3.2.4. system¶

Global system configuration.

vsr running config# system

hostname¶

The hostname of the device – should be a single domain label, without the domain.

vsr running config# system
vsr running system# hostname HOSTNAME

HOSTNAME values

Description

<domain-name>{1,253}

The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

<domain-name>{1,253}

The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

cp-mask¶

Note

requires a Product License.

Cores on which control plane applications run.

vsr running config# system
vsr running system# cp-mask CP-MASK

`CP-MASK` values	Description
`default`	Use all cores except fast path ones for control plane.
`<coremask>`	A comma-separated list of cores or core ranges. Example: ‘1,4-7,10-12’.

Default value: default

timezone¶

The timezone of the device.

vsr running config# system
vsr running system# timezone TIMEZONE

`TIMEZONE` values	Description
`UTC`	Coordinated Universal Time.
`GMT`	Greenwich Mean Time.
`Antarctica/McMurdo`	McMurdo Station, Ross Island
`Antarctica/South_Pole`	Amundsen-Scott Station, South Pole
`Antarctica/Rothera`	Rothera Station, Adelaide Island
`Antarctica/Palmer`	Palmer Station, Anvers Island
`Antarctica/Mawson`	Mawson Station, Holme Bay
`Antarctica/Davis`	Davis Station, Vestfold Hills
`Antarctica/Casey`	Casey Station, Bailey Peninsula
`Antarctica/Vostok`	Vostok Station, Lake Vostok
`Antarctica/DumontDUrville`	Dumont-d’Urville Station, Terre Adelie
`Antarctica/Syowa`	Syowa Station, E Ongul I
`Antarctica/Macquarie`	Macquarie Island Station, Macquarie Island
`America/Argentina/Buenos_Aires`	Buenos Aires (BA, CF)
`America/Argentina/Cordoba`	most locations (CB, CC, CN, ER, FM, MN, SE, SF)
`America/Argentina/Salta`	(SA, LP, NQ, RN)
`America/Argentina/Jujuy`	Jujuy (JY)
`America/Argentina/Tucuman`	Tucuman (TM)
`America/Argentina/Catamarca`	Catamarca (CT), Chubut (CH)
`America/Argentina/La_Rioja`	La Rioja (LR)
`America/Argentina/San_Juan`	San Juan (SJ)
`America/Argentina/Mendoza`	Mendoza (MZ)
`America/Argentina/San_Luis`	San Luis (SL)
`America/Argentina/Rio_Gallegos`	Santa Cruz (SC)
`America/Argentina/Ushuaia`	Tierra del Fuego (TF)
`Australia/Lord_Howe`	Lord Howe Island
`Australia/Hobart`	Tasmania - most locations
`Australia/Currie`	Tasmania - King Island
`Australia/Melbourne`	Victoria
`Australia/Sydney`	New South Wales - most locations
`Australia/Broken_Hill`	New South Wales - Yancowinna
`Australia/Brisbane`	Queensland - most locations
`Australia/Lindeman`	Queensland - Holiday Islands
`Australia/Adelaide`	South Australia
`Australia/Darwin`	Northern Territory
`Australia/Perth`	Western Australia - most locations
`Australia/Eucla`	Western Australia - Eucla area
`America/Noronha`	Atlantic islands
`America/Belem`	Amapa, E Para
`America/Fortaleza`	NE Brazil (MA, PI, CE, RN, PB)
`America/Recife`	Pernambuco
`America/Araguaina`	Tocantins
`America/Maceio`	Alagoas, Sergipe
`America/Bahia`	Bahia
`America/Sao_Paulo`	S & SE Brazil (GO, DF, MG, ES, RJ, SP, PR, SC, RS)
`America/Campo_Grande`	Mato Grosso do Sul
`America/Cuiaba`	Mato Grosso
`America/Santarem`	W Para
`America/Porto_Velho`	Rondonia
`America/Boa_Vista`	Roraima
`America/Manaus`	E Amazonas
`America/Eirunepe`	W Amazonas
`America/Rio_Branco`	Acre
`America/St_Johns`	Newfoundland Time, including SE Labrador
`America/Halifax`	Atlantic Time - Nova Scotia (most places), PEI
`America/Glace_Bay`	Atlantic Time - Nova Scotia - places that did not observe DST 1966-1971
`America/Moncton`	Atlantic Time - New Brunswick
`America/Goose_Bay`	Atlantic Time - Labrador - most locations
`America/Blanc-Sablon`	Atlantic Standard Time - Quebec - Lower North Shore
`America/Montreal`	Eastern Time - Quebec - most locations
`America/Toronto`	Eastern Time - Ontario - most locations
`America/Nipigon`	Eastern Time - Ontario & Quebec - places that did not observe DST 1967-1973
`America/Thunder_Bay`	Eastern Time - Thunder Bay, Ontario
`America/Iqaluit`	Eastern Time - east Nunavut - most locations
`America/Pangnirtung`	Eastern Time - Pangnirtung, Nunavut
`America/Resolute`	Central Standard Time - Resolute, Nunavut
`America/Atikokan`	Eastern Standard Time - Atikokan, Ontario and Southampton I, Nunavut
`America/Rankin_Inlet`	Central Time - central Nunavut
`America/Winnipeg`	Central Time - Manitoba & west Ontario
`America/Rainy_River`	Central Time - Rainy River & Fort Frances, Ontario
`America/Regina`	Central Standard Time - Saskatchewan - most locations
`America/Swift_Current`	Central Standard Time - Saskatchewan - midwest
`America/Edmonton`	Mountain Time - Alberta, east British Columbia & west Saskatchewan
`America/Cambridge_Bay`	Mountain Time - west Nunavut
`America/Yellowknife`	Mountain Time - central Northwest Territories
`America/Inuvik`	Mountain Time - west Northwest Territories
`America/Creston`	Mountain Standard Time - Creston, British Columbia
`America/Dawson_Creek`	Mountain Standard Time - Dawson Creek & Fort Saint John, British Columbia
`America/Vancouver`	Pacific Time - west British Columbia
`America/Whitehorse`	Pacific Time - south Yukon
`America/Dawson`	Pacific Time - north Yukon
`Africa/Kinshasa`	west Dem. Rep. of Congo
`Africa/Lubumbashi`	east Dem. Rep. of Congo
`America/Santiago`	most locations
`Pacific/Easter`	Easter Island & Sala y Gomez
`Asia/Shanghai`	east China - Beijing, Guangdong, Shanghai, etc.
`Asia/Harbin`	Heilongjiang (except Mohe), Jilin
`Asia/Chongqing`	central China - Sichuan, Yunnan, Guangxi, Shaanxi, Guizhou, etc.
`Asia/Urumqi`	most of Tibet & Xinjiang
`Asia/Kashgar`	west Tibet & Xinjiang
`America/Guayaquil`	mainland
`Pacific/Galapagos`	Galapagos Islands
`Europe/Madrid`	mainland
`Africa/Ceuta`	Ceuta & Melilla
`Atlantic/Canary`	Canary Islands
`Pacific/Chuuk`	Chuuk (Truk) and Yap
`Pacific/Pohnpei`	Pohnpei (Ponape)
`Pacific/Kosrae`	Kosrae
`America/Godthab`	most locations
`America/Danmarkshavn`	east coast, north of Scoresbysund
`America/Scoresbysund`	Scoresbysund / Ittoqqortoormiit
`America/Thule`	Thule / Pituffik
`Asia/Jakarta`	Java & Sumatra
`Asia/Pontianak`	west & central Borneo
`Asia/Makassar`	east & south Borneo, Sulawesi (Celebes), Bali, Nusa Tengarra, west Timor
`Asia/Jayapura`	west New Guinea (Irian Jaya) & Malukus (Moluccas)
`Pacific/Tarawa`	Gilbert Islands
`Pacific/Enderbury`	Phoenix Islands
`Pacific/Kiritimati`	Line Islands
`Asia/Almaty`	most locations
`Asia/Qyzylorda`	Qyzylorda (Kyzylorda, Kzyl-Orda)
`Asia/Aqtobe`	Aqtobe (Aktobe)
`Asia/Aqtau`	Atyrau (Atirau, Gur’yev), Mangghystau (Mankistau)
`Asia/Oral`	West Kazakhstan
`Pacific/Majuro`	most locations
`Pacific/Kwajalein`	Kwajalein
`Asia/Ulaanbaatar`	most locations
`Asia/Hovd`	Bayan-Olgiy, Govi-Altai, Hovd, Uvs, Zavkhan
`Asia/Choibalsan`	Dornod, Sukhbaatar
`America/Mexico_City`	Central Time - most locations
`America/Cancun`	Central Time - Quintana Roo
`America/Merida`	Central Time - Campeche, Yucatan
`America/Monterrey`	Mexican Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas away from US border
`America/Matamoros`	US Central Time - Coahuila, Durango, Nuevo Leon, Tamaulipas near US border
`America/Mazatlan`	Mountain Time - S Baja, Nayarit, Sinaloa
`America/Chihuahua`	Mexican Mountain Time - Chihuahua away from US border
`America/Ojinaga`	US Mountain Time - Chihuahua near US border
`America/Hermosillo`	Mountain Standard Time - Sonora
`America/Tijuana`	US Pacific Time - Baja California near US border
`America/Santa_Isabel`	Mexican Pacific Time - Baja California away from US border
`America/Bahia_Banderas`	Mexican Central Time - Bahia de Banderas
`Asia/Kuala_Lumpur`	peninsular Malaysia
`Asia/Kuching`	Sabah & Sarawak
`Pacific/Auckland`	most locations
`Pacific/Chatham`	Chatham Islands
`Pacific/Tahiti`	Society Islands
`Pacific/Marquesas`	Marquesas Islands
`Pacific/Gambier`	Gambier Islands
`Asia/Gaza`	Gaza Strip
`Asia/Hebron`	West Bank
`Europe/Lisbon`	mainland
`Atlantic/Madeira`	Madeira Islands
`Atlantic/Azores`	Azores
`Europe/Kaliningrad`	Moscow-01 - Kaliningrad
`Europe/Moscow`	Moscow+00 - west Russia
`Europe/Volgograd`	Moscow+00 - Caspian Sea
`Europe/Samara`	Moscow+00 - Samara, Udmurtia
`Asia/Yekaterinburg`	Moscow+02 - Urals
`Asia/Omsk`	Moscow+03 - west Siberia
`Asia/Novosibirsk`	Moscow+03 - Novosibirsk
`Asia/Novokuznetsk`	Moscow+03 - Novokuznetsk
`Asia/Krasnoyarsk`	Moscow+04 - Yenisei River
`Asia/Irkutsk`	Moscow+05 - Lake Baikal
`Asia/Yakutsk`	Moscow+06 - Lena River
`Asia/Vladivostok`	Moscow+07 - Amur River
`Asia/Sakhalin`	Moscow+07 - Sakhalin Island
`Asia/Magadan`	Moscow+08 - Magadan
`Asia/Kamchatka`	Moscow+08 - Kamchatka
`Asia/Anadyr`	Moscow+08 - Bering Sea
`Europe/Kiev`	most locations
`Europe/Uzhgorod`	Ruthenia
`Europe/Zaporozhye`	Zaporozh’ye, E Lugansk / Zaporizhia, E Luhansk
`Europe/Simferopol`	central Crimea
`Pacific/Johnston`	Johnston Atoll
`Pacific/Midway`	Midway Islands
`Pacific/Wake`	Wake Island
`America/New_York`	Eastern Time
`America/Detroit`	Eastern Time - Michigan - most locations
`America/Kentucky/Louisville`	Eastern Time - Kentucky - Louisville area
`America/Kentucky/Monticello`	Eastern Time - Kentucky - Wayne County
`America/Indiana/Indianapolis`	Eastern Time - Indiana - most locations
`America/Indiana/Vincennes`	Eastern Time - Indiana - Daviess, Dubois, Knox & Martin Counties
`America/Indiana/Winamac`	Eastern Time - Indiana - Pulaski County
`America/Indiana/Marengo`	Eastern Time - Indiana - Crawford County
`America/Indiana/Petersburg`	Eastern Time - Indiana - Pike County
`America/Indiana/Vevay`	Eastern Time - Indiana - Switzerland County
`America/Chicago`	Central Time
`America/Indiana/Tell_City`	Central Time - Indiana - Perry County
`America/Indiana/Knox`	Central Time - Indiana - Starke County
`America/Menominee`	Central Time - Michigan - Dickinson, Gogebic, Iron & Menominee Counties
`America/North_Dakota/Center`	Central Time - North Dakota - Oliver County
`America/North_Dakota/New_Salem`	Central Time - North Dakota - Morton County (except Mandan area)
`America/North_Dakota/Beulah`	Central Time - North Dakota - Mercer County
`America/Denver`	Mountain Time
`America/Boise`	Mountain Time - south Idaho & east Oregon
`America/Shiprock`	Mountain Time - Navajo
`America/Phoenix`	Mountain Standard Time - Arizona
`America/Los_Angeles`	Pacific Time
`America/Anchorage`	Alaska Time
`America/Juneau`	Alaska Time - Alaska panhandle
`America/Sitka`	Alaska Time - southeast Alaska panhandle
`America/Yakutat`	Alaska Time - Alaska panhandle neck
`America/Nome`	Alaska Time - west Alaska
`America/Adak`	Aleutian Islands
`America/Metlakatla`	Metlakatla Time - Annette Island
`Pacific/Honolulu`	Hawaii
`Asia/Samarkand`	west Uzbekistan
`Asia/Tashkent`	east Uzbekistan
Europe/Andorra\|Asia/Dubai\|Asia/Kabul\|America/Antigua\|America/Anguilla\|Europe/Tirane\|Asia/Yerevan\|Africa/Luanda\|Pacific/Pago_Pago\|Europe/Vienna\|America/Aruba\|Europe/Mariehamn\|Asia/Baku\|Europe/Sarajevo\|America/Barbados\|Asia/Dhaka\|Europe/Brussels\|Africa/Ouagadougou\|Europe/Sofia\|Asia/Bahrain\|Africa/Bujumbura\|Africa/Porto-Novo\|America/St_Barthelemy\|Atlantic/Bermuda\|Asia/Brunei\|America/La_Paz\|America/Kralendijk\|America/Nassau\|Asia/Thimphu\|Africa/Gaborone\|Europe/Minsk\|America/Belize\|Indian/Cocos\|Africa/Bangui\|Africa/Brazzaville\|Europe/Zurich\|Africa/Abidjan\|Pacific/Rarotonga\|Africa/Douala\|America/Bogota\|America/Costa_Rica\|America/Havana\|Atlantic/Cape_Verde\|America/Curacao\|Indian/Christmas\|Asia/Nicosia\|Europe/Prague\|Europe/Berlin\|Africa/Djibouti\|Europe/Copenhagen\|America/Dominica\|America/Santo_Domingo\|Africa/Algiers\|Europe/Tallinn\|Africa/Cairo\|Africa/El_Aaiun\|Africa/Asmara\|Africa/Addis_Ababa\|Europe/Helsinki\|Pacific/Fiji\|Atlantic/Stanley\|Atlantic/Faroe\|Europe/Paris\|Africa/Libreville\|Europe/London\|America/Grenada\|Asia/Tbilisi\|America/Cayenne\|Europe/Guernsey\|Africa/Accra\|Europe/Gibraltar\|Africa/Banjul\|Africa/Conakry\|America/Guadeloupe\|Africa/Malabo\|Europe/Athens\|Atlantic/South_Georgia\|America/Guatemala\|Pacific/Guam\|Africa/Bissau\|America/Guyana\|Asia/Hong_Kong\|America/Tegucigalpa\|Europe/Zagreb\|America/Port-au-Prince\|Europe/Budapest\|Asia/Jerusalem\|Europe/Isle_of_Man\|Asia/Kolkata\|Indian/Chagos\|Asia/Baghdad\|Asia/Tehran\|Atlantic/Reykjavik\|Europe/Rome\|Europe/Jersey\|America/Jamaica\|Asia/Amman\|Asia/Tokyo\|Africa/Nairobi\|Asia/Bishkek\|Asia/Phnom_Penh\|Indian/Comoro\|America/St_Kitts\|Asia/Pyongyang\|Asia/Seoul\|Asia/Kuwait\|America/Cayman\|Asia/Vientiane\|Asia/Beirut\|America/St_Lucia\|Europe/Vaduz\|Asia/Colombo\|Africa/Monrovia\|Africa/Maseru\|Europe/Vilnius\|Europe/Luxembourg\|Europe/Riga\|Africa/Tripoli\|Africa/Casablanca\|Europe/Monaco\|Europe/Chisinau\|Europe/Podgorica\|America/Marigot\|Indian/Antananarivo\|Europe/Skopje\|Africa/Bamako\|Asia/Rangoon\|Asia/Macau\|Pacific/Saipan\|America/Martinique\|Africa/Nouakchott\|America/Montserrat\|Europe/Malta\|Indian/Mauritius\|Indian/Maldives\|Africa/Blantyre\|Africa/Maputo\|Pacific/Noumea\|Africa/Niamey\|Pacific/Norfolk\|Africa/Lagos\|America/Managua\|Europe/Amsterdam\|Europe/Oslo\|Asia/Kathmandu\|Pacific/Nauru\|Pacific/Niue\|Asia/Muscat\|America/Panama\|America/Lima\|Pacific/Port_Moresby\|Asia/Manila\|Asia/Karachi\|Europe/Warsaw\|America/Miquelon\|Pacific/Pitcairn\|America/Puerto_Rico\|Pacific/Palau\|America/Asuncion\|Asia/Qatar\|Indian/Reunion\|Europe/Bucharest\|Europe/Belgrade\|Africa/Kigali\|Asia/Riyadh\|Pacific/Guadalcanal\|Indian/Mahe\|Africa/Khartoum\|Europe/Stockholm\|Asia/Singapore\|Atlantic/St_Helena\|Europe/Ljubljana\|Arctic/Longyearbyen\|Europe/Bratislava\|Africa/Freetown\|Europe/San_Marino\|Africa/Dakar\|Africa/Mogadishu\|America/Paramaribo\|Africa/Juba\|Africa/Sao_Tome\|America/El_Salvador\|America/Lower_Princes\|Asia/Damascus\|Africa/Mbabane\|America/Grand_Turk\|Africa/Ndjamena\|Indian/Kerguelen\|Africa/Lome\|Asia/Bangkok\|Asia/Dushanbe\|Pacific/Fakaofo\|Asia/Dili\|Asia/Ashgabat\|Africa/Tunis\|Pacific/Tongatapu\|Europe/Istanbul\|America/Port_of_Spain\|Pacific/Funafuti\|Asia/Taipei\|Africa/Dar_es_Salaam\|Africa/Kampala\|America/Montevideo\|Europe/Vatican\|America/St_Vincent\|America/Caracas\|America/Tortola\|America/St_Thomas\|Asia/Ho_Chi_Minh\|Pacific/Efate\|Pacific/Wallis\|Pacific/Apia\|Asia/Aden\|Indian/Mayotte\|Africa/Johannesburg\|Africa/Lusaka\|Africa/Harare	A timezone location as defined by the IANA timezone database (http://www.iana.org/time-zones)

date (state only)¶

The local time of the device.

vsr> show state system date

troubleshooting-report (state only) (pushed)¶

The existing troubleshooting reports available on the system.

vsr> show state system troubleshooting-report

traffic-capture (state only) (pushed)¶

The existing traffic captures available on the system.

vsr> show state system traffic-capture

network-stack¶

Note

requires a Product License.

Network stack parameters.

vsr running config# system network-stack

bridge¶

Bridge default parameters.

vsr running config# system network-stack bridge

call-ipv4-filtering¶

Call IPv4 filtering hooks on bridges.

vsr running config# system network-stack bridge
vsr running bridge# call-ipv4-filtering true|false

Default value: false

call-ipv6-filtering¶

Call IPv6 filtering hooks on bridges.

vsr running config# system network-stack bridge
vsr running bridge# call-ipv6-filtering true|false

Default value: false

icmp¶

ICMP default parameters.

vsr running config# system network-stack icmp

ignore-icmp-echo-broadcast¶

Ignore all ICMP ECHO and TIMESTAMP requests sent via broadcast or multicast.

vsr running config# system network-stack icmp
vsr running icmp# ignore-icmp-echo-broadcast true|false

Default value: false

rate-limit-icmp¶

unit: milliseconds

The minimum time space that separates the sending of two consecutive ICMP packets. By default, such space is 1000 ms.

vsr running config# system network-stack icmp
vsr running icmp# rate-limit-icmp <0-1000>

Default value: 1000

rate-mask-icmp¶

Mask made of ICMP types for which rates are being limited.

vsr running config# system network-stack icmp
vsr running icmp# rate-mask-icmp RATE-MASK-ICMP

`RATE-MASK-ICMP` values	Description
`echo-reply`	Echo Reply.
`destination-unreachable`	Destination Unreachable.
`source-quench`	Source Quench.
`redirect`	Redirect.
`echo-request`	Echo Request.
`time-exceeded`	Time Exceeded.
`parameter-problem`	Parameter Problem.
`timestamp-request`	Timestamp Request.
`timestamp-reply`	Timestamp Reply.
`info-request`	Info Request.
`info-reply`	Info Reply.
`address-mask-request`	Address Mask Request.
`address-mask-reply`	Address Mask Reply.

Default value: destination-unreachable source-quench time-exceeded parameter-problem

ipv4¶

IPv4 default parameters.

vsr running config# system network-stack ipv4

forwarding¶

Enable IP forwarding.

vsr running config# system network-stack ipv4
vsr running ipv4# forwarding true|false

Default value: true

send-redirects¶

Send ICMP redirect if host is on the same network than gateway.

vsr running config# system network-stack ipv4
vsr running ipv4# send-redirects true|false

Default value: true

accept-redirects¶

Accept redirect when acting as a host. It is always disabled when acting as a router.

vsr running config# system network-stack ipv4
vsr running ipv4# accept-redirects true|false

Default value: false

accept-source-route¶

Accept packets with source route option.

vsr running config# system network-stack ipv4
vsr running ipv4# accept-source-route true|false

Default value: false

arp-announce¶

Define different restriction levels for announcing the local source IP address from IP packets in ARP requests sent on interface. Increasing the restriction level gives more chance for receiving answer from the resolved target while decreasing the level announces more valid sender’s information.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-announce ARP-ANNOUNCE

`ARP-ANNOUNCE` values	Description
`any`	Use any local address, configured on any interface.
`avoid-not-in-subnet`	Try to avoid local addresses that are not in the target’s subnet for this interface. This mode is useful when target hosts reachable via this interface require the source IP address in ARP requests to be part of their logical network configured on the receiving interface. When we generate the request we will check all our subnets that include the target IP and will preserve the source address if it is from such subnet. If there is no such subnet we select source address according to the rules for level 2, ‘best-local’.
`best-local`	Always use the best local address for this target. In this mode we ignore the source address in the IP packet and try to select local address that we prefer for talks with the target host. Such local address is selected by looking for primary IP addresses on all our subnets on the outgoing interface that include the target IP address. If no suitable local address is found we select the first local address we have on the outgoing interface or on all other interfaces, with the hope we will receive reply for our request and even sometimes no matter the source IP address we announce.

Default value: any

arp-filter¶

Allows to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP’d IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-filter true|false

Default value: false

arp-ignore¶

Define different modes for sending replies in response to received ARP requests that resolve local target IP addresses.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-ignore ARP-IGNORE

`ARP-IGNORE` values	Description
`any`	Reply for any local target IP address, configured on any interface.
`check-interface`	Reply only if the target IP address is local address configured on the incoming interface.
`check-interface-and-subnet`	Reply only if the target IP address is local address configured on the incoming interface and both with the sender’s IP address are part from same subnet on this interface.
`ignore-scope`	Do not reply for local addresses configured with scope host, only resolutions for global and link addresses are replied.
`ignore-all`	Do not reply for all local addresses.

Default value: any

arp-proxy¶

Enable ARP proxy.

vsr running config# system network-stack ipv4
vsr running ipv4# arp-proxy true|false

Default value: false

log-invalid-addresses¶

Log packets with impossible addresses.

vsr running config# system network-stack ipv4
vsr running ipv4# log-invalid-addresses true|false

Default value: false

ipv6¶

IPv6 default parameters.

vsr running config# system network-stack ipv6

forwarding¶

Enable IPv6 forwarding.

vsr running config# system network-stack ipv6
vsr running ipv6# forwarding true|false

Default value: true

max-cached-routes¶

Maximum number of ipv6 cached routes.

vsr running config# system network-stack ipv6
vsr running ipv6# max-cached-routes <uint32>

autoconfiguration¶

Autoconfigure addresses using Prefix Information in Router Advertisements.

vsr running config# system network-stack ipv6
vsr running ipv6# autoconfiguration true|false

Default value: true

accept-duplicate-address-detection¶

Accept Duplicate Address Detection (DAD).

vsr running config# system network-stack ipv6
vsr running ipv6# accept-duplicate-address-detection ACCEPT-DUPLICATE-ADDRESS-DETECTION

`ACCEPT-DUPLICATE-ADDRESS-DETECTION` values	Description
`never`	Disable DAD.
`always`	Enable DAD.
`disable-ipv6-on-dad-fail`	Enable DAD, and disable IPv6 operation if MAC-based duplicate link-local address has been found.

Default value: always

accept-router-advert¶

Accept Router Advertisements.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-router-advert ACCEPT-ROUTER-ADVERT

`ACCEPT-ROUTER-ADVERT` values	Description
`never`	Do not accept Router Advertisements.
`norouter-mode`	Accept Router Advertisements if forwarding is disabled.
`always`	Accept Router Advertisements even if forwarding is enabled.

Default value: never

accept-redirects¶

Accept redirect when acting as a host. It is always disabled when acting as a router.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-redirects true|false

Default value: false

accept-segment-routing¶

Accept Segment Routing IPv6 packets.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-segment-routing true|false

Default value: false

accept-source-route¶

Accept packets with source route option.

vsr running config# system network-stack ipv6
vsr running ipv6# accept-source-route true|false

Default value: false

router-solicitations¶

Number of Router Solicitations to send until assuming no routers are present.

vsr running config# system network-stack ipv6
vsr running ipv6# router-solicitations <-1-8192>

Default value: -1

use-temporary-addresses¶

Preference for Privacy Extensions (RFC4941). Not applied to point-to- point and loopback devices (always 0).

vsr running config# system network-stack ipv6
vsr running ipv6# use-temporary-addresses USE-TEMPORARY-ADDRESSES

`USE-TEMPORARY-ADDRESSES` values	Description
`never`	Disable Privacy Extensions, i.e. use the public address, subnet prefix/interface id, where interface id is always the same.
`prefer-public-addresses`	Enable Privacy Extensions, but prefer public addresses over temporary addresses.
`always`	Enable Privacy Extensions and prefer temporary addresses over public addresses.

Default value: never

neighbor¶

Neighbor advanced configuration.

vsr running config# system network-stack neighbor

ipv4-max-entries¶

Maximum number of IPv4 neighbors.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-max-entries <16-400000>

ipv6-max-entries¶

Maximum number of IPv6 neighbors.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-max-entries <16-400000>

ipv4-base-reachable-time¶

unit: seconds

Time during which an IPv4 neighbor entry stays reachable.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv4-base-reachable-time <uint32>

ipv6-base-reachable-time¶

unit: seconds

Time during which an IPv6 neighbor entry stays reachable.

vsr running config# system network-stack neighbor
vsr running neighbor# ipv6-base-reachable-time <uint32>

conntrack¶

Conntrack advanced configuration.

vsr running config# system network-stack conntrack

max-entries¶

Maximum number of Netfilter conntracks.

vsr running config# system network-stack conntrack
vsr running conntrack# max-entries <16-10000000>

tcp-timeout-close¶

Conntrack TCP timeout close.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close <0-8589934>

tcp-timeout-close-wait¶

Conntrack TCP timeout close wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-close-wait <0-8589934>

tcp-timeout-established¶

Conntrack TCP timeout established.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-established <0-8589934>

tcp-timeout-fin-wait¶

Conntrack TCP timeout fin wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-fin-wait <0-8589934>

tcp-timeout-last-ack¶

Conntrack TCP timeout last ack.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-last-ack <0-8589934>

tcp-timeout-max-retrans¶

Conntrack TCP timeout max retrans.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-max-retrans <0-8589934>

tcp-timeout-syn-recv¶

Conntrack TCP timeout syn recv.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-recv <0-8589934>

tcp-timeout-syn-sent¶

Conntrack TCP timeout syn sent.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-syn-sent <0-8589934>

tcp-timeout-time-wait¶

Conntrack TCP timeout time wait.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-time-wait <0-8589934>

tcp-timeout-unacknowledged¶

Conntrack TCP timeout unacknowledged.

vsr running config# system network-stack conntrack
vsr running conntrack# tcp-timeout-unacknowledged <0-8589934>

udp-timeout¶

Conntrack UDP timeout.

vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout <0-8589934>

udp-timeout-stream¶

Conntrack UDP timeout stream.

vsr running config# system network-stack conntrack
vsr running conntrack# udp-timeout-stream <0-8589934>

fast-path¶

Fast path network global configuration.

vsr running config# system network-stack fast-path

alg¶

Set Application-level gateway (ALG) configuration.

vsr running config# system network-stack fast-path alg <alg>

`<alg>` values	Description
`ftp`	Set FTP ALG.
`h323_ras`	Set H323 RAS ALG.
`h323_q931`	Set H323 Q931 ALG.
`pptp`	Set PPTP ALG.
`rtsp`	Set RTSP ALG.
`sip-tcp`	Set SIP on TCP ALG.
`sip-udp`	Set SIP on TCP ALG.
`tftp`	Set TFTP ALG.
`dns`	Set DNS ALG.

port¶

Set ALG port.

vsr running config# system network-stack fast-path alg <alg>
vsr running alg <alg># port <uint16>

session-timeout¶

Set ALG session timeout.

vsr running config# system network-stack fast-path alg <alg>
vsr running alg <alg># session-timeout <uint32>

conntrack¶

Conntrack options.

vsr running config# system network-stack fast-path conntrack

behavior¶

Specific TCP options.

vsr running config# system network-stack fast-path conntrack
vsr running conntrack# behavior <behavior> enabled true|false

`<behavior>` values	Description
`tcp-window-check`	TCP window check.
`tcp-rst-strict-order`	TCP rst strict order.

enabled (mandatory)¶

Enable option.

enabled true|false

timeouts¶

Timeouts for the different events/protocols.

vsr running config# system network-stack fast-path conntrack timeouts

icmp¶

Conntrack options for ICMP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# icmp <icmp> <uint32>

`<icmp>` values	Description
`new`	State NEW.
`established`	State ESTABLISHED.
`closed`	State CLOSED.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

udp¶

Conntrack options for UDP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# udp <udp> <uint32>

`<udp>` values	Description
`new`	State NEW.
`established`	State ESTABLISHED.
`closed`	State CLOSED.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

gre-pptp¶

Conntrack options for GRE-PPTP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# gre-pptp <gre-pptp> <uint32>

`<gre-pptp>` values	Description
`new`	State NEW.
`established`	State ESTABLISHED.
`closed`	State CLOSED.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

tcp¶

Conntrack options for TCP.

vsr running config# system network-stack fast-path conntrack timeouts
vsr running timeouts# tcp <tcp> <uint32>

`<tcp>` values	Description
`syn-sent`	State SYN-SENT.
`simsyn-sent`	State SIMSYN-SENT.
`syn-received`	State SYN-RECEIVED.
`established`	State ESTABLISHED.
`fin-sent`	State FIN-SENT.
`fin-received`	State FIN-RECEIVED.
`closed`	State CLOSED.
`close-wait`	State CLOSE-WAIT.
`fin-wait`	State FIN-WAIT.
`last-ack`	State LAST-ACK.
`time-wait`	State TIME-WAIT.

<uint32> (mandatory)¶

Timeout in seconds.

<uint32>

nat64¶

NAT64 conntrack options.

vsr running config# system network-stack fast-path conntrack nat64

option¶

Specific NAT64 options.

vsr running config# system network-stack fast-path conntrack nat64
vsr running nat64# option <option> true|false

`<option>` values	Description
`update-tcp-mss`	Enable/Disable TCP MSS update.
`drop-udp-zero-checksum`	Enable/Disable UDP null checksum packet drops.
`force-frag-ipv4`	Fragment IPv4 packets (with DF flag) if the MTU is too small.
`force-frag-ipv6`	Fragment IPv6 packets if the MTU is too small.

true|false (mandatory)¶

Option state.

true|false

mtu¶

NAT64 lowest IPv6 mtu configuration.

vsr running config# system network-stack fast-path conntrack nat64
vsr running nat64# mtu <mtu> <uint16>

<mtu>

Set lowest IPv6 MTU.

<uint16> (mandatory)¶

MTU (0 to fragment packet according to the MTU of the output interface).

<uint16>

audit-trail¶

Audit trail configuration.

vsr running config# system audit-trail

enabled (pushed)¶

Enable audit trails.

vsr running config# system audit-trail
vsr running audit-trail# enabled true|false

Default value: true

max-file-count¶

unit: bytes

Number of files to keep. The following files will be deleted.

vsr running config# system audit-trail
vsr running audit-trail# max-file-count <int32>

Default value: 200

max-file-size¶

Max log size before rotating.

vsr running config# system audit-trail
vsr running audit-trail# max-file-size <int32>

Default value: 1048576

uptime (state only)¶

The system uptime.

value (state only)¶

unit: seconds

The value in seconds.

vsr> show state system uptime value

string (state only)¶

A human readable value (e.g DD days, HH:mm:ss).

vsr> show state system uptime string

installed-image (state only)¶

The list of installed images.

version (state only)¶

The version of the image.

vsr> show state system installed-image <string> version

current (state only)¶

The image is currently booted.

vsr> show state system installed-image <string> current

default (state only)¶

The image is booted by default.

vsr> show state system installed-image <string> default

next (state only)¶

The next reboot will use this image.

vsr> show state system installed-image <string> next

confirm-pending (state only) (pushed)¶

The system will reboot on the default image, unless the user executes a cmd system-image set-default command.

vsr> show state system installed-image <string> confirm-pending

aws¶

Note

requires a Product License.

AWS configuration.

vsr running config# system aws

account-id (state only)¶

The identifier of the AWS account that launched the instance.

vsr> show state system aws account-id

architecture (state only)¶

The architecture of the AMI used to launch the instance.

vsr> show state system aws architecture

availability-zone (state only)¶

The availability zone in which the instance is running.

vsr> show state system aws availability-zone

image-id (state only)¶

The identifier of the AMI used to launch the instance.

vsr> show state system aws image-id

instance-id (state only)¶

The identifier of the instance.

vsr> show state system aws instance-id

instance-type (state only)¶

The type of the instance.

vsr> show state system aws instance-type

private-ip (state only)¶

The private IPv4 address of the instance.

vsr> show state system aws private-ip

region (state only)¶

The region in which the instance is running.

vsr> show state system aws region

ha-notification¶

Specify AWS configuration changes when HA group state switch to master.

vsr running config# system aws ha-notification

group¶

The HA group to monitor.

vsr running config# system aws ha-notification group <leafref>

<leafref>

The name of the HA group to monitor.

assign-private-ip¶

Assign a private IP to an interface of the AWS VPC when HA group is active.

vsr running config# system aws ha-notification group <leafref>
vsr running group <leafref># assign-private-ip ip <ip> interface <leafref> vrf <leafref>

<ip>

An IPv4 address.

<leafref>

The interface on which the virtual IP is set.

<leafref>

The vrf where the interface is located.

change-route¶

Change a route on the AWS VPC when HA group is active.

vsr running config# system aws ha-notification group <leafref>
vsr running group <leafref># change-route subnet <subnet> destination <destination> \
... interface <leafref> vrf <leafref>

<subnet>

An IPv4 prefix: address and CIDR mask.

<destination>

An IPv4 prefix: address and CIDR mask.

interface (mandatory)¶

The destination interface for the route.

interface <leafref>

vrf (mandatory)¶

The vrf where the interface is located.

vrf <leafref>