map.
route-map route-map-name
Use any of the supported match or set attributes as required. - Enter the VRF from which you want to leak routes in CONFIGURATION mode.
ip vrf source-vrf-name
- Export all routes that belong to one VRF instance in VRF-CONFIGURATION mode.
ip route-export route-target route-map route-map-name
Oripv6 route-export route-target route-map route-map-name
Use any of the supported match or set attributes as required. - Enter the VRF instance to which you want to leak routes in CONFIGURATION mode.
ip vrf destination-vrf-name
- Import routes from another VRF instance in VRF-CONFIGURATION mode using the same route target.
ip route-import route-target route-map route-map-name
Oripv6 route-import route-target route-map route-map-name
Use any of the supported match or set attributes as required. - Export routes from the second VRF instance to the first VRF instance in VRF-CONFIGURATION mode using a different route target.
ip route-import route-target route-map route-map-name
Oripv6 route-import route-target route-map route-map-name
Use any of the supported match or set attributes as required. - Import routes to the first VRF instance from the second VRF instance in VRF-CONFIGURATION mode using the same route target that you use to export from the second VRF instance.
ip route-import route-target route-map route-map-name
Oripv6 route-import route-target route-map route-map-name
Use any of the supported match or set attributes as required.
Example - Leak only IPv4 OSPF routes
In the following example, a route map exports only the external Type 2 OSPF routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_ospf OS10(config-route-map)# match source-protocol ospf OS10(config-route-map)# match route-type external type-2 OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_ospf OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_ospf
Example - Leak only IPv6 OSPF routes
In the following example, a route map exports only the OSPF routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_ospf OS10(config-route-map)# match source-protocol ospf OS10(config-route-map)# match route-type external type-2 OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_ospf OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_ospf
Example - Leak only IPv4 static routes
In the following example, a route map exports only the static routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_static OS10(config-route-map)# match source-protocol static OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_static OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_static
Example - Leak only IPv6 static routes
In the following example, a route map exports only the static routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_static OS10(config-route-map)# match source-protocol static OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_static OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_static
Example - Leak only IPv4 connected routes
In the following example, a route map exports only the connected routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_connected OS10(config-route-map)# match source-protocol connected OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_connected OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_connected
Example - Leak only IPv6 connected routes
In the following example, a route map exports only the connected routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_connected OS10(config-route-map)# match source-protocol connected OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_connected OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_connected
Example - Leak only IPv4 iBGP routes
In the following example, a route map exports only the iBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_iBGP OS10(config-route-map)# match source-protocol bgp ibgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_iBGP OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_iBGP
Example - Leak only IPv6 iBGP routes
In the following example, a route map exports only the iBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_iBGP OS10(config-route-map)# match source-protocol bgp ibgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_iBGP OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_iBGP
Example - Leak only IPv4 eBGP routes
In the following example, a route map exports only the eBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_eBGP OS10(config-route-map)# match source-protocol bgp ebgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_eBGP OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_eBGP
Example - Leak only IPv6 eBGP routes
In the following example, a route map exports only the eBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_eBGP OS10(config-route-map)# match source-protocol bgp ebgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_eBGP OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_eBGP
Example - Leak only IPv4 EVPN routes to the default VRF instance
In the following example, a route map exports only the EVPN routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_EVPN OS10(config-route-map)# match source-protocol bgp evpn OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_EVPN OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip route-import 1:1 OS10(config)# ip route-export 2:2 route-map export_EVPN
Example - Leak only IPv6 EVPN routes to the default VRF instance
In the following example, a route map exports only the EVPN routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_EVPN OS10(config-route-map)# match source-protocol bgp evpn OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_EVPN OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ipv6 route-import 1:1 OS10(config)# ipv6 route-export 2:2 route-map export_EVPN
Redistribute leaked routes from one VRF to another VRF
Use the following procedure to export (leak) and redistribute specific IPv4 routes from one VRF instance to another VRF instance:
- Create a route map.
route-map route-map-name
Use any of the supported match or set attributes as required. - Enter the VRF from which you want to leak routes in CONFIGURATION mode.
ip vrf source-vrf-name
- Export all routes that belong to one VRF instance in VRF-CONFIGURATION mode.
ip route-export route-target [route-map route-map-name]
Oripv6 route-export route-target [route-map route-map-name]
Use any of the supported match or set attributes as required. - Enter the VRF instance to which you want to leak routes in CONFIGURATION mode.
ip vrf destination-vrf-name]
- Import routes from another VRF instance in VRF-CONFIGURATION mode using the same route target.
ip route-import route-target [route-map route-map-name]
Oripv6 route-import route-target [route-map route-map-name]
Use any of the supported match or set attributes as required. - Export routes from the second VRF instance to the first VRF instance in VRF-CONFIGURATION mode using a different route target.
ip route-import route-target [route-map route-map-name]
Oripv6 route-import route-target [route-map route-map-name]
Use any of the supported match or set attributes as required. - Import routes to the first VRF instance from the second VRF instance in VRF-CONFIGURATION mode using the same route target that you use to export from the second VRF instance.
ip route-import route-target [route-map route-map-name]
Oripv6 route-import route-target [route-map route-map-name]
Use any of the supported match or set attributes as required. - Redistribute leaked routes:
- Redistribute leaked BGP routes in BGP-AF-CONFIGURATION mode.
redistribute imported-bgp-routes vrf source-vrf-name [route-map rmap-name]
- Redistribute leaked OSPF routes in ROUTER-OSPF-CONFIGURATION mode.
redistribute imported-ospf-routes [route-map rmap-name]
- Redistribute leaked EVPN routes in BGP-AF-CONFIGURATION mode.
redistribute l2vpn evpn [route-map rmap-name]
- Use the following command to redistribute leaked routes across routing protocols as available:
redistribute {connected | bgp | ospf | static | l2vpn evpn}
- Redistribute leaked BGP routes in BGP-AF-CONFIGURATION mode.
Example - Redistribute leaked IPv4 OSPF routes from one VRF instance to the OSPF process of another VRF instance
In the following example, a route map exports only the OSPF routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_ospf OS10(config-route-map)# match source-protocol ospf OS10(config-route-map)# match route-type external type-2 OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_ospf OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_ospf OS10(conf-vrf)# exit OS10(config)# router ospf 1 vrf vrf2 OS10(config-router-ospf-1)# redistribute imported-ospf-routes
Example - Redistribute leaked IPv6 OSPF routes from one VRF instance to the OSPF process of another VRF instance
In the following example, a route map exports only the OSPF routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_ospf OS10(config-route-map)# match source-protocol ospf OS10(config-route-map)# match route-type external type-2 OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_ospf OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_ospf OS10(conf-vrf)# exit OS10(config)# router ospfv3 1 vrf vrf2 OS10(config-router-ospfv3-1)# redistribute imported-ospf-routes
Example - Redistribute leaked IPv4 iBGP routes from one VRF instance to the BGP process of another VRF instance
In the following example, a route map exports only the iBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_iBGP OS10(config-route-map)# match source-protocol bgp ibgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_iBGP OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_iBGP OS10(config)# router bgp 65000 OS10(config-router-bgp-65000)# vrf vrf2 OS10(config-router-bgp-65000-vrf)# address-family ipv4 unicast OS10(configure-router-bgpv4-vrf-af)# redistribute imported-bgp-routes vrf vrf1
Example - Redistribute leaked IPv6 iBGP routes from one VRF instance to the BGP process of another VRF instance
In the following example, a route map exports only the iBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_iBGP OS10(config-route-map)# match source-protocol bgp ibgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_iBGP OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_iBGP OS10(config)# router bgp 65000 OS10(config-router-bgp-65000)# vrf vrf2 OS10(config-router-bgp-65000-vrf)# address-family ipv6 unicast OS10(configure-router-bgpv6-vrf-af)# redistribute imported-bgp-routes vrf vrf1
Example - Redistribute leaked IPv4 eBGP routes from one VRF instance to the BGP process of another VRF instance
In the following example, a route map exports only the eBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_eBGP OS10(config-route-map)# match source-protocol bgp ebgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_eBGP OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# ip route-export 2:2 route-map export_eBGP OS10(config)# router bgp 65000 OS10(config-router-bgp-65000)# vrf vrf2 OS10(config-router-bgp-65000-vrf)# address-family ipv4 unicast OS10(configure-router-bgpv4-vrf-af)# redistribute imported-bgp-routes vrf vrf1
Example - Redistribute leaked IPv6 eBGP routes from one VRF instance to the BGP process of another VRF instance
In the following example, a route map exports only the eBGP routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_eBGP OS10(config-route-map)# match source-protocol bgp ebgp OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_eBGP OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip vrf vrf2 OS10(conf-vrf)# ipv6 route-import 1:1 OS10(conf-vrf)# ipv6 route-export 2:2 route-map export_eBGP OS10(config)# router bgp 65000 OS10(config-router-bgp-65000)# vrf vrf2 OS10(config-router-bgp-65000-vrf)# address-family ipv6 unicast OS10(configure-router-bgpv6-vrf-af)# redistribute imported-bgp-routes vrf vrf1
Example - Redistribute leaked IPv4 EVPN routes from one VRF instance to the BGP process of the default VRF instance
In the following example, a route map exports only the EVPN routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_EVPN OS10(config-route-map)# match source-protocol bgp evpn OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ip route-export 1:1 route-map export_EVPN OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ip route-import 1:1 OS10(config)# ip route-export 2:2 route-map export_EVPN OS10(config)# router bgp 100 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute l2vpn evpn
Example - Redistribute leaked IPv6 EVPN routes from one VRF instance to the BGP process of the default VRF instance
In the following example, a route map exports only the EVPN routes from vrf1 and is received by vrf2.
OS10(config)# route-map export_EVPN OS10(config-route-map)# match source-protocol bgp evpn OS10(config)# ip vrf vrf1 OS10(conf-vrf)# ipv6 route-export 1:1 route-map export_EVPN OS10(conf-vrf)# ipv6 route-import 2:2 OS10(conf-vrf)# exit OS10(config)# ipv6 route-import 1:1 OS10(config)# ipv6 route-export 2:2 route-map export_EVPN OS10(config)# router bgp 100 OS10(config-router-bgp-100)# address-family ipv6 unicast OS10(configure-router-bgpv6-af)# redistribute l2vpn evpn
Example - Route leaking across VRFs in a VXLAN BGP EVPN symmetric IRB topology
The following VXLAN with BGP EVPN example uses a Clos leaf-spine topology to show how to set up route leaking across VRF in a symmetric IRB topology.
The following explains how the network is configured:
- All VTEPs perform symmetric IRB routing. In this example, all spine nodes are in one autonomous system and each VTEP in the leaf network belongs to a different autonomous system. Spine switch 1 is in AS 101. Spine switch 2 is in AS 101. For leaf nodes, VLT domain 1 is in AS 201; VLT domain 2 is in AS 202. VLT domain 2 is a border leaf VTEP.
- The individual switch configuration shows how to configure VRFs in the VTEPs and configure route leaking between VRFs. For other VXLAN and BGP EVPN configuration, see other examples and the VXLAN section.
- Route leaking is performed on the Border Leaf VTEP.
- There are three nondefault VRFs present in the network – Yellow, Green, and Red.
- Route leaking is done between:
- VRF-Yellow and VRF-Green.
- VRF-Yellow and VRF-Red.
- VRF-Yellow and VRF-default (underlay with external router)
NOTE: Route leaking is not performed between VRF-Green and VRF-Red. - On VTEPs 1 and 2, two VRFs are present – VRF-Yellow and VRF-Green. VN10001 is part of VRF-Yellow and VN20001 is part of VRF-Green.
- On VTEPs 3 and 4, three VRFs are present – VRF-Yellow, VRF-Green and VRF-Red. VN10001 is part of VRF-Yellow and VN30001 is part of VRF-Red. VRF-Green does not have local VNs.
- On all VTEPs, symmetric IRB is configured in EVPN mode using a unique, dedicated VXLAN VNI, and Auto RD/RT values for each tenant VRF.
- On all VTEPs, the disable-rt-asn command is used to autoderive the RT that does not include the ASN in the RT value. This allows auto RT to be used even if there are separate ASNs for each leaf node.
- A VLAN to an external network is configured on VTEPs 3 and 4 in the VLT domain that serves as the border-leaf gateway.
Leaf 1 configuration
- Configure VRFs Yellow and Green.
OS10(config)# ip vrf Yellow OS10(conf-vrf)# exit OS10(config)# ip vrf Green OS10(conf-vrf)# exit
- Configure Layer 3 virtual-network interfaces with VRFs and IP addresses.
OS10(config)# interface virtual-network 10001 OS10(conf-if-vn-10001)# ip vrf forwarding Yellow OS10(conf-if-vn-10001)# ip address 10.1.0.1/24 OS10(conf-if-vn-10001)# ip virtual-router address 10.1.0.254 OS10(conf-if-vn-10001)# OS10(config)# interface virtual-network 20001 OS10(conf-if-vn-20001)# ip vrf forwarding Green OS10(conf-if-vn-20001)# ip address 10.2.0.1/24 OS10(conf-if-vn-20001)# ip virtual-router address 10.2.0.254
NOTE: For creating the virtual-networks with access ports, check the relevant sections. - Configure EVPN with IP-VRFs.
OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# disable-rt-asn OS10(config-evpn)# router-mac de:11:de:11:00:01 OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# vni 65001 OS10(config-evpn-vrf-Yellow)# route-target auto OS10(config-evpn-vrf-Yellow)# advertise ipv4 connected OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# vni 65002 OS10(config-evpn-vrf-Green)# route-target auto OS10(config-evpn-vrf-Green)# advertise ipv4 connected OS10(config-evpn-vrf-Green)# exit
Leaf 2 configuration
- Configure VRFs Yellow and Green.
OS10(config)# ip vrf Yellow OS10(conf-vrf)# exit OS10(config)# ip vrf Green OS10(conf-vrf)# exit
- Configure Layer 3 virtual-network interfaces with VRFs and IP addresses.
OS10(config)# interface virtual-network 10001 OS10(conf-if-vn-10001)# ip vrf forwarding Yellow OS10(conf-if-vn-10001)# ip address 10.1.0.2/24 OS10(conf-if-vn-10001)# ip virtual-router address 10.1.0.254 OS10(conf-if-vn-10001)# OS10(config)# interface virtual-network 20001 OS10(conf-if-vn-20001)# ip vrf forwarding Green OS10(conf-if-vn-20001)# ip address 10.2.0.2/24 OS10(conf-if-vn-20001)# ip virtual-router address 10.2.0.254
- Configure EVPN with IP-VRFs.
OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# disable-rt-asn OS10(config-evpn)# router-mac de:11:de:11:00:02 OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# vni 65001 OS10(config-evpn-vrf-Yellow)# route-target auto OS10(config-evpn-vrf-Yellow)# advertise ipv4 connected OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# vni 65002 OS10(config-evpn-vrf-Green)# route-target auto OS10(config-evpn-vrf-Green)# advertise ipv4 connected OS10(config-evpn-vrf-Green)# exit
Leaf3 configuration:
- Configure VRFs Yellow, Green, and Red.
OS10(config)# ip vrf Yellow OS10(conf-vrf)# exit OS10(config)# ip vrf Green OS10(conf-vrf)# exit OS10(config)# ip vrf Red OS10(conf-vrf)# exit
- Configure Layer 3 virtual-network interfaces with VRFs and IP addresses.
OS10(config)# interface virtual-network 10001 OS10(conf-if-vn-10001)# ip vrf forwarding Yellow OS10(conf-if-vn-10001)# ip address 10.1.0.3/24 OS10(conf-if-vn-10001)# ip virtual-router address 10.1.0.254 OS10(conf-if-vn-10001)# OS10(config)# interface virtual-network 30001 OS10(conf-if-vn-30001)# ip vrf forwarding Red OS10(conf-if-vn-30001)# ip address 10.3.0.1/24 OS10(conf-if-vn-30001)# ip virtual-router address 10.3.0.254
- Configure EVPN with IP-VRFs.
OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# disable-rt-asn OS10(config-evpn)# router-mac de:11:de:11:00:02 OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# vni 65001 OS10(config-evpn-vrf-Yellow)# route-target auto OS10(config-evpn-vrf-Yellow)# advertise ipv4 connected OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# vni 65002 OS10(config-evpn-vrf-Green)# route-target auto OS10(config-evpn-vrf-Green)# advertise ipv4 connected OS10(config-evpn-vrf-Green)# exit OS10(config-evpn)# vrf Red OS10(config-evpn-vrf-Red)# vni 65003 OS10(config-evpn-vrf-Red)# route-target auto OS10(config-evpn-vrf-Red)# advertise ipv4 connected OS10(config-evpn-vrf-Red)# exit
- Configure the border-leaf to advertise the default route into the EVPN in each VRF. From the other VTEPs, any traffic to an external network and also to networks which are not within the local VRF reaches the Border Leaf router using this default route.
- If the border-leaf is already getting a default route from an external router for each VRF: Advertise the BGP route using the
advertise ipv4 bgp command for each VRF in the EVPN.
OS10(config)# evpn OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# advertise ipv4 bgp OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# advertise ipv4 bgp OS10(config-evpn-vrf-Green)# exit
- If the border-leaf does not get a default route from an external router: Configure a static null default route in each VRF and advertise it using
advertise ipv4 static command for each VRF in the EVPN.
OS10(config)# ip route vrf Yellow 0.0.0.0/0 interface null 0 OS10(config)# ip route vrf Green 0.0.0.0/0 interface null 0 OS10(config)# evpn OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# advertise ipv4 static OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# advertise ipv4 static OS10(config-evpn-vrf-Green)# exit
- If the border-leaf is already getting a default route from an external router for each VRF: Advertise the BGP route using the
advertise ipv4 bgp command for each VRF in the EVPN.
- (Optional) Configure route-maps with a prefix-list to leak selective routes from each VRF.
OS10(config)# ip prefix-list PrefixList_DefaultVrf_Export permit 10.10.0.0/24 OS10(config)# ip prefix-list PrefixList_YellowVrf_Export permit 10.1.0.0/24 le 32 OS10(config)# ip prefix-list PrefixList_GreenVrf_Export permit 10.2.0.0/24 OS10(config)# ip prefix-list PrefixList_RedVrf_Export permit 10.3.0.0/24 OS10(config)# route-map RouteMap_DefaultVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_DefaultVrf_Export OS10(config-route-map)# exit OS10(config)# route-map RouteMap_YellowVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_YellowVrf_Export OS10(config-route-map)# exit OS10(config)# route-map RouteMap_GreenVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_GreenVrf_Export OS10(config-route-map)# exit OS10(config)# route-map RouteMap_RedVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_RedVrf_Export OS10(config-route-map)# exit
NOTE: While leaking EVPN routes, only the subnet routes must be leaked. Host routes (/32) need not be leaked and could be blocked using route-maps. But, if you have certain VNs stretched on the border-leaf as well (like in Yellow VRF), you must leak the host routes as well. - Configure route leaking between:
- Yellow VRF and default VRF.
- Yellow VRF and Green VRF.
- Yellow VRF and Red VRF.
OS10(config)# ip vrf default OS10(conf-vrf)# ip route-export 0:0 route-map RouteMap_DefaultVrf_Export OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# exit OS10(config)# ip vrf Yellow OS10(conf-vrf)# ip route-export 1:1 route-map RouteMap_YellowVrf_Export OS10(conf-vrf)# ip route-import 0:0 OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# ip route-import 3:3 OS10(conf-vrf)# exit OS10(config)# ip vrf Green OS10(conf-vrf)# ip route-export 2:2 route-map RouteMap_GreenVrf_Export OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# exit OS10(config)# ip vrf Red OS10(conf-vrf)# ip route-export 3:3 route-map RouteMap_RedVrf_Export OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# exit
- (Optional) For advertising leaked routes from
Yellow VRF only to an external router on the
default VRF and not to an underlay network, use route-maps on spine-facing eBGP neighbors and also on the iBGP neighbor between the VLT peers.
OS10(config)# ip prefix-list PrefixList_Deny_YellowVrfRoutes deny 10.1.0.0/24 le OS10(config)# ip prefix-list PrefixList_Deny_YellowVrfRoutes permit 0.0.0.0/0 le 32 OS10(config)# OS10(config)# route-map RouteMap_Deny_YellowVrfRoutes OS10(config-route-map)# match ip address prefix-list PrefixList_Deny_YellowVrfRoutes OS10(config-route-map)# OS10(config-route-map)# router bgp 202 OS10(config-router-bgp-202)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute l2vpn evpn OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit OS10(config-router-bgp-202)# neighbor 192.168.2.0 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# route-map RouteMap_Deny_YellowVrfRoutes out OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-202)# neighbor 192.168.2.2 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# route-map RouteMap_Deny_YellowVrfRoutes out OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-202)# neighbor 192.168.2.241 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# route-map RouteMap_Deny_YellowVrfRoutes out OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-202)# neighbor 10.10.0.3 OS10(config-router-neighbor)# remote-as 301 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit
Leaf 4 configuration
- Configure VRFs Yellow, Green, and Red.
OS10(config)# ip vrf Yellow OS10(conf-vrf)# exit OS10(config)# ip vrf Green OS10(conf-vrf)# exit OS10(config)# ip vrf Red OS10(conf-vrf)# exit
- Configure Layer 3 virtual-network interfaces with VRFs and IP addresses.
OS10(config)# interface virtual-network 10001 OS10(conf-if-vn-10001)# ip vrf forwarding Yellow OS10(conf-if-vn-10001)# ip address 10.1.0.4/24 OS10(conf-if-vn-10001)# ip virtual-router address 10.1.0.254 OS10(conf-if-vn-10001)# OS10(config)# interface virtual-network 30001 OS10(conf-if-vn-30001)# ip vrf forwarding Red OS10(conf-if-vn-30001)# ip address 10.3.0.2/24 OS10(conf-if-vn-30001)# ip virtual-router address 10.3.0.254
- Configure EVPN with IP-VRFs.
OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# disable-rt-asn OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# vni 65001 OS10(config-evpn-vrf-Yellow)# route-target auto OS10(config-evpn-vrf-Yellow)# advertise ipv4 connected OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# vni 65002 OS10(config-evpn-vrf-Green)# route-target auto OS10(config-evpn-vrf-Green)# advertise ipv4 connected OS10(config-evpn-vrf-Green)# exit OS10(config-evpn)# vrf Red OS10(config-evpn-vrf-Red)# vni 65003 OS10(config-evpn-vrf-Red)# route-target auto OS10(config-evpn-vrf-Red)# advertise ipv4 connected OS10(config-evpn-vrf-Red)# exit
- Configure a border-leaf to advertise the default route into the EVPN in each VRF. From the other VTEPs, any traffic to external network and also to networks which are not within the local VRF reaches the Border-Leaf router using this default route.
- If the border-leaf is already getting a default route from an external router for each VRF: Advertise the BGP route using the
advertise ipv4 bgp command for each VRF in the EVPN.
OS10(config)# evpn OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# advertise ipv4 bgp OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# advertise ipv4 bgp OS10(config-evpn-vrf-Green)# exit
- If the border-leaf does not get a default route from an external router: Configure a static null default route in each VRF and advertise it using the
advertise ipv4 static command for each VRF in the EVPN.
OS10(config)# ip route vrf Yellow 0.0.0.0/0 interface null 0 OS10(config)# ip route vrf Green 0.0.0.0/0 interface null 0 OS10(config)# evpn OS10(config-evpn)# vrf Yellow OS10(config-evpn-vrf-Yellow)# advertise ipv4 static OS10(config-evpn-vrf-Yellow)# exit OS10(config-evpn)# vrf Green OS10(config-evpn-vrf-Green)# advertise ipv4 static OS10(config-evpn-vrf-Green)# exit
- If the border-leaf is already getting a default route from an external router for each VRF: Advertise the BGP route using the
advertise ipv4 bgp command for each VRF in the EVPN.
- (Optional) Configure route-maps with a prefix-list to leak selective routes from each VRF.
OS10(config)# ip prefix-list PrefixList_DefaultVrf_Export permit 10.10.0.0/24 OS10(config)# ip prefix-list PrefixList_YellowVrf_Export permit 10.1.0.0/24 le 32 OS10(config)# ip prefix-list PrefixList_GreenVrf_Export permit 10.2.0.0/24 OS10(config)# ip prefix-list PrefixList_RedVrf_Export permit 10.3.0.0/24 OS10(config)# OS10(config)# route-map RouteMap_DefaultVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_DefaultVrf_Export OS10(config-route-map)# exit OS10(config)# route-map RouteMap_YellowVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_YellowVrf_Export OS10(config-route-map)# exit OS10(config)# route-map RouteMap_GreenVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_GreenVrf_Export OS10(config-route-map)# exit OS10(config)# route-map RouteMap_RedVrf_Export OS10(config-route-map)# match ip address prefix-list PrefixList_RedVrf_Export OS10(config-route-map)# exit
NOTE: While leaking EVPN routes, only the subnet routes must be leaked. Host routes (/32) need not be leaked and could be blocked using route-maps. But, if you have certain VNs stretched on border leaf as well (like in Yellow VRF), you must leak the host routes as well. - Configure route leaking between:
- Yellow VRF and default VRF.
- Yellow VRF and Green VRF.
- Yellow VRF and Red VRF.
OS10(config)# ip vrf default OS10(conf-vrf)# ip route-export 0:0 route-map RouteMap_DefaultVrf_Export OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# exit OS10(config)# ip vrf Yellow OS10(conf-vrf)# ip route-export 1:1 route-map RouteMap_YellowVrf_Export OS10(conf-vrf)# ip route-import 0:0 OS10(conf-vrf)# ip route-import 2:2 OS10(conf-vrf)# ip route-import 3:3 OS10(conf-vrf)# exit OS10(config)# ip vrf Green OS10(conf-vrf)# ip route-export 2:2 route-map RouteMap_GreenVrf_Export OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# exit OS10(config)# ip vrf Red OS10(conf-vrf)# ip route-export 3:3 route-map RouteMap_RedVrf_Export OS10(conf-vrf)# ip route-import 1:1 OS10(conf-vrf)# exit
- (Optional) For advertising leaked routes from the
Yellow VRF only to an external router in the default VRF and not to an underlay network, use route-maps on spine facing eBGP neighbors and also on the iBGP neighbor between the VLT peers.
OS10(config)# ip prefix-list PrefixList_Deny_YellowVrfRoutes deny 10.1.0.0/24 le 32 OS10(config)# ip prefix-list PrefixList_Deny_YellowVrfRoutes permit 0.0.0.0/0 le 32 OS10(config)# OS10(config)# route-map RouteMap_Deny_YellowVrfRoutes OS10(config-route-map)# match ip address prefix-list PrefixList_Deny_YellowVrfRoutes OS10(config-route-map)# OS10(config-route-map)# router bgp 202 OS10(config-router-bgp-202)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute l2vpn evpn OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit OS10(config-router-bgp-202)# neighbor 192.168.2.4 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# route-map RouteMap_Deny_YellowVrfRoutes out OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-202)# neighbor 192.168.2.5 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# route-map RouteMap_Deny_YellowVrfRoutes out OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-202)# neighbor 192.168.2.240 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# route-map RouteMap_Deny_YellowVrfRoutes out OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-202)# neighbor 10.10.0.3 OS10(config-router-neighbor)# remote-as 301 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit
Verify leaked routes using show outputs on the the Border-Leaf switch:
OS10# show ip route vrf Yellow
Codes: C - connected
S - static
B - BGP, IN - internal BGP, EX - external BGP, EV - EVPN BGP
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,
E2 - OSPF external type 2, * - candidate default,
+ - summary route, > - non-active route
Gateway of last resort is Direct to network 0.0.0.0
Destination Gateway Dist/Metric Last Change
----------------------------------------------------------------------------------------------------------
*S 0.0.0.0/0 Direct null0 0/0 00:38:51
C 10.1.0.0/24 via 10.1.0.3 virtual-network10001 0/0 00:47:11
B EV 10.1.0.1/32 via 192.168.0.1 200/0 00:48:55
B EV 10.1.0.2/32 via 192.168.0.1 200/0 00:48:55
B EV 10.2.0.0/24 via 192.168.0.1,Green 200/0 00:35:48
C 10.3.0.0/24 via 10.3.0.1,Red virtual-network30001 0/0 00:35:48
C 10.10.0.0/24 via 10.10.0.1,default vlan100 0/0 00:25:42
OS10# show ip route vrf Green
Codes: C - connected
S - static
B - BGP, IN - internal BGP, EX - external BGP, EV - EVPN BGP
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,
E2 - OSPF external type 2, * - candidate default,
+ - summary route, > - non-active route
Gateway of last resort is Direct to network 0.0.0.0
Destination Gateway Dist/Metric Last Change
----------------------------------------------------------------------------------------------------------
*S 0.0.0.0/0 Direct null0 0/0 00:39:24
C 10.1.0.0/24 via 10.1.0.3,Yellow virtual-network10001 0/0 00:36:22
B EV 10.1.0.1/32 via 192.168.0.1,Yellow 200/0 00:36:22
B EV 10.1.0.2/32 via 192.168.0.1,Yellow 200/0 00:36:22
B EV 10.2.0.0/24 via 192.168.0.1 200/0 00:41:47
B EV 10.2.0.1/32 via 192.168.0.1 200/0 00:41:47
B EV 10.2.0.2/32 via 192.168.0.1 200/0 00:41:47
B EV 10.2.0.254/32 via 192.168.0.1 200/0 00:41:47
OS10# show ip route vrf Red
Codes: C - connected
S - static
B - BGP, IN - internal BGP, EX - external BGP, EV - EVPN BGP
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,
E2 - OSPF external type 2, * - candidate default,
+ - summary route, > - non-active route
Gateway of last resort is not set
Destination Gateway Dist/Metric Last Change
----------------------------------------------------------------------------------------------------------
C 10.1.0.0/24 via 10.1.0.3,Yellow virtual-network10001 0/0 00:36:26
B EV 10.1.0.1/32 via 192.168.0.1,Yellow 200/0 00:36:26
B EV 10.1.0.2/32 via 192.168.0.1,Yellow 200/0 00:36:26
C 10.3.0.0/24 via 10.3.0.1 virtual-network30001 0/0 00:45:44Verify routes on the external router
OS10# show ip route
Codes: C - connected
S - static
B - BGP, IN - internal BGP, EX - external BGP, EV - EVPN BGP
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1,
E2 - OSPF external type 2, * - candidate default,
+ - summary route, > - non-active route
Gateway of last resort is not set
Destination Gateway Dist/Metric Last Change
----------------------------------------------------------------------------------------------------------
B EX 10.1.0.0/24 via 10.10.0.1 20/0 00:13:49
via 10.10.0.2
B EX 10.1.0.1/32 via 10.10.0.1 20/0 00:14:22
via 10.10.0.2
B EX 10.1.0.2/32 via 10.10.0.1 20/0 00:14:24
via 10.10.0.2
C 10.10.0.0/24 via 10.10.0.3 vlan100 0/0 00:23:16
B EX 172.16.1.1/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 172.16.1.2/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 172.16.1.3/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 172.16.1.4/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 172.16.1.201/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 172.16.1.202/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 192.168.0.1/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 192.168.0.2/32 via 10.10.0.1 20/0 00:22:58
via 10.10.0.2
B EX 192.168.2.0/31 via 10.10.0.1 20/0 00:14:11
via 10.10.0.2
B EX 192.168.2.2/31 via 10.10.0.1 20/0 00:14:11
via 10.10.0.2
B EX 192.168.2.4/31 via 10.10.0.1 20/0 00:13:49
via 10.10.0.2
B EX 192.168.2.6/31 via 10.10.0.1 20/0 00:13:49
via 10.10.0.2
B EX 192.168.2.240/31 via 10.10.0.1 20/0 00:14:11
via 10.10.0.2 Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\