- Table of Contents
-
- 05-Layer 3—IP Services Command Reference
- 00-Preface
- 01-ARP commands
- 02-IP addressing commands
- 03-DHCP commands
- 04-DNS commands
- 05-mDNS gateway commands
- 06-mDNS relay commands
- 07-NAT commands
- 08-IP forwarding basics commands
- 09-Fast forwarding commands
- 10-Adjacency table commands
- 11-IRDP commands
- 12-IP performance optimization commands
- 13-UDP helper commands
- 14-IPv6 basics commands
- 15-DHCPv6 commands
- 16-IPv6 fast forwarding commands
- 17-Tunneling commands
- 18-GRE commands
- 19-HTTP redirect commands
- Related Documents
-
Title | Size | Download |
---|---|---|
14-IPv6 basics commands | 856.95 KB |
Contents
display ipv6 nd proxy statistics
display ipv6 nd route-direct advertise
display ipv6 nd snooping count vlan
display ipv6 nd snooping count vsi
display ipv6 nd user-ip-conflict record
display ipv6 nd user-move record
display ipv6 neighbors entry-limit
display ipv6 neighbors statistics
display ipv6 neighbors vpn-instance
ipv6 address duplicate-detect enable
ipv6 address duplicate-detect interval
ipv6 icmpv6 multicast-echo-reply enable
ipv6 nd autoconfig managed-address-flag
ipv6 nd entry-limit record enable
ipv6 nd local-proxy dad forward enable
ipv6 nd online-offline-log enable
ipv6 nd ra dns search-list suppress
ipv6 nd ra dns server suppress
ipv6 nd ra hop-limit unspecified
ipv6 nd route-direct advertise
ipv6 nd route-direct advertise delay
ipv6 nd route-direct advertise mad-down-single-homed
ipv6 nd route-direct prefix convert-length
ipv6 nd snooping dad retrans-timer
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
ipv6 nd snooping max-learning-num
ipv6 nd topology-change enable
ipv6 nd unsolicited-na-learning enable
ipv6 nd user-ip-conflict record enable
ipv6 nd user-move record enable
ipv6 neighbor aging probe-count
ipv6 neighbor aging probe-interval
ipv6 neighbor link-local minimize
ipv6 neighbor timer stale-aging
ipv6 neighbors max-learning-num
ipv6 neighbors max-learning-number
snmp-agent trap enable ipv6 address
IPv6 basics commands
display ipv6 fib
Use display ipv6 fib to display IPv6 FIB entries.
Syntax
display ipv6 fib [ vpn-instance vpn-instance-name ] [ ipv6-address [ prefix-length ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays IPv6 FIB entries for the public network.
ipv6-address: Displays IPv6 FIB entries for a destination IPv6 address. If you do not specify an IPv6 address, this command displays all IPv6 FIB entries.
prefix-length: Specifies a prefix length for the IPv6 address, in the range of 0 to 128. If you do not specify the prefix length, this command displays the IPv6 FIB entry longest matching the IPv6 address.
Examples
# Display all IPv6 FIB entries for the public network.
<Sysname> display ipv6 fib
Destination count: 1 FIB entry count: 1
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination: ::1 Prefix length: 128
Nexthop : ::1 Flags: UH
Time stamp : 0x1 Label: Null
Interface : InLoop0 Token: Invalid
Table 1 Command output
Field |
Description |
Destination count |
Total number of destination addresses. |
FIB entry count |
Total number of IPv6 FIB entries. |
Destination |
Destination address. |
Prefix length |
Prefix length of the destination address. |
Nexthop |
Next hop address. |
Flags |
Route flag: · U—Usable route. · G—Gateway route. · H—Host route. · B—Black hole route. · D—Dynamic route. · S—Static route. · R—Recursive route. · F—Fast re-route. |
Time stamp |
Time when the IPv6 FIB entry was generated. |
Label |
Inner MPLS label. For IPv6 FIB entries for the public network, this field displays Null. |
Interface |
Outgoing interface. |
Token |
Label switched path index number. |
display ipv6 icmp statistics
Use display ipv6 icmp statistics to display ICMPv6 packet statistics.
Syntax
display ipv6 icmp statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ICMPv6 packet statistics for all member devices.
Examples
# Display ICMPv6 packet statistics.
<Sysname> display ipv6 icmp statistics
Input: bad code 0 too short 0
checksum error 0 bad length 0
path MTU changed 0 destination unreachable 0
too big 0 parameter problem 0
echo request 0 echo reply 0
neighbor solicit 0 neighbor advertisement 0
router solicit 0 router advertisement 0
redirect 0 router renumbering 0
output: parameter problem 0 echo request 0
echo reply 0 unreachable no route 0
unreachable admin 0 unreachable beyond scope 0
unreachable address 0 unreachable no port 0
too big 0 time exceed transit 0
time exceed reassembly 0 redirect 0
ratelimited 0 other errors 0
Table 2 Command output
Field |
Description |
bad code |
Number of received packets with error codes. |
too short |
Number of received packets with the length too short. |
checksum error |
Number of received packets with checksum errors. |
bad length |
Number of received packets with incorrect packet size. |
path MTU changed |
Number of received packets with path MTU changed. |
destination unreachable |
Number of destination unreachable packets that have been received. |
too big |
Number of received or sent oversized packets. |
parameter problem |
Number of received or sent packets with incorrect parameters. |
echo request |
Number of received or sent echo request packets. |
echo reply |
Number of received or sent echo reply packets. |
neighbor solicit |
Number of received NS packets. |
neighbor advertisement |
Number of received NA packets. |
router solicit |
Number of received RS packets. |
router advertisement |
Number of received RA packets. |
redirect |
Number of received or sent redirect packets. |
router renumbering |
Number of received packets with router renumbering. |
unreachable no route |
Number of sent packets to report the error that no route is available to the destination. |
unreachable admin |
Number of sent packets to report the error that the communication with the destination is administratively prohibited. |
unreachable beyondscope |
Number of sent packets to report the error that the source addresses is beyond the scope. |
unreachable address |
Number of address unreachable packets that have been sent. |
unreachable no port |
Number of port unreachable packets that have been sent. |
time exceed transit |
Number of sent packets to report the time exceeded in transmit error. |
time exceed reassembly |
Number of sent packets to report the fragment reassembly time exceeded error. |
ratelimited |
Number of packets that were not sent out because of the rate limit. |
other errors |
Number of sent packets with other errors. |
display ipv6 interface
Use display ipv6 interface to display IPv6 interface information.
Syntax
display ipv6 interface [ interface-type [ interface-number ] ] [ brief [ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type: Specifies an interface by its type.
interface-number: Specifies an interface by its number.
brief: Displays brief IPv6 interface information, including physical status, link-layer protocols, and IPv6 address. If you do not specify the keyword, this command displays detailed IPv6 interface information, including IPv6 configuration and operating information, and IPv6 packet statistics.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays a maximum of 11 characters for each interface description. If the description is longer than 11 characters, the first 8 characters are displayed with an ellipsis (...) followed.
Usage guidelines
If you do not specify an interface, this command displays IPv6 information about all interfaces.
If you specify only the interface-type argument, this command displays IPv6 information about the interfaces of the specified type.
If you specify both the interface-type and the interface-number arguments, this command displays IPv6 information about the specified interface.
If one of the following conditions exists, information in the related attribute column will be moved backwards without wrapping. As a result, information in the following attribute columns display information cannot be aligned with the column headers.
· An interface name exceeds 17 characters.
· The name of the VPN instance to which an interface belongs exceeds 12 characters.
· The IPv6 address of an interface exceeds 19 characters.
If the description keyword is specified and the complete interface description exceeds 11 characters, the excess characters will be displayed on the next line in alignment with the previous line.
Examples
# Display IPv6 information about VLAN-interface 2.
<Sysname> display ipv6 interface vlan-interface 2
Vlan-interface2 current state: UP
Line protocol current state: UP
IPv6 is enabled, link-local address is FE80::1234:56FF:FE65:4322/64 [TENTATIVE]
Global unicast address(es):
10::1234:56FF:FE65:4322, subnet is 10::/64 [TENTATIVE] [AUTOCFG]
[valid lifetime 4641s/preferred lifetime 4637s]
20::1234:56ff:fe65:4322, subnet is 20::/64 [TENTATIVE] [EUI-64]
30::1, subnet is 30::/64 [TENTATIVE] [ANYCAST]
40::2, subnet is 40::/64 [TENTATIVE] [DHCP]
50::3, subnet is 50::/64 [TENTATIVE]
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF65:4322
MTU is 1500 bytes
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 1200000 milliseconds
ND retransmit interval is 1000 milliseconds
Hosts use stateless autoconfig for addresses
IPv6 Packet statistics:
InReceives: 0
InTooShorts: 0
InTruncatedPkts: 0
InHopLimitExceeds: 0
InBadHeaders: 0
InBadOptions: 0
ReasmReqds: 0
ReasmOKs: 0
InFragDrops: 0
InFragTimeouts: 0
OutFragFails: 0
InUnknownProtos: 0
InDelivers: 0
OutRequests: 0
OutForwDatagrams: 0
InNoRoutes: 0
InTooBigErrors: 0
OutFragOKs: 0
OutFragCreates: 0
InMcastPkts: 0
InMcastNotMembers: 0
OutMcastPkts: 0
InAddrErrors: 0
InDiscards: 0
OutDiscards: 0
Table 3 Command output
Field |
Description |
Vlan-interface2 current state |
Physical state of the interface: · Administratively DOWN—The interface has been administratively shut down by using the shutdown command. · DOWN—The interface is administratively up but its physical state is down, possibly because of a connection or link failure. · UP—The administrative and physical states of the interface are both up. |
Line protocol current state |
Link layer state of the interface: · DOWN—The link layer protocol state of the interface is down. · UP—The link layer protocol state of the interface is up. |
IPv6 is enabled |
IPv6 is enabled on the interface. This feature is automatically enabled after an IPv6 address is configured for an interface. |
link-local address |
Link-local address of the interface. |
Global unicast address(es) |
Global unicast addresses of the interface. IPv6 address states: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. · DUPLICATE—The address is not unique on the link. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but in the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined for the address are processed correctly. If a global unicast address is not manually configured, the following notations indicate how the address is obtained: · AUTOCFG—Stateless autoconfigured. · DHCP—Assigned by a DHCPv6 server. · EUI-64—Manually configured EUI-64 IPv6 address. · RANDOM—Random address automatically generated. If the address is a manually configured anycast address, it is noted with ANYCAST. |
valid lifetime |
Specifies how long autoconfigured global unicast addresses using a prefix are valid. |
preferred lifetime |
Specifies how long autoconfigured global unicast addresses using a prefix are preferred. |
Joined group address(es) |
Addresses of the multicast groups that the interface has joined. |
MTU |
MTU of the interface. |
ND DAD is enabled, number of DAD attempts |
DAD is enabled. · If DAD is enabled, this field displays the number of attempts to send an NS message for DAD (set by using the ipv6 nd dad attempts command). · If DAD is disabled, this field displays ND DAD is disabled. To disable DAD, set the number of attempts to 0. |
ND reachable time |
Time during which a neighboring device is reachable. |
ND retransmit interval |
Interval for retransmitting an NS message. |
Hosts use stateless autoconfig for addresses |
Hosts obtained IPv6 addresses through stateless autoconfiguration. |
InReceives |
Received IPv6 packets, including error messages. |
InTooShorts |
Received IPv6 packets that are too short. For example, the received IPv6 packet is less than 40 bytes. |
InTruncatedPkts |
Received IPv6 packets with a length less than the payload length field specified in the packet header. |
InHopLimitExceeds |
Received IPv6 packets with a hop count exceeding the hop limit field specified in the packet header. |
InBadHeaders |
Received IPv6 packets with incorrect basic headers. |
InBadOptions |
Received IPv6 packets with incorrect extension headers. |
ReasmReqds |
Received IPv6 fragments. |
ReasmOKs |
Number of reassembled IPv6 packets. |
InFragDrops |
Received IPv6 fragments that are discarded because of certain errors. |
InFragTimeouts |
Received IPv6 fragments that are discarded because the amount of time they stay in the system buffer exceeds the specified interval. |
OutFragFails |
IPv6 packets that fail to be fragmented on the output interface. |
InUnknownProtos |
Received IPv6 packets with unknown or unsupported protocol type. |
InDelivers |
Received IPv6 packets that are delivered to user protocols (such as ICMPv6, TCP, and UDP). |
OutRequests |
Local IPv6 packets sent by IPv6 user protocols. |
OutForwDatagrams |
IPv6 packets forwarded by the interface. |
InNoRoutes |
Received IPv6 packets that are discarded because no matching route can be found. |
InTooBigErrors |
Received IPv6 packets that fail to be forwarded because they exceeded the Path MTU. |
OutFragOKs |
Fragmented IPv6 packets on the output interface. |
OutFragCreates |
Number of IPv6 fragments on the output interface. |
InMcastPkts |
Received IPv6 multicast packets. |
InMcastNotMembers |
Received IPv6 multicast packets that are discarded because the interface is not in the multicast group. |
OutMcastPkts |
IPv6 multicast packets sent by the interface. |
InAddrErrors |
Received IPv6 packets that are discarded due to invalid destination addresses. |
InDiscards |
Received IPv6 packets that are discarded due to resource problems rather than packet errors. |
OutDiscards |
IPv6 packets that fail to be sent due to resource problems rather than packet errors. |
# Display brief IPv6 information about all interfaces. Each interface description contains a maximum of 11 characters.
<Sysname> display ipv6 interface brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address/Prefix VPN instance Description
Vlan2 down down 1::1/64 [TENTATIVE] -- Link to ...
Vlan3 down down FDBD:DC00:46::AC10:C05E/128 vpn1 Lin
Vlan10 down down Unassigned vpn-first-test --
# Display brief IPv6 information about all interfaces. Each interface description is complete.
<Sysname> display ipv6 interface brief description
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address/Prefix VPN instance Description
Vlan2 down down 1::1/64 [TENTATIVE] -- Link to Cor
eRouter
Vlan10 down down Unassigned vpn-first-test --
Table 4 Command output
Field |
Description |
*down: administratively down |
The interface has been administratively shut down by using the shutdown command. |
(s): spoofing |
Spoofing attribute of the interface. The link protocol state of the interface is up, but the link is temporarily established on demand or does not exist. |
Interface |
Name of the interface. |
Physical |
Physical state of the interface: · *down—The interface has been administratively shut down by using the shutdown command. · down—The interface is administratively up but its physical state is down, possibly because of a connection or link failure. · up—The administrative and physical states of the interface are both up. |
Protocol |
Link layer protocol state of the interface: · down—The network layer protocol state of the interface is down. · up—The network layer protocol state of the interface is up. |
IPv6 Address/Prefix |
IPv6 address and prefix of the interface. · If multiple global unicast addresses are configured, this field displays the lowest address. · If no global unicast address is configured, this field displays the link-local address. · If no address is configured, this field displays Unassigned. Available IPv6 address states include: · TENTATIVE—Initial state. DAD is being performed or is to be performed on the address. · DUPLICATE—The address is not unique on the link and is not usable. · PREFERRED—The address is preferred and can be used as the source or destination address of a packet. If an address is in this state, the command does not display the address state. · DEPRECATED—The address is beyond the preferred lifetime but in the valid lifetime. It is valid, but it cannot be used as the source address for a new connection. Packets destined for the address are processed correctly. |
VPN instance |
Name of the VPN instance to which the interface belongs. If the interface does not belong to any VPN instance, this field displays hyphens (--). |
Description |
Description of the interface. If no description is configured, this field displays hyphens (--). |
display ipv6 interface prefix
Use display ipv6 interface prefix to display IPv6 prefix information for an interface.
Syntax
display ipv6 interface interface-type interface-number prefix
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Examples
# Display IPv6 prefix information for VLAN-interface 10.
<Sysname> display ipv6 interface vlan-interface10 prefix
Prefix: 1001::/65 Origin: ADDRESS
Age: - Flag: AL
Lifetime(Valid/Preferred): 2592000/604800
Preference: -
Prefix: 2001::/64 Origin: STATIC
Age: - Flag: L
Lifetime(Valid/Preferred): 3000/2000
Preference: -
Prefix: 3001::/64 Origin: RA
Age: 600 Flag: A
Lifetime(Valid/Preferred): -
Preference: -
Prefix: 4001::/64 Origin: STATIC
Age: - Flag: ALP
Lifetime(Valid/Preferred): 1000/200
Preference: 200
Table 5 Command output
Filed |
Description |
Prefix |
IPv6 address prefix. |
Origin |
How the prefix is generated: · STATIC—Manually configured by using the ipv6 nd ra prefix command. · RA—Advertised in RA messages after stateless autoconfiguration is enabled. · ADDRESS—Generated by a manually configured address. |
Age |
Aging time in seconds. If the prefix does not age out, this field displays a hyphen (-). |
Flag |
Flags carried in RA messages. If no flags are available, this field displays a hyphen (-). · L—The address with the prefix is directly reachable on the link. · A—The prefix is used for stateless autoconfiguration. · N—The prefix is not advertised in RA messages. · P—The prefix has a preference. |
Lifetime |
Lifetime in seconds advertised in RA messages. If the prefix does not need to be advertised, this field displays a hyphen (-). · Valid—Valid lifetime of the prefix. · Preferred—Preferred lifetime of the prefix. |
Preference |
Preference of the IPv6 prefix. |
Related commands
ipv6 nd ra prefix
display ipv6 nd proxy statistics
Use display ipv6 nd proxy statistics to display statistics for ND proxy reply packets.
Syntax
display ipv6 nd proxy statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
You can view statistics for ND proxy reply packets in the most recent hour.
This command displays the ND proxy reply statistics within the most recent minute on a per-second basis and displays the statistics one minute ago on a five-minute basis.
Examples
# Display statistics for ND proxy reply packets.
<Sysname> display ipv6 nd proxy statistics
Last 1 sec proxy count: 200
Last 2 sec proxy count: 400
……
Last 1 min proxy count: 12000
Last 5 min proxy count: 18000
Last 10 min proxy count: 24000
……
Last 60 min proxy count: 182445
Related commands
local-proxy-nd enable
proxy-nd enable
display ipv6 nd route-direct advertise
Use display ipv6 nd route-direct advertise to display information about ND direct route advertisement.
Syntax
display ipv6 nd route-direct advertise interface interface-type interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. Make sure you specify the interface where the ND direct route advertisement is enabled.
Usage guidelines
When ND direct route advertisement is enabled, the device generates direct routes based on ND entries for packet forwarding and route advertisement. You can use this command to check whether the routing management module has generated direct routes for ND entries.
As a best practice, wait a period of time after you enable ND direct route advertisement and then execute this command.
Examples
# Display information about ND direct route advertisement on Ten-GigabitEthernet1/0/1.
<Sysname> display ipv6 nd route-direct advertise interface ten-gigabitethernet 1/0/1
IPv6 address MAC address VLAN/VSI Interface State Route
1::2 6864-6839-0202 1 XGE1/0/1 STALE YES
1::3 6864-6839-0202 1 XGE1/0/1 STALE NO
Field |
Description |
IPv6 address |
IPv6 address of the neighbor. |
MAC address |
MAC address of the neighbor. |
VLAN/VSI |
VLAN ID or VSI index to which the neighbor entry belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VLAN or VSI. |
Interface |
Interface connected to the neighbor. · If the neighbor entry does not belong to a VSI, this field displays the interface name. If the interface name is not available, the field displays hyphens (--). · If the neighbor entry belongs to a VSI and the interface is a tunnel interface, the field value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the tunnel ID. · If the neighbor entry belongs to a VSI but the interface is not a tunnel interface, the field value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the interface. |
State |
State of a neighbor: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—The reachability of the neighbor is unknown. The device will not verify the reachability unless it has data to send to the neighbor. · DELAY—The reachability of the neighbor is unknown. The device does not send an NS message in the delay period. · PROBE—The reachability of the neighbor is unknown. The device sends an NS message to probe the reachability of the neighbor. |
Route |
Whether a direct route is generated for the ND entry in the routing management module: · YES—A direct route is generated based on the ND entry. · NO—No direct route is generated based on the ND entry.. |
Related commands
ipv6 nd route-direct advertise
display ipv6 nd snooping count vlan
Use display ipv6 nd snooping count vlan to display the number of IPv6 ND snooping entries for VLANs.
Syntax
display ipv6 nd snooping count vlan [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays the total number of ND snooping entries in all VLANs.
Examples
# Display the total number of IPv6 ND snooping entries in all VLANs.
<Sysname> display ipv6 nd snooping count vlan
Total entries for VLANs: 5
# Display the total number of IPv6 ND snooping entries on Ten-GigabitEthernet 1/0/1.
<Sysname> display ipv6 nd snooping count vlan interface ten-gigabitethernet 1/0/1
Total entries on interface XGE1/0/1: 2
Table 7 Command output
Field |
Description |
Total entries for VLANs |
Total number of ND snooping entries in all VLANs. |
Total entries on interface xxx |
Total number of ND snooping entries on the interface. |
Related commands
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
reset ipv6 nd snooping vlan
display ipv6 nd snooping count vsi
Use display ipv6 nd snooping count vsi to display the number of IPv6 ND snooping entries in the specified VSI.
Syntax
display ipv6 nd snooping count vsi [ vsi-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays ND snooping entries for all VSIs.
Examples
# Display the total number of IPv6 ND snooping entries in all VSIs.
<Sysname> display ipv6 nd snooping count vsi
Total entries for VSIs: 5
# Display the total number of IPv6 ND snooping entries in VSI vsi1.
<Sysname> display ipv6 nd snooping count vsi vsi1
Total entries for VSI vsi1: 2
Table 8 Command output
Field |
Description |
Total entries for VSIs |
Total number of IPv6 ND snooping entries in all VSIs. |
Total entries for VSI vsi1 |
Total number of IPv6 ND snooping entries in VSI vsi1. |
Related commands
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
reset ipv6 nd snooping vsi
display ipv6 nd snooping vlan
Use display ipv6 nd snooping vlan to display ND snooping entries in the specified VLAN.
Syntax
display ipv6 nd snooping vlan [ [ vlan-id | interface interface-type interface-number ] [ global | link-local ] | ipv6-address ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vlan vlan-id: Displays ND snooping entries for the specified VLAN. The value range for the VLAN ID is 1 to 4094.
interface interface-type interface-number: Displays ND snooping entries for the specified interface in a VLAN. The interface-type interface-number argument specifies an interface by its type and number.
global: Displays ND snooping entries for global unicast addresses in the VLAN.
link-local: Displays ND snooping entries for link-local addresses in the VLAN.
ipv6-address: Displays the ND snooping entry for the specified IPv6 address.
verbose: Displays detailed information about ND snooping entries in the VLAN. If you do not specify the keyword, this command displays brief information about ND snooping entries.
Usage guidelines
If you do not specify any parameters, this command displays all ND snooping entries.
Examples
# Display brief information about IPv6 ND snooping entries for VLAN 1.
<Sysname> display ipv6 nd snooping vlan 1
IPv6 address MAC address VID Interface Status Age
1::2 0000-1234-0c01 1 XGE1/0/2 VALID 57
# Display detailed information about IPv6 ND snooping entries for VLAN 1.
<Sysname> display ipv6 nd snooping vlan 1 verbose
IPv6 address: 1::2
MAC address: 0000-1234-0c01
Interface: XGE1/0/2
First VLAN ID: 1 Second VLAN ID: N/A
Status: VALID Age: 57
Table 9 Command output
Field |
Description |
IPv6 address |
IPv6 address in the ND snooping entry. |
MAC address |
MAC address in the ND snooping entry. |
VID |
ID of the VLAN to which the ND snooping entry belongs. |
First VLAN ID |
ID of the SVLAN to which the ND snooping entry belongs. |
Second VLAN ID |
ID of the CVLAN to which the ND snooping entry belongs. If no CVLAN is configured, this field displays N/A. For more information about the SVLAN and CVLAN, see QinQ in Layer 2—LAN Switching Configuration Guide. |
Interface |
Input interface in the ND snooping entry. |
Status |
Status of the ND snooping entry: · TENTATIVE—The entry is ineffective. · VALID—The entry is effective. · TESTING_TPLT—The entry is being tested by DAD. The device performs DAD for the entry in the following situations: ¡ The entry ages out. ¡ An ND trusted interface in the VLAN receives an ND message from the IPv6 address in the entry. · TESTING_VP—The entry is being tested by DAD. The device performs DAD when an ND untrusted interface in the VLAN receives an ND message from the IPv6 address in the entry. |
Age |
For an ND snooping entry in VALID status, this field displays its remaining aging time in seconds. For an ND snooping entry in other status, this field displays a pound sign (#). |
Related commands
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
display ipv6 nd snooping vsi
Use display ipv6 nd snooping vsi to display ND snooping entries in the specified VSI.
Syntax
display ipv6 nd snooping vsi [ vsi-name ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays ND snooping entries for all VSIs.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ND snooping entries for the master device.
Examples
# Display ND snooping entries in VSI vsi1.
<Sysname> display ipv6 nd snooping vsi vsi1
IPv6 address MAC address VSI name Link ID Aging(min)
1::2 0000-1234-0c01 vsi1 0x70000 5
Table 10 Command output
Field |
Description |
IPv6 address |
IPv6 address in the ND snooping entry. |
MAC address |
MAC address in the ND snooping entry. |
VSI name |
Name of the VSI to which the ND snooping entry belongs. |
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
Aging(min) |
Remaining aging time of the ND snooping entry, in minutes. |
Related commands
ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
reset ipv6 nd snooping vsi
display ipv6 nd user-ip-conflict record
Use display ipv6 nd user-ip-conflict record to display user IPv6 address conflict records.
Syntax
display ipv6 nd user-ip-conflict record [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays user IP address conflict records for all member devices.
Examples
# Display all user IPv6 address conflict records.
<Sysname> display ipv6 nd user-ip-conflict record
IPv6 address: 10::1
System time: 2018-02-02 11:22:29
Conflict count: 1
Log suppress count: 0
Old interface: Ten-GigabitEthernet1/0/1
New interface: Ten-GigabitEthernet1/0/2
Old SVLAN/CVLAN: 100/2
New SVLAN/CVLAN: 100/2
Old MAC: 00e0-ca63-8141
New MAC: 00e0-ca63-8142
IPv6 address: 10::2
System time: 2018-02-02 10:20:30
Conflict count: 1
Log suppress count: 0
Old interface: Ten-GigabitEthernet1/0/1
New interface: Ten-GigabitEthernet1/0/2
Old SVLAN/CVLAN: 100/--
New SVLAN/CVLAN: 100/--
Old MAC: 00e0-ca63-8141
New MAC: 00e0-ca63-8142
Table 11 Command output
Field |
Description |
IPv6 address |
IPv6 address of a user. |
System time |
Time when the user IPv6 address conflict occurred. |
Conflict count |
Number of times user IPv6 address conflicts occurred. |
Log suppress count |
Number of times user IPv6 address conflict log generation has been suppressed. |
Old interface |
Output interface in the old ND entry. |
New interface |
Output interface in the new ND entry. |
Old SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the old ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN. |
New SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the new ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN. |
Old MAC |
MAC address in the old ND entry. |
New MAC |
MAC address in the new ND entry. |
Related commands
ipv6 nd user-ip-conflict record enable
display ipv6 nd user-move record
Use display ipv6 nd user-move record to display user port migration records.
Syntax
display ipv6 nd user-move record [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays user port migration records for all member devices.
Examples
# Display all user port migration records.
<Sysname> display ipv6 nd user-move record
IPv6 address: 10::1
MAC address: 00e0-ca63-8141
System time: 2018-02-02 11:22:29
Move count: 1
Log suppress count: 0
Before:
interface: Ten-GigabitEthernet1/0/1
SVLAN/CVLAN: 100/2
After:
interface: Ten-GigabitEthernet1/0/2
SVLAN/CVLAN: 100/2
IPv6 address: 10::2
MAC address: 00e0-ca63-8142
System time: 2018-02-02 10:20:30
Move count: 1
Log suppress count: 0
Before:
interface: Ten-GigabitEthernet1/0/1
SVLAN/CVLAN: 100/--
After:
interface: Ten-GigabitEthernet1/0/2
SVLAN/CVLAN: 100/--
Table 12 Command output
Field |
Description |
IPv6 address |
IPv6 address of the user. |
MAC address |
MAC address of the user. |
System time |
Time when the user port migration occurred. |
Move count |
Number of times the user port migrated. |
Log suppress count |
Number of times user port migration log generation has been suppressed. |
Before |
Information before the user port migration. |
interface |
Interface information in the ND entry. |
SVLAN/CVLAN |
ID of the outer VLAN or inner VLAN in the ND entry. This field displays hyphens (--) if the ND entry does not belong to any outer VLAN or inner VLAN. |
After |
Information after the user port migration. |
Related commands
ipv6 nd user-move record enable
display ipv6 neighbors
Use display ipv6 neighbors to display IPv6 neighbor information.
Syntax
display ipv6 neighbors { { ipv6-address | all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6-address: Specifies the IPv6 address of a neighbor whose information is displayed.
all: Displays information about all neighbors, including neighbors acquired dynamically and configured statically on the public network and all private networks.
dynamic: Displays information about all neighbors acquired dynamically.
static: Displays information about all neighbors configured statically.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 neighbor information for all member devices.
interface interface-type interface-number: Specifies an interface by its type and number.
vlan vlan-id: Displays information about neighbors in the specified VLAN. The value range for VLAN ID is 1 to 4094.
verbose: Displays detailed neighbor information.
Examples
# Display all neighbor information.
<Sysname> display ipv6 neighbors all
Type: S-Static D-Dynamic O-Openflow R-Rule IS-Invalid static
IPv6 address MAC address VID Interface State T Aging
1::2 6864-6839-0202 1 XGE1/0/1 STALE D 136
FE80::6A64:68FF:FE39:202 6864-6839-0202 1 XGE1/0/1 STALE D 126
1::3 6864-6839-0203 1 Tunnel1 STALE D 136
1::4 6864-6839-0204 1 XGE1/0/2 STALE D 136
# Display detailed information about all neighbors.
<Sysname> display ipv6 neighbors all verbose
IPv6 Address : 1::2
MAC address : 6864-6839-0202 Type : Dynamic
State : STALE Aging : 136 seconds
Interface : XGE1/0/1 VLAN : 1
VPN instance : --
Service instance: --
Link ID : --
VXLAN ID : --
VSI name : --
VSI interface : --
Nickname : 0x0
IPv6 Address : FE80::6A64:68FF:FE39:202
MAC address : 6864-6839-0202 Type : Dynamic
State : STALE Aging : 126 seconds
Interface : XGE1/0/1 VLAN : 1
VPN instance : --
Service instance: --
Link ID : --
VXLAN ID : --
VSI name : --
VSI interface : --
Nickname : 0x0
IPv6 Address : 1::3
MAC address : 6864-6839-0203 Type : Static
State : REACH Aging : --
Interface : Tunnel1 VLAN : --
VPN instance : --
Service instance : --
Link ID : 0x5000001
VXLAN ID : 10
VSI name : vpna
VSI interface : Vsi1
Nickname : 0x0
IPv6 Address : 1::4
MAC address : 6864-6839-0204 Type : Static
State : REACH Aging : --
Interface : XGE1/0/2 VLAN : --
VPN instance : --
Service instance : 1
Link ID : 0x1
VXLAN ID : 10
VSI name : vpna
VSI interface : Vsi1
Nickname : 0x0
Table 13 Command output
Field |
Description |
IPv6 Address |
IPv6 address of the neighbor. |
MAC address |
MAC address of the neighbor. |
VLAN/VSI |
VLAN ID or VSI index to which the neighbor entry belongs. This field displays hyphens (--) if the neighbor entry does not belong to a VLAN or VSI. |
Interface |
Interface connected to the neighbor. · If the neighbor entry does not belong to a VSI, this field displays the interface name. If the interface name is not available, the field displays hyphens (--). · If the neighbor entry belongs to a VSI and the interface is a tunnel interface, the field value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the tunnel ID. · If the neighbor entry belongs to a VSI but the interface is not a tunnel interface, the field value depends on the address resolution status. ¡ If the address is not resolved, this field displays the VSI. ¡ If the address is resolved, this field displays the interface. |
State |
State of a neighbor: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—The reachability of the neighbor is unknown. The device will not verify the reachability unless it has data to send to the neighbor. · DELAY—The reachability of the neighbor is unknown. The device does not send an NS message in the delay period. · PROBE—The reachability of the neighbor is unknown. The device sends an NS message to probe the reachability of the neighbor. |
Type |
Neighbor information type: · Static—Statically configured. · Dynamic—Dynamically obtained. · Openflow—Learned from the OpenFlow module. · Rule—Learned from the portal module. · Invalid static—Invalid static configuration. |
Aging |
Reachable time of the neighbor: · For a static neighbor entry, this field displays hyphens (--), representing the neighbor entry never expires. · For a dynamic neighbor entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#). |
VPN instance |
Name of a VPN instance. This field displays hyphens (--) if no VPN instance is configured. |
Service instance |
Ethernet service instance. If the neighbor entry does not belong to any Ethernet service instance for the related Layer 2 Ethernet interface or Layer 2 aggregate interface, this field displays hyphens (--). |
Link ID |
ID of the link that connects to the neighbor. The link ID is a string with a maximum of eight hexadecimal numbers. If the neighbor entry does not belong to a VSI, the field displays hyphens (--). |
VXLAN ID |
ID of the VXLAN associated with the VSI in the neighbor entry. If no VXLAN is specified, the field displays hyphens (--). |
VSI name |
Name of the VSI where the neighbor entry belongs. If the entry does not belong to a VSI, the field displays hyphens (--). |
VSI interface |
VSI interface associated with the VSI. If no VSI interface is specified, the field displays hyphens (--). |
Nickname |
Nickname of a neighbor entry. The name is a string of four hexadecimal numbers. |
Related commands
ipv6 neighbor
reset ipv6 neighbors
display ipv6 neighbors count
Use display ipv6 neighbors count to display the number of neighbor entries.
Syntax
display ipv6 neighbors { { all | dynamic | static } [ slot slot-number ] | interface interface-type interface-number | vlan vlan-id } count
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays the total number of all neighbor entries, including neighbor entries created dynamically and configured statically.
dynamic: Displays the total number of neighbor entries created dynamically.
static: Displays the total number of neighbor entries configured statically.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays the number of neighbor entries for all member devices.
interface interface-type interface-number: Specifies an interface by its type and number.
vlan vlan-id: Displays the total number of neighbor entries in the specified VLAN. The value range for VLAN ID is 1 to 4094.
Examples
# Display the total number of neighbor entries created dynamically.
<Sysname> display ipv6 neighbors dynamic count
Total number of dynamic entries: 2
display ipv6 neighbors entry-limit
Use display ipv6 neighbors entry-limit to display the maximum number of ND entries that a device supports.
Syntax
display ipv6 neighbors entry-limit
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the maximum number of ND entries that the device supports.
<Sysname> display ipv6 neighbors entry-limit
ND entries: 2048
display ipv6 neighbors statistics
Use display ipv6 neighbors statistics to display ND entry statistics.
Syntax
display ipv6 neighbors statistics { [ by-slot ] all | interface { interface-name | interface-type interface-number } | slot slot-number }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Displays statistics about all ND entries.
interface interface-type interface-number: Specifies an interface by its type and number.
by-slot: Displays statistics about all ND entries by member device.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays ND entry statistics for all member devices.
Usage guidelines
Use this feature to monitor the usage of ND entry resources. When a packet forwarding error occurs, you can check ND entry statistics, and then determine whether the error is caused by excessive consumption of ND entry resources.
Examples
# Display ND entry statistics on Ten-GigabitEthernet 1/0/1.
<Sysname> display ipv6 neighbors statistics interface ten-gigabitethernet 1/0/1
-----------------------------------------------
State Dynamic Static Rule
-----------------------------------------------
Incmp 0 0 0
Reach 0 2 0
Stale 1 - -
Delay 0 - -
Probe 0 - -
-----------------------------------------------
Total 1 2 0
# Display all ND entry statistics.
<Sysname> display ipv6 neighbors statistics all
-----------------------------------------------
State Dynamic Static Rule
-----------------------------------------------
Incmp 0 4 0
Reach 1 2 0
Stale 0 - -
Delay 0 - -
Probe 0 - -
-----------------------------------------------
Total 1 6 0
Table 14 Command output
Field |
Description |
Dynamic |
Number of dynamic ND entries. |
Static |
Number of static ND entries. |
Rule |
Number of ND entries learned from other modules, such as IPoE and Portal. |
Incmp |
Number of ND entries in Incmp state. |
Reach |
Number of ND entries in Reach state. |
Stale |
Number of ND entries in Stale state. |
Delay |
Number of ND entries in Delay state. |
Probe |
Number of ND entries in Probe state. |
display ipv6 neighbors usage
Use display ipv6 neighbors usage to display the ND table usage.
Syntax
display ipv6 neighbors usage
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
You can use this command to monitor the number of ND entries on the device and to determine whether ND attacks exist on the network.
The ND table usage is the ratio of the real-time ND entry count to the ND table capacity.
The ND table usage provides statistics in the most recent hour.
Examples
# Display the ND table usage.
<Sysname> display ipv6 neighbors usage
ND table upper limit: 65000
Time ND entry count Usage
Current 52000 80%
1 min ago 51351 79%
2 min ago 50711 78%
3 min ago 47748 77%
……
59 min ago 13656 21%
60 min ago 13007 20%
Table 15 Command output
Field |
Description |
ND table upper limit |
Maximum number of ND entries supported by the ND table. |
Time |
Time when the ND table usage was recorded. |
ND entry count |
Number of ND entries. |
Usage |
Usage of ND table, which is the ratio of the real-time ND entry count to the ND table upper limit. |
Related commands
display ipv6 neighbors entry-limit
display ipv6 neighbors vpn-instance
Use display ipv6 neighbors vpn-instance to display neighbor information about a VPN instance.
Syntax
display ipv6 neighbors vpn-instance vpn-instance-name [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance must already exist.
count: Displays the total number of neighbor entries in the specified VPN instance.
Examples
# Display neighbor information about the VPN instance vpn1.
<Sysname> display ipv6 neighbors vpn-instance vpn1
Type: S-Static D-Dynamic O-Openflow R-Rule IS-Invalid static
IPv6 address MAC address VLAN/VSI Interface State T Aging
FE80::200:5EFF:FE32:B800 0000-5e32-b800 -- XGE1/0/1 REACH IS --
Table 16 Command output
Field |
Description |
IPv6 address |
IPv6 address of the neighbor. |
MAC address |
MAC address of the neighbor. |
VLAN/VSI |
ID of the VLAN to which the interface connected to the neighbor belongs. This field displays hyphens (--) if the neighbor does not belong to a VLAN. |
Interface |
Interface connected to the neighbor. |
State |
State of the neighbor: · INCMP—The address is being resolved. The link layer address of the neighbor is unknown. · REACH—The neighbor is reachable. · STALE—Whether the neighbor is reachable is unknown. The device does not verify the reachability any longer unless data is sent to the neighbor. · DELAY—Whether the neighbor is reachable is unknown. The device sends an NS message after a delay. · PROBE—Whether the neighbor is reachable is unknown. The device sends an NS message to verify the reachability of the neighbor. |
Type |
Neighbor information type: · Static—Statically configured. · Dynamic—Dynamically obtained. · Openflow—Learned from the OpenFlow module. · Rule—Learned from the portal module. · Invalid static—Invalid static configuration. |
Aging |
Reachable time of the neighbor: · For a static neighbor entry, this field displays hyphens (--), representing the neighbor entry never expires. · For a dynamic neighbor entry, this field displays the elapsed time in seconds. If the neighbor is never reachable, this field displays a pound sign (#). |
display ipv6 pathmtu
Use the display ipv6 pathmtu command to display IPv6 Path MTU information.
Syntax
display ipv6 pathmtu [ vpn-instance vpn-instance-name ] { ipv6-address | { all | dynamic | static } [ count ] }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays IPv6 Path MTU information about the public network.
ipv6-address: Specifies the destination IPv6 address for which the Path MTU information is to be displayed.
all: Displays all Path MTU information for the public network.
dynamic: Displays all dynamic Path MTU information.
static: Displays all static Path MTU information.
count: Displays the total number of Path MTU entries.
Examples
# Display all Path MTU information.
<Sysname> display ipv6 pathmtu all
IPv6 destination address PathMTU Age Type
1:2::3:2 1800 - Static
1:2::4:2 1400 10 Dynamic
1:2::5:2 1280 10 Dynamic
# Displays the total number of Path MTU entries.
<Sysname> display ipv6 pathmtu all count
Total number of entries: 3
Table 17 Command output
Field |
Description |
PathMTU |
Path MTU value on the network path to an IPv6 address. |
Age |
Time for a Path MTU to live. For a static Path MTU, this field displays a hyphen (-). |
Type |
Path MTU type: · Dynamic—Dynamically negotiated. · Static—Statically configured. |
Total number of entries |
Total number of Path MTU entries. |
Related commands
ipv6 pathmtu
reset ipv6 pathmtu
display ipv6 prefix
Use display ipv6 prefix to display information about IPv6 prefixes, including dynamic and static prefixes.
Syntax
display ipv6 prefix [ prefix-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
prefix-number: Specifies the ID of an IPv6 prefix, in the range of 1 to 1024. If you do not specify an IPv6 prefix ID, this command displays information about all IPv6 prefixes.
Usage guidelines
A static IPv6 prefix is configured by using the ipv6 prefix command.
A dynamic IPv6 prefix is obtained from the DHCPv6 server, and its prefix ID is configured by using the ipv6 dhcp client pd command. For detailed information, see Layer 3—IP Services Configuration Guide.
Examples
# Display information about all IPv6 prefixes.
<Sysname> display ipv6 prefix
Number Prefix Type
1 1::/16 Static
2 11:77::/32 Dynamic
# Display information about the IPv6 prefix with prefix ID 1.
<Sysname> display ipv6 prefix 1
Number: 1
Type : Dynamic
Prefix: ABCD:77D8::/32
Preferred lifetime 90 sec, valid lifetime 120 sec
Table 18 Command output
Field |
Description |
Number |
Prefix ID. |
Type |
Prefix type: · Static—Static IPv6 prefix. · Dynamic—Dynamic IPv6 prefix. |
Prefix |
Prefix and its length. If no prefix is obtained, this field displays Not-available. |
Preferred lifetime 90 sec |
Preferred lifetime in seconds. For a static IPv6 prefix, this field is not displayed. |
valid lifetime 120 sec |
Valid lifetime in seconds. For a static IPv6 prefix, this field is not displayed. |
Related commands
ipv6 dhcp client pd
ipv6 prefix
display ipv6 rawip
Use display ipv6 rawip to display brief information about IPv6 RawIP connections.
Syntax
display ipv6 rawip [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about IPv6 RawIP connections for all member devices.
Examples
# Display brief information about IPv6 RawIP connections.
<Sysname> display ipv6 rawip
Local Addr Foreign Addr Protocol Slot Cpu PCB
2001:2002:2003:2 3001:3002:3003:3 58 1 0 0x0000000000000009
004:2005:2006:20 004:3005:3006:30
07:2008 07:3008
2002::100 2002::138 58 2 0 0x0000000000000008
:: :: 58 5 0 0x0000000000000002
Table 19 Command output
Field |
Description |
Local Addr |
Local IPv6 address. |
Foreign Addr |
Peer IPv6 address. |
Protocol |
Protocol number. |
PCB |
PCB index. |
display ipv6 rawip verbose
Use display ipv6 rawip verbose to display detailed information about IPv6 RawIP connections.
Syntax
display ipv6 rawip verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about IPv6 RawIP connections for all member devices.
pcb pcb-index: Displays detailed information about IPv6 RawIP connections of the specified PCB. The value range for the pcb-index argument is 1 to FFFFFFFFFFFFFFFF.
Examples
# Display detailed information about an IPv6 RawIP connection.
<Sysname> display ipv6 rawip verbose
Total RawIP socket number: 1
Connection info: src = ::, dst = ::
Location: slot: 6 cpu: 0
Creator: ping ipv6[320]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 9216 / 1 / 0 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
Type: 3
Protocol: 58
Inpcb flags: N/A
Inpcb extflag: INP_EXTRCVICMPERR INP_EXTFILTER
Inpcb vflag: INP_IPV6
Hop limit: 255 (minimum hop limit: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 20 Command output
Field |
Description |
Total RawIP socket number |
Total number of IPv6 RawIP sockets. |
Connection info |
Connection information, including the source and destination IPv6 addresses. |
Location |
Socket location. |
Creator |
Task name of the socket. The process number is in the square brackets. |
State |
Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state. |
Options |
Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-of-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_FILTER—Supports setting the packet filter criterion. This option is available for OSI Socket and RawIP. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set. |
Error |
Error code. |
Receiving buffer(cc/hiwat/lowat/drop/state) |
Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Sending buffer(cc/hiwat/lowat/state) |
Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Type |
Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types. |
Protocol |
Number of protocol using the socket. 58 represents ICMP. |
Inpcb flags |
Flags in the Internet PCB: · INP_RECVOPTS—Receives IPv6 options. · INP_RECVRETOPTS—Receives replied IPv6 options. · INP_RECVDSTADDR—Receives destination IPv6 address. · INP_HDRINCL—Provides the entire IPv6 header. · INP_REUSEADDR—Reuses the IPv6 address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack. · IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet. · IN6P_HOPLIMIT—Receives the hop limit. · IN6P_HOPOPTS—Receives the hop-by-hop options extension header. · IN6P_DSTOPTS—Receives the destination options extension header. · IN6P_RTHDR—Receives the routing extension header. · IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. · IN6P_TCLASS—Receives the traffic class of the packet. · IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. · IN6P_RFC2292—Uses the API specified in RFC 2292. · IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_USEICMPSRC—Uses the specified IPv6 address as the source IPv6 address for outgoing ICMP packets. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags. |
Inpcb extflag |
Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTFILTER—Filters the contents in the received packet. · INP_EXTDONTDROP—Do not drop the received packet. · INP_EXLISTEN—Adds the INPCB carrying this flag to the listen hash table. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTRCVUPID—Obtains the UP ID from the received packet in the UCM control-/user-plane separated (CUPS) network. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · INP_EXLISTENNET—Sets this flag when the connection information is added to the network segment linked list. · N/A—None of the above flags. |
Inpcb vflag |
IP version flag in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_IPV6—IPv6 protocol. · INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags. |
Hop limit |
Hop limit in the Internet PCB. |
Send VRF |
VRF from which packets are sent. |
Receive VRF |
VRF from which packets are received. |
display ipv6 statistics
Use display ipv6 statistics to display IPv6 and ICMPv6 packet statistics.
Syntax
display ipv6 statistics [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 and ICMPv6 packet statistics for all member devices.
Examples
# Display IPv6 and ICMPv6 packet statistics.
<Sysname> display ipv6 statistics
IPv6 statistics:
Sent packets:
Total: 0
Sent locally: 0 Forwarded: 0
Raw packets: 0 Discarded: 0
Fragments: 0 Fragments failed: 0
Routing failed: 0
Received packets:
Total: 0
Received locally: 0 Hop limit exceeded: 0
Fragments: 0 Reassembled: 0
Reassembly failures: 0 Reassembly timeout: 0
Format errors: 0 Option errors: 0
Protocol errors: 0
ICMPv6 statistics:
Sent packets:
Total: 0
Unreachable: 0 Too big: 0
Hop limit exceeded: 0 Reassembly timeouts: 0
Parameter problems: 0
Echo requests: 0 Echo replies: 0
Neighbor solicits: 0 Neighbor adverts: 0
Router solicits: 0 Router adverts: 0
Redirects: 0 Router renumbering: 0
Send failed:
Rate limitation: 0 Other errors: 0
Received packets:
Total: 0
Checksum errors: 0 Too short: 0
Bad codes: 0
Unreachable: 0 Too big: 0
Hop limit exceeded: 0 Reassembly timeouts: 0
Parameter problems: 0 Unknown error types: 0
Echo requests: 0 Echo replies: 0
Neighbor solicits: 0 Neighbor adverts: 0
Router solicits: 0 Router adverts: 0
Redirects: 0 Router renumbering: 0
Unknown info types: 0
Deliver failed:
Bad length: 0
Table 21 Command output
Field |
Description |
IPv6 statistics: |
IPv6 packet statistics. |
Sent packets: Total: Sent locally: Forwarded: Raw packets: Discarded: Fragments: Fragments failed: Routing failed: |
Statistics for sent IPv6 packets: · Total—Total number of packets that have been locally sent and forwarded. · Sent locally—Number of locally sent packets. · Forwarded—Number of forwarded packets. · Raw packets—Number of packets sent by using a raw socket. · Discarded—Number of discarded packets. · Fragments—Number of sent fragments. · Fragments failed—Number of fragments that were failed to send. · Routing failed—Number of packets with routing failures. |
Received packets: Total: Received locally: Hop limit exceeded: Fragments: Reassembled: Reassembly failures: Reassembly timeout: Format errors: Option errors: Protocol errors: |
Statistics for received IPv6 packets: · Total—Total number of received packets. · Received locally—Number of received packets that are destined for the device. · Hop limit exceeded—Number of packets with hop limit exceeded. · Fragments—Number of received fragments. · Reassembled—Number of reassembled packets. · Reassembly failures—Number of packets with reassembly failures. · Reassembly timeout—Number of packets with reassembly timed out. · Format errors—Number of packets with format errors. · Option errors—Number of packets with option errors. · Protocol errors—Number of packets with protocol errors. |
ICMPv6 statistics: |
ICMPv6 message statistics. |
Sent packets: Total: Unreached: Too big: Hop limit exceeded: Reassembly timeouts: Parameter problems: Echo requests: Echo replies: Neighbor solicits: Neighbor adverts: Router solicits: Router adverts: Redirects: Router renumbering Sent failed: Rate limitation: Other errors: |
Statistics for sent ICMPv6 messages: · Total—Total number of sent messages. · Unreached—Number of Destination Unreachable messages. · Too big—Number of Packet Too Big messages. · Hop limit exceeded—Number of Hop Limit Exceeded messages. · Reassembly timeouts—Number of Fragment Reassembly Time Exceeded messages. · Parameter problems—Number of Parameter Problem messages. · Echo requests—Number of Echo Requests. · Echo replies—Number of Echo Replies. · Neighbor solicits—Number of Neighbor Solicitation messages. · Neighbor adverts—Number of Neighbor Advertisement messages. · Router solicits—Number of Router Solicitation messages. · Router adverts—Number of Router Advertisement messages. · Redirects—Number of Redirect messages. · Router renumbering—Number of Router Renumbering messages. · Sent failed—Number of messages that were failed to send locally. · Rate limitation—Number of unsent messages because of rate limiting. · Other errors—Number of messages with other errors. |
Received packets: Total: Checksum errors: Too short: Bad codes: Unreachable: Too big: Hop limit exceeded: Reassembly timeouts: Parameter problems: Unknown error types: Echo requests: Echo replies: Neighbor solicits: Neighbor adverts: Router solicits: Router adverts: Redirects: Router renumbering: Unknown info types: Deliver failed: Bad length: |
Statistics for received ICMPv6 messages: · Total—Total number of received messages. · Checksum errors—Number of messages with checksum errors. · Too short—Number of messages with a too short length. · Bad codes—Number of messages with error codes. · Unreached—Number of Destination Unreachable messages. · Too big—Number of Packet Too Big messages. · Hop limit exceeded—Number of Hop Limit Exceeded messages. · Reassembly timeouts—Number of Fragment Reassembly Time Exceeded messages. · Parameter problems—Number of Parameter Problem messages. · Unknown error types—Number of messages with unknown error types. · Echo requests—Number of Echo Requests. · Echo replies—Number of Echo Replies. · Neighbor solicits—Number of Neighbor Solicitation messages. · Neighbor adverts—Number of Neighbor Advertisement messages. · Router solicits—Number of Router Solicitation messages. · Router adverts—Number of Router Advertisement messages. · Redirects—Number of Redirect messages. · Router renumbering—Number of Router Renumbering messages. · Unknown info types—Number of messages with unknown information types. · Deliver failed—Number of messages with local delivery failures. · Bad length—Number of messages with error length. |
Related commands
reset ipv6 statistics
display ipv6 tcp
Use display ipv6 tcp to display brief information about IPv6 TCP connections.
Syntax
display ipv6 tcp [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about IPv6 TCP connections for all member devices.
Examples
# Display brief information about IPv6 TCP connections.
<Sysname> display ipv6 tcp
*: TCP connection with authentication
LAddr->port FAddr->port State Slot CPU PCB
LInt
*2001:2002:2003:2 3001:3002:3003:3 ESTABLISHED 1 0 0x000000000000c387
004:2005:2006:20 004:3005:3006:30
07:2008->1200 07:3008->1200
N/A
2001::1->23 2001::5->1284 ESTABLISHED 2 0 0x0000000000000008
N/A
2003::1->25 2001::2->1283 LISTEN 3 0 0x0000000000000009
N/A
2003::1->179 fe80::2->1283 LISTEN 3 0 0x000000000000000a
XGE1/0/2
Table 22 Command output
Field |
Description |
* |
Indicates that the TCP connection uses authentication. |
LAddr->port |
Local IPv6 address and port number. |
FAddr->port |
Peer IPv6 address and port number. |
State |
IPv6 TCP connection state: · CLOSED—The server receives a disconnection request's reply from the client. · LISTEN—The server is waiting for connection requests. · SYN_SENT—The client is waiting for the server to reply to the connection request. · SYN_RCVD—The server receives a connection request. · ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. · CLOSE_WAIT—The server receives a disconnection request from the client. · FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. · CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other. · LAST_ACK—The server is waiting for the client to reply to a disconnection request. · FIN_WAIT_2—The client receives a disconnection reply from the server. · TIME_WAIT—The client receives a disconnection request from the server. |
PCB |
PCB index. |
LInt |
Local interface. If no input interface is specified for any TCP-based feature (for example, BGP peer) on the local end, this field displays N/A. |
display ipv6 tcp verbose
Use display ipv6 tcp verbose to display detailed information about IPv6 TCP connections.
Syntax
display ipv6 tcp verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about IPv6 TCP connections for all member devices.
pcb pcb-index: Displays detailed information about IPv6 TCP connections of the specified PCB. The value range for the pcb-index argument is 1 to FFFFFFFFFFFFFFFF.
Examples
# Display detailed information about an IPv6 TCP connection.
<Sysname> display ipv6 tcp verbose
TCP inpcb number: 1(tcpcb number: 1)
Connection info: src = 2001::1->179 , dst = 2001::2->4181
Location: Slot: 6 Cpu: 0
NSR standby: N/A
Creator: bgpd[199]
State: ISCONNECTED
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 65536 / 1 / 0 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 65536 / 512 / N/A
Type: 1
Protocol: 6
Inpcb flags: N/A
Inpcb extflag: N/A
Inpcb vflag: INP_IPV6
Hop limit: 255 (minimum hop limit: 0)
Connection state: ESTABLISHED
TCP options: TF_REQ_SCALE TF_REQ_TSTMP TF_SACK_PERMIT TF_NSR
NSR state: READY(M)
Send VRF: 0x0
Receive VRF: 0x0
Local interface: N/A
Error count in abnormal-packet-defend period: 0
Checksum errors: 0
Duplicate packets: 0
Part-Duplicate packets: 0
Out-of-order packets: 0
Duplicate ACK packets: 0
Out-of-order ACK packets: 0
Packets with data out of window: 0
MD5 authentication errors: 0
Keychain authentication errors: 0
Timestamp errors: 0
Maximum Segment Size (MSS): 512
Window Scale (wscale): 0
Retransmission Timeout (rto): 3000000.0ms
Retransmission Count/Total: 0/0
Round-trip Time (rtt/rtvar): 0.0ms/12000000.0ms
Delayed Ack Timeout (ato): 100000.0ms
Congestion Window (cwnd): 1073725440
TCP Throughput: 0.00 Mbps
sendpps/sendkbps/recvpps/recvkbps/: 0/0.000/0/0.000
iss/unack/next/max/wnd: 0/0/0/0/0
irs/undeliver/next/adv/wnd: 0/0/0/0/0
NSR Info:
Total Recv/Send Count(history Recv/history Send): 41/43(41/43)
EnableMsg Recv/Send Count(history Recv/history Send): 1/2(1/2)
DisableMsg Recv/Send Count(history Recv/history Send): 0/1(0/1)
SlotchangeMsg Recv/Send Count(history Recv/history Send): 0/1(0/1)
ReadyMsg Recv/Send Count(history Recv/history Send): 2/1(2/1)
PullMsg Recv/Send Count(history Recv/history Send): 2/1(2/1)
BriefdataMsg Recv/Send Count(history Recv/history Send): 1/2(1/2)
PktMsg Recv/Send Count(history Recv/history Send): 35/35(35/35)
CmdMsg Recv/Send Count(history Recv/history Send): 0/0(0/0)
Recent Recv/Send Seq: 41/43
Recent Recv/Send Time: 11:14:44:469624 May 23 2022/11:14:44:467624 May 23 2022
Option Value:
rcvsb_timeo/sndsb_timeo/pd_type/pd_len: 0/0/0/0
so_linger: 1
ka_idle/ka_intval/ka_count: 0/0/0
so_accept_filter_str: filter1
Md5 Password:123
Tcp Key Chain: key123
Out Interface/NextHop/Local Address: 0/0.0.0.0/0.0.0.0
Filter Offset/Length/Value/Mask: 0/0/00 00 00 00 00 00 00 00 /00 00 0 00 00 00 00 00
Ip Tos/McastTTL/McastLoop/ Mcast Interface Index: 192/0/0/0
Acl Index/MacIndex: 4294967295/4294967295
Mpls Flag/Label: 0/4294967295
Kernel Event ID: 0
Send Mac: 0000-0000-0000
Bier TTL/Entropy/TunnelID: 0/0/0
Ip Option Hdr: 0x01 02 03
Table 23 Command output
Field |
Description |
TCP inpcb number |
Number of IPv6 TCP Internet PCBs. |
Connection info |
Connection information, including source IPv6 address, source port number, destination IPv6 address, and destination port number. |
Location |
Socket location. |
NSR standby |
|
tcpcb number |
Number of IPv6 TCP PCBs (excluding PCBs of TCP in TIME_WAIT state). |
Creator |
Task name of the socket. The process number is in the square brackets. |
State |
Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state. |
Options |
Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-of-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_FILTER—Supports setting the packet filter criterion. This option is available for OSI Socket and RawIP. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set. |
Error |
Error code. |
Receiving buffer(cc/hiwat/lowat/drop/state) |
Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Sending buffer(cc/hiwat/lowat/drop/state) |
Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Type |
Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types. |
Protocol |
Number of the protocol using the socket. 6 represents TCP. |
Inpcb flags |
Flags in the Internet PCB: · INP_RECVOPTS—Receives IPv6 options. · INP_RECVRETOPTS—Receives replied IPv6 options. · INP_RECVDSTADDR—Receives destination IPv6 address. · INP_HDRINCL—Provides the entire IPv6 header. · INP_REUSEADDR—Reuses the IPv6 address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack. · IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet. · IN6P_HOPLIMIT—Receives the hop limit. · IN6P_HOPOPTS—Receives the hop-by-hop options extension header. · IN6P_DSTOPTS—Receives the destination options extension header. · IN6P_RTHDR—Receives the routing extension header. · IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. · IN6P_TCLASS—Receives the traffic class of the packet. · IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. · IN6P_RFC2292—Uses the API specified in RFC 2292. · IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags. |
Inpcb extflag |
Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTDONTDROP—Does not drop the received packet. · INP_EXLISTEN—Listening socket. · INP_EXTFILTER—Filters the contents in the received packets. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTRCVUPID—Obtains the UP ID from the received packet in the UCM control-/user-plane separated (CUPS) network. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · INP_EXLISTENNET—Sets this flag when the connection information is added to the network segment linked list. · N/A—None of the above flags. |
Inpcb vflag |
IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_IPV6—IPv6 protocol. · INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags. |
Hop limit |
Hop limit in the Internet PCB. |
Connection state |
TCP connection state: · CLOSED—The server receives a disconnection request's reply from the client. · LISTEN—The server is waiting for connection requests. · SYN_SENT—The client is waiting for the server to reply to the connection request. · SYN_RCVD—The server receives a connection request. · ESTABLISHED—The server and client have established connections and can transmit data bidirectionally. · CLOSE_WAIT—The server receives a disconnection request from the client. · FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request. · CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other. · LAST_ACK—The server is waiting for the client to reply to a disconnection request. · FIN_WAIT_2—The client receives a disconnection reply from the server. · TIME_WAIT—The client receives a disconnection request from the server. |
TCP options |
TCP options: · TF_DELACK—Delays sending ACK packets. · TF_SENTFIN—A FIN packet has been sent. · TF_RCVD_SCALE—Requests the receive window size scale factor. · TF_RCVD_TSTMP—A timestamp was received in the SYN packet. · TF_NEEDSYN—Sends a SYN packet. · TF_NEEDFIN—Sends a FIN packet. · TF_MORETOCOME—More data is to be added to the socket. · TF_LQ_OVERFLOW—The listening queue overflows. · TF_LASTIDLE—Idle connection. · TF_RXWIN0SENT—A reply with receive window size 0 was sent. · TF_FASTRECOVERY—Enters NewReno fast recovery mode. · TF_WASFRECOVERY—In NewReno fast recovery mode. · TF_SIGNATURE—MD5 signature. · TF_FORCEDATA—Forces to send one byte. · TF_TSO—TSO is enabled. · TF_PMTU—Supports RFC 1191. · TF_PMTUD—Starts Path MTU discovery. · TF_PASSIVE_CONN—Passive connection. · TF_APP_SEND—The application sends data. · TF_ABNORMAL_CLOSE—The application was abnormally closed. · TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP. · TF_NOOPT—No TCP options. · TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers. · TF_NSR—Enables TCP NSR. · TF_REQ_SCALE—Enables the TCP window scale option. · TF_REQ_TSTMP—Enables the time stamp option. · TF_SACK_PERMIT—Enables the TCP selective acknowledgement option. · TF_ENHANCED_AUTH—Enables the enhanced authentication option. |
NSR state |
NSR state of the TCP connection: · CLOSED—Closed (initial) state. · CLOSING—The connection is to be closed. · ENABLED—The connection backup is enabled. · OPEN—The connection synchronization has started. · PENDING—The connection backup is not ready. · READY—The connection backup is ready. · SMOOTH—The connection data is being smoothed. Between the parentheses is the role of the connection: · M—Main connection. · S—Standby connection. |
Send VRF |
VRF from which packets are sent. |
Receive VRF |
VRF from which packets are received. |
Local interface |
Interface on the local end. If no input interface is specified for any TCP-based feature (for example, BGP peer) on the local end, this field displays N/A. |
Error count in abnormal-packet-defend period |
Number of error packets received in one abnormal-packet-defend period if attack prevention is enabled for TCP connections. |
Checksum errors |
Number of received packets with checksum errors. |
Duplicate packets |
Number of received duplicate packets. |
Part-Duplicate packets |
Number of received partially duplicate packets. |
Out-of-order packets |
Number of received out-of-order packets. |
Duplicate ACK packets |
Number of received duplicate ACK packets. |
Out-of-order ACK packets |
Number of received out-of-order ACK packets. |
Packets with data out of window |
Number of received packets whose serial number is out of the sliding window range. |
MD5 authentication errors |
Number of packets with failed MD5 authentication. |
Keychain authentication errors |
Number of packets with failed Keychain authentication. |
Timestamp errors |
Number of packets with timestamp errors. |
Maximum Segment Size (MSS) |
Maximum segment size. |
Window Scale (wscale) |
Window scale. |
Retransmission Timeout (rto) |
Retransmission timeout in milliseconds. |
Retransmission Count/Total |
Current number retransmissions/total number of retransmissions. |
Round-trip Time (rtt/rtvar) |
Average round-trip time in milliseconds. |
Delayed Ack Timeout (ato) |
Delayed acknowledgement timeout in milliseconds. |
Congestion Window (cwnd) |
Sequance number of the packet at the congestion window. |
TCP Throughput |
TCP throughput in Mbps. |
sendpps/sendbps/recvpps/recvbps |
· sendpps—Number of packets sent per second. · sendbps—Bytes sent per second. · recvpps—Number of packets received per second. · recvbps—Bytes received per second. |
Iss/unack/next/max/wnd |
· Iss—Local initial sequence number. · unack—Sequence number of sent packet that has not been acknowledged. · next—Sequence number for next sending. · max—Maximum sequence number for sending. · wnd—Sequence number of the packet at the sending window. |
Irs/undeliver/next/adv/wnd |
· Irs—Peer initial sequence number. · undeliver—Sequence number of the packet that has not been reported. · next—Sequence number for next sending. · adv—Size of the receiving buffer. · wnd—Sequence number of the packet at the notification receiving window. |
Total Recv/Send Count |
Total number of received/sent packets through the LIPC connection between TCP NSR main and standby connections. |
EnableMsg Recv/Send Count |
Number of received/sent EnableMsg messages through the LIPC connection between TCP NSR main and standby connections. |
DisableMsg Recv/Send Count |
Number of received/sent DisableMsg messages through the LIPC connection between TCP NSR main and standby connections. |
SlotchangeMsg Recv/Send Count |
Number of received/sent SlotchangeMsg messages through the LIPC connection between TCP NSR main and standby connections. |
ReadyMsg Recv/Send Count |
Number of received/sent ReadyMsg messages through the LIPC connection between TCP NSR main and standby connections. |
PullMsg Recv/Send Count |
Number of received/sent PullMsg messages through the LIPC connection between TCP NSR main and standby connections. |
BriefdataMsg Recv/Send Count |
Number of received/sent BriefdataMsg messages through the LIPC connection between TCP NSR main and standby connections. |
PktMsg Recv/Send Count |
Number of received/sent PktMsg messages through the LIPC connection between TCP NSR main and standby connections. |
CmdMsg Recv/Send Count |
Number of received/sent CmdMsg messages through the LIPC connection between TCP NSR main and standby connections. |
history Recv/history Send |
Number of received/sent history messages through the LIPC connection between TCP NSR main and standby connections. |
Recent Recv/Send Seq |
Sequence number of the message received/sent most recently between TCP NSR main and standby connections. |
Recent Recv/Send Time |
Absolute time of the most recent message receiving/sending between TCP NSR main and standby connections. |
rcvsb_timeo/sndsb_timeo/pd_type/pd_len |
· rcvsb_timeo—Socket receiving buffer timeout. · sndsb_timeo—Socket sending buffer timeout in jiffies. · pd_type—Socket private data type. · pd_len—Socket private data length in bytes. |
so_linger |
Socket linger value. |
ka_idle/ka_interval/ka_cout |
· ka_idle—Socket keepalive idle timeout. · ka_interval—Socket keepalive interval. · ka_cout—Socket keepalive count. |
so_accept_filter_str |
Name of the socket packet receiving filter. |
Md5 Password |
TCP MD5 password. |
Tcp Key Chain |
TCP keychain name. |
Out Interface/NextHop/Local Address |
· Out Interface—Outgoing interface. · NextHop. · Local Address. |
Filter Offset/Length/Value/Mask |
Pcb filter offset, length, value, and mask. |
Ip Tos/McastTTL/McastLoop/Mcast Interface Index: |
· Ip Tos—IP TOS value. · McastTTL—Multicast TTL. · McastLoop—Multicast loop. · Mcast Interface Index—Multicast interface index. |
Acl Index/MacIndex |
· Acl Index—ACL filtering parameters. · MacIndex—Layer 2 ACL parameters. |
Mpls Flag/Label |
MPLS flag and MPLS label. |
Send Mac |
Peer MAC address specified for packet sending of upper-layer applications. |
Bier TTL/Entropy/TunnelID |
· Bier TTL. · Entropy—BIER grouping flag. · TunnelID—BIER tunnel ID. |
Ip Option Hdr |
IP options required in a TCP packet. |
display ipv6 udp
Use display ipv6 udp to display brief information about IPv6 UDP connections.
Syntax
display ipv6 udp [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays brief information about IPv6 UDP connections for all member devices.
Examples
# Displays brief information about IPv6 UDP connections.
<Sysname> display ipv6 udp
LAddr->port FAddr->port Slot Cpu PCB
2001:2002:2003:2 3001:3002:3003:3 1 0 0x000000000000c387
004:2005:2006:20 004:3005:3006:30
07:2008->1200 07:3008->1200
2001::1->23 2001::5->1284 2 0 0x0000000000000008
2003::1->25 2001::2->1283 3 0 0x0000000000000009
Table 24 Command output
Field |
Description |
LAddr->port |
Local IPv6 address and port number. |
FAddr->port |
Peer IPv6 address and port number. |
PCB |
PCB index. |
display ipv6 udp verbose
Use display ipv6 udp verbose to display detailed information about IPv6 UDP connections.
Syntax
display ipv6 udp verbose [ slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays detailed information about IPv6 UDP connections for all member devices.
pcb pcb-index: Displays detailed information about IPv6 UDP connections of the specified PCB. The value range for the pcb-index argument is 1 to FFFFFFFFFFFFFFFF.
Examples
# Display detailed information about an IPv6 UDP connection.
<Sysname> display ipv6 udp verbose
Total UDP socket number: 1
Connection info: src = ::->69, dst = ::->0
Location: slot: 6 cpu: 0
Creator: sock_test_mips[250]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/drop/state): 0 / 41600 / 1 / 0 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
Type: 2
Protocol: 17
Inpcb flags: N/A
Inpcb extflag: N/A
Inpcb vflag: INP_IPV6
Hop limit: 255 (minimum hop limit: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 25 Command output
Field |
Description |
Total UDP socket number |
Total number of IPv6 UDP sockets. |
Connection info |
Connection information, including source IPv6 address, source port number, destination IPv6 address, and destination port number. |
Location |
Socket location. |
Creator |
Task name of the socket. The progress number is in the square brackets. |
State |
Socket state: · NOFDREF—The user has closed the connection. · ISCONNECTED—The connection has been established. · ISCONNECTING—The connection is being established. · ISDISCONNECTING—The connection is being interrupted. · ASYNC—Asynchronous mode. · ISDISCONNECTED—The connection has been terminated. · ISSMOOTHING—Cross-card data smoothing is in progress. · CANBIND—The socket supports the bind operation. · PROTOREF—Indicates strong protocol reference. · ISPCBSYNCING—Cross-card PCB synchronization is in progress. · N/A—None of above state. |
Options |
Socket options: · SO_DEBUG—Records socket debugging information. · SO_ACCEPTCONN—Enables the server to listen connection requests. · SO_REUSEADDR—Allows the local address reuse. · SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive. · SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network. · SO_BROADCAST—Supports broadcast packets. · SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer. · SO_OOBINLINE—Stores the out-o-band data in the input queue. · SO_REUSEPORT—Allows the local port reuse. · SO_TIMESTAMP—Records the timestamps of the input packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated. · SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs. · SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds. · SO_KEEPALIVETIME—Sets a keepalive time. This option is supported in TCP. · SO_FILTER—Supports setting the packet filter criterion. This option is available for OSI Socket and RawIP. · SO_USCBINDEX—Obtains the user profile index from the received packets. · SO_SEQPACKET—Preserves the boundaries of packets sent to the socket buffer. · SO_FILLTWAMPTIME—Sets the timestamp for TWAMP. · SO_LOCAL—Local socket option. · SO_DONTDELIVER—Do not deliver the data to the application. · SO_UCM—Sets the IPoE enabling status. · SO_RAWSLOT—Raw slot. · SO_LEASEDUSERID—Obtains a usable lease. · N/A—No options are set. |
Error |
Error code. |
Receiving buffer(cc/hiwat/lowat/drop/state) |
Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · drop—Number of dropped packets. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Sending buffer(cc/hiwat/lowat/state) |
Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Type |
Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types. |
Protocol |
Number of the protocol using the socket. 17 represents UDP. |
Inpcb flags |
Flags in the Internet PCB: · INP_RECVOPTS—Receives IPv6 options. · INP_RECVRETOPTS—Receives replied IPv6 options. · INP_RECVDSTADDR—Receives destination IPv6 address. · INP_HDRINCL—Provides the entire IPv6 header. · INP_REUSEADDR—Reuses the IPv6 address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack. · IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet. · IN6P_HOPLIMIT—Receives the hop limit. · IN6P_HOPOPTS—Receives the hop-by-hop options extension header. · IN6P_DSTOPTS—Receives the destination options extension header. · IN6P_RTHDR—Receives the routing extension header. · IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header. · IN6P_TCLASS—Receives the traffic class of the packet. · IN6P_AUTOFLOWLABEL—Attaches a flow label automatically. · IN6P_RFC2292—Uses the API specified in RFC 2292. · IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SYNCPCB—Waits until Internet PCB is synchronized. · INP_LOCAL—Preferentially matches the INPCB with this flag on the same card. · N/A—None of the above flags. |
Inpcb extflag |
Extension flags in the Internet PCB: · INP_EXTRCVPVCIDX—Records the PVC index of the received packet. · INP_RCVPWID—Records the PW ID of the received packet. · INP_EXTDONTDROP—Do not drop the received packet. · INP_EXLISTEN—Adds the INPCB carrying this flag to the listen hash table. · INP_EXTFILTER—Filters the contents in the received packets. · INP_SELECTMATCHSRCBYFIB—Uses the FIB table to select a matching source. · INP_EXTRCVICMPERR—Receives an ICMP error packet. · INP_EXTPRIVATESOCKET—Associates the INPCB with the NSR private socket. · INP_EXTNOCACHEPKT—Do not cache packets. · INP_EXTRCVVLANDOT1P—Obtains the Dot1p value of the VLAN tag in the received packet. · INP_EXTSNDDATAIF—Sets the output interface of data. · INP_EXTFREEBIND—The socket is not bound to an address or port. · INP_EXTRCVUPID—Obtains the UP ID from the received packet in the UCM control-/user-plane separated (CUPS) network. · INP_EXTINNERPROXY—Receives packets forwarded by the proxy. · INP_EXLISTENNET—Sets this flag when the connection information is added to the network segment linked list. · N/A—None of the above flags. |
Inpcb vflag |
IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_IPV6—IPv6 protocol. · INP_IPV6PROTO—Creates an Internet PCB based on IPv6 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags. |
Hop limit |
Hop limit in the Internet PCB. |
Send VRF |
VRF from which packets are sent. |
Receive VRF |
VRF from which packets are received. |
ipv6 address
Use ipv6 address to configure an IPv6 global unicast address for an interface.
Use undo ipv6 address to delete an IPv6 global unicast address of the interface.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]
Default
No IPv6 global unicast address is configured for an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies a prefix length in the range of 1 to 128.
Usage guidelines
Like public IPv4 addresses, IPv6 global unicast addresses are assigned to ISPs. This type of address allows for prefix aggregation to reduce the number of global routing entries.
If you do not specify any parameters, the undo ipv6 address command deletes all IPv6 addresses of an interface.
Examples
# Set the IPv6 global unicast address of VLAN-interface 100 to 2001::1 with prefix length 64.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1/64
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1 64
ipv6 address anycast
Use ipv6 address anycast to configure an IPv6 anycast address for an interface.
Use undo ipv6 address anycast to delete the IPv6 anycast address of the interface.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast
undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } anycast
Default
No IPv6 anycast address is configured for an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 anycast address.
prefix-length: Specifies a prefix length in the range of 1 to 128.
Examples
# Set the IPv6 anycast address of VLAN-interface 100 to 2001::1 with prefix length 64.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1/64 anycast
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1 64 anycast
ipv6 address auto
Use ipv6 address auto to enable the stateless address autoconfiguration feature on an interface, so that the interface can automatically generate a global unicast address.
Use undo ipv6 address auto to disable this feature.
Syntax
ipv6 address auto
undo ipv6 address auto
Default
The stateless address autoconfiguration feature is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
After a global unicast address is generated through stateless autoconfiguration, a link-local address is generated automatically.
To delete the global unicast address and the link-local address that are automatically generated, use either of the following commands:
· undo ipv6 address auto
· undo ipv6 address
An interface ID is used for generating the global unicast address and the link-local address for an interface. On an IEEE 802 interface (such as an Ethernet interface or a VLAN interface), the interface ID is derived from the MAC address of the interface. If the MAC address changes, the interface ID, global unicast address, and link-local address will also change. This will cause the entry table to rebuild for some protocols, such as MLD, IPv6 PIM, and OSPFv3. If you do not want this situation to occur, use other IPv6 address configuration methods that do not use MAC addresses, for example, manually specify an IPv6 address.
Examples
# Enable stateless address autoconfiguration on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address auto
ipv6 address auto link-local
Use ipv6 address auto link-local to automatically generate a link-local address for an interface.
Use undo ipv6 address auto link-local to restore the default.
Syntax
ipv6 address auto link-local
undo ipv6 address auto link-local
Default
No link-local address is configured on an interface. A link-local address is automatically generated after an IPv6 global unicast address is configured for the interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Link-local addresses are used for neighbor discovery and stateless autoconfiguration on the local link. Packets using link-local addresses as the source or destination addresses cannot be forwarded to other links.
After an IPv6 global unicast address is configured for an interface, a link-local address is automatically generated. This link-local address is the same as the one generated by using the ipv6 address auto link-local command.
The undo ipv6 address auto link-local command deletes only the link-local addresses generated through the ipv6 address auto link-local command. If the undo command is executed on an interface with an IPv6 global unicast address configured, the interface still has a link-local address.
You can also manually assign an IPv6 link-local address for an interface by using the ipv6 address link-local command. Manual assignment takes precedence over automatic generation for IPv6 link-local addresses.
· If you first use automatic generation and then manual assignment, the manually assigned link-local address overwrites the automatically generated address.
· If you first use manual assignment and then automatic generation, both of the following occur:
¡ The automatically generated link-local address does not take effect.
¡ The link-local address of an interface is still the manually assigned address.
If you delete the manually assigned address, the automatically generated link-local address takes effect.
An interface ID is used for generating the global unicast address and the link-local address for an interface. On an IEEE 802 interface (such as an Ethernet interface or a VLAN interface), the interface ID is derived from the MAC address of the interface. If the MAC address changes, the interface ID, global unicast address, and link-local address will also change. This will cause the entry table to rebuild for some protocols, such as MLD, IPv6 PIM, and OSPFv3. If you do not want this situation to occur, use other IPv6 address configuration methods that do not use MAC addresses, for example, manually specify an IPv6 address.
Examples
# Configure VLAN-interface 100 to automatically generate a link-local address.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address auto link-local
Related commands
ipv6 address link-local
ipv6 address duplicate-detect enable
Use ipv6 address duplicate-detect enable to enable duplicate detection for duplicate addresses.
Use undo ipv6 address duplicate-detect enable to disable duplicate detection for duplicate addresses.
Syntax
ipv6 address duplicate-detect enable
undo ipv6 address duplicate-detect enable
Default
Duplicate detection for duplicate addresses is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If the device detects that an IPv6 address on an interface has been used on the network, the device marks that IPv6 address as duplicate. The interface cannot use the address for communication.
By default, an interface does not perform duplicate detection for duplicate addresses. Once an IPv6 address is marked as duplicate on an interface, it will be unusable even after it becomes unique on the link later.
To resolve this issue, enable duplicate detection for duplicate addresses. This feature sends NS messages to the duplicate address at random intervals until it does not receive an NA response message from that address or until duplicate detection is disabled for duplicate addresses.
You can set the maximum duplicate detection interval for duplicate addresses by using the ipv6 address duplicate-detect interval command. For more information about duplicate address detection, see IPv6 basics configuration in Layer 3—IP Services Configuration Guide.
Examples
# Enable duplicate detection for duplicate addresses.
<Sysname> system-view
[Sysname] ipv6 address duplicate-detect enable
Related commands
ipv6 address duplicate-detect interval
ipv6 address duplicate-detect interval
Use ipv6 address duplicate-detect interval to set the maximum duplicate detection interval for duplicate addresses.
Use undo ipv6 address duplicate-detect interval to restore the default.
Syntax
ipv6 address duplicate-detect interval interval
undo ipv6 address duplicate-detect interval
Default
The maximum duplicate detection interval for duplicate addresses is 5 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Sets the maximum duplicate detection interval for duplicate addresses in seconds. The value range for this argument is 1 to 60.
Usage guidelines
After the device marks a detected address as duplicate, it waits for a random amount of time between 1 and the maximum detection interval. Then, the device resends an NS message to the solicited-node multicast address of the duplicate address. This mechanism helps reduce the risk of congestion that results from the NS messages sent for duplicate detection. For more information about duplicate address detection, see IPv6 basics configuration in Layer 3—IP Services Configuration Guide.
Examples
# Set the maximum duplicate detection interval to 10 seconds for duplicate addresses.
<Sysname> system-view
[Sysname] ipv6 address duplicate-detect interval 10
Related commands
ipv6 address duplicate-detect enable
ipv6 address eui-64
Use ipv6 address eui-64 to configure an EUI-64 IPv6 address for an interface.
Use undo ipv6 address eui-64 to delete an EUI-64 IPv6 address from an interface.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64
undo ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } eui-64
Default
No EUI-64 IPv6 address is configured for an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address prefix-length: Specifies an IPv6 address and IPv6 prefix length. The ipv6-address and prefix-length arguments jointly specify the prefix of an EUI-64 IPv6 address. The value range for the prefix-length argument is 1 to 64. The IPv6 address and IPv6 prefix length support the following formats:
· ipv6-address/prefix-length. For example: 2001::1/64.
· ipv6-address prefix-length. For example: 2001::1 64.
Usage guidelines
An EUI-64 IPv6 address is generated based on the specified prefix and the automatically generated interface ID. To display the EUI-64 IPv6 address, use the display ipv6 interface command. The interface ID is derived from the MAC address of the interface. If the MAC address changes, the interface ID, global unicast address, and link-local address will also change. This will cause the entry table to rebuild for some protocols, such as MLD, IPv6 PIM, and OSPFv3. If you do not want this situation to occur, use other IPv6 address configuration methods that do not use MAC addresses, for example, manually specify an IPv6 address.
The prefix length of an EUI-64 IPv6 address cannot be greater than 64.
Examples
# Configure an EUI-64 IPv6 address for VLAN-interface 100. The prefix of the address is the same as that of 2001::1/64, and the interface ID is generated based on the MAC address of the device.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1/64 eui-64
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2001::1 64 eui-64
Related commands
display ipv6 interface
ipv6 address link-local
Use ipv6 address link-local to configure a link-local address for the interface.
Use undo ipv6 address link-local to restore the default.
Syntax
ipv6 address { ipv6-address [ prefix-length ] | ipv6-address/prefix-length } link-local
undo ipv6 address { ipv6-address [ prefix-length ] | ipv6-address/prefix-length } link-local
Default
No link-local address is configured for the interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 link-local address. The first 10 bits of an address must be 1111111010 (binary). The first group of hexadecimals in the address must be FE80 to FEBF.
prefix-length: Specifies an IPv6 prefix length, in the range of 1 to 128.
Usage guidelines
Manual assignment takes precedence over automatic generation.
If you use automatic generation, and then use manual assignment, the manually assigned link-local address overwrites the one that is automatically generated.
If you use manual assignment and then use automatic generation, both of the following occur:
· The automatically generated link-local address does not take effect.
· The manually assigned link-local address of an interface remains.
After you delete the manually assigned address, the automatically generated link-local address takes effect. For automatic generation of an IPv6 link-local address, see the ipv6 address auto link-local command.
When you configure a link-local address, make sure the prefix length is equal to or greater than 10. Otherwise, the configuration fails.
Examples
# Configure a link-local address for VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address fe80::1 link-local
# Configure a link-local address for VLAN-interface 100 and set the prefix length to 64.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address fe80::1 64 link-local
Related commands
ipv6 address auto link-local
ipv6 address prefix-number
Use ipv6 address prefix-number to specify an IPv6 prefix for an interface to automatically generate an IPv6 global unicast address and advertise the prefix.
Use undo ipv6 address prefix-number to restore the default.
Syntax
ipv6 address prefix-number sub-prefix/prefix-length
undo ipv6 address prefix-number
Default
No IPv6 prefix is specified for IPv6 address autoconfiguration.
Views
Interface view
Predefined user roles
network-admin
Parameters
prefix-number: Specifies an IPv6 prefix by its ID in the range of 1 to 1024. The specified IPv6 prefix can be manually configured or obtained through DHCPv6.
sub-prefix: Specifies the sub-prefix bit and host bit for the IPv6 global unicast address.
prefix-length: Specifies the sub-prefix length in the range of 1 to 128.
Usage guidelines
This command enables an interface to automatically generate an IPv6 global unicast address based on the specified IPv6 prefix, sub-prefix bit, and host bit.
An interface can generate only one IPv6 global unicast address based on the prefix specified by using the ipv6 address command. To configure the interface to generate a new IPv6 address, execute the undo ipv6 address command to delete the configuration, and then execute the ipv6 address command.
Examples
# Configure a static IPv6 prefix AAAA::/16 and assign ID 1 to the prefix. Configure VLAN-interface 100 to use this prefix to generate the IPv6 address AAAA:CCCC:DDDD::10/32 and advertise this prefix.
<Sysname> system-view
[Sysname] ipv6 prefix 1 AAAA::/16
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 1 BBBB:CCCC:DDDD::10/32
# Configure VLAN-interface 10 to obtain an IPv6 prefix through DHCPv6 and assign ID 2 to the obtained prefix. Configure VLAN-interface 100 to use the obtained prefix to generate the IPv6 address AAAA:CCCC:DDDD::10/32 and advertise the prefix.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 dhcp client pd 2 rapid-commit option-group 1
[Sysname-Vlan-interface10] quit
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 address 2 BBBB:CCCC:DDDD::10/32
Related commands
ipv6 prefix
ipv6 dhcp client pd
ipv6 hop-limit
Use ipv6 hop-limit to set the Hop Limit field in the IPv6 header.
Use undo ipv6 hop-limit to restore the default.
Syntax
ipv6 hop-limit value
undo ipv6 hop-limit
Default
The hop limit is 64.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies the number of hops, in the range of 1 to 255.
Usage guidelines
The hop limit determines the number of hops that an IPv6 packet generated by the device can travel.
The device advertises the hop limit in RA messages. All RA message receivers use the advertised value to fill in the Hop Limit field for IPv6 packets to be sent. To disable the device from advertising the hop limit, use the ipv6 nd ra hop-limit unspecified command.
Examples
# Set the maximum number of hops to 100.
<Sysname> system-view
[Sysname] ipv6 hop-limit 100
Related commands
ipv6 nd ra hop-limit unspecified
ipv6 hoplimit-expires enable
Use ipv6 hoplimit-expires enable to enable sending ICMPv6 time exceeded messages.
Use undo ipv6 hoplimit-expires to disable sending ICMPv6 time exceeded messages.
Syntax
ipv6 hoplimit-expires enable
undo ipv6 hoplimit-expires enable
Default
The device sends ICMPv6 time exceeded messages.
Views
System view
Predefined user roles
network-admin
Usage guidelines
ICMPv6 time exceeded messages are sent to the source of IPv6 packets after the device discards IPv6 packets because hop or reassembly times out.
To prevent too many ICMPv6 error messages from affecting device performance, disable this feature. Even with the feature disabled, the device still sends fragment reassembly time exceeded messages.
Examples
# Disable sending ICMPv6 time exceeded messages.
<Sysname> system-view
[Sysname] undo ipv6 hoplimit-expires enable
ipv6 icmpv6 error-interval
Use ipv6 icmpv6 error-interval to set the bucket size and the interval for tokens to arrive in the bucket for ICMPv6 error messages.
Use undo ipv6 icmpv6 error-interval to restore the default.
Syntax
ipv6 icmpv6 error-interval interval [ bucketsize ]
undo ipv6 icmpv6 error-interval
Default
The bucket allows a maximum of 10 tokens, and a token is placed in the bucket every 100 milliseconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval for tokens to arrive in the bucket. The value range is 0 to 2147483647 milliseconds. To disable the ICMPv6 rate limit, set the value to 0.
bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to 200.
Usage guidelines
This command limits the rate at which ICMPv6 error messages are sent. Use this command to prevent network congestion caused by excessive ICMPv6 error messages generated within a short period. A token bucket algorithm is used with one token representing one ICMPv6 error message.
A token is placed in the bucket at intervals until the maximum number of tokens that the bucket can hold is reached.
A token is removed from the bucket when an ICMPv6 error message is sent. When the bucket is empty, ICMPv6 error messages are not sent until a new token is placed in the bucket.
Examples
# Set the bucket size to 40 tokens and the interval for tokens to arrive in the bucket to 200 milliseconds for ICMPv6 error messages.
<Sysname> system-view
[Sysname] ipv6 icmpv6 error-interval 200 40
ipv6 icmpv6 multicast-echo-reply enable
Use ipv6 icmpv6 multicast-echo-reply enable to enable replying to multicast echo requests.
Use undo ipv6 icmpv6 multicast-echo-reply to restore the default.
Syntax
ipv6 icmpv6 multicast-echo-reply enable
undo ipv6 icmpv6 multicast-echo-reply enable
Default
The device is disabled from replying to multicast echo requests.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If a host is configured to reply to multicast echo requests, an attacker can use this mechanism to attack the host. For example, the attacker can send an echo request to a multicast address with Host A as the source. All hosts in the multicast group will send echo replies to Host A.
To prevent attacks, do not enable the device to reply to multicast echo requests unless necessary.
Examples
# Enable replying to multicast echo requests.
<Sysname> system-view
[Sysname] ipv6 icmpv6 multicast-echo-reply enable
ipv6 icmpv6 reply source
Use ipv6 icmpv6 reply source to specify a source IPv6 address for outgoing ICMPv6 replies.
Use undo ipv6 icmpv6 reply source to restore the default.
Syntax
ipv6 icmpv6 reply source [ vpn-instance vpn-instance-name ] { address ipv6-address | interface interface-type [ interface-number ] }
undo ipv6 icmpv6 reply source [ vpn-instance vpn-instance-name ]
Default
No source IPv6 address is specified for outgoing ICMPv6 replies.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the specified address belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. The specified VPN instance must already exist.
ipv6-address: Specifies an IPv6 address.
interface interface-type [ interface-number ]: Specifies an interface. The device uses the IPv6 address of this interface as the source IPv6 address for outgoing ICMPv6 replies.
Examples
# Specify 1::1 as the source IPv6 address for outgoing ICMPv6 replies.
<Sysname> system-view
[Sysname] ipv6 icmpv6 reply source address 1::1
Related commands
ipv6 icmpv6 source
ipv6 icmpv6 send enable
Use ipv6 icmpv6 send enable to enable the device to send a specific type of ICMPv6 messages.
Use undo ipv6 icmpv6 send enable to disable the device from sending a specific type of ICMPv6 messages.
Syntax
ipv6 icmpv6 { name name | type type code code } send enable
undo ipv6 icmpv6 { name name | type type code code } send enable
Default
The device can send all types of ICMPv6 messages except Destination Unreachable and Redirect messages.
Views
System view
Predefined user roles
network-admin
Parameters
name name: Specifies an ICMPv6 message name.
type type: Specifies an ICMPv6 message type. The value range for the type argument is 0 to 255.
code code: Specifies an ICMPv6 message code. The value range for the code argument is 0 to 255.
Usage guidelines
CAUTION: Disabling sending ICMPv6 messages of a specific type might affect network operation. Please use this feature with caution. |
By default, the device sends all types of ICMPv6 messages except Destination Unreachable and Redirect messages. Attackers might obtain device information from specific types of ICMPv6 messages, causing security issues.
For security purposes, you can use this command to disable the device from sending specific types of ICMPv6 messages.
To enable sending Destination Unreachable, Time Exceeded, or Redirect messages, you can perform one of the following tasks:
· Execute the ipv6 icmpv6 send enable command.
· Execute one of the following commands as needed:
¡ ipv6 unreachables enable
¡ ipv6 hoplimit-expires enable
¡ ipv6 redirects enable
Table 26 shows common ICMPv6 messages and their meanings.
Table 26 Common ICMPv6 messages
Name |
Type |
Code |
Description |
echo |
128 |
0 |
Echo request used to ping a target node. |
echo-reply |
129 |
0 |
Echo reply sent by a target node after receiving an echo request. |
err-header-field |
4 |
0 |
Erroneous header field was found. |
frag-time-exceeded |
3 |
1 |
Fragment reassembly timed out. |
hop-limit-exceeded |
3 |
0 |
Hop limit decreased to 0 in transit. |
host-admin-prohib |
1 |
1 |
Communication with the target host was prohibited by the admin policy. |
host-unreachable |
1 |
3 |
The target host address was unreachable. |
neighbor-advertisement |
136 |
0 |
Neighbor advertisement for IPv6 neighbor discovery. |
neighbor-solicitation |
135 |
0 |
Neighbor solicitation for IPv6 neighbor discovery. |
network-unreachable |
1 |
0 |
No route to destination exists. |
packet-too-big |
2 |
0 |
Packet forwarding failed because the packet length was longer than the MTU. |
port-unreachable |
1 |
4 |
The target port was unreachable. |
redirect |
137 |
0 |
Route redirection message. |
router-advertisement |
134 |
0 |
IPv6 router advertisement. |
router-solicitation |
133 |
0 |
IPv6 router solicitation. |
unknown-ipv6-opt |
4 |
2 |
Unknown IPv6 option. |
unknown-next-hdr |
4 |
1 |
Unknown IPv6 Next Header field. |
Examples
# Disable the device from sending ICMPv6 echo reply messages.
<Sysname> system-view
[Sysname] undo ipv6 icmpv6 name echo-reply send enable
Related commands
ipv6 hoplimit-expires enable
ipv6 redirects enable
ipv6 unreachables enable
ipv6 icmpv6 source
Use ipv6 icmpv6 source to specify a source IPv6 address for unsolicited ICMPv6 packets.
Use undo ipv6 icmpv6 source to restore the default.
Syntax
ipv6 icmpv6 source [ vpn-instance vpn-instance-name ] ipv6-address
undo ipv6 icmpv6 source [ vpn-instance vpn-instance-name ]
Default
No IPv6 source address is specified for unsolicited ICMPv6 packets.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the specified address belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, the ipv6-address argument specifies an IPv6 address on the public network. The specified VPN instance must already exist.
ipv6-address: Specifies an IPv6 address.
Usage guidelines
For ICMPv6 echo requests, the source IPv6 address specified in the ping ipv6 command has higher priority than the source IPv6 address specified in this command.
Examples
# Specify IPv6 address 1::1 as the source address for unsolicited ICMPv6 packets.
<Sysname> system-view
[Sysname] ipv6 icmpv6 source 1::1
ipv6 mtu
Use ipv6 mtu to set the interface MTU for IPv6 packets.
Use undo ipv6 mtu to restore the default.
Syntax
ipv6 mtu size
undo ipv6 mtu
Default
The interface MTU is not configured.
Views
Interface view
Predefined user roles
network-admin
Parameters
size: Specifies the MTU size in bytes. The value range for this argument varies by interface type as follows:
· For VLAN interfaces, VSI interfaces, Layer 3 Ethernet interfaces, Layer 3 Ethernet subinterfaces, Layer 3 aggregate interfaces, and Layer 3 aggregate subinterfaces, the value range is 1280 to 9198.
· For tunnel interfaces, the value range is 1280 to 64000.
· For network management interfaces, the value range is 1280 to 1500.
Usage guidelines
If the size of a packet exceeds the MTU of the sending interface, the device discards the packet. If the device is an intermediate device, it also sends the source host an ICMPv6 Packet Too Big message with the MTU of the sending interface. The source host fragments the packets according to the MTU. To avoid this situation, set a proper interface MTU.
Examples
# Set the interface MTU for IPv6 packets to 1280 bytes on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 mtu 1280
# Set the interface MTU for IPv6 packets to 1280 bytes on VSI-interface 10.
<Sysname> system-view
[Sysname] interface vsi-interface 10
[Sysname-Vsi-interface10] ipv6 mtu 1280
ipv6 nd autoconfig managed-address-flag
Use ipv6 nd autoconfig managed-address-flag to set the managed address configuration flag (M) to 1 in RA advertisements to be sent.
Use undo ipv6 nd autoconfig managed-address-flag to restore the default.
Syntax
ipv6 nd autoconfig managed-address-flag
undo ipv6 nd autoconfig managed-address-flag
Default
The M flag is set to 0 in RA advertisements. Hosts receiving the advertisements will obtain IPv6 addresses through stateless autoconfiguration.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The M flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain IPv6 addresses.
· If the M flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from an DHCPv6 server) to obtain IPv6 addresses.
· If the M flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration. Stateless autoconfiguration generates IPv6 addresses according to link-layer addresses and the prefix information in the RA advertisements.
Examples
# Set the M flag to 1 in RA advertisements to be sent.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
Use ipv6 nd autoconfig other-flag to set the other stateful configuration flag (O) to 1 in RA advertisements to be sent.
Use undo ipv6 nd autoconfig other-flag to restore the default.
Syntax
ipv6 nd autoconfig other-flag
undo ipv6 nd autoconfig other-flag
Default
The O flag is set to 0 in RA advertisements. Hosts receiving the advertisements will acquire other information through stateless autoconfiguration.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The O flag in RA advertisements determines whether receiving hosts use stateful autoconfiguration to obtain configuration information other than IPv6 addresses.
· If the O flag is set to 1 in RA advertisements, receiving hosts use stateful autoconfiguration (for example, from a DHCPv6 server) to obtain configuration information other than IPv6 addresses.
· If the O flag is set to 0 in RA advertisements, receiving hosts use stateless autoconfiguration to obtain configuration information other than IPv6 addresses.
Examples
# Set the O flag to 0 in RA advertisements to be sent.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] undo ipv6 nd autoconfig other-flag
ipv6 nd dad attempts
Use ipv6 nd dad attempts to set the number of attempts to send an NS message for DAD.
Use undo ipv6 nd dad attempts to restore the default.
Syntax
ipv6 nd dad attempts times
undo ipv6 nd dad attempts
Default
The number of attempts to send an NS message for DAD is 1.
Views
Interface view
Predefined user roles
network-admin
Parameters
times: Specifies the number of attempts to send an NS message for DAD, in the range of 0 to 600. If it is set to 0, DAD is disabled.
Usage guidelines
An interface sends an NS message for DAD after obtaining an IPv6 address.
If the interface does not receive a response within the time specified by using ipv6 nd ns retrans-timer, it resends an NS message.
If the interface receives no response after making the maximum sending attempts (set by using ipv6 nd dad attempts), the interface uses the obtained address.
Examples
# Set the number of attempts to send an NS message for DAD to 20.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd dad attempts 20
Related commands
display ipv6 interface
ipv6 nd ns retrans-timer
ipv6 nd entry-limit record enable
Use ipv6 nd entry-limit record enable to enable recording ND entry learning events.
Use undo ipv6 nd entry-limit record enable to disable recording ND entry learning events.
Syntax
ipv6 nd entry-limit record enable
undo ipv6 nd entry-limit record enable
Default
The ND module does not record ND entry learning events.
Views
System view
Predefined user roles
network-admin
Usage guidelines
An ND entry learning event occurs when the number of ND entries that an IRF member device or an interface has learnt exceeds the threshold or drops below the threshold.
After you enable this feature, the ND module logs ND entry learning events and sends them to the information center. For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the log destination and output rule configuration in the information center, see information center configuration in Network Management and Monitoring Configuration Guide.
Examples
# Enable recording ND entry learning events.
<Sysname> system-view
[Sysname] ipv6 nd entry-limit record enable
Related commands
ipv6 neighbors max-learning-num
ipv6 neighbors max-learning-number
ipv6 nd fib-miss drop
Use ipv6 nd fib-miss drop to disable the device from sending NS messages for ND entry learning when IPv6 data packets trigger ND resolution.
Use undo ipv6 nd fib-miss drop to restore the default.
Syntax
ipv6 nd fib-miss drop
undo ipv6 nd fib-miss drop
Default
The device sends NS messages for ND entry learning when IPv6 data packets trigger ND resolution.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregation interface view
Layer 3 aggregation subinterface view
VSI interface view
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
By default, when the device receives a data packet not destined for it and cannot find a match for the next hop in the ND table, it performs the following tasks:
1. Multicasts an NS message to obtain the MAC address of the next hop.
2. Generates an ND entry based on the obtained MAC address.
A large number of NS messages consume too many network resources, affecting normal service operation. To resolve the issue, use this command to disable the device from sending NS messages for ND entry learning when IPv6 data packets trigger ND resolution. This suppresses ND flooding by reducing ND packets on the network.
Operating mechanism
After you configure this feature on an interface of the device, the device does not multicast an NS message for ND entry learning if one of the following conditions exists:
· The interface receives a data packet not destined for the device and the next hop for the data packet does not match any ND entry.
· ND resolution is triggered when the interface actively sends a data packet.
Restrictions and guidelines
As a best practice, configure this feature only when the network is under ND flood attacks.
Examples
# Enable VLAN-interface 100 to disable the device from sending NS messages for ND entry learning when IPv6 data packets trigger ND resolution.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd fib-miss drop
ipv6 nd hardware log enable
Use ipv6 nd hardware log enable to enable logging ND entry deployment events.
Use undo ipv6 nd hardware log enable to disable logging ND entry deployment events.
Syntax
ipv6 nd hardware log enable [ count-limit count-limit-value ]
undo ipv6 nd hardware log enable
Default
The device does not log the events that occur during ND entry deployment to hardware.
Views
System view
Predefined user roles
network-admin
Parameters
count-limit count-limit-value: Set the maximum number of log entries that the device can generate per second for ND deployment events. The value range for the count-limit-value argument is 1 to 2000. If you do not specify this option, the device can generate up to 2000 log entries per second for ND deployment events.
Usage guidelines
For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about information center configuration, see information center configuration in Network Management and Monitoring Configuration Guide.
Log generation consumes memory resources. To save device memory, enable this feature only when you need to troubleshoot traffic forwarding issues. If the number of log messages generated by the device per second reaches the limit, the device will not generate any log message for a new ND deployment event.
Examples
# Enable logging the events that occur during ND entry deployment to hardware and set the maximum number of log entries to 100.
<Sysname> system-view
[Sysname] ipv6 nd hardware log enable count-limit 100
ipv6 nd local-proxy dad forward enable
Use ipv6 nd local-proxy dad forward enable to enable Duplicate Address Detection (DAD) message forwarding for a VSI.
Use undo ipv6 nd local-proxy dad forward enable to disable DAD message forwarding for a VSI.
Syntax
ipv6 nd local-proxy dad forward enable
undo ipv6 nd local-proxy dad forward enable
Default
DAD message forwarding is enabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Application scenarios
When an access user in an authentication domain initiates an authentication request, the device looks for an available authentication server. If all authentication servers in that authentication domain are detected unavailable, the device changes to the critical state (also known as the fail-permit state). In this state, the device assigns the access user to the critical domain (also known as the fail-permit domain) so that the user can come online in the critical domain without being authenticated. If the local ND proxy feature is enabled by using the local-proxy-nd enable command, the device discards the DAD NS and NA messages received from the VSI of the critical domain instead of forwarding those messages.
Operating mechanism
With DAD message forwarding enabled, the device forwards the DAD NS and NA messages received from the VSI of the critical domain.
Recommended configuration
Enable this feature only for the VSIs associated with critical domains.
Restrictions and guidelines
If you disable this feature for a VSI, the device directly discards the DAD NS and NA messages received from that VSI.
Examples
# Disable DAD message forwarding for VSI aaa.
<Sysname> system-view
[Sysname] vsi aaa
[Sysname-vsi-aaa] undo ipv6 nd local-proxy dad forward enable
ipv6 nd ns retrans-timer
Use ipv6 nd ns retrans-timer to set the interval for retransmitting an NS message.
Use undo ipv6 nd ns retrans-timer to restore the default.
Syntax
ipv6 nd ns retrans-timer value
undo ipv6 nd ns retrans-timer
Default
The local interface sends NS messages at every an interval of 1000 milliseconds, and the Retrans Timer field in the RA messages sent is 0. The interval for retransmitting an NS message is determined by the receiving device.
Views
Interface view
Predefined user roles
network-admin
Parameters
value: Specifies the interval value in the range of 1000 to 4294967295 milliseconds.
Usage guidelines
If a device does not receive a response from the peer within the specified interval, the device resends an NS message. The device retransmits an NS message at the specified interval and uses the interval value to fill the Retrans Timer field in RA messages to be sent.
Examples
# Specify VLAN-interface 100 to retransmit NS messages every 10000 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ns retrans-timer 10000
Related commands
display ipv6 interface
ipv6 nd nud reachable-time
Use ipv6 nd nud reachable-time to set the neighbor reachable time on an interface.
Use undo ipv6 nd nud reachable-time to restore the default.
Syntax
ipv6 nd nud reachable-time time
undo ipv6 nd nud reachable-time
Default
The neighbor reachable time on the local interface is 1200000 milliseconds, and the value of the Reachable Time field in RA messages is 0. The reachable time is determined by the receiving device.
Views
Interface view
Predefined user roles
network-admin
Parameters
time: Specifies the neighbor reachable time in the range of 1 to 3600000 milliseconds.
Usage guidelines
If the neighbor reachability detection shows that a neighbor is reachable, the device considers the neighbor reachable within the specified reachable time. If the device must send a packet to the neighbor after the specified reachable time expires, the device reconfirms whether the neighbor is reachable. The device sets the specified value as the neighbor reachable time on the local interface and uses the value to fill the Reachable Time field in RA messages to be sent.
Examples
# Set the neighbor reachable time on VLAN-interface 100 to 10000 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd nud reachable-time 10000
Related commands
display ipv6 interface
ipv6 nd online-offline-log enable
Use ipv6 nd online-offline-log enable to enable ND logging for user online and offline events.
Use undo ipv6 nd online-offline-log enable to disable ND logging for user online and offline events.
Syntax
ipv6 nd online-offline-log enable [ rate rate ]
undo ipv6 nd online-offline-log enable
Default
ND logging for user online and offline events is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
rate rate: Specifies the maximum number of logs that can be output per second. The value range is 3 to 500. If you do not specify this option, the maximum log output rate is 100 logs per second.
Usage guidelines
A higher log output rate consumes more CPU resources. Adjust the log output rate based the CPU performance and usage.
Examples
# Enable ND logging for user online and offline events, and set the maximum log output rate to 100 logs per second.
<Sysname> system-view
[Sysname] ipv6 nd online-offline-log enable rate 100
Related commands
ipv6 neighbor
ipv6 nd ra boot-file-url
Use ipv6 nd ra boot-file-url to specify the URL of the boot file in RA messages.
Use undo ipv6 nd ra boot-file-url to restore the default.
Syntax
ipv6 nd ra boot-file-url url-string
undo ipv6 nd ra boot-file-url
Default
RA messages do not contain the URL of the boot file.
Views
Interface view
Predefined user roles
network-admin
Parameters
url-string: Specifies the URL address of the boot file, a case-sensitive string of 1 to 127 characters. The URL address must be started with http://, https://. ftp://, or tftp://.
Usage guidelines
On some networks, a device follows the steps to implement automatic configuration:
1. Obtains an IPv6 address through ND or DHCPv6.
2. Obtains the URL address for downloading the boot file from the DHCPv6 server.
3. Downloads the boot file from the FTP server and installs it.
With the boot file URL specified in RA messages, the device can use the ND protocol to obtain both the IPv6 address and the boot file URL for automatic configuration. DHCPv6 is not required in the network, simplifying the network deployment.
Examples
# Specify the boot file URL address as tftp://169.254.0.1/file/softimg.iso in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra boot-file-url tftp://169.254.0.1/file/softimg.iso
ipv6 nd ra dns search-list
Use ipv6 nd ra dns search-list to specify DNS suffix information to be advertised in RA messages.
Use undo ipv6 nd ra dns search-list to remove a DNS suffix from RA message advertisement.
Syntax
ipv6 nd ra dns search-list domain-name [ seconds | infinite ] sequence seqno
undo ipv6 nd ra dns search-list domain-name
Default
DNS suffix information is not specified and RA messages do not contain DNS suffix options.
Views
Interface view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a DNS suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.), for example, aabbcc.com. The DNS suffix can include a maximum of 253 characters, and each separated string includes no more than 63 characters.
seconds: Specifies the lifetime of the DNS suffix, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS suffix is infinite.
infinite: Sets the lifetime of the DNS suffix to infinite.
seqno: Specifies the sequence number of the DNS suffix, in the range of 0 to 4294967295. The sequence number for a DNS suffix must be unique. A smaller sequence number represents a higher priority.
Usage guidelines
The DNS search list (DNSSL) option in RA messages provides DNS suffix information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS suffix through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.
The default lifetime of the DNS suffix is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.
You can configure a maximum of eight DNS suffixes on an interface. One DNSSL option contains one DNS suffix. All DNSSL options are sorted in ascending order of the sequence number of the DNS suffix.
The sequence number uniquely identifies a DNS suffix. To modify a DNS suffix or its sequence number, you must first use the undo ipv6 nd ra dns search-list command to remove the DNS suffix from RA message advertisement.
After you execute the ipv6 nd ra dns search-list command, the device immediately sends an RA message with the existing and newly specified DNS suffix information.
After you execute the undo ipv6 nd ra dns search-list command, the device immediately sends two RA messages.
· The first RA message contains information about all DNS suffixes, including DNS suffixes specified in the undo command with their lifetime set to 0 seconds.
· The second RA message contains information about remaining DNS suffixes.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Specify the DNS suffix as com, the suffix lifetime as infinite, and the sequence number as 1 for RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns search-list com infinite sequence 1
Related commands
ipv6 nd ra dns search-list suppress
ipv6 nd ra interval
ipv6 nd ra dns search-list suppress
Use ipv6 nd ra dns search-list suppress to enable DNS suffix suppression in RA messages.
Use undo ipv6 nd ra dns search-list suppress to disable DNS suffix suppression in RA messages.
Syntax
ipv6 nd ra dns search-list suppress
undo ipv6 nd ra dns search-list suppress
Default
DNS suffix suppression in RA messages is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command suppresses advertising DNS suffixes in RA messages on an interface. If you specify a new DNS suffix or remove a DNS suffix on the interface, the device immediately sends an RA message without any DNSSL options.
RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.
Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS suffix information configured, the device immediately sends two RA messages. In the first message, the lifetime for DNS suffixes is 0 seconds. The second RA message does not contain any DNSSL options.
· If the interface has no DNS suffix information specified, no RA messages are triggered.
Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS suffix information configured, the device immediately sends an RA message containing the configured lifetime of the DNS suffix.
· If the interface has no DNS suffix information specified, no RA messages are triggered.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Enable DNS suffix suppression in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns search-list suppress
Related commands
ipv6 nd ra dns search-list
ipv6 nd ra dns server
Use ipv6 nd ra dns server to specify DNS server information to be advertised in RA messages.
Use undo ipv6 nd ra dns server to remove a DNS server from RA message advertisement.
Syntax
ipv6 nd ra dns server ipv6-address [ seconds | infinite ] sequence seqno
undo ipv6 nd ra dns server ipv6-address
Default
DNS server information is not specified and RA messages do not contain DNS server options.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of the DNS server, which must be a global unicast address or a link-local address.
seconds: Specifies the lifetime of the DNS server, in seconds. The value range is 4 to 4294967295. Value 4294967295 indicates that the lifetime of the DNS server is infinite.
infinite: Sets the lifetime of the DNS server to infinite.
sequence seqno: Specifies the sequence number of the DNS server, in the range of 0 to 4294967295. The sequence number for a DNS server must be unique. A smaller sequence number represents a higher priority.
Usage guidelines
The DNS server option in RA messages provides DNS server information for hosts. The RA messages allow hosts to obtain their IPv6 addresses and the DNS server through stateless autoconfiguration. This method is useful in a network where DHCPv6 infrastructure is not provided.
The default lifetime of the DNS server is three times the maximum interval for advertising RA messages. To set the maximum interval, use the ipv6 nd ra interval command.
You can configure a maximum of eight DNS servers on an interface. One DNS server option contains one DNS server. All DNS server options are sorted in ascending order of the DNS server sequence number.
The sequence number uniquely identifies a DNS server. To modify the IPv6 address or sequence number of a DNS server, you must first use the undo ipv6 nd ra dns server command to remove the DNS server from RA message advertisement.
After you execute the ipv6 nd ra dns server command, the device immediately sends an RA message with the existing and newly specified DNS server options.
After you execute the undo ipv6 nd ra dns server command, the device immediately sends two RA messages.
· The first RA message contains information about all DNS servers, including the DNS servers specified in the undo command with their lifetime set to 0 seconds.
· The second RA message contains information about remaining DNS servers.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Specify the DNS server address as 2001:10::100, the server lifetime as infinite, and the sequence number as 1 for RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns server 2001:10::100 infinite sequence 1
Related commands
ipv6 nd ra dns server suppress
ipv6 nd ra interval
ipv6 nd ra dns server suppress
Use ipv6 nd ra dns server suppress to enable DNS server suppression in RA messages.
Use undo ipv6 nd ra dns server suppress to disable DNS server suppression in RA messages.
Syntax
ipv6 nd ra dns server suppress
undo ipv6 nd ra dns server suppress
Default
DNS server suppression in RA messages is disabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command suppresses advertising DNS server addresses in RA messages on an interface. If you specify a new DNS server or remove a DNS server on the interface, the device immediately sends an RA message without any DNS server options.
RA messages are suppressed by default. To disable RA message suppression, use the undo ipv6 nd ra halt command.
Whether enabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends two RA messages. In the first message, the lifetime for DNS server addresses is 0 seconds. The second RA message does not contain any DNS server options.
· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.
Whether disabling this feature on an interface will trigger sending RA message immediately depends on the interface configuration:
· If the interface has DNS server information configured or has obtained an AAA-authorized DNS server address, the device immediately sends an RA message containing the DNS server information.
· If the interface has no DNS server information specified or no AAA-authorized DNS server address assigned, no RA messages are triggered.
Each time the device sends an RA message from an interface, it immediately refreshes the RA message advertisement interval for that interface.
Examples
# Enable DNS server suppression in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra dns server suppress
Related commands
ipv6 nd ra dns server
ipv6 nd ra halt
Use ipv6 nd ra halt to suppress an interface from advertising RA messages.
Use undo ipv6 nd ra halt to disable this feature.
Syntax
ipv6 nd ra halt
undo ipv6 nd ra halt
Default
An interface is suppressed from sending RA messages.
Views
Interface view
Predefined user roles
network-admin
Examples
# Disable RA message suppression on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] undo ipv6 nd ra halt
ipv6 nd ra hop-limit unspecified
Use ipv6 nd ra hop-limit unspecified to specify unlimited hops in RA messages.
Use undo ipv6 nd ra hop-limit unspecified to restore the default.
Syntax
ipv6 nd ra hop-limit unspecified
undo ipv6 nd ra hop-limit unspecified
Default
The maximum number of hops in the RA messages is limited to 64.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
To set the maximum number of hops to a value rather than the default setting, use the ipv6 hop-limit command.
Examples
# Specify unlimited hops in the RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 nd ra hop-limit unspecified
Related commands
ipv6 hop-limit
ipv6 nd ra interval
Use ipv6 nd ra interval to set the maximum and minimum intervals for advertising RA messages.
Use undo ipv6 nd ra interval to restore the default.
Syntax
ipv6 nd ra interval max-interval min-interval
undo ipv6 nd ra interval
Default
The maximum interval between RA messages is 600 seconds, and the minimum interval is 200 seconds.
Views
Interface view
Predefined user roles
network-admin
Parameters
max-interval: Specifies the maximum interval value in seconds, in the range of 4 to 1800.
min-interval: Specifies the minimum interval value in the range of 3 seconds to three-fourths of the maximum interval.
Usage guidelines
The device advertises RA messages randomly between the maximum interval and the minimum interval.
The maximum interval for sending RA messages should be less than or equal to the router lifetime in RA messages.
Examples
# Set the maximum interval for advertising RA messages to 1000 seconds and the minimum interval to 700 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra interval 1000 700
Related commands
ipv6 nd ra router-lifetime
ipv6 nd ra no-advlinkmtu
Use ipv6 nd ra no-advlinkmtu to turn off the MTU option in RA messages.
Use undo ipv6 nd ra no-advlinkmtu to restore the default.
Syntax
ipv6 nd ra no-advlinkmtu
undo ipv6 nd ra no-advlinkmtu
Default
RA messages contain the MTU option.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
The MTU option in the RA messages specifies the link MTU to ensure that all nodes on the link use the same MTU.
Examples
# Turn off the MTU option in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra no-advlinkmtu
ipv6 nd ra prefix
Use ipv6 nd ra prefix to configure the prefix information in RA messages.
Use undo ipv6 nd ra prefix to restore the default.
Syntax
ipv6 nd ra prefix { ipv6-prefix prefix-length | ipv6-prefix/prefix-length } [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link | prefix-preference level ] * | no-advertise ]
undo ipv6 nd ra prefix { ipv6-prefix | ipv6-prefix/prefix-length }
Default
No prefix information is configured for RA messages. Instead, the IPv6 address of the interface sending RA messages is used as the prefix information.
If the IPv6 address is manually configured, the prefix uses the fixed valid lifetime 2592000 seconds (30 days) and preferred lifetime 604800 seconds (7 days).
If the IPv6 address is automatically obtained (through DHCP, for example), the prefix uses the valid and preferred lifetime of the IPv6 address.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-prefix: Specifies the IPv6 prefix.
prefix-length: Specifies the prefix length of the IPv6 address.
valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).
preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The preferred lifetime cannot be longer than the valid lifetime. The default value is 604800 seconds (7 days).
no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.
off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.
prefix-preference level: Specifies the prefix preference. The level argument specifies the preference value in the range of 0 to 255. A larger value indicates a higher preference. The client selects an IPv6 prefix with the highest preference for address generation. If you do not specify this option, the RA message does not contain the preference for the prefix.
no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.
Usage guidelines
After hosts on the same link receive RA messages, they can use the prefix information in the RA messages for stateless autoconfiguration.
A prefix specified without a parameter in this command preferentially uses the default settings configured by using the ipv6 nd ra prefix default command. If the default settings are unavailable, the prefix uses the following settings:
· Valid lifetime of 2592000 seconds (30 days).
· Preferred lifetime of 604800 seconds (7 days).
· The prefix is used for stateless autoconfiguration.
· The address with the prefix is directly reachable on the link.
· The prefix is advertised in RA messages.
Examples
# Configure the prefix information in RA messages on VLAN-interface 100.
Method 1:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100/64 100 10
Method 2:
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix 2001:10::100 64 100 10
ipv6 nd ra prefix default
Use ipv6 nd ra prefix default to configure the default settings for prefixes advertised in RA messages.
Use undo ipv6 nd ra prefix default to restore the default.
Syntax
ipv6 nd ra prefix default [ valid-lifetime preferred-lifetime [ no-autoconfig | off-link ] * | no-advertise ]
undo ipv6 nd ra prefix default
Default
No default settings are configured for prefixes advertised in RA messages.
Views
Interface view
Predefined user roles
network-admin
Parameters
valid-lifetime: Specifies the valid lifetime of a prefix, in the range of 0 to 4294967295 seconds. The default value is 2592000 seconds (30 days).
preferred-lifetime: Specifies the preferred lifetime of a prefix used for stateless autoconfiguration, in the range of 0 to 4294967295 seconds. The preferred lifetime cannot be longer than the valid lifetime. The default value is 604800 seconds (7 days).
no-autoconfig: Specifies a prefix not to be used for stateless autoconfiguration. If you do not specify this keyword, the prefix is used for stateless autoconfiguration.
off-link: Indicates that the address with the prefix is not directly reachable on the link. If you do not specify this keyword, the address with the prefix is directly reachable on the link.
no-advertise: Disables the device from advertising the prefix specified in this command. If you do not specify this keyword, the device advertises the prefix specified in this command.
Usage guidelines
This command specifies the default settings for the prefix specified by using the ipv6 nd ra prefix command. If none of the parameters (valid-lifetime, preferred-lifetime, no-autoconfig, off-link, and no-advertise) is configured in the ipv6 nd ra prefix command, the prefix uses the default settings.
Examples
# Configure the default settings for prefixes advertised in RA messages on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra prefix default 100 10
ipv6 nd ra router-lifetime
Use ipv6 nd ra router-lifetime to set the router lifetime in RA messages.
Use undo ipv6 nd ra router-lifetime to restore the default.
Syntax
ipv6 nd ra router-lifetime time
undo ipv6 nd ra router-lifetime
Default
The router lifetime in RA messages is three times the maximum interval for advertising RA messages.
Views
Interface view
Predefined user roles
network-admin
Parameters
time: Specifies the router lifetime in the range of 0 to 9000 seconds. If the value is set to 0, the router does not act as the default router.
Usage guidelines
The router lifetime in RA messages specifies how long the router sending the RA messages acts as the default router. Hosts receiving the RA messages check this value to determine whether to use the sending router as the default router. If the router lifetime is 0, the router cannot be used as the default router.
The router lifetime in RA messages must be greater than or equal to the advertising interval.
Examples
# Set the router lifetime in RA messages on VLAN-interface 100 to 1000 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd ra router-lifetime 1000
Related commands
ipv6 nd ra interval
ipv6 nd route-direct advertise
Use ipv6 nd route-direct advertise to enable ND direct route advertisement.
Use undo ipv6 nd route-direct advertise to disable ND direct route advertisement.
Syntax
ipv6 nd route-direct advertise [ preference preference-value | tag tag-value ] *
undo ipv6 nd route-direct advertise
Default
The ND direct route advertisement feature is disabled.
Views
Interface view
Predefined user roles
network-admin
Parameters
preference preference-value: Sets a preference value for ND-advertised direct routes. The value range for the preference-value argument is 1 to 255, and the default is 0. A smaller value represents a higher priority.
tag tag-value: Sets a tag value for ND-advertised direct routes. The value range for the tag-value argument is 1 to 4294967295, and the default is 0.
Usage guidelines
Operating mechanism
With ND direct route advertisement enabled, ND advertises ND entries to the routing management module to generate direct routes. The route preference value determines the match order of a route. Dynamic routing protocols use the tag value as the route identifier when redistributing a direct route.
If you execute this command multiple times, the most recent configuration takes effect.
Restrictions and guidelines
The ipv6 nd route-direct advertise command is mutually exclusive with the ipv6 nd route-direct advertise mad-down-single-homed command. If you execute both of them on the same interface, the most recent command takes effect.
Examples
# Enable ND direct route advertisement for VLAN-interface 100, and set both the preference value and tag value to 2 for direct routes.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd route-direct advertise preference 2 tag 2
# Enable ND direct route advertisement for VSI-interface 1, and set both the preference value and tag value to 2 for direct routes.
<Sysname> system-view
[Sysname] interface vsi-interface 1
[Sysname-Vsi-interface1] ipv6 nd route-direct advertise preference 2 tag 2
Related commands
ipv6 nd route-direct advertise delay
ipv6 nd route-direct prefix convert-length
ipv6 nd route-direct advertise delay
Use ipv6 nd route-direct advertise delay to set the delay time for ND direct route generation.
Use undo ipv6 nd route-direct advertise delay to restore the default.
Syntax
ipv6 nd route-direct advertise delay delay-time
undo ipv6 nd route-direct advertise delay
Default
The device does not delay ND direct route generation.
Views
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Layer 3 aggregation interface view
Layer 3 aggregation subinterface view
VLAN interface view
VSI interface view
Predefined user roles
network-admin
Parameters
delay-time: Specifies the delay time for ND direct route generation, in the range of 0 to 3600 seconds.
Usage guidelines
Application scenarios
After you enable ND direct route advertisement by using the ipv6 nd route-direct advertise command, the device uses ND entries to generate direct routes and adjacency entries. If the direct routes are generated earlier than the adjacency entries, packet loss will occur due to lack of Layer 2 information during packet encapsulation. To avoid such an issue, use this command to set the delay time for ND direct route generation.
Operating mechanism
You can enable ND direct route advertisement before or after setting the delay time for ND direct route generation. If you enable ND direct route advertisement after setting the delay time, the system will generate ND direct routes after the delay time.
Restrictions and guidelines
After you enable ND direct route advertisement and set the delay time for ND direct route generation, the device starts a timer after it has learned an ND entry. Then, it generates an ND direct route when the timer value reaches the delay time. If you edit the direct route advertisement configuration within the delay time, the device immediately advertises the direct route with the new configuration. If you set a new delay time before the timer value reaches the original delay time, the device does not reset the timer and performs one of the following tasks:
· If the timer value is greater than the new delay time, the device immediately generates an ND direct route.
· If the timer value is less than the new delay time, the device generates a ND direct route when the new delay time is reached.
Examples
# Set the delay time for ND direct route generation on VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd route-direct advertise delay 200
Related commands
ipv6 nd route-direct advertise
ipv6 nd route-direct advertise mad-down-single-homed
Use ipv6 nd route-direct advertise mad-down-single-homed to enable ND direct route advertisement for single-homing interfaces in M-LAG MAD DOWN state.
Use undo ipv6 nd route-direct advertise mad-down-single-homed to disable ND direct route advertisement for single-homing interfaces in M-LAG MAD DOWN state.
Syntax
ipv6 nd route-direct advertise mad-down-single-homed
undo ipv6 nd route-direct advertise mad-down-single-homed
Default
ND direct route advertisement is disabled for single-homing interfaces in M-LAG MAD DOWN state.
Views
VLAN interface view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
If the peer link of an M-LAG system fails, M-LAG Multi-Active Detection (MAD) will shut down all interfaces on the secondary member device upon M-LAG system split, except for the interfaces excluded from the shutdown action by IRF MAD or M-LAG MAD. An interface in M-LAG MAD DOWN state cannot forward traffic. As a result, traffic cannot be forwarded for the devices single-homed to the secondary member device. To ensure traffic forwarding for single-homed devices, enable ND direct route advertisement for single-homing interfaces in M-LAG MAD DOWN state.
Operating mechanism
ND direct route advertisement for single-homing interfaces in M-LAG MAD DOWN state ensures traffic forwarding for single-homed devices. When the peer link fails, the ND module on the secondary member device will send ND entries to the routing management module, and the routing management module will generate direct routes based on the ND entries. The direct routes are used to direct traffic forwarding or are advertised by routing protocols to the single-homed devices.
If you execute this command multiple times, the most recent configuration takes effect.
Restrictions and guidelines
The ipv6 nd route-direct advertise mad-down-single-homed and ipv6 nd route-direct advertise commands are mutually exclusive. If you execute both of them on the same interface, the most recent command takes effect.
Examples
# On VLAN-interface 10, enable ND direct route advertisement for single-homing interfaces in M-LAG MAD DOWN state.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ipv6 nd route-direct advertise mad-down-single-homed
ipv6 nd route-direct prefix convert-length
Use ipv6 nd route-direct prefix convert-length to specify a prefix length for generating a network route for identified ND entries.
Use undo ipv6 nd route-direct prefix to restore the default.
Syntax
ipv6 nd route-direct prefix ipv6-prefix prefix-length convert-length convert-length
undo ipv6 nd route-direct prefix ipv6-prefix prefix-length
Default
No prefix length is specified for generating a network route for identified ND entries. The device generates 128-bit host routes based on ND entries.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-prefix: Specifies an IPv6 prefix.
prefix-length: Specifies an IPv6 prefix length in the range of 1 to 128. The ipv6-prefix prefix-length arguments identify ND entries for which the network route is generated.
convert-length: Specifies an IPv6 prefix length for the generated network route, in the range of 1 to 127. The value for this argument must be higher than the value for the prefix-length argument.
Usage guidelines
After you execute the ipv6 nd route-direct advertise command on an interface, the device generates 128-bit host routes for ND entries learned on the interface. As a result, the routing table might be populated with excessive host routes. To reduce the routing table size, execute the ipv6 nd route-direct prefix convert-length command for the device to generate network routes for identified ND entries instead of host routes.
For the configuration to take effect, the specified IPv6 prefix must be consistent with the IPv6 address prefix of the interface.
Examples
# On VLAN-interface 100, set the prefix length to 70 for generating a network route for ND entries with IPv6 prefix 2001::1/64.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd route-direct prefix 2001::1 64 convert-length 70
# On VSI-interface 1, set the prefix length to 70 for generating a network route for ND entries with IPv6 prefix 2001::1/64.
<Sysname> system-view
[Sysname] interface vsi-interface 1
[Sysname-Vsi-interface1] ipv6 nd route-direct prefix 2001::1 64 convert-length 70
Related commands
ipv6 nd route-direct advertise
ipv6 nd router-preference
Use ipv6 nd router-preference to set a router preference in RA messages.
Use undo ipv6 nd router-preference to restore the default.
Syntax
ipv6 nd router-preference { high | low | medium }
undo ipv6 nd router-preference
Default
The router preference is medium.
Views
Interface view
Predefined user roles
network-admin
Parameters
high: Sets the router preference to the highest setting.
low: Sets the router preference to the lowest setting.
medium: Sets the router preference to the medium setting.
Usage guidelines
A hosts selects a router with the highest preference as the default router.
When router preferences are the same in RA messages, a host selects the router corresponding to the first received RA message as the default gateway.
Examples
# Set the router preference in RA messages to the highest on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 nd router-preference high
ipv6 nd snooping dad retrans-timer
Use ipv6 nd snooping dad retrans-timer to set the DAD NS message retransmission interval for ND snooping entry creation or update.
Use undo ipv6 nd snooping dad retrans-timer to restore the default.
Syntax
ipv6 nd snooping dad retrans-timer interval
undo ipv6 nd snooping dad retrans-timer
Default
The DAD NS message retransmission interval is 250 milliseconds for ND snooping entry creation or update.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the DAD NS message retransmission interval for ND snooping entry creation or update, in the range of 100 to 500 milliseconds.
Usage guidelines
When creating or updating an ND snooping entry, the device sends an NS message to test the entry by DAD. When both of the following conditions exist, the device retransmits an NS message:
· The device does not receive a reply within the retransmission interval.
· The retransmission interval is less than or equal to the timeout time for ND snooping entries in INVALID status (TENTATIVE, TESTING_TPLT, or TESTING_VP).
For the device to send the NS message only once, set a retransmission interval longer than the timeout time for ND snooping entries in INVALID status.
Example
# Set the DAD NS message retransmission interval to 200 milliseconds for ND snooping entry creation or update.
<Sysname> system-view
[Sysname] ipv6 nd snooping dad retrans-timer 200
ipv6 nd snooping enable global
Use ipv6 nd snooping enable global to enable ND snooping for global unicast addresses.
Use undo ipv6 nd snooping enable global to disable ND snooping for global unicast addresses.
Syntax
ipv6 nd snooping enable global
undo ipv6 nd snooping enable global
Default
ND snooping is disabled for global unicast addresses.
Views
VLAN view
VSI view
Predefined user roles
network-admin
Examples
# Enable ND snooping for global unicast addresses.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping enable global
ipv6 nd snooping enable link-local
Use ipv6 nd snooping enable link-local to enable ND snooping for link-local addresses.
Use undo ipv6 nd snooping enable link-local to disable ND snooping for link-local addresses.
Syntax
ipv6 nd snooping enable link-local
undo ipv6 nd snooping enable link-local
Default
ND snooping is disabled for link-local addresses.
Views
VLAN view
VSI view
Predefined user roles
network-admin
Examples
# Enable ND snooping for link-local addresses.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping enable link-local
ipv6 nd snooping glean source
Use ipv6 nd snooping glean source to enable ND snooping for data packets from unknown sources.
Use undo ipv6 nd snooping glean source to disable ND snooping for data packets from unknown sources.
Syntax
ipv6 nd snooping glean source
undo ipv6 nd snooping glean source
Default
ND snooping is disabled for data packets from unknown sources.
Views
VLAN view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to learn ND snooping entries from data packets originated by unknown sources.
For this command to take effect, execute the ipv6 nd snooping enable global command or the ipv6 nd snooping enable link-local command.
Before enabling ND snooping entries learning from data packets for a VLAN, you must configure IPv6 source guard on all untrusted interfaces in the same VLAN. This operation ensures correct forwarding of the data packets received all these interfaces.
Examples
# Enable ND snooping for data packets from unknown sources.
<Sysname> system-view
[Sysname] vlan 2
[Sysname-vlan2] ipv6 nd snooping glean source
ipv6 nd snooping lifetime
Use ipv6 nd snooping lifetime to set timeout timers for ND snooping entries.
Use undo ipv6 nd snooping lifetime to restore the default.
Syntax
ipv6 nd snooping lifetime { invalid invalid-lifetime | valid valid-lifetime }
undo ipv6 nd snooping lifetime { invalid | valid }
Default
The timeout timer for ND snooping entries in INVALID status (TENTATIVE, TESTING_TPLT, or TESTING_VP) is 500 milliseconds.
The timeout timer for ND snooping entries in VALID status is 300 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
invalid invalid-lifetime: Sets a timeout timer for ND snooping entries in INVALID status (TENTATIVE, TESTING_TPLT, or TESTING_VP). The value range is 250 to 1000 milliseconds.
valid valid-lifetime: Sets a timeout timer for ND snooping entries in VALID status. The value range is 60 to 86400 seconds.
Examples
# Set the timeout timer to 250 seconds for ND snooping entries in VALID status.
<Sysname> system-view
[Sysname] ipv6 nd snooping lifetime valid 250
ipv6 nd snooping max-learning-num
Use ipv6 nd snooping max-learning-num to set the maximum number of ND snooping entries that an interface can learn.
Use undo ipv6 nd snooping max-learning-num to restore the default.
Syntax
ipv6 nd snooping max-learning-num max-number
undo ipv6 nd snooping max-learning-num
Default
An interface can learn up to 1024 ND snooping entries.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of ND snooping entries that an interface can learn. The value range for the max-number argument is 1 to 1024.
Examples
# Allow Ten-GigabitEthernet 1/0/1 to learn a maximum of 64 ND snooping entries.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] ipv6 nd snooping max-learning-num 64
ipv6 nd snooping uplink
Use ipv6 nd snooping uplink to configure the port as an ND snooping uplink port. The ND snooping uplink port cannot learn ND snooping entries.
Use undo ipv6 nd snooping uplink to restore the default.
Syntax
ipv6 nd snooping uplink
undo ipv6 nd snooping uplink
Default
The port is not an ND snooping uplink port. After ND snooping is enabled, the port can learn ND snooping entries.
Views
Layer 2 Ethernet interface view
Layer 2 aggregate interface view
Predefined user roles
network-admin
Examples
# Configure Ten-GigabitEthernet 1/0/1 as an ND snooping uplink port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] ipv6 nd snooping uplink
# Configure Bridge-aggregation 1 as an ND snooping uplink port.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] ipv6 nd snooping uplink
ipv6 nd topology-change enable
Use ipv6 nd topology-change enable to enable the device to age or delete ND entries in response to network topology changes.
Use undo ipv6 nd topology-change enable to disable the device from aging or deleting ND entries in response to network topology changes.
Syntax
ipv6 nd topology-change enable
undo ipv6 nd topology-change enable
Default
The device ages or deletes ND entries in response to network topology changes.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Application scenarios
After you configure STP for the device in a tree-shaped network topology, the system notifies the ND module to age or delete the learned ND entries when the loop protocol detects a network topology change. Then, the device must learn ND entries again to obtain the latest ND entry information. If the network topology changes frequently, a large number of ND messages might occur when the device relearns ND entries, which occupies too many system resources and affects the normal operation of other services. To avoid such an issue, you can execute the undo ipv6 nd topology-change enable command. The device will not age or delete ND entries even if the network topology changes.
Restrictions and guidelines
After you execute the undo ipv6 nd topology-change enable command, the ND entries saved by the device might not be the latest ones, which causes user traffic interruption. As a best practice, use this command only when necessary.
Examples
# Disable the device from aging or deleting ND entries in response to network topology changes.
<Sysname> system-view
[Sysname] undo ipv6 nd topology-change enable
Related commands
stp enable (Layer 2—LAN Switching Command Reference)
ipv6 nd unsolicited-na-learning enable
Use ipv6 nd unsolicited-na-learning enable to enable unsolicited NA learning.
Use undo ipv6 nd unsolicited-na-learning enable to disable unsolicited NA learning.
Syntax
ipv6 nd unsolicited-na-learning enable
undo ipv6 nd unsolicited-na-learning enable
Default
Unsolicited NA learning is disabled.
Views
Layer 3 interface view
Predefined user roles
network-admin
network-operator
Usage guidelines
To ensure that the device learns ND entries from trusted NA messages, enable this feature only on a secure network.
This feature might cause the device to learn excessive ND entries that consume too many system resources. As a best practice, execute the ipv6 neighbor stale-aging command to set a smaller aging timer before you enable this feature. The smaller aging timer accelerates the aging of ND entries in stale state.
Examples
# Enable unsolicited NA learning on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 nd unsolicited-na-learning enable
Related commands
ipv6 neighbor stale-aging
ipv6 nd user-ip-conflict record enable
Use ipv6 nd user-ip-conflict record enable to enable recording user IPv6 address conflicts.
Use undo ipv6 nd user-ip-conflict record enable to disable recording user IPv6 address conflicts.
Syntax
ipv6 nd user-ip-conflict record enable
undo ipv6 nd user-ip-conflict record enable
Default
Recording user IPv6 address conflicts is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature detects and records user IPv6 address conflicts. A conflict occurs if an incoming NA packet has the same source IPv6 address as an existing ND entry but a different source MAC address. The device generates a user IPv6 address conflict record, logs the conflict, and sends the log to the information center. For information about the log destination and output rule configuration in the information center, see the information center in Network Management and Monitoring Configuration Guide.
Each IRF member device can generate a maximum of 10 user IPv6 address conflict logs per second. When this maximum number is reached, the member device suppresses generating user IPv6 address conflict logs and records the suppression times. Each IRF member device can save a maximum of 200 user IPv6 address conflict records.
When the number of saved user IPv6 address conflict records reaches the upper limit, new records overwrite old ones.
Examples
# Enable recording user IPv6 address conflicts.
<Sysname> system-view
[Sysname] ipv6 nd user-ip-conflict record enable
display ipv6 nd user-ip-conflict record
ipv6 nd user-move record enable
Use ipv6 nd user-move record enable to enable recording user port migrations.
Use undo ipv6 nd user-move record enable to disable recording user port migrations.
Syntax
ipv6 nd user-move record enable
undo ipv6 nd user-move record enable
Default
Recording user port migrations is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the device to detect and record user port migrations. A user port migrates if an incoming NA packet has the same source IPv6 address and source MAC address as an existing ND entry but a different port. The device generates a user port migration record, logs the migration event, and sends the log to the information center. For information about the log destination and output rule configuration in the information center, see the information center in Network Management and Monitoring Configuration Guide.
Each IRF member device can generate a maximum of 10 user port migration logs per second. When this maximum number is reached, the member device suppresses generating user port migration logs and records the suppression times. Each IRF member device can save a maximum of 200 user port migration records.
When the number of saved user port migration records reaches the upper limit, new records overwrite old ones.
Examples
# Enable recording user port migrations.
<Sysname> system-view
[Sysname] ipv6 nd user-move record enable
Related commands
display ipv6 nd user-move record
ipv6 neighbor
Use ipv6 neighbor to configure a static neighbor entry.
Use undo ipv6 neighbor to delete a neighbor entry.
Syntax
ipv6 neighbor ipv6-address mac-address { vlan-id port-type port-number | interface interface-type interface-number | vsi-interface vsi-interface-id tunnel number vsi vsi-name | vsi-interface vsi-interface-id interface-type interface-number service-instance instance-id vsi vsi-name } [ vpn-instance vpn-instance-name ]
undo ipv6 neighbor ipv6-address interface-type interface-number
Default
No static neighbor entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of the static neighbor entry.
mac-address: Specifies the MAC address (48 bits) of the static neighbor entry, in the format of H-H-H.
vlan-id: Specifies the VLAN ID of the static neighbor entry, in the range of 1 to 4094.
port-type port-number: Specifies a Layer 2 port of the static neighbor entry by its type and number.
interface interface-type interface-number: Specifies a Layer 3 interface of the static neighbor entry by its type and number.
vsi-interface vsi-interface-id: Specifies an input VSI interface for packets received from the neighbor in the entry. The vsi-interface-id argument specifies the VSI interface number.
tunnel number: Specifies an output tunnel interface for packets sent to the neighbor in the entry. The number argument specifies the tunnel interface number.
interface-type interface-number: Specifies a Layer 2 interface by its type and number. The device determines an output interface for packets sent to the neighbor in the entry based on the specified Layer 2 interface and Ethernet service instance.
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
service-instance instance-id: Specifies the Ethernet service instance of the entry. The instance-id specifies the Ethernet service instance ID in the range of 1 to 4096. You must specify this option if a Layer 2 interface is specified. This option is not configurable if an interface of another type is specified.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the static neighbor entry belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command configures a static neighbor entry for the public network.
Usage guidelines
A neighbor entry stores information about a link-local node. The entry can be created dynamically through NS and NA messages, or configured statically.
The device uniquely identifies a static neighbor entry by using the neighbor's IPv6 address and the number of the Layer 3 interface that connects to the neighbor.
You can configure a static neighbor entry by using one of the following methods:
· Method 1—Associate a neighbor IPv6 address and link-layer address with the Layer 3 interface of the local node.
· Method 2—Associate a neighbor IPv6 address and link-layer address with a Layer 2 port in a VLAN containing the local node.
· Method 3—Specify a neighbor IPv6 address, MAC address, input interface (VSI interface), output interface (tunnel interface), and VSI name.
· Method 4—Specify a neighbor IPv6 address, MAC address, input interface (VSI interface), output interface (determined by a Layer 2 interface and Ethernet service instance), and VSI name.
To configure a static neighbor entry for a VLAN interface, use Method 1 or Method 2.
· If Method 1 is used, the neighbor entry is in INCMP state. After the device obtains the corresponding Layer 2 port information, the neighbor entry goes into REACH state.
· If Method 2 is used, the port specified by port-type port-number must belong to the VLAN specified by vlan-id and the corresponding VLAN interface must already exist. After the static neighbor entry is configured, the device associates the VLAN interface with the IPv6 address to uniquely identify the static neighbor entry. The entry will be in REACH state.
If the device and its neighbor are connected through a VSI interface, use Method 3 or Method 4 to configure the neighbor entry.
· If Method 3 is used, the neighbor entry is in REACH state. This method is applicable to the network where VXLAN gateways are connected through tunnel interfaces. In the network, a VXLAN gateway is identified by both the VSI and VSI interface. A VSI interface is associated with multiple tunnel interfaces. To create a neighbor entry, you must specify the VSI interface, VSI, and tunnel interface.
· If Method 4 is used, the neighbor entry is in REACH state. This method is applicable to the network where VXLAN gateways are associated with local sites. A VXLAN gateway is identified by both the VSI and VSI interface. One VXLAN gateway might have multiple local sites. Local sites access the VXLAN network through Layer 2 interfaces where Ethernet service instance and VSI mappings are configured. To create a neighbor entry, you must specify the VSI interface, Layer 2 interface connected to the local site, Ethernet service instance, and VSI.
For more information about VSI, VSI interfaces, and Ethernet service instances, see VXLAN overview in VXLAN Configuration Guide.
For more information about tunnel interfaces, see tunneling configuration in Layer 3—IP Services Configuration Guide.
To delete a static neighbor entry for a VSI interface, specify only the VSI interface.
To delete a static neighbor entry for a VLAN interface, specify only the VLAN interface.
You can use the undo ipv6 neighbor command to delete both static and dynamic neighbor entries.
Examples
# Configure a static neighbor entry for VLAN-interface 1.
<Sysname> system-view
[Sysname] ipv6 neighbor 2000::1 fe-e0-89 interface Vlan-interface 1
# Configure a static neighbor entry, and specify IPv6 address 2000::1, MAC address 00e0-fc01-0000, input interface (VSI-interface 1), output interface (Tunnel-interface 1), and VSI vsi1.
<Sysname> system-view
[Sysname] ipv6 neighbor 2000::1 00e0-fc01-0000 vsi-interface 1 tunnel 1 vsi vsi1
# Configure a static neighbor entry, and specify IPv6 address 2000::1, MAC address 00e0-fc01-0000, input interface (VSI-interface 1), output interface (Ten-GigabitEthernet 1/0/1), Ethernet service instance 1, and VSI vsi1.
<Sysname> system-view
[Sysname] ipv6 neighbor 2000::1 00e0-fc01-0000 vsi-interface 1 ten-gigabitethernet 1/0/1 service-instance 1 vsi vsi1
Related commands
display ipv6 neighbors
reset ipv6 neighbors
ipv6 neighbor aging probe-count
Use ipv6 neighbor aging probe-count to set the maximum number of probes to test the reachability of neighbors in ND entries.
Use undo ipv6 neighbor aging probe-count to restore the default.
Syntax
ipv6 neighbor aging probe-count count
undo ipv6 neighbor aging probe-count
Default
The device performs a maximum of three probes to test the reachability of neighbors in ND entries.
Views
System view
Predefined user roles
network-admin
Parameters
count: Specifies the maximum number of probes. The value range for this argument is 0 to 10. To disable the device from probing ND entries, set the value to 0.
Usage guidelines
The device probes the reachability of a neighbor when the neighbor entry is in PROBE state. Neighbor entries in DELAY state will adopt this setting when they enter into the PROBE state.
This command does not apply to ND entries in PROBE state.
Examples
# Allow the device to perform a maximum of five probes to test the reachability of neighbors in ND entries.
<Sysname> system-view
[Sysname] ipv6 neighbor aging probe-count 5
Related commands
ipv6 neighbor aging probe-interval
ipv6 neighbor aging probe-interval
Use ipv6 neighbor aging probe-interval to set the interval for testing the reachability of neighbors in ND entries.
Use undo ipv6 neighbor aging probe-interval to restore the default.
Syntax
ipv6 neighbor aging probe-interval interval
undo ipv6 neighbor aging probe-interval
Default
The interval for testing the reachability of neighbors in ND entries is the same as the interval for retransmitting an NS message.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval in seconds. The value rang is 1 to 60.
Usage guidelines
The modification takes effect immediately after you execute the command.
To set the interval for retransmitting an NS message, use the ipv6 nd ns retrans-timer command.
Examples
# Set the interval to 10 seconds for testing the reachability of neighbors in ND entries.
<Sysname> system-view
[Sysname] ipv6 neighbor aging probe-interval 10
Related commands
ipv6 neighbor aging probe-count
ipv6 neighbor link-local minimize
Use ipv6 neighbor link-local minimize to minimize link-local ND entries.
Use undo ipv6 neighbor link-local minimize to restore the default.
Syntax
ipv6 neighbor link-local minimize
undo ipv6 neighbor link-local minimize
Default
All ND entries are assigned to the driver.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Perform this command to minimize link-local ND entries assigned to the driver. Link-local ND entries refer to ND entries that contain link-local addresses.
With this feature enabled, the device does not add newly learned link-local ND entries whose link local addresses are not the next hop of any route to the driver. This saves driver resources.
This feature affects only newly learned link-local ND entries rather than existing ND entries.
Examples
# Minimize link-local ND entries.
<Sysname> system-view
[Sysname] ipv6 neighbor link-local minimize
ipv6 neighbor stale-aging
Use ipv6 neighbor stale-aging to set the aging timer for ND entries in stale state.
Use undo ipv6 neighbor stale-aging to restore the default.
Syntax
ipv6 neighbor stale-aging { aging-minutes | second aging-seconds }
undo ipv6 neighbor stale-aging
Default
The aging timer for ND entries in stale state is 240 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
aging-minutes: Specifies the aging timer in minutes for ND entries in stale state, in the range of 1 to 1440.
second aging-seconds: Specifies the aging timer in seconds for ND entries in stale state, in the range of 60 to 86400.
Usage guidelines
This aging time applies to all ND entries in stale state. If an ND entry in stale state is not updated before the timer expires, it changes to the delay state. If it is still not updated in 5 seconds, the ND entry changes to the probe state. The device sends an NS message for detection a maximum of three attempts. If no response is received, the device deletes the ND entry.
You can set the aging timer for ND entries in stale state in system view and interface view. For ND entries in stale state on an interface, the aging timer in interface view has higher priority than the aging timer in system view.
Examples
# Set the aging timer for ND entries in stale state to 120 minutes.
<Sysname> system-view
[Sysname] ipv6 neighbor stale-aging 120
Related commands
ipv6 neighbor timer stale-aging
ipv6 nd unsolicited-na-learning enable
ipv6 neighbor timer stale-aging
Use ipv6 neighbor timer stale-aging to set the aging timer for ND entries in stale state on an interface.
Use undo ipv6 neighbor timer stale-aging to restore the default.
Syntax
ipv6 neighbor timer stale-aging { aging-minutes | second aging-seconds }
undo ipv6 neighbor timer stale-aging
Default
The aging timer of ND entries in stale state is not configured on an interface. The aging timer is determined by the configuration of the ipv6 neighbor stale-aging command in system view.
Views
Layer 3 Ethernet interface/subinterface view
Layer 3 aggregate interface/subinterface view
VXLAN VSI interface view
VLAN interface view
Tunnel interface view
Predefined user roles
network-admin
Parameters
aging-time: Specifies the aging timer in minutes for ND entries in stale state, in the range of 1 to 1440.
second aging-seconds: Specifies the aging timer in seconds for ND entries in stale state, in the range of 60 to 86400.
Usage guidelines
This aging timer applies to ND entries in stale state on the interface. If an ND entry in stale state is not updated before the timer expires, it changes to the delay state. If it is still not updated in 5 seconds, the ND entry changes to the probe state. The device sends an NS message for probe and a maximum of three attempts is allowed. If no response is received, the device deletes the ND entry.
You can set the aging timer for ND entries in stale state in system view and interface view. For ND entries in stale state on an interface, the aging timer in interface view has higher priority than the aging timer in system view.
Examples
# On VLAN-interface 2, set the aging timer to 200 minutes for ND entries in stale state.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ipv6 neighbor timer stale-aging 200
Related commands
ipv6 neighbor stale-aging
ipv6 neighbors max-learning-num
Use ipv6 neighbors max-learning-num to set the maximum number of dynamic neighbor entries that an interface can learn. This prevents the interface from occupying too many neighbor table resources.
Use undo ipv6 neighbors max-learning-num to restore the default.
Syntax
ipv6 neighbors max-learning-num max-number
undo ipv6 neighbors max-learning-num
Default
The maximum number of dynamic neighbor entries that an interface can learn equals the real-time remaining resources on the device.
Views
Layer 2/Layer 3 interface view
Layer 2/Layer 3 aggregate interface view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of dynamic neighbor entries that an interface can learn. The value range for this argument is 1 to 153600.
Usage guidelines
The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.
When the number of dynamic neighbor entries reaches the threshold, the interface stops learning neighbor information.
Examples
# Set the maximum number of dynamic neighbor entries that VLAN-interface 100 can learn to 10.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ipv6 neighbors max-learning-num 10
ipv6 neighbors max-learning-number
Use ipv6 neighbors max-learning-number to set the maximum number of dynamic neighbor entries that the device can learn.
Use undo ipv6 neighbors max-learning-number to restore the default.
Syntax
ipv6 neighbors max-learning-number max-number slot slot-number
undo ipv6 neighbors max-learning-number slot slot-number
Default
The device can learn up to 153600 dynamic neighbor entries.
Views
System view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of dynamic neighbor entries that the device can learn. The value range for this argument is 0 to 153600. To disable the device from learning dynamic neighbor entries, set the value for this argument to 0.
slot slot-number: Specifies an IRF member device by its member ID.
Usage guidelines
The device can dynamically acquire the link-layer address of a neighboring node through NS and NA messages and add it into the neighbor table.
To avoid excessive resource consumption by neighbor entries, set the maximum number of dynamic neighbor entries that the device can learn.
When the number of dynamic neighbor entries reaches the limit, the device stops learning neighbor information.
Examples
# On slot 1, set the maximum number of dynamic neighbor entries that the device can learn to 64.
<Sysname> system-view
[Sysname] ipv6 neighbors max-learning-number 64 slot 1
ipv6 pathmtu
Use ipv6 pathmtu to set a static Path MTU for an IPv6 address.
Use undo ipv6 pathmtu to delete the Path MTU configuration for an IPv6 address.
Syntax
ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address value
undo ipv6 pathmtu [ vpn-instance vpn-instance-name ] ipv6-address
Default
No static Path MTU is set.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the Path MTU belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command sets the Path MTU for the public network.
ipv6-address: Specifies an IPv6 address.
value: Specifies the Path MTU of the specified IPv6 address, in the range of 1280 to 10240 bytes.
Usage guidelines
You can set a static Path MTU for a destination IPv6 address. When a source host sends a packet through an interface, it compares the interface MTU with the static Path MTU of the specified destination IPv6 address. If the packet size is larger than the smaller one of the two values, the host fragments the packet according to the smaller value.
Examples
# Set a static Path MTU for an IPv6 address.
<Sysname> system-view
[Sysname] ipv6 pathmtu fe80::12 1300
Related commands
display ipv6 pathmtu
reset ipv6 pathmtu
ipv6 pathmtu age
Use ipv6 pathmtu age to set the aging time for a dynamic Path MTU.
Use undo ipv6 pathmtu age to restore the default.
Syntax
ipv6 pathmtu age age-time
undo ipv6 pathmtu age
Default
The aging time for dynamic Path MTU is 10 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
age-time: Specifies the aging time for Path MTU in minutes, in the range of 10 to 100.
Usage guidelines
After the path MTU from a source host to a destination host is dynamically determined, the source host sends subsequent packets to the destination host based on this MTU. After the aging time expires, the following events occur:
· The dynamic Path MTU is removed.
· The source host determines a dynamic path MTU through the Path MTU mechanism again.
The aging time is invalid for a static Path MTU.
Examples
# Set the aging time for a dynamic Path MTU to 40 minutes.
<Sysname> system-view
[Sysname] ipv6 pathmtu age 40
Related commands
display ipv6 pathmtu
ipv6 prefer temporary-address
Use ipv6 prefer temporary-address to enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of a packet.
Use undo ipv6 prefer temporary-address to disable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of a packet.
Syntax
ipv6 prefer temporary-address
undo ipv6 prefer temporary-address
Default
The system is disabled to preferentially use the temporary IPv6 address of the sending interface as the source address of a packet.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The temporary address feature enables the system to generate and preferentially use the temporary IPv6 address of the sending interface as the source address of a packet. If the temporary IPv6 address cannot be used because of a DAD conflict, the system uses the public IPv6 address.
Examples
# Enable the system to preferentially use the temporary IPv6 address of the sending interface as the source address of the packet.
<Sysname> system-view
[Sysname] ipv6 prefer temporary-address
Related commands
ipv6 address auto
ipv6 nd ra prefix
ipv6 temporary-address
ipv6 prefix
Use ipv6 prefix to configure a static IPv6 prefix.
Use undo ipv6 prefix to delete a static IPv6 prefix.
Syntax
ipv6 prefix prefix-number ipv6-prefix/prefix-length
undo ipv6 prefix prefix-number
Default
No static IPv6 prefix is configured.
Views
System view
Predefined user roles
network-admin
Parameters
prefix-number: Specifies a prefix ID in the range of 1 to 1024.
ipv6-prefix/prefix-length: Specifies a prefix and its length. The value range for the prefix-length argument is 1 to 128.
Usage guidelines
To modify an existing static prefix, execute the undo ipv6 prefix command to delete the existing static prefix, and then execute the ipv6 prefix command.
Dynamic IPv6 prefixes obtained from DHCPv6 servers cannot be manually removed or modified.
A static IPv6 prefix can have the same prefix ID with a dynamic IPv6 prefix, but the static one takes precedence over the dynamic one.
Examples
# Create static IPv6 prefix 2001:0410::/32 with prefix ID 1.
<Sysname> system-view
[Sysname] ipv6 prefix 1 2001:0410::/32
Related commands
display ipv6 prefix
ipv6 reassemble local enable
Use ipv6 reassemble local enable to enable IPv6 local fragment reassembly.
Use undo ipv6 reassemble local enable to disable IPv6 local fragment reassembly.
Syntax
ipv6 reassemble local enable
undo ipv6 reassemble local enable
Default
IPv6 local fragment reassembly is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use this feature on a multichassis IRF fabric to improve fragment reassembly efficiency. If this feature is disabled, all IPv6 fragments are delivered to the master for reassembly. With this feature enabled, a subordinate performs fragment reassembly for an IPv6 packet destined for the IRF fabric if it receives fragments of that packet.
This feature fails to reassemble an IPv6 packet if fragments of the packet are received by different subordinates.
Examples
# Enable IPv6 local fragment reassembly.
<Sysname> system-view
[Sysname] ipv6 reassemble local enable
ipv6 redirects enable
Use ipv6 redirects enable to enable sending ICMPv6 redirect messages.
Use undo ipv6 redirects enable to disable sending ICMPv6 redirect messages.
Syntax
ipv6 redirects enable
undo ipv6 redirects enable
Default
Sending ICMPv6 redirect messages is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The default gateway sends an ICMPv6 redirect message to the source of an IPv6 packet to inform the source of a better first hop.
Sending ICMPv6 redirect messages enables hosts that hold few routes to establish routing tables and find the best route. Because this feature adds host routes into the routing tables, host performance degrades when there are too many host routes. As a result, sending ICMPv6 redirect messages is disabled by default.
Examples
# Enable sending ICMPv6 redirect messages.
<Sysname> system-view
[Sysname] ipv6 redirects enable
ipv6 temporary-address
Use ipv6 temporary-address to enable the temporary IPv6 address feature.
Use undo ipv6 temporary-address to restore the default.
Syntax
ipv6 temporary-address [ valid-lifetime preferred-lifetime ]
undo ipv6 temporary-address
Default
The system does not generate any temporary IPv6 address.
Views
System view
Predefined user roles
network-admin
Parameters
valid-lifetime: Specifies the valid lifetime for temporary IPv6 addresses, in the range of 600 to 4294967295 seconds. The default valid lifetime is 604800 seconds (7 days).
preferred-lifetime: Specifies the preferred lifetime for temporary IPv6 addresses, in the range of 600 to 4294967295 seconds. The default preferred lifetime is 86400 seconds (1 day).
Usage guidelines
You must enable stateless autoconfiguration before enabling the temporary address feature.
The valid lifetime for temporary IPv6 addresses must be greater than or equal to the preferred lifetime for temporary IPv6 addresses.
In stateless address autoconfiguration, an interface automatically generates an IPv6 global unicast address by using the address prefix in the received RA message and the interface ID. On an IEEE 802 interface (such as an Ethernet interface or a VLAN interface), the interface ID is generated based on the interface's MAC address and is globally unique. An attacker can exploit this rule to easily identify the sending device.
To fix the vulnerability, you can enable the temporary address feature. An IEEE 802 interface generates the following addresses:
· Public IPv6 address—Includes an address prefix in the RA message and a fixed interface ID generated based on the interface's MAC address.
· Temporary IPv6 address—Includes an address prefix in the RA message and a random interface ID generated through MD5.
When the valid lifetime of a temporary IPv6 address expires, the system deletes the address and generates a new one. This enables the system to send packets with different source addresses through the same interface. The preferred lifetime and valid lifetime for a temporary IPv6 address are determined as follows:
· The preferred lifetime of a temporary IPv6 address takes the smaller of the following values:
¡ The preferred lifetime of the address prefix in the RA message.
¡ The preferred lifetime configured for temporary IPv6 addresses minus DESYNC_FACTOR (a random number in the range of 0 to 600 seconds).
· The valid lifetime of a temporary IPv6 address takes the smaller of the following values:
¡ The valid lifetime of the address prefix.
¡ The valid lifetime configured for temporary IPv6 addresses.
Examples
# Enable the system to generate a temporary IPv6 address.
<Sysname> system-view
[Sysname] ipv6 temporary-address
Related commands
ipv6 address auto
ipv6 nd ra prefix
ipv6 prefer temporary-address
ipv6 unreachables enable
Use ipv6 unreachables enable to enable sending ICMPv6 destination unreachable messages.
Use undo ipv6 unreachables to disable sending ICMPv6 destination unreachable messages.
Syntax
ipv6 unreachables enable
undo ipv6 unreachables enable
Default
Sending ICMPv6 destination unreachable messages is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If the device fails to forward a received IPv6 packet because of a destination unreachable error, it performs the following operations:
· Drops the packet.
· Sends an ICMPv6 destination unreachable message to the source.
If the device is generating ICMPv6 destination unreachable messages incorrectly, disable sending ICMPv6 destination unreachable messages to prevent attack risks.
Examples
# Enable sending ICMPv6 destination unreachable messages.
<Sysname> system-view
[Sysname] ipv6 unreachables enable
local-proxy-nd enable
Use local-proxy-nd enable to enable local ND proxy.
Use undo local-proxy-nd enable to disable local ND proxy.
Syntax
local-proxy-nd enable
undo local-proxy-nd enable
Default
Local ND proxy is disabled.
Views
VLAN interface view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Examples
# Enable local ND proxy on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] local-proxy-nd enable
Related commands
proxy-nd enable
ping nd ipv6
Use ping nd ipv6 to verify the availability of an IPv6 address in the LAN.
Syntax
ping nd ipv6 host [ interface interface-type interface-number [ vlan vlan-id ] ] [ timeout timeout ] [ count count ]
Views
Any view
Predefined user roles
network-admin
Parameters
host: Specifies an IPv6 address or a host name. A host name is a case-insensitive string of 1 to 253 characters. The string can contain letters, digits, hyphens (-), underscores (_), and dots (.).
interface interface-type interface-number: Specifies the egress interface that sends NS packets. The interface-type and interface-number arguments represent the interface type and interface number, respectively. If you do not specify this option, the device sends NS packets out of the egress interface specified by the route entry.
vlan vlan-id: Specifies the VLAN to which the egress interface belongs. The value range for the vlan-id argument is 1 to 4094.
timeout timeout: Specifies the NS packet timeout in milliseconds. The value range is 0 to 65535 and the default value is 3000.
count count: Specifies the maximum number of NS packet transmission attempts, in the range of 1 to 4294967295. The default value is 5.
Usage guidelines
This feature allows users to verify if an IPv6 address is being used by another device in the LAN.
After you perform this task, the device sends an NS packet to the specified IPv6 address. If no NA packet is received within the timeout, the device retransmits the NS packet. If no NA packet is received after the maximum number of transmission attempts is reached, the device considers that the IPv6 address is not being used.
You can also use the ping ipv6 command to verify the IPv6 address availability. However, the test result might be inaccurate because the peer device cannot respond if a firewall is configured to forbid the device from responding to ICMPv6 packets. Compared with ping operations, ND-ping uses Layer 2 packets (ND packets), which are not blocked by firewalls in most cases, and NS packets are shorter than ICMPv6 packets and require less network resources.
To test the address availability by specifying a host name, configure DNS for the device to translate the host name to an IPv6 address. For more information about DNS, see "Configuring DNS."
If multiple devices exist in the LAN, executing this command might take a long time. To stop the command execution, press Ctrl+C.
Examples
# Verify if IPv6 address 2001::2 is being used by another device in the LAN. The test result shows that the address is being used by device 0003-0003-0003.
<Sysname> ping nd ipv6 2001::2
2001::2 is used by 0003-0003-0003.
# Verify if IPv6 address 2001::2 is being used by another device in the LAN. The test result shows that the address is not being used by any other device.
<Sysname> ping nd ipv6 2001::2
The IPv6 address is not in use on the network.
ping nd mac
Use ping nd mac to obtain the IPv6 address of the device that uses the specified MAC address in a specific subnet.
Syntax
ping nd mac mac-address { interface interface-type interface-number | ipv6 ipv6-address [ vpn-instance vpn-instance-name ] } [ timeout timeout ] [ count count ]
Views
Any view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in the H-H-H format. You can omit the 0s at the start of each group. For example, you can specify MAC address 000f-00e2-0001 as f-e2-1 in this command. Make sure the MAC address is not a multicast, broadcast, or virtual address.
interface interface-type interface-number: Specifies the ICMPv6 packet egress interface to search the MAC address in the interface subnet. The interface-type and interface-number arguments represent the interface type and interface number, respectively.
ipv6 ipv6-address: Specifies an IPv6 subnet.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command searches the MAC address in the public network.
timeout timeout: Specifies the ICMPv6 packet timeout in milliseconds. The value range is 0 to 65535 and the default value is 3000.
count count: Specifies the maximum number of ICMPv6 packet transmission attempts, in the range of 1 to 4294967295. The default value is 5.
Usage guidelines
Perform this task to obtain the IPv6 address of the device that uses the specified MAC address in a specific subnet.
After you perform this task, the device broadcasts a Layer 3 ICMPv6 packet. If no ICMPv6 response is received within the timeout, the device resends the broadcast packet. If no ICMPv6 response is received after the number of maximum transmission attempts is received, the device considers that the MAC address does not exist in the subnet.
If multiple devices exist in the subnet, executing this command might take a long time. To stop the command execution, press Ctrl+C.
Examples
# Obtain the IPv6 address of device 0003-0003-0003 in the subnet where interface Ten-GigabitEthernet 1/0/1 resides.
<Sysname> ping nd mac 0003-0003-0003 interface ten-gigabitethernet 1/0/1
ND-Ping MAC statistics:
1 packet(s) transmitted
1 packet(s) received
IPv6 address MAC address
2001::2 0003-0003-0003
# Obtain the IPv6 address of device 0003-0003-0003 in subnet 2001::0.
<Sysname> ping nd mac 0003-0003-0003 ipv6 2001::0
ND-Ping MAC statistics:
5 packet(s) transmitted
0 packet(s) received
MAC[0003-0003-0003] not in use
proxy-nd enable
Use proxy-nd enable to enable common ND proxy.
Use undo proxy-nd enable to disable common ND proxy.
Syntax
proxy-nd enable
undo proxy-nd enable
Default
Common ND proxy is disabled.
Views
VLAN interface view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Examples
# Enable common ND proxy on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] proxy-nd enable
Related commands
local-proxy-nd enable
reset ipv6 nd snooping vlan
Use reset ipv6 nd snooping vlan to clear ND snooping entries in VLANs.
Syntax
reset ipv6 nd snooping vlan { [ vlan-id ] [ global | link-local ] | vlan-id ipv6-address }
Views
User view
Predefined user roles
network-admin
Parameters
vlan-id: Clears ND snooping entries for the specified VLAN. The value range for the VLAN ID is 1 to 4094.
global: Clears ND snooping entries for global unicast addresses.
link-local: Clears ND snooping entries for link-local addresses.
vlan-id ipv6-address: Clears the ND snooping entry of the specified IPv6 address in the specified VLAN.
Usage guidelines
If you do not specify any parameters, this command clears ND snooping entries in all VLANs.
Examples
# Clear ND snooping entries in all VLANs.
<Sysname> reset ipv6 nd snooping vlan
Related commands
display ipv6 nd snooping count vlan
display ipv6 nd snooping vlan
reset ipv6 nd snooping vsi
Use reset ipv6 nd snooping vsi to clear ND snooping entries in VSIs.
Syntax
reset ipv6 nd snooping vsi [ vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ND snooping entries in all VSIs.
Examples
# Clear ND snooping entries in VSI vsi1.
<Sysname> reset ipv6 nd snooping vsi vsi1
Related commands
display ipv6 nd snooping count vsi
display ipv6 nd snooping vsi
reset ipv6 neighbors
Use reset ipv6 neighbors to clear IPv6 neighbor information.
Syntax
reset ipv6 neighbors { all | dynamic | interface interface-type interface-number | slot slot-number | static }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears static and dynamic neighbor information for all interfaces.
dynamic: Clears dynamic neighbor information for all interfaces.
interface interface-type interface-number: Clears dynamic neighbor information for the interface specified by its type and number.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears dynamic neighbor information for all member devices.
static: Clears static neighbor information for all interfaces.
Examples
# Clear neighbor information for all interfaces.
<Sysname> reset ipv6 neighbors all
This will delete all the entries. Continue? [Y/N]:Y
# Clear dynamic neighbor information for all interfaces.
<Sysname> reset ipv6 neighbors dynamic
This will delete all the dynamic entries. Continue? [Y/N]:Y
# Clear all neighbor information for Ten-GigabitEthernet 1/0/1.
<Sysname> reset ipv6 neighbors interface ten-gigabitethernet 1/0/1
This will delete all the dynamic entries by the interface you specified. Continue? [Y/N]:Y
Related commands
display ipv6 neighbors
ipv6 neighbor
reset ipv6 pathmtu
Use reset ipv6 pathmtu to clear the Path MTU information.
Syntax
reset ipv6 pathmtu { all | dynamic | static }
Views
User view
Predefined user roles
network-admin
Parameters
all: Clears all Path MTUs.
dynamic: Clears all dynamic Path MTUs.
static: Clears all static Path MTUs.
Examples
# Clear all Path MTUs.
<Sysname> reset ipv6 pathmtu all
Related commands
display ipv6 pathmtu
reset ipv6 statistics
Use reset ipv6 statistics to clear IPv6 and ICMPv6 packet statistics.
Syntax
reset ipv6 statistics [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears IPv6 and ICMPv6 packet statistics for all member devices.
Examples
# Clear IPv6 and ICMPv6 packet statistics.
<Sysname> reset ipv6 statistics
Related commands
display ipv6 statistics
snmp-agent trap enable ipv6 address
Use snmp-agent trap enable ipv6 address to enable SNMP notifications for the IPv6 basics module.
Use undo snmp-agent trap enable ipv6 address to disable SNMP notifications for the IPv6 basics module.
Syntax
snmp-agent trap enable ipv6 address [ interface-state-change | protocol-enable-failure ] *
undo snmp-agent trap enable ipv6 address [ interface-state-change | protocol-enable-failure ] *
Default
SNMP notifications are enabled for the IPv6 basics module.
Views
System view
Predefined user roles
network-admin
Parameters
interface-state-change: Enables SNMP notifications for IPv6 interface state changes. This keyword takes effect only on IPv6 interfaces.
protocol-enable-failure: Enables SNMP notifications for interface-level IPv6 enabling failures.
Usage guidelines
Application scenarios
This feature enables the IPv6 basics module to generate SNMP notifications for critical events.
Operating mechanism
The IPv6 basics module sends SNMP notifications to the SNMP module. For the SNMP notifications to be sent correctly, you must also configure SNMP. For more information about SNMP configuration, see SNMP configuration in Network Management and Monitoring Configuration Guide.
· If you specify the interface-state-change keyword, the IPv6 basics module will send SNMP notifications for IPv6 interface state changes. When an IPv6 interface has a state change, the device sends information about the interface and status of the interface in SNMP notifications to the SNMP module.
· If you specify the protocol-enable-failure keyword, the IPv6 basics module will send SNMP notifications for interface-level IPv6 enabling failures. When an IPv6 interface has an IPv6 enabling failure, the device sends the name, chassis number, and slot number of the interface in SNMP notifications to the SNMP module.
Restrictions and guidelines
To enable or disable all SNMP notifications for the IPv6 basics module, do not specify any parameters.
After you disable SNMP notifications for the IPv6 basics module, the IPv6 basics module will not send any SNMP notifications to the SNMP module. The device can report the critical events of the IPv6 basics module only by sending the IPv6 basics module's log messages to the information center. For log messages to be sent correctly, configure the information center to set log message filtering and output rules, including output destinations. For information about the log destination and output rule configuration in the information center, see information center configuration in Network Management and Monitoring Configuration Guide.
Examples
# Disable SNMP notifications for IPv6 interface state changes and interface-level IPv6 enabling failures.
<Sysname> system-view
[Sysname] undo snmp-agent trap enable ipv6 address interface-state-change protocol-enable-failure
statistics l3-packet enable
Use statistics l3-packet enable to enable Layer 3 packet statistics collection.
Use undo statistics l3-packet enable to disable Layer 3 packet statistics collection.
Syntax
statistics l3-packet enable { inbound | outbound }
undo statistics l3-packet enable { inbound | outbound }
Default
Layer 3 packet statistics collection is disabled.
Views
Layer 2 interface view
Predefined user roles
network-admin
Parameters
inbound: Enables statistics collection for incoming Layer 3 packets.
outbound: Enables statistics collection for outgoing Layer 3 packets.
Usage guidelines
With this feature enabled on an interface, the device counts incoming and outgoing IPv6 packets on the interface. To display the collected statistics, execute the display interface command.
When the interface is processing a large number of packets, enabling this feature will cause high CPU usage and degrade the forwarding performance. If the statistics are not necessary, disable this feature to ensure the device performance.
Examples
# Enable statistics collection for incoming Layer 3 packets on Ten-GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] statistics l3-packet enable inbound
Related commands