3.2.38. fast-path¶
Note
requires a Product License.
Fast path configuration.
vsr running config# system fast-path
enabled (pushed)¶
Enable or disable the fast path.
vsr running config# system fast-path
vsr running fast-path# enabled true|false
- Default value
true
port¶
A physical network port managed by the fast path.
vsr running config# system fast-path
vsr running fast-path# port PORT
|
Description |
|---|---|
|
PCI port name. |
|
Device tree port name. |
|
Hyper-V port name. |
core-mask¶
Dedicate cores to fast path or exception path.
vsr running config# system fast-path core-mask
fast-path¶
List of cores dedicated to fast path.
vsr running config# system fast-path core-mask
vsr running core-mask# fast-path FAST-PATH
|
Description |
|---|---|
|
Dedicate the maximum number of cores to the fast path. |
|
Dedicate half of the cores to the fast path. |
|
Dedicate the minimum number of cores to the fast path. |
|
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
exception¶
Control plane cores allocated to exception packets processing. If unset, use the first non fast path core.
vsr running config# system fast-path core-mask
vsr running core-mask# exception EXCEPTION
|
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
linux-to-fp¶
Fast path cores that can receive packets from Linux. It must be included in fast path mask. If unset, all fast path cores can receive packets from Linux.
vsr running config# system fast-path core-mask
vsr running core-mask# linux-to-fp LINUX-TO-FP
|
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
port¶
Map fast path cores with network ports, specifying which logical cores poll which ports. Example: ‘c1=0:1/c2=2/c3=0:1:2’ means the logical core 1 polls the port 0 and 1, the core 2 polls the port 2, and the core 3 polls the ports 0, 1, and 2. If unset, each port is polled by all the logical cores of the same socket.
vsr running config# system fast-path core-mask
vsr running core-mask# port <core-port-map>
cp-protection¶
Control plane protection configuration.
vsr running config# system fast-path cp-protection
budget¶
Maximum CPU usage allowed for Control Plane Protection in percent.
vsr running config# system fast-path cp-protection
vsr running cp-protection# budget <0-100>
- Default value
10
crypto¶
Fast path crypto configuration.
vsr running config# system fast-path crypto
driver¶
Crypto driver. If unset, select automatically.
vsr running config# system fast-path crypto
vsr running crypto# driver DRIVER
|
Description |
|---|---|
|
Intel multibuffer library. |
|
Intel quickassist. |
|
Openssl generic crypto. |
|
ARMv8 accelerated crypto. |
|
DPDK crypto PMD. |
|
Marvell Octeon TX. |
|
Marvell Octeon TX2. |
offload-core-mask¶
Fast path cores that can do crypto operations for other fast path cores. It must be included in fast path mask. The crypto offloading is always done on cores in the same NUMA node.
vsr running config# system fast-path crypto
vsr running crypto# offload-core-mask OFFLOAD-CORE-MASK
|
Description |
|---|---|
|
A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’. |
|
Disable crypto offload. |
nb-session¶
Maximum number of cryptographic sessions.
vsr running config# system fast-path crypto
vsr running crypto# nb-session <uint32>
nb-buffer¶
Maximum number of cryptographic buffers, representing the maximum number of in-flight operations, either being processed by the asynchronous crypto engine, or waiting in crypto device queues.
vsr running config# system fast-path crypto
vsr running crypto# nb-buffer <uint32>
advanced¶
Advanced configuration for fast path.
vsr running config# system fast-path advanced
nb-mbuf¶
Number of mbufs (network packet descriptors). The value can be an integer representing the total number of mbufs, an integer prefixed with ‘+’ representing the number of mbufs to add to the automatic value. In case of NUMA, the value can be a per-socket list. If unset, nb-mbuf is determined automatically.
vsr running config# system fast-path advanced
vsr running advanced# nb-mbuf <nb-mbuf>
fp-memory¶
Override the amount of fast path DPDK memory in hugepages. The value can be: - an integer that specifies the amount of memory accross all NUMA nodes in MB (example: 4096), - an integer prefixed by ‘+’ that specifies the amount of memory accross all NUMA nodes in MB to be added to the amount calculated automatically (example: +1024), - a list of integers, representing the amount of memory in MB to use on each NUMA node (example: 4096,4096), - a list of integers prefixed with a ‘+’: in this case, each per-node amount will be added to the automatic value for this node (example: +1024,+1024).
vsr running config# system fast-path advanced
vsr running advanced# fp-memory <fp-memory>
machine-memory¶
unit: megabytes
Calculate the memory that will be used by the fast path (hugepages, shm, mallocs…) so it can run on a machine with this amount of physical memory.
vsr running config# system fast-path advanced
vsr running advanced# machine-memory <uint32>
mainloop-sleep-delay¶
unit: microseconds
If set, add a sleep time after each idle mainloop turn. This will drastically decrease performance. If the value is 0, it means it is disabled.
vsr running config# system fast-path advanced
vsr running advanced# mainloop-sleep-delay <0-500>
offload¶
Enable or disabled advanced offload features such as TSO, L4 checksum offloading, or offload information forwarding from a guest to the NIC through a virtual interface. If unset, use default product configuration.
vsr running config# system fast-path advanced
vsr running advanced# offload true|false
vlan-strip¶
Strip the VLAN header from incoming frames if supported by the hardware. By default, vlan stripping feature is disabled.
vsr running config# system fast-path advanced
vsr running advanced# vlan-strip true|false
power-mode¶
Set the energy model of the fast path. By default, the performance model is used. It changes the default value of mainloop-sleep-delay and frequency-scaling.
vsr running config# system fast-path advanced
vsr running advanced# power-mode POWER-MODE
|
Description |
|---|---|
|
Optimized for power consumption. |
|
Optimized for latency and performance. |
frequency-scaling¶
Enable frequency scaling if available on the platform. Enabled by default if power-mode is set to ‘eco’.
vsr running config# system fast-path advanced
vsr running advanced# frequency-scaling true|false
intercore-ring-size¶
Set the size of the intercore rings, used by dataplane cores to send messages to another dataplane core. The default size depends on the product.
vsr running config# system fast-path advanced
vsr running advanced# intercore-ring-size <uint16>
software-txq¶
Set the default size of Tx software queue. This field must be a power of 2. Default is 0 (no software queue).
vsr running config# system fast-path advanced
vsr running advanced# software-txq <uint16>
mask-irq¶
Mask IRQ on fast path cores to reduce latency and increase zero-loss performance.
vsr running config# system fast-path advanced
vsr running advanced# mask-irq true|false
- Default value
true
nb-rxd¶
Set the default number of Rx hardware descriptors for Ethernet ports. The value must be accepted by all devices on the system. If unset, an automatic value is used.
vsr running config# system fast-path advanced
vsr running advanced# nb-rxd <uint16>
nb-txd¶
Set the default number of Tx hardware descriptors for Ethernet ports. The value must be accepted by all devices on the system. If unset, an automatic value is used.
vsr running config# system fast-path advanced
vsr running advanced# nb-txd <uint16>
fpvi-nb-rxd-txd¶
Set the number of Rx and Tx descriptors for FPVI (Fast Path Virtual Interface) ports. These ports are used for local Control Plane traffic. Increase the value if there is a large amount of Control Plane traffic. If unset, an automatic value is used.
vsr running config# system fast-path advanced
vsr running advanced# fpvi-nb-rxd-txd <uint16>
fpvi-queues¶
Set the number of queues used for FPVI (Fast Path Virtual Interface) ports. These ports are used for local Control Plane traffic. Increase the value if there is a large amount of Control Plane traffic. If unset, an automatic value is used.
vsr running config# system fast-path advanced
vsr running advanced# fpvi-queues <1-8>
reserve-hugepages¶
Enable or disable the automatic huge pages allocation by the fast path. When disabled, the user is responsible for providing enough huge pages for the fast path to start. If value is unset, it is disabled by default when running in a container, else it is enabled.
vsr running config# system fast-path advanced
vsr running advanced# reserve-hugepages true|false
arp¶
Enable or disable the fast path ARP management. The fast path arp parameters can be displayed using ‘show fast-path arp parameters’.
vsr running config# system fast-path advanced
vsr running advanced# arp true|false
- Default value
true
ndp¶
Enable or disable the fast path NDP management. The fast path NDP parameters can be displayed using ‘show fast-path ndp parameters’.
vsr running config# system fast-path advanced
vsr running advanced# ndp true|false
- Default value
true
ipv4-netfilter-cache¶
Enable or disable the IPv4 netfilter cache.
vsr running config# system fast-path advanced
vsr running advanced# ipv4-netfilter-cache true|false
- Default value
true
ipv6-netfilter-cache¶
Enable or disable the IPv6 netfilter cache.
vsr running config# system fast-path advanced
vsr running advanced# ipv6-netfilter-cache true|false
- Default value
true
ipv4-pre-ipsec-fragmentation¶
Configure IPv4 pre IPsec fragmentation. When enabled, this behavior helps releasing pressure on the decrypting device, as the reassembly will be done on the destination host of the inner packet instead of the decrypting device. It applies only in tunnel mode.
vsr running config# system fast-path advanced
vsr running advanced# ipv4-pre-ipsec-fragmentation IPV4-PRE-IPSEC-FRAGMENTATION
|
Description |
|---|---|
|
Pre IPsec fragmentation is always performed. |
|
Pre IPsec fragmentation is performed only if the don’t fragment bit is not set on the inner packet. Applies only to IPv4 inner packets. |
|
Post IPsec fragmentation is performed. |
- Default value
off
ipv6-pre-ipsec-fragmentation¶
Configure IPv6 pre IPsec fragmentation. When enabled, this behavior helps releasing pressure on the decrypting device, as the reassembly will be done on the destination host of the inner packet instead of the decrypting device. It applies only in tunnel mode.
vsr running config# system fast-path advanced
vsr running advanced# ipv6-pre-ipsec-fragmentation IPV6-PRE-IPSEC-FRAGMENTATION
|
Description |
|---|---|
|
Pre IPsec fragmentation is always performed. |
|
Pre IPsec fragmentation is performed only if the don’t fragment bit is not set on the inner packet. Applies only to IPv4 inner packets. |
|
Post IPsec fragmentation is performed. |
- Default value
off
ipv6-lpm-long-prefix-optimization¶
Enable the IPv6 longest prefix match algorithm optimization. It improves the next hop lookup performance for routes with a long prefix.
vsr running config# system fast-path advanced
vsr running advanced# ipv6-lpm-long-prefix-optimization true|false
- Default value
false
hash-seed¶
Set a custom hash seed.
vsr running config# system fast-path advanced
vsr running advanced# hash-seed <0x1-0xffffffff>
hardware-queue-map¶
Hardware queue map used to change the destination queue according the hash computed on the packet from the RSS function.
vsr running config# system fast-path advanced
vsr running advanced# hardware-queue-map <port> <uint16> <uint16>
|
PCI port name. |
|
Hardware queue map table index. |
|
Destination Rx queue. |
mpls-egress-priority-mapping¶
Map the priority associated with the packet on a MPLS EXP. See the set-priority firewall action for configuring explicitly packet priority.
vsr running config# system fast-path advanced
vsr running advanced# mpls-egress-priority-mapping from <0-63> to <1-7>
|
Priority to translate from. |
numa-aware¶
Enable or disable the fast path numa awareness for a protocol.
vsr running config# system fast-path advanced numa-aware <numa-aware>
|
Lag protocol. |
enabled¶
Enable for this protocol.
vsr running config# system fast-path advanced numa-aware <numa-aware>
vsr running numa-aware <numa-aware># enabled true|false
- Default value
true
limits¶
Global runtime limits for fast path.
vsr running config# system fast-path limits
fp-max-if¶
Maximum number of interfaces. It includes physical ports and virtual interfaces like gre, vlan, …
vsr running config# system fast-path limits
vsr running limits# fp-max-if <256-50000>
fp-max-vrf¶
Maximum number of VRFs.
vsr running config# system fast-path limits
vsr running limits# fp-max-vrf <1-2176>
ip-max-neigh¶
Maximum number of IP neighbors.
vsr running config# system fast-path limits
vsr running limits# ip-max-neigh <16-400000>
ip4-max-addr¶
Maximum number of IPv4 addresses.
vsr running config# system fast-path limits
vsr running limits# ip4-max-addr <16-4000000>
ip4-max-route¶
Maximum number of IPv4 routes.
vsr running config# system fast-path limits
vsr running limits# ip4-max-route <16-8000000>
ip4-max-neigh (deprecated)¶
Attention
noneMaximum number of IPv4 neighbors.
vsr running config# system fast-path limits
vsr running limits# ip4-max-neigh <16-400000>
ip6-max-addr¶
Maximum number of IPv6 addresses.
vsr running config# system fast-path limits
vsr running limits# ip6-max-addr <16-4000000>
ip6-max-route¶
Maximum number of IPv6 routes.
vsr running config# system fast-path limits
vsr running limits# ip6-max-route <16-8000000>
ip6-max-neigh (deprecated)¶
Attention
noneMaximum number of IPv6 neighbors.
vsr running config# system fast-path limits
vsr running limits# ip6-max-neigh <16-400000>
pbr-max-rule¶
Maximum number of PBR rules.
vsr running config# system fast-path limits
vsr running limits# pbr-max-rule <16-400000>
filter4-max-rule¶
Maximum number of IPv4 Netfilter rules.
vsr running config# system fast-path limits
vsr running limits# filter4-max-rule <16-60000>
filter6-max-rule¶
Maximum number of IPv6 Netfilter rules.
vsr running config# system fast-path limits
vsr running limits# filter6-max-rule <16-60000>
filter4-max-ct¶
Maximum number of IPv4 Netfilter conntracks.
vsr running config# system fast-path limits
vsr running limits# filter4-max-ct <16-10000000>
filter6-max-ct¶
Maximum number of IPv6 Netfilter conntracks.
vsr running config# system fast-path limits
vsr running limits# filter6-max-ct <16-10000000>
filter-max-ipset¶
Maximum number of ipsets per VRF.
vsr running config# system fast-path limits
vsr running limits# filter-max-ipset <0-1000>
filter-max-ipset-entry¶
Maximum number of entries per ipset.
vsr running config# system fast-path limits
vsr running limits# filter-max-ipset-entry <0-1000000>
filter-bridge-max-rule¶
Maximum number of bridge filter rules.
vsr running config# system fast-path limits
vsr running limits# filter-bridge-max-rule <0-40000>
vxlan-max-port¶
Maximum number of (VXLAN destination port, VRF) pairs.
vsr running config# system fast-path limits
vsr running limits# vxlan-max-port <1-128>
vxlan-max-if¶
Maximum number of VXLAN interfaces.
vsr running config# system fast-path limits
vsr running limits# vxlan-max-if <0-50000>
vxlan-max-fdb¶
Maximum number of VXLAN forwarding database entries.
vsr running config# system fast-path limits
vsr running limits# vxlan-max-fdb <0-50000>
reass4-max-queue¶
Maximum number of simultaneous reassembly procedures for IPv4.
vsr running config# system fast-path limits
vsr running limits# reass4-max-queue <0-10000000>
reass6-max-queue¶
Maximum number of simultaneous reassembly procedures for IPv6.
vsr running config# system fast-path limits
vsr running limits# reass6-max-queue <0-10000000>
ipsec-max-sp¶
Maximum number of IPv4 and IPv6 IPsec SPs.
vsr running config# system fast-path limits
vsr running limits# ipsec-max-sp <0-400000>
ipsec-sp-hash-slots¶
Number of slots in the IPsec SP hash table. The actual number of slots is rounded to the next power of two.
vsr running config# system fast-path limits
vsr running limits# ipsec-sp-hash-slots <1-800000>
ipsec-max-sa¶
Maximum number of IPv4 and IPv6 IPsec SAs.
vsr running config# system fast-path limits
vsr running limits# ipsec-max-sa <0-400000>
ipsec-sa-hash-slots¶
Number of slots in the IPsec SA hash table. The actual number of slots is rounded to the next power of two.
vsr running config# system fast-path limits
vsr running limits# ipsec-sa-hash-slots <1-800000>
ip-max-lpm-table¶
Maximum number of IPv4 and IPv6 tables.
vsr running config# system fast-path limits
vsr running limits# ip-max-lpm-table <uint32>
ip-max-lpm-memory¶
unit: megabytes
Amount of memory reserved for IPv4 and IPv6 LPM tree.
vsr running config# system fast-path limits
vsr running limits# ip-max-lpm-memory <uint32>
filter-max-cache¶
Maximum number of IPv4 flows stored in filter cache.
vsr running config# system fast-path limits
vsr running limits# filter-max-cache <1-100000000>
filter6-max-cache¶
Maximum number of IPv6 flows stored in filter cache.
vsr running config# system fast-path limits
vsr running limits# filter6-max-cache <0-100000000>
vlan-max-if¶
Maximum number of VLAN interfaces.
vsr running config# system fast-path limits
vsr running limits# vlan-max-if <16-50000>
vlan-lower-max-if¶
Maximum number of interfaces supporting one or more vlan(s).
vsr running config# system fast-path limits
vsr running limits# vlan-lower-max-if <16-50000>
macvlan-max-if¶
Maximum number of MACVLAN (VRRP) interfaces.
vsr running config# system fast-path limits
vsr running limits# macvlan-max-if <16-50000>
gre-max-if¶
Maximum number of GRE interfaces.
vsr running config# system fast-path limits
vsr running limits# gre-max-if <16-50000>
svti-max-if¶
Maximum number of SVTI interfaces.
vsr running config# system fast-path limits
vsr running limits# svti-max-if <16-50000>
pppoe-max-channel¶
Maximum number of PPPoE channels.
vsr running config# system fast-path limits
vsr running limits# pppoe-max-channel <16-50000>
ipoe-max-session¶
Maximum number of IPoE sessions.
vsr running config# system fast-path limits
vsr running limits# ipoe-max-session <16-100000>
mpls-max-label¶
Maximum number of MPLS labels in a route.
vsr running config# system fast-path limits
vsr running limits# mpls-max-label <1-30>
mpls-max-route¶
Maximum number of pure MPLS routes.
vsr running config# system fast-path limits
vsr running limits# mpls-max-route <1-1048576>
mpls-max-lwt¶
Maximum number of MPLS lightweight tunnels. One is needed for each IP route doing MPLS encapsulation.
vsr running config# system fast-path limits
vsr running limits# mpls-max-lwt <1-1048576>
qos-max-schedulers¶
Maximum number of interfaces with QoS enabled.
vsr running config# system fast-path limits
vsr running limits# qos-max-schedulers <0-50000>
qos-max-filters¶
Maximum number of QoS filter rules.
vsr running config# system fast-path limits
vsr running limits# qos-max-filters <0-50000>
qos-max-classes¶
Maximum number of QoS classes.
vsr running config# system fast-path limits
vsr running limits# qos-max-classes <0-50000>
qos-max-policies¶
Maximum number of QoS policies.
vsr running config# system fast-path limits
vsr running limits# qos-max-policies <0-50000>
qos-max-selectors¶
Maximum number of QoS selectors.
vsr running config# system fast-path limits
vsr running limits# qos-max-selectors <0-50000>
bridge-max-if¶
Maximum number of bridge interfaces.
vsr running config# system fast-path limits
vsr running limits# bridge-max-if <1-50000>
bridge-max-ports¶
Maximum number of bridge slave ports.
vsr running config# system fast-path limits
vsr running limits# bridge-max-ports <1-50000>
bridge-max-fdb¶
Maximum number of bridge forwarding database entries.
vsr running config# system fast-path limits
vsr running limits# bridge-max-fdb <1-50000>
fp-max-conntracks¶
Maximum number of fast-path firewall conntracks.
vsr running config# system fast-path limits
vsr running limits# fp-max-conntracks <1-4294967295>
gtp-max-if¶
Maximum number of GTP interfaces.
vsr running config# system fast-path limits
vsr running limits# gtp-max-if <0-50000>
gtp-max-pdp¶
Maximum number of GTP tunnels the data plane can handle.
vsr running config# system fast-path limits
vsr running limits# gtp-max-pdp <1-100000000>
gtp-max-qos-flow¶
Maximum number of QoS policies that can be allocated globally.
vsr running config# system fast-path limits
vsr running limits# gtp-max-qos-flow <1-100000000>
gtp-max-qos-policy¶
Maximum number of GTP QoS policies that can be allocated globally.
vsr running config# system fast-path limits
vsr running limits# gtp-max-qos-policy <1-100000000>
tc-max-policers¶
Maximum number of tc policers.
vsr running config# system fast-path limits
vsr running limits# tc-max-policers <0-1000000>
fp-cur-if (state only)¶
Current number of interfaces. It includes physical ports and virtual interfaces like gre, vlan, …
vsr> show state system fast-path limits fp-cur-if
ip-cur-neigh (state only)¶
Current number of IPv4 and IPv6 neighbors.
vsr> show state system fast-path limits ip-cur-neigh
ip4-cur-addr (state only)¶
Current number of IPv4 addresses.
vsr> show state system fast-path limits ip4-cur-addr
ip4-cur-route (state only)¶
Current number of IPv4 routes.
vsr> show state system fast-path limits ip4-cur-route
ip4-cur-neigh (deprecated) (state only)¶
Attention
noneCurrent number of IPv4 neighbors.
vsr> show state system fast-path limits ip4-cur-neigh
ip6-cur-addr (state only)¶
Current number of IPv6 addresses.
vsr> show state system fast-path limits ip6-cur-addr
ip6-cur-route (state only)¶
Current number of IPv6 routes.
vsr> show state system fast-path limits ip6-cur-route
ip6-cur-neigh (deprecated) (state only)¶
Attention
noneCurrent number of IPv6 neighbors.
vsr> show state system fast-path limits ip6-cur-neigh
pbr-cur-rule (state only)¶
Current number of PBR rules.
vsr> show state system fast-path limits pbr-cur-rule
filter4-cur-rule (state only)¶
Current number of IPv4 Netfilter rules.
vsr> show state system fast-path limits filter4-cur-rule
filter6-cur-rule (state only)¶
Current number of IPv6 Netfilter rules.
vsr> show state system fast-path limits filter6-cur-rule
filter4-cur-ct (state only)¶
Current number of IPv4 Netfilter conntracks.
vsr> show state system fast-path limits filter4-cur-ct
filter6-cur-ct (state only)¶
Current number of IPv6 Netfilter conntracks.
vsr> show state system fast-path limits filter6-cur-ct
filter-cur-ipset (state only)¶
Current number of ipsets per VRF.
vsr> show state system fast-path limits filter-cur-ipset
vxlan-cur-port (state only)¶
Current number of (VXLAN destination port, VRF) pairs.
vsr> show state system fast-path limits vxlan-cur-port
vxlan-cur-if (state only)¶
Current number of VXLAN interfaces.
vsr> show state system fast-path limits vxlan-cur-if
vxlan-cur-fdb (state only)¶
Current number of VXLAN forwarding database entries.
vsr> show state system fast-path limits vxlan-cur-fdb
ipsec-cur-sp (state only)¶
Current number of IPv4 and IPv6 IPsec SPs.
vsr> show state system fast-path limits ipsec-cur-sp
ipsec-cur-sa (state only)¶
Current number of IPv4 and IPv6 IPsec SAs.
vsr> show state system fast-path limits ipsec-cur-sa
ip-cur-lpm-table (state only)¶
Current number of IPv4 and IPv6 tables.
vsr> show state system fast-path limits ip-cur-lpm-table
ip-cur-lpm-memory (state only)¶
unit: megabytes
Current amount of memory reserved for IPv4 and IPv6 LPM tree.
vsr> show state system fast-path limits ip-cur-lpm-memory
vlan-cur-if (state only)¶
Current number of VLAN interfaces.
vsr> show state system fast-path limits vlan-cur-if
vlan-lower-cur-if (state only)¶
Current number of interfaces supporting one or more vlan(s).
vsr> show state system fast-path limits vlan-lower-cur-if
macvlan-cur-if (state only)¶
Current number of MACVLAN (VRRP) interfaces.
vsr> show state system fast-path limits macvlan-cur-if
gre-cur-if (state only)¶
Current number of GRE interfaces.
vsr> show state system fast-path limits gre-cur-if
svti-cur-if (state only)¶
Current number of SVTI interfaces.
vsr> show state system fast-path limits svti-cur-if
pppoe-cur-channel (state only)¶
Current number of PPPoE interfaces.
vsr> show state system fast-path limits pppoe-cur-channel
ipoe-cur-session (state only)¶
Current number of IPoE sessions.
vsr> show state system fast-path limits ipoe-cur-session
mpls-cur-route (state only)¶
Current number of pure MPLS routes.
vsr> show state system fast-path limits mpls-cur-route
mpls-cur-lwt (state only)¶
Current number of MPLS lightweight tunnels. One is needed for each IP route doing MPLS encapsulation.
vsr> show state system fast-path limits mpls-cur-lwt
qos-cur-schedulers (state only)¶
Current number of interfaces with QoS enabled.
vsr> show state system fast-path limits qos-cur-schedulers
qos-cur-filters (state only)¶
Current number of QoS filter rules.
vsr> show state system fast-path limits qos-cur-filters
qos-cur-classes (state only)¶
Current number of QoS classes.
vsr> show state system fast-path limits qos-cur-classes
qos-cur-policies (state only)¶
Current number of QoS policies.
vsr> show state system fast-path limits qos-cur-policies
qos-cur-selectors (state only)¶
Current number of QoS selectors.
vsr> show state system fast-path limits qos-cur-selectors
bridge-cur-if (state only)¶
Current number of bridge interfaces.
vsr> show state system fast-path limits bridge-cur-if
bridge-cur-ports (state only)¶
Current number of bridge slave ports.
vsr> show state system fast-path limits bridge-cur-ports
bridge-cur-fdb (state only)¶
Current number of bridge forwarding database entries.
vsr> show state system fast-path limits bridge-cur-fdb
fp-cur-conntracks (state only)¶
Current number of fast-path firewall conntracks.
vsr> show state system fast-path limits fp-cur-conntracks
gtp-cur-if (state only)¶
Current number of GTP interfaces.
vsr> show state system fast-path limits gtp-cur-if
gtp-cur-pdp (state only)¶
Current number of GTP tunnels.
vsr> show state system fast-path limits gtp-cur-pdp
gtp-cur-qos-flow (state only)¶
Current number of GTP QoS flows.
vsr> show state system fast-path limits gtp-cur-qos-flow
gtp-cur-qos-policy (state only)¶
Current number of GTP QoS policies.
vsr> show state system fast-path limits gtp-cur-qos-policy
tc-cur-policers (state only)¶
Current number of tc policers.
vsr> show state system fast-path limits tc-cur-policers
cg-nat¶
Fast path cg-nat configuration.
vsr running config# system fast-path limits cg-nat
max-conntracks (deprecated)¶
Attention
/ system fast-path limits fp-max-conntracksMaximum number of tracked connections.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-conntracks <1-4294967295>
max-nat-entries (deprecated)¶
Attention
max-natMaximum number of NAT translations.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-nat-entries <1-4294967295>
max-nat¶
Maximum number of NAT translations.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-nat <1-4294967295>
max-users¶
Maximum number of users.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-users <1-4294967295>
max-blocks¶
Maximum number of blocks.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-blocks <1-4294967295>
min-block-size¶
Minimun number of ports per block.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# min-block-size <8-65535>
max-block-size¶
Maximum number of ports per block.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-block-size <1-65535>
max-pools¶
Maximum number of pools.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-pools <uint32>
max-rules¶
Maximum number of rules.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-rules <uint32>
max-block-translation-ips¶
Maximum number of IPs translation for block allocation mode.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-block-translation-ips <uint32>
max-port-translation-ips¶
Maximum number of IPs translation for port allocation mode.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-port-translation-ips <uint32>
max-port-overloading-factor¶
Maximum port factor multiplier supported.
vsr running config# system fast-path limits cg-nat
vsr running cg-nat# max-port-overloading-factor MAX-PORT-OVERLOADING-FACTOR
|
Description |
|---|---|
|
Port factor is not supported. |
|
Maximal port factor of 2. |
|
Maximal port factor of 4. |
|
Maximal port factor of 8. |
|
Maximal port factor of 16. |
|
Maximal port factor of 32. |
|
Maximal port factor of 64. |
|
Maximal port factor of 128. |
cur-nat (state only)¶
Current number of NAT translations.
vsr> show state system fast-path limits cg-nat cur-nat
cur-users (state only)¶
Current number of users.
vsr> show state system fast-path limits cg-nat cur-users
cur-blocks (state only)¶
Current number of blocks.
vsr> show state system fast-path limits cg-nat cur-blocks
cur-pools (state only)¶
Current number of pools.
vsr> show state system fast-path limits cg-nat cur-pools
cur-rules (state only)¶
Current number of rules.
vsr> show state system fast-path limits cg-nat cur-rules
cur-block-translation-ips (state only)¶
Current number IPs translation for block allocation mode.
vsr> show state system fast-path limits cg-nat cur-block-translation-ips
cur-port-translation-ips (state only)¶
Current number IPs translation for port allocation mode.
vsr> show state system fast-path limits cg-nat cur-port-translation-ips
fp-firewall¶
Fp-firewall configuration.
vsr running config# system fast-path limits fp-firewall
max-rules¶
Current number of rules.
vsr running config# system fast-path limits fp-firewall
vsr running fp-firewall# max-rules <1-4294967295>
max-network-groups¶
Maximun number of network groups.
vsr running config# system fast-path limits fp-firewall
vsr running fp-firewall# max-network-groups <1-4294967295>
max-networks¶
Maximun number of networks.
vsr running config# system fast-path limits fp-firewall
vsr running fp-firewall# max-networks <1-4294967295>
cur-rules (state only)¶
Current number of rules.
vsr> show state system fast-path limits fp-firewall cur-rules
cur-network-groups (state only)¶
Current number of network groups.
vsr> show state system fast-path limits fp-firewall cur-network-groups
cur-networks (state only)¶
Current number of networks.
vsr> show state system fast-path limits fp-firewall cur-networks
linux-sync¶
Advanced tuning for fast path / Linux synchronization.
vsr running config# system fast-path linux-sync
fpm-socket-size¶
unit: bytes
Buffer size of the socket used to communicate between the cache manager and the fast path manager.
vsr running config# system fast-path linux-sync
vsr running linux-sync# fpm-socket-size <4096-268435456>
- Default value
2097152
nl-socket-size¶
unit: bytes
Buffer size of the cache manager netlink socket.
vsr running config# system fast-path linux-sync
vsr running linux-sync# nl-socket-size <4096-268435456>
- Default value
67108864
ipset-dump-delay¶
unit: seconds
Delay period for polling the ipset content.
vsr running config# system fast-path linux-sync
vsr running linux-sync# ipset-dump-delay <uint32>
- Default value
1
disable¶
Disable synchronization for specific modules.
vsr running config# system fast-path linux-sync
vsr running linux-sync# disable DISABLE
|
Description |
|---|---|
|
Disable BPF synchronization (used by traffic capture). |
|
Disable bridge interface synchronization. |
|
Disable connection tracking synchronization. |
|
Disable firewall synchronization. |
|
Disable GRE interface synchronization. |
|
Disable IP in IP interface synchronization. |
|
Disable IPsec synchronization. |
|
Disable IPv4 ipset synchronization (used by firewall IPv4 address/network groups). |
|
Disable IPv6 ipset synchronization (used by firewall IPv6 address/network groups). |
|
Disable IPv6 synchronization. |
|
Disable LAG interface synchronization. |
|
Disable MACVLAN interface synchronization (used by VRRP). |
|
Disable MPLS synchronization. |
|
Disable NAT synchronization. |
|
Disable SVTI interface synchronization. |
|
Disable VLAN interface synchronization. |
|
Disable VXLAN interface synchronization. |
mirror-traffic¶
Mirror traffic.
vsr running config# system fast-path mirror-traffic
from¶
The source of mirroring.
vsr running config# system fast-path mirror-traffic
vsr running mirror-traffic# from interface <interface> vrf <vrf> type <type> \
... to interface INTERFACE vrf VRF
|
An interface name. |
|
Description |
|---|---|
|
The main vrf. |
|
The vrf name. |
|
Description |
|---|---|
|
The type of traffic to mirror. |
|
Mirror only incoming traffic. |
|
Mirror only outgoing traffic. |
|
Mirror both incoming and outgoing traffic. |