peer validation-disable (BGP-Flow VPN instance IPv4 address family view)

Function

The peer validation-disable command disables a device from authenticating BGP Flow Specification or BGP VPN Flow Specification routes received from a specified BGP Flow Specification or BGP VPN Flow Specification peer.

The undo peer validation-disable command restores the default setting.

By default, BGP Flow Specification or BGP VPN Flow Specification routes received from peers are authenticated.

Format

peer ipv4-address validation-disable

undo peer ipv4-address validation-disable

Parameters

Parameter Description Value
ipv4-address

Specifies the IPv4 address of a peer.

The value is in dotted decimal notation.

Views

BGP-Flow VPN instance IPv4 address family view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
bgp write

Usage Guidelines

Usage Scenario

When receiving a BGP Flow Specification or BGP VPN Flow Specification route with the filtering rule of a destination address, a BGP Flow Specification or BGP VPN Flow Specification peer must check the validity of the route. The route is considered valid only if it complies with the authentication rule.

The authentication rule defines that when a BGP Flow Specification or BGP VPN Flow Specification peer receives a BGP Flow Specification or BGP VPN Flow Specification route with the filtering rule of a destination address, the peer searches its IP routing table for an optimal unicast route based on the destination address. If the unicast route is a BGP or VPN route and the initiators of the unicast route and the BGP Flow Specification or BGP VPN Flow Specification route are the same, the BGP Flow Specification or BGP VPN Flow Specification route is authenticated.

If you determine to control traffic destined for a specified address and BGP Flow Specification or BGP VPN Flow Specification routes carrying the traffic control rule fail to pass authentication, the peer validation-disable command can be used to disable the corresponding device from authenticating the BGP Flow Specification or BGP VPN Flow Specification routes.

Prerequisites

A BGP Flow Specification or BGP VPN Flow Specification peer relationships have been configured.

Configuration Impact

After the peer validation-disable command is run on a BGP Flow Specification or BGP VPN Flow Specification peer, the BGP Flow Specification or BGP VPN Flow Specification peer will not authenticate any received BGP Flow Specification or BGP VPN Flow Specification route. Exercise caution when running this command.

Example

# Disable a device from authenticating BGP VPN Flow Specification routes.
<HUAWEI> system-view
[~HUAWEI] ip vpn-instance vpna
[~HUAWEI-vpn-instance-vpna] ipv4-family
[~HUAWEI-vpn-instance-vpna] route-distinguisher 200:1
[*HUAWEI-vpn-instance-vpna-af-ipv4] quit
[*HUAWEI-vpn-instance-vpna] quit
[*HUAWEI] bgp 100
[*HUAWEI-bgp] vpn-instance vpna
[*HUAWEI-bgp-instance-vpna] peer 1.1.1.1 as-number 100
[*HUAWEI-bgp-instance-vpna] quit
[*HUAWEI-bgp] ipv4-flow vpn-instance vpna
[*HUAWEI-bgp-flow-vpna] peer 1.1.1.1 enable
[*HUAWEI-bgp-flow-vpna] peer 1.1.1.1 validation-disable
Parent Topic: BGP Flow Specification Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >