IP/IPv6 parameters¶
The behavior of the IPv4/IPv6 network stack can be customized globally, and, for some parameters, per VRF. This behavior customization includes for instance the activation of forwarding, the filtering of packets with source routing option, etc…
If there is no configuration value in a VRF, the global configuration applies.
Global configuration¶
To change the global default parameters, do:
vsr running config# / system network-stack ipv4 accept-redirects true
vsr running config# / system network-stack ipv4 accept-source-route true
vsr running config# / system network-stack ipv6 accept-redirects true
vsr running config# / system network-stack ipv6 accept-source-route true
vsr running config# / system network-stack ipv6 accept-router-advert always
vsr running config# / system network-stack ipv6 use-temporary-addresses always
To display the global network stack parameters state:
vsr> show state / system network-stack
network-stack
bridge
call-ipv4-filtering false
call-ipv6-filtering false
..
icmp
ignore-icmp-echo-broadcast false
rate-limit-icmp 1000
rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
..
ipv4
forwarding true
send-redirects true
accept-redirects true
accept-source-route true
arp-announce any
arp-filter false
arp-ignore any
arp-proxy false
log-invalid-addresses false
..
ipv6
forwarding true
max-cached-routes 16384
autoconfiguration true
accept-duplicate-address-detection always
accept-router-advert always
accept-redirects true
accept-segment-routing false
accept-source-route true
router-solicitations -1
use-temporary-addresses always
..
neighbor
ipv4-max-entries 512
ipv6-max-entries 512
ipv4-base-reachable-time 30
ipv6-base-reachable-time 30
..
conntrack
max-entries 1000000
tcp-timeout-close 20
tcp-timeout-close-wait 70
tcp-timeout-established 500000
tcp-timeout-fin-wait 130
tcp-timeout-last-ack 40
tcp-timeout-max-retrans 400
tcp-timeout-syn-recv 70
tcp-timeout-syn-sent 130
tcp-timeout-time-wait 130
tcp-timeout-unacknowledged 400
udp-timeout 40
udp-timeout-stream 10
..
fast-path
..
..
The same configuration can be made using this NETCONF XML configuration:
vsr> show config xml absolute nodefault / system network-stack
<config xmlns="urn:6wind:vrouter">
<system xmlns="urn:6wind:vrouter/system">
<network-stack>
<ipv4>
<accept-redirects>true</accept-redirects>
<accept-source-route>true</accept-source-route>
</ipv4>
<ipv6>
<accept-router-advert>always</accept-router-advert>
<accept-redirects>true</accept-redirects>
<accept-source-route>true</accept-source-route>
<use-temporary-addresses>always</use-temporary-addresses>
</ipv6>
<conntrack>
<max-entries>1000000</max-entries>
<tcp-timeout-close>20</tcp-timeout-close>
<tcp-timeout-close-wait>70</tcp-timeout-close-wait>
<tcp-timeout-established>500000</tcp-timeout-established>
<tcp-timeout-fin-wait>130</tcp-timeout-fin-wait>
<tcp-timeout-last-ack>40</tcp-timeout-last-ack>
<tcp-timeout-max-retrans>400</tcp-timeout-max-retrans>
<tcp-timeout-syn-recv>70</tcp-timeout-syn-recv>
<tcp-timeout-syn-sent>130</tcp-timeout-syn-sent>
<tcp-timeout-time-wait>130</tcp-timeout-time-wait>
<tcp-timeout-unacknowledged>400</tcp-timeout-unacknowledged>
<udp-timeout>40</udp-timeout>
<udp-timeout-stream>10</udp-timeout-stream>
</conntrack>
<fast-path xmlns="urn:6wind:vrouter/fast-path-network-stack">
<alg>
<name>dns</name>
<session-timeout>1000</session-timeout>
</alg>
<conntrack>
<behavior>
<tcp-options>tcp-window-check</tcp-options>
<enabled>false</enabled>
</behavior>
<timeouts>
<tcp>
<state>established</state>
<timeout>100</timeout>
</tcp>
</timeouts>
<nat64>
<mtu>
<option>lowest-ipv6</option>
<value>0</value>
</mtu>
</nat64>
</conntrack>
</fast-path>
</network-stack>
</system>
</config>
VRF configuration¶
To override the parameters for a specific VRF, do:
vsr running config# / vrf vr1 network-stack ipv4 accept-redirects false
vsr running config# / vrf vr1 network-stack ipv6 accept-redirects false
To display the network stack parameters state for this VRF:
vsr> show state / vrf vr1 network-stack
network-stack
bridge
call-ipv4-filtering false
call-ipv6-filtering false
..
icmp
ignore-icmp-echo-broadcast false
rate-limit-icmp 1000
rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
..
ipv4
forwarding true
send-redirects true
accept-redirects false
accept-source-route true
arp-announce any
arp-filter false
arp-ignore any
arp-proxy false
log-invalid-addresses false
..
ipv6
forwarding true
max-cached-routes 16384
autoconfiguration true
accept-duplicate-address-detection always
accept-router-advert always
accept-redirects false
accept-segment-routing false
accept-source-route true
router-solicitations -1
use-temporary-addresses always
..
fast-path
conntrack
behavior tcp-window-check enabled true
behavior tcp-rst-strict-order enabled true
timeouts
icmp closed 0
icmp new 30
icmp established 60
udp closed 0
udp new 30
udp established 120
gre-pptp closed 0
gre-pptp new 600
gre-pptp established 18000
tcp syn-sent 30
tcp simsyn-sent 30
tcp syn-received 60
tcp established 7440
tcp fin-sent 120
tcp fin-received 120
tcp close-wait 60
tcp fin-wait 120
tcp last-ack 30
tcp time-wait 120
tcp closed 10
..
nat64
option update-tcp-mss true
option force-frag-ipv4 false
option force-frag-ipv6 false
option drop-udp-zero-checksum true
mtu lowest-ipv6 0
..
..
..
..
The same configuration can be made using this NETCONF XML configuration:
vsr> show config xml absolute nodefault / vrf vr1 network-stack
<config xmlns="urn:6wind:vrouter">
<vrf>
<name>vr1</name>
<network-stack xmlns="urn:6wind:vrouter/system">
<ipv4>
<accept-redirects>false</accept-redirects>
</ipv4>
<ipv6>
<accept-redirects>false</accept-redirects>
</ipv6>
</network-stack>
</vrf>
</config>