3.2.4. system

Global system configuration.

vsr running config# system

hostname

The hostname of the device – should be a single domain label, without the domain.

vsr running config# system
vsr running system# hostname HOSTNAME

HOSTNAME values

Description

<domain-name>{1,253}

The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

<domain-name>{1,253}

The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

cp-mask

Note

requires a Product License.

Cores on which control plane applications run.

vsr running config# system
vsr running system# cp-mask CP-MASK

CP-MASK values

Description

default

Use all cores except fast path ones for control plane.

<coremask>

A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’.

Default value
default

timezone

The timezone of the device.

vsr running config# system
vsr running system# timezone TIMEZONE

TIMEZONE values

Description

UTC

Coordinated Universal Time.

GMT

Greenwich Mean Time.

Antarctica/McMurdo

McMurdo Station, Ross Island

Antarctica/South_Pole

Amundsen-Scott Station, South Pole

Antarctica/Rothera

Rothera Station, Adelaide Island

Antarctica/Palmer

Palmer Station, Anvers Island

Antarctica/Mawson

Mawson Station, Holme Bay

Antarctica/Davis

Davis Station, Vestfold Hills

Antarctica/Casey

Casey Station, Bailey Peninsula

Antarctica/Vostok

Vostok Station, Lake Vostok

Antarctica/DumontDUrville

Dumont-d’Urville Station, Terre Adelie

Antarctica/Syowa

Syowa Station, E Ongul I

Antarctica/Macquarie

Macquarie Island Station, Macquarie Island

America/Argentina/Buenos_Aires

Buenos Aires (BA, CF)

America/Argentina/Cordoba

most locations (CB, CC, CN, ER, FM, MN, SE, SF)

America/Argentina/Salta

(SA, LP, NQ, RN)

America/Argentina/Jujuy

Jujuy (JY)

America/Argentina/Tucuman

Tucuman (TM)

America/Argentina/Catamarca

Catamarca (CT), Chubut (CH)

America/Argentina/La_Rioja

La Rioja (LR)

America/Argentina/San_Juan

San Juan (SJ)

America/Argentina/Mendoza

Mendoza (MZ)

America/Argentina/San_Luis

San Luis (SL)

America/Argentina/Rio_Gallegos

Santa Cruz (SC)

America/Argentina/Ushuaia

Tierra del Fuego (TF)

Australia/Lord_Howe

Lord Howe Island

Australia/Hobart

Tasmania - most locations

Australia/Currie

Tasmania - King Island

Australia/Melbourne

Victoria

Australia/Sydney

New South Wales - most locations

Australia/Broken_Hill

New South Wales - Yancowinna

Australia/Brisbane

Queensland - most locations

Australia/Lindeman

Queensland - Holiday Islands

Australia/Adelaide

South Australia

Australia/Darwin

Northern Territory

Australia/Perth

Western Australia - most locations

Australia/Eucla

Western Australia - Eucla area

America/Noronha

Atlantic islands

America/Belem

Amapa, E Para

America/Fortaleza

NE Brazil (MA, PI, CE, RN, PB)

America/Recife

Pernambuco

America/Araguaina

Tocantins

America/Maceio

Alagoas, Sergipe

America/Bahia

Bahia

America/Sao_Paulo

S & SE Brazil (GO, DF, MG, ES, RJ, SP, PR, SC, RS)

America/Campo_Grande

Mato Grosso do Sul

America/Cuiaba

Mato Grosso

America/Santarem

W Para

America/Porto_Velho

Rondonia

America/Boa_Vista

Roraima

America/Manaus

E Amazonas

America/Eirunepe

W Amazonas

America/Rio_Branco

Acre

America/St_Johns

Newfoundland Time, including SE Labrador

America/Halifax

Atlantic Time - Nova Scotia (most places), PEI

America/Glace_Bay

Atlantic Time - Nova Scotia - places that did not observe DST 1966-1971

America/Moncton

Atlantic Time - New Brunswick

America/Goose_Bay

Atlantic Time - Labrador - most locations

America/Blanc-Sablon

Atlantic Standard Time - Quebec - Lower North Shore

America/Montreal

Eastern Time - Quebec - most locations

America/Toronto

Eastern Time - Ontario - most locations

America/Nipigon

Eastern Time - Ontario & Quebec - places that did not observe DST 1967-1973

America/Thunder_Bay

Eastern Time - Thunder Bay, Ontario

America/Iqaluit

Eastern Time - east Nunavut - most locations

America/Pangnirtung

Eastern Time - Pangnirtung, Nunavut

America/Resolute

Central Standard Time - Resolute, Nunavut

America/Atikokan

Eastern Standard Time - Atikokan, Ontario and Southampton I, Nunavut

America/Rankin_Inlet

Central Time - central Nunavut

America/Winnipeg

Central Time - Manitoba & west Ontario

America/Rainy_River

Central Time - Rainy River & Fort Frances, Ontario

America/Regina

Central Standard Time - Saskatchewan - most locations

America/Swift_Current

Central Standard Time - Saskatchewan - midwest

America/Edmonton

Mountain Time - Alberta, east British Columbia & west Saskatchewan

America/Cambridge_Bay

Mountain Time - west Nunavut

America/Yellowknife

Mountain Time - central Northwest Territories

America/Inuvik

Mountain Time - west Northwest Territories

America/Creston

Mountain Standard Time - Creston, British Columbia

America/Dawson_Creek

Mountain Standard Time - Dawson Creek & Fort Saint John, British Columbia

America/Vancouver

Pacific Time - west British Columbia

America/Whitehorse

Pacific Time - south Yukon

America/Dawson

Pacific Time - north Yukon

Africa/Kinshasa

west Dem. Rep. of Congo

Africa/Lubumbashi

east Dem. Rep. of Congo

America/Santiago

most locations

Pacific/Easter

Easter Island & Sala y Gomez

Asia/Shanghai

east China - Beijing, Guangdong, Shanghai, etc.

Asia/Harbin

Heilongjiang (except Mohe), Jilin

Asia/Chongqing

central China - Sichuan, Yunnan, Guangxi, Shaanxi, Guizhou, etc.

Asia/Urumqi

most of Tibet & Xinjiang

Asia/Kashgar

west Tibet & Xinjiang

America/Guayaquil

mainland

Pacific/Galapagos

Galapagos Islands

Europe/Madrid

mainland

Africa/Ceuta

Ceuta & Melilla

Atlantic/Canary

Canary Islands

Pacific/Chuuk

Chuuk (Truk) and Yap

Pacific/Pohnpei

Pohnpei (Ponape)

Pacific/Kosrae

Kosrae

America/Godthab

most locations

America/Danmarkshavn

east coast, north of Scoresbysund

America/Scoresbysund

Scoresbysund / Ittoqqortoormiit

America/Thule

Thule / Pituffik

Asia/Jakarta

Java & Sumatra

Asia/Pontianak

west & central Borneo

Asia/Makassar

east & south Borneo, Sulawesi (Celebes), Bali, Nusa Tengarra, west Timor

Asia/Jayapura

west New Guinea (Irian Jaya) & Malukus (Moluccas)

Pacific/Tarawa

Gilbert Islands

Pacific/Enderbury

Phoenix Islands

Pacific/Kiritimati

Line Islands

Asia/Almaty

most locations

Asia/Qyzylorda

Qyzylorda (Kyzylorda, Kzyl-Orda)

Asia/Aqtobe

Aqtobe (Aktobe)

Asia/Aqtau

Atyrau (Atirau, Gur’yev), Mangghystau (Mankistau)

Asia/Oral

West Kazakhstan

Pacific/Majuro

most locations

Pacific/Kwajalein

Kwajalein

Asia/Ulaanbaatar

most locations

Asia/Hovd

Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan

Asia/Choibalsan

Dornod, Sukhbaatar

America/Mexico_City

Central Time - most locations

America/Cancun

Central Time - Quintana Roo

America/Merida

Central Time - Campeche, Yucatan

America/Monterrey

Mexican Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas away from US border

America/Matamoros

US Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas near US border

America/Mazatlan

Mountain Time - S Baja, Nayarit, Sinaloa

America/Chihuahua

Mexican Mountain Time - Chihuahua away from US border

America/Ojinaga

US Mountain Time - Chihuahua near US border

America/Hermosillo

Mountain Standard Time - Sonora

America/Tijuana

US Pacific Time - Baja California near US border

America/Santa_Isabel

Mexican Pacific Time - Baja California away from US border

America/Bahia_Banderas

Mexican Central Time - Bahia de Banderas

Asia/Kuala_Lumpur

peninsular Malaysia

Asia/Kuching

Sabah & Sarawak

Pacific/Auckland

most locations

Pacific/Chatham

Chatham Islands

Pacific/Tahiti

Society Islands

Pacific/Marquesas

Marquesas Islands

Pacific/Gambier

Gambier Islands

Asia/Gaza

Gaza Strip

Asia/Hebron

West Bank

Europe/Lisbon

mainland

Atlantic/Madeira

Madeira Islands

Atlantic/Azores

Azores

Europe/Kaliningrad

Moscow-01 - Kaliningrad

Europe/Moscow

Moscow+00 - west Russia

Europe/Volgograd

Moscow+00 - Caspian Sea

Europe/Samara

Moscow+00 - Samara, Udmurtia

Asia/Yekaterinburg

Moscow+02 - Urals

Asia/Omsk

Moscow+03 - west Siberia

Asia/Novosibirsk

Moscow+03 - Novosibirsk

Asia/Novokuznetsk

Moscow+03 - Novokuznetsk

Asia/Krasnoyarsk

Moscow+04 - Yenisei River

Asia/Irkutsk

Moscow+05 - Lake Baikal

Asia/Yakutsk

Moscow+06 - Lena River

Asia/Vladivostok

Moscow+07 - Amur River

Asia/Sakhalin

Moscow+07 - Sakhalin Island

Asia/Magadan

Moscow+08 - Magadan

Asia/Kamchatka

Moscow+08 - Kamchatka

Asia/Anadyr

Moscow+08 - Bering Sea

Europe/Kiev

most locations

Europe/Uzhgorod

Ruthenia

Europe/Zaporozhye

Zaporozh’ye, E Lugansk / Zaporizhia, E Luhansk

Europe/Simferopol

central Crimea

Pacific/Johnston

Johnston Atoll

Pacific/Midway

Midway Islands

Pacific/Wake

Wake Island

America/New_York

Eastern Time

America/Detroit

Eastern Time - Michigan - most locations

America/Kentucky/Louisville

Eastern Time - Kentucky - Louisville area

America/Kentucky/Monticello

Eastern Time - Kentucky - Wayne County

America/Indiana/Indianapolis

Eastern Time - Indiana - most locations

America/Indiana/Vincennes

Eastern Time - Indiana - Daviess, Dubois, Knox & Martin Counties

America/Indiana/Winamac

Eastern Time - Indiana - Pulaski County

America/Indiana/Marengo

Eastern Time - Indiana - Crawford County

America/Indiana/Petersburg

Eastern Time - Indiana - Pike County

America/Indiana/Vevay

Eastern Time - Indiana - Switzerland County

America/Chicago

Central Time

America/Indiana/Tell_City

Central Time - Indiana - Perry County

America/Indiana/Knox

Central Time - Indiana - Starke County

America/Menominee

Central Time - Michigan - Dickinson, Gogebic, Iron & Menominee Counties

America/North_Dakota/Center

Central Time - North Dakota - Oliver County

America/North_Dakota/New_Salem

Central Time - North Dakota - Morton County (except Mandan area)

America/North_Dakota/Beulah

Central Time - North Dakota - Mercer County

America/Denver

Mountain Time

America/Boise

Mountain Time - south Idaho & east Oregon

America/Shiprock

Mountain Time - Navajo

America/Phoenix

Mountain Standard Time - Arizona

America/Los_Angeles

Pacific Time

America/Anchorage

Alaska Time

America/Juneau

Alaska Time - Alaska panhandle

America/Sitka

Alaska Time - southeast Alaska panhandle

America/Yakutat

Alaska Time - Alaska panhandle neck

America/Nome

Alaska Time - west Alaska

America/Adak

Aleutian Islands

America/Metlakatla

Metlakatla Time - Annette Island

Pacific/Honolulu

Hawaii

Asia/Samarkand

west Uzbekistan

Asia/Tashkent

east Uzbekistan

Europe/Andorra|Asia/Dubai|Asia/Kabul|America/Antigua|America/Anguilla|Europe/Tirane|Asia/Yerevan|Africa/Luanda|Pacific/Pago_Pago|Europe/Vienna|America/Aruba|Europe/Mariehamn|Asia/Baku|Europe/Sarajevo|America/Barbados|Asia/Dhaka|Europe/Brussels|Africa/Ouagadougou|Europe/Sofia|Asia/Bahrain|Africa/Bujumbura|Africa/Porto-Novo|America/St_Barthelemy|Atlantic/Bermuda|Asia/Brunei|America/La_Paz|America/Kralendijk|America/Nassau|Asia/Thimphu|Africa/Gaborone|Europe/Minsk|America/Belize|Indian/Cocos|Africa/Bangui|Africa/Brazzaville|Europe/Zurich|Africa/Abidjan|Pacific/Rarotonga|Africa/Douala|America/Bogota|America/Costa_Rica|America/Havana|Atlantic/Cape_Verde|America/Curacao|Indian/Christmas|Asia/Nicosia|Europe/Prague|Europe/Berlin|Africa/Djibouti|Europe/Copenhagen|America/Dominica|America/Santo_Domingo|Africa/Algiers|Europe/Tallinn|Africa/Cairo|Africa/El_Aaiun|Africa/Asmara|Africa/Addis_Ababa|Europe/Helsinki|Pacific/Fiji|Atlantic/Stanley|Atlantic/Faroe|Europe/Paris|Africa/Libreville|Europe/London|America/Grenada|Asia/Tbilisi|America/Cayenne|Europe/Guernsey|Africa/Accra|Europe/Gibraltar|Africa/Banjul|Africa/Conakry|America/Guadeloupe|Africa/Malabo|Europe/Athens|Atlantic/South_Georgia|America/Guatemala|Pacific/Guam|Africa/Bissau|America/Guyana|Asia/Hong_Kong|America/Tegucigalpa|Europe/Zagreb|America/Port-au-Prince|Europe/Budapest|Asia/Jerusalem|Europe/Isle_of_Man|Asia/Kolkata|Indian/Chagos|Asia/Baghdad|Asia/Tehran|Atlantic/Reykjavik|Europe/Rome|Europe/Jersey|America/Jamaica|Asia/Amman|Asia/Tokyo|Africa/Nairobi|Asia/Bishkek|Asia/Phnom_Penh|Indian/Comoro|America/St_Kitts|Asia/Pyongyang|Asia/Seoul|Asia/Kuwait|America/Cayman|Asia/Vientiane|Asia/Beirut|America/St_Lucia|Europe/Vaduz|Asia/Colombo|Africa/Monrovia|Africa/Maseru|Europe/Vilnius|Europe/Luxembourg|Europe/Riga|Africa/Tripoli|Africa/Casablanca|Europe/Monaco|Europe/Chisinau|Europe/Podgorica|America/Marigot|Indian/Antananarivo|Europe/Skopje|Africa/Bamako|Asia/Rangoon|Asia/Macau|Pacific/Saipan|America/Martinique|Africa/Nouakchott|America/Montserrat|Europe/Malta|Indian/Mauritius|Indian/Maldives|Africa/Blantyre|Africa/Maputo|Pacific/Noumea|Africa/Niamey|Pacific/Norfolk|Africa/Lagos|America/Managua|Europe/Amsterdam|Europe/Oslo|Asia/Kathmandu|Pacific/Nauru|Pacific/Niue|Asia/Muscat|America/Panama|America/Lima|Pacific/Port_Moresby|Asia/Manila|Asia/Karachi|Europe/Warsaw|America/Miquelon|Pacific/Pitcairn|America/Puerto_Rico|Pacific/Palau|America/Asuncion|Asia/Qatar|Indian/Reunion|Europe/Bucharest|Europe/Belgrade|Africa/Kigali|Asia/Riyadh|Pacific/Guadalcanal|Indian/Mahe|Africa/Khartoum|Europe/Stockholm|Asia/Singapore|Atlantic/St_Helena|Europe/Ljubljana|Arctic/Longyearbyen|Europe/Bratislava|Africa/Freetown|Europe/San_Marino|Africa/Dakar|Africa/Mogadishu|America/Paramaribo|Africa/Juba|Africa/Sao_Tome|America/El_Salvador|America/Lower_Princes|Asia/Damascus|Africa/Mbabane|America/Grand_Turk|Africa/Ndjamena|Indian/Kerguelen|Africa/Lome|Asia/Bangkok|Asia/Dushanbe|Pacific/Fakaofo|Asia/Dili|Asia/Ashgabat|Africa/Tunis|Pacific/Tongatapu|Europe/Istanbul|America/Port_of_Spain|Pacific/Funafuti|Asia/Taipei|Africa/Dar_es_Salaam|Africa/Kampala|America/Montevideo|Europe/Vatican|America/St_Vincent|America/Caracas|America/Tortola|America/St_Thomas|Asia/Ho_Chi_Minh|Pacific/Efate|Pacific/Wallis|Pacific/Apia|Asia/Aden|Indian/Mayotte|Africa/Johannesburg|Africa/Lusaka|Africa/Harare

A timezone location as defined by the IANA timezone database (http://www.iana.org/time-zones)

date (state only)

The local time of the device.

vsr> show state system date

troubleshooting-report (state only) (pushed)

The existing troubleshooting reports available on the system.

vsr> show state system troubleshooting-report

traffic-capture (state only) (pushed)

The existing traffic captures available on the system.

vsr> show state system traffic-capture

network-stack

Note

requires a Product License.

Network stack parameters.

vsr running config# system network-stack

bridge

Bridge default parameters.

vsr running config# system network-stack bridge

call-ipv4-filtering

Call IPv4 filtering hooks on bridges.

vsr running config# system network-stack bridge
vsr running bridge# call-ipv4-filtering true|false
Default value
false

call-ipv6-filtering

Call IPv6 filtering hooks on bridges.

vsr running config# system network-stack bridge
vsr running bridge# call-ipv6-filtering true|false
Default value
false

icmp

ICMP default parameters.

vsr running config# system network-stack icmp

ignore-icmp-echo-broadcast

Ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast or multicast.

vsr running config# system network-stack icmp
vsr running icmp# ignore-icmp-echo-broadcast true|false
Default value
false

rate-limit-icmp

unit: milliseconds

The minimum time space that separates the sending of two consecutive ICMP packets. By default, such space is 1000 ms.

vsr running config# system network-stack icmp
vsr running icmp# rate-limit-icmp <0-1000>
Default value
1000

rate-mask-icmp

Mask made of ICMP types for which rates are being limited.

vsr running config# system network-stack icmp
vsr running icmp# rate-mask-icmp RATE-MASK-ICMP

RATE-MASK-ICMP values

Description

echo-reply

Echo Reply.

destination-unreachable

Destination Unreachable.

source-quench

Source Quench.

redirect

Redirect.

echo-request

Echo Request.

time-exceeded

Time Exceeded.

parameter-problem

Parameter Problem.

timestamp-request

Timestamp Request.

timestamp-reply

Timestamp Reply.

info-request

Info Request.

info-reply

Info Reply.

address-mask-request

Address Mask Request.

address-mask-reply

Address Mask Reply.

Default value
destination-unreachable source-quench time-exceeded parameter-problem

ipv4

IPv4 default parameters.

vsr running config# system network-stack ipv4

forwarding

Enable IP forwarding.

vsr running config# system network-stack ipv4
vsr running ipv4# forwarding true|false
Default value
true

send-redirects

Send ICMP redirect if host is on the same network than gateway.

vsr running config# system network-stack ipv4
vsr running ipv4# send-redirects true|false
Default value
true

accept-redirects

Accept redirect when acting as a host. It is always disabled when acting as a router.

vsr running config# system network-stack ipv4
vsr running ipv4# accept-redirects true|false
Default value
false

accept-source-route

Accept packets with source route option.

vsr running config# system network-stack ipv4
vsr running ipv4# accept-source-route true|false
Default value
false

arp-announce

Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface. Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender’s information.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-announce ARP-ANNOUNCE

ARP-ANNOUNCE values

Description

any

Use any local address, configured on any interface.

avoid-not-in-subnet

Try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2, ‘best-local’.

best-local

Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce.

Default value
any

arp-filter

Allows to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP’d IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-filter true|false
Default value
false

arp-ignore

Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-ignore ARP-IGNORE

ARP-IGNORE values

Description

any

Reply for any local target IP address, configured on any interface.

check-interface

Reply only if the target IP address is local address configured on the incoming interface.

check-interface-and-subnet

Reply only if the target IP address is local address configured on the incoming interface and both with the sender’s IP address are part from same subnet on this interface.

ignore-scope

Do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied.

ignore-all

Do not reply for all local addresses.

Default value
any

arp-proxy

Enable ARP proxy.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-proxy true|false
Default value
false

log-invalid-addresses

Log packets with impossible addresses.

vsr running config# system network-stack ipv4
vsr running ipv4# log-invalid-addresses true|false
Default value
false

ipv6

IPv6 default parameters.

vsr running config# system network-stack ipv6

forwarding

Enable IPv6 forwarding.

vsr running config# system network-stack ipv6
vsr running ipv6# forwarding true|false
Default value
true

max-cached-routes

Maximum number of ipv6 cached routes.

vsr running config# system network-stack ipv6
vsr running ipv6# max-cached-routes <uint32>

autoconfiguration

Autoconfigure addresses using Prefix Information in Router Advertisements.

vsr running config# system network-stack ipv6
vsr running ipv6# autoconfiguration true|false
Default value
true

accept-duplicate-address-detection

Accept Duplicate Address Detection (DAD).

vsr running config# system network-stack ipv6
vsr running ipv6# accept-duplicate-address-detection ACCEPT-DUPLICATE-ADDRESS-DETECTION

ACCEPT-DUPLICATE-ADDRESS-DETECTION values

Description

never

Disable DAD.

always

Enable DAD.

disable-ipv6-on-dad-fail

Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found.

Default value
always

accept-router-advert

Accept Router Advertisements.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-router-advert ACCEPT-ROUTER-ADVERT

ACCEPT-ROUTER-ADVERT values

Description

never

Do not accept Router Advertisements.

norouter-mode

Accept Router Advertisements if forwarding is disabled.

always

Accept Router Advertisements even if forwarding is enabled.

Default value
never

accept-redirects

Accept redirect when acting as a host. It is always disabled when acting as a router.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-redirects true|false
Default value
false

accept-segment-routing

Accept Segment Routing IPv6 packets.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-segment-routing true|false
Default value
false

accept-source-route

Accept packets with source route option.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-source-route true|false
Default value
false

router-solicitations

Number of Router Solicitations to send until assuming no routers are present.

vsr running config# system network-stack ipv6
vsr running ipv6# router-solicitations <-1-8192>
Default value
-1

use-temporary-addresses

Preference for Privacy Extensions (RFC4941). Not applied to point-to- point and loopback devices (always 0).

vsr running config# system network-stack ipv6
vsr running ipv6# use-temporary-addresses USE-TEMPORARY-ADDRESSES

USE-TEMPORARY-ADDRESSES values

Description

never

Disable Privacy Extensions, i.e. use the public address, subnet prefix/interface id, where interface id is always the same.

prefer-public-addresses

Enable Privacy Extensions, but prefer public addresses over temporary addresses.

always

Enable Privacy Extensions and prefer temporary addresses over public addresses.

Default value
never

neighbor

Neighbor advanced configuration.

vsr running config# system network-stack neighbor

ipv4-max-entries

Maximum number of IPv4 neighbors.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-max-entries <16-400000>

ipv6-max-entries

Maximum number of IPv6 neighbors.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-max-entries <16-400000>

ipv4-base-reachable-time

unit: seconds

Time during which an IPv4 neighbor entry stays reachable.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-base-reachable-time <uint32>

ipv6-base-reachable-time

unit: seconds

Time during which an IPv6 neighbor entry stays reachable.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-base-reachable-time <uint32>

conntrack

Conntrack advanced configuration.

vsr running config# system network-stack conntrack

max-entries

Maximum number of Netfilter conntracks.

vsr running config# system network-stack conntrack
vsr running conntrack# max-entries <16-10000000>

tcp-timeout-close

Conntrack TCP timeout close.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close <0-8589934>

tcp-timeout-close-wait

Conntrack TCP timeout close wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close-wait <0-8589934>

tcp-timeout-established

Conntrack TCP timeout established.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-established <0-8589934>

tcp-timeout-fin-wait

Conntrack TCP timeout fin wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-fin-wait <0-8589934>

tcp-timeout-last-ack

Conntrack TCP timeout last ack.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-last-ack <0-8589934>

tcp-timeout-max-retrans

Conntrack TCP timeout max retrans.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-max-retrans <0-8589934>

tcp-timeout-syn-recv

Conntrack TCP timeout syn recv.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-recv <0-8589934>

tcp-timeout-syn-sent

Conntrack TCP timeout syn sent.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-sent <0-8589934>

tcp-timeout-time-wait

Conntrack TCP timeout time wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-time-wait <0-8589934>

tcp-timeout-unacknowledged

Conntrack TCP timeout unacknowledged.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-unacknowledged <0-8589934>

udp-timeout

Conntrack UDP timeout.

vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout <0-8589934>

udp-timeout-stream

Conntrack UDP timeout stream.

vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout-stream <0-8589934>

fast-path

Fast path network global configuration.

vsr running config# system network-stack fast-path

alg

Set Application-level gateway (ALG) configuration.

vsr running config# system network-stack fast-path alg <alg>

<alg> values

Description

ftp

Set FTP ALG.

h323_ras

Set H323 RAS ALG.

h323_q931

Set H323 Q931 ALG.

pptp

Set PPTP ALG.

rtsp

Set RTSP ALG.

sip-tcp

Set SIP on TCP ALG.

sip-udp

Set SIP on TCP ALG.

tftp

Set TFTP ALG.

dns

Set DNS ALG.

port

Set ALG port.

vsr running config# system network-stack fast-path alg <alg>
vsr running alg <alg># port <uint16>
session-timeout

Set ALG session timeout.

vsr running config# system network-stack fast-path alg <alg>
vsr running alg <alg># session-timeout <uint32>

conntrack

Conntrack options.

vsr running config# system network-stack fast-path conntrack
behavior

Specific TCP options.

vsr running config# system network-stack fast-path conntrack
vsr running conntrack# behavior <behavior> enabled true|false

<behavior> values

Description

tcp-window-check

TCP window check.

tcp-rst-strict-order

TCP rst strict order.

enabled (mandatory)

Enable option.

enabled true|false
timeouts

Timeouts for the different events/protocols.

vsr running config# system network-stack fast-path conntrack timeouts
icmp

Conntrack options for ICMP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# icmp <icmp> <uint32>

<icmp> values

Description

new

State NEW.

established

State ESTABLISHED.

closed

State CLOSED.

<uint32> (mandatory)

Timeout in seconds.

<uint32>
udp

Conntrack options for UDP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# udp <udp> <uint32>

<udp> values

Description

new

State NEW.

established

State ESTABLISHED.

closed

State CLOSED.

<uint32> (mandatory)

Timeout in seconds.

<uint32>
gre-pptp

Conntrack options for GRE-PPTP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# gre-pptp <gre-pptp> <uint32>

<gre-pptp> values

Description

new

State NEW.

established

State ESTABLISHED.

closed

State CLOSED.

<uint32> (mandatory)

Timeout in seconds.

<uint32>
tcp

Conntrack options for TCP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# tcp <tcp> <uint32>

<tcp> values

Description

syn-sent

State SYN-SENT.

simsyn-sent

State SIMSYN-SENT.

syn-received

State SYN-RECEIVED.

established

State ESTABLISHED.

fin-sent

State FIN-SENT.

fin-received

State FIN-RECEIVED.

closed

State CLOSED.

close-wait

State CLOSE-WAIT.

fin-wait

State FIN-WAIT.

last-ack

State LAST-ACK.

time-wait

State TIME-WAIT.

<uint32> (mandatory)

Timeout in seconds.

<uint32>
nat64

NAT64 conntrack options.

vsr running config# system network-stack fast-path conntrack nat64
option

Specific NAT64 options.

vsr running config# system network-stack fast-path conntrack nat64
vsr running nat64# option <option> true|false

<option> values

Description

update-tcp-mss

Enable/Disable TCP MSS update.

drop-udp-zero-checksum

Enable/Disable UDP null checksum packet drops.

force-frag-ipv4

Fragment IPv4 packets (with DF flag) if the MTU is too small.

force-frag-ipv6

Fragment IPv6 packets if the MTU is too small.

true|false (mandatory)

Option state.

true|false
mtu

NAT64 lowest IPv6 mtu configuration.

vsr running config# system network-stack fast-path conntrack nat64
vsr running nat64# mtu <mtu> <uint16>

<mtu>

Set lowest IPv6 MTU.

<uint16> (mandatory)

MTU (0 to fragment packet according to the MTU of the output interface).

<uint16>

audit-trail

Audit trail configuration.

vsr running config# system audit-trail

enabled (pushed)

Enable audit trails.

vsr running config# system audit-trail
vsr running audit-trail# enabled true|false
Default value
true

max-file-count

unit: bytes

Number of files to keep. The following files will be deleted.

vsr running config# system audit-trail
vsr running audit-trail# max-file-count <int32>
Default value
200

max-file-size

Max log size before rotating.

vsr running config# system audit-trail
vsr running audit-trail# max-file-size <int32>
Default value
1048576

uptime (state only)

The system uptime.

value (state only)

unit: seconds

The value in seconds.

vsr> show state system uptime value

string (state only)

A human readable value (e.g DD days, HH:mm:ss).

vsr> show state system uptime string

installed-image (state only)

The list of installed images.

version (state only)

The version of the image.

vsr> show state system installed-image <string> version

current (state only)

The image is currently booted.

vsr> show state system installed-image <string> current

default (state only)

The image is booted by default.

vsr> show state system installed-image <string> default

next (state only)

The next reboot will use this image.

vsr> show state system installed-image <string> next

confirm-pending (state only) (pushed)

The system will reboot on the default image, unless the user executes a cmd system-image set-default command.

vsr> show state system installed-image <string> confirm-pending

aws

Note

requires a Product License.

AWS configuration.

vsr running config# system aws

account-id (state only)

The identifier of the AWS account that launched the instance.

vsr> show state system aws account-id

architecture (state only)

The architecture of the AMI used to launch the instance.

vsr> show state system aws architecture

availability-zone (state only)

The availability zone in which the instance is running.

vsr> show state system aws availability-zone

image-id (state only)

The identifier of the AMI used to launch the instance.

vsr> show state system aws image-id

instance-id (state only)

The identifier of the instance.

vsr> show state system aws instance-id

instance-type (state only)

The type of the instance.

vsr> show state system aws instance-type

private-ip (state only)

The private IPv4 address of the instance.

vsr> show state system aws private-ip

region (state only)

The region in which the instance is running.

vsr> show state system aws region

ha-notification

Specify AWS configuration changes when HA group state switch to master.

vsr running config# system aws ha-notification

group

The HA group to monitor.

vsr running config# system aws ha-notification group <leafref>

<leafref>

The name of the HA group to monitor.

assign-private-ip

Assign a private IP to an interface of the AWS VPC when HA group is active.

vsr running config# system aws ha-notification group <leafref>
vsr running group <leafref># assign-private-ip ip <ip> interface <leafref> vrf <leafref>

<ip>

An IPv4 address.

<leafref>

The interface on which the virtual IP is set.

<leafref>

The vrf where the interface is located.

change-route

Change a route on the AWS VPC when HA group is active.

vsr running config# system aws ha-notification group <leafref>
vsr running group <leafref># change-route subnet <subnet> destination <destination> \
... interface <leafref> vrf <leafref>

<subnet>

An IPv4 prefix: address and CIDR mask.

<destination>

An IPv4 prefix: address and CIDR mask.

interface (mandatory)

The destination interface for the route.

interface <leafref>
vrf (mandatory)

The vrf where the interface is located.

vrf <leafref>