IP/IPv6 parameters

The behavior of the IPv4/IPv6 network stack can be customized globally, and, for some parameters, per VRF. This behavior customization includes for instance the activation of forwarding, the filtering of packets with source routing option, etc…

If there is no configuration value in a VRF, the global configuration applies.

Global configuration

To change the global default parameters, do:

vrouter running config# system network-stack ipv4
vrouter running ipv4# accept-redirects true
vrouter running ipv4# accept-source-route true
vrouter running ipv4# .. ipv6
vrouter running ipv6# accept-redirects true
vrouter running ipv6# accept-source-route true
vrouter running ipv6# accept-router-advert always
vrouter running ipv6# use-temporary-addresses always
vrouter running ipv6# commit

To display the global network stack parameters state:

vrouter> show state / system network-stack
network-stack
    icmp
        ignore-icmp-echo-broadcast false
        rate-limit-icmp 1000
        rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
        ..
    ipv4
        forwarding true
        send-redirects true
        accept-redirects false
        accept-source-route false
        log-invalid-addresses false
        ..
    ipv6
        forwarding true
        accept-router-advert never
        use-temporary-addresses never
        accept-redirects false
        accept-source-route false
        ..
    ..

The same configuration can be made using this NETCONF XML configuration:

vrouter running network-stack# show config xml absolute
<config xmlns="urn:6wind:vrouter">
  <system xmlns="urn:6wind:vrouter/system">
    <network-stack>
      <ipv4>
        <forwarding>true</forwarding>
        <send-redirects>true</send-redirects>
        <accept-redirects>true</accept-redirects>
        <accept-source-route>true</accept-source-route>
        <log-invalid-addresses>false</log-invalid-addresses>
      </ipv4>
      <icmp>
        <ignore-icmp-echo-broadcast>false</ignore-icmp-echo-broadcast>
        <rate-limit-icmp>1000</rate-limit-icmp>
        <rate-mask-icmp>destination-unreachable source-quench time-exceeded parameter-problem</rate-mask-icmp>
      </icmp>
      <ipv6>
        <forwarding>true</forwarding>
        <accept-router-advert>always</accept-router-advert>
        <use-temporary-addresses>always</use-temporary-addresses>
        <accept-redirects>true</accept-redirects>
        <accept-source-route>true</accept-source-route>
      </ipv6>
    </network-stack>
  </system>
</config>

VRF configuration

To override the parameters for a specific VRF, do:

vrouter running config# vrf vr1 network-stack ipv4
vrouter running ipv4# accept-redirects false
vrouter running ipv4# .. ipv6
vrouter running ipv6# accept-redirects false
vrouter running ipv6# commit

To display the network stack parameters state for this VRF:

vrouter running ipv6# show state / vrf vr1 network-stack
network-stack
    icmp
        ignore-icmp-echo-broadcast false
        rate-limit-icmp 1000
        rate-mask-icmp destination-unreachable source-quench time-exceeded parameter-problem
        ..
    ipv4
        forwarding true
        send-redirects true
        accept-redirects false
        accept-source-route false
        log-invalid-addresses false
        ..
    ipv6
        forwarding true
        accept-router-advert never
        use-temporary-addresses never
        accept-redirects false
        accept-source-route false
        ..
    ..

The same configuration can be made using this NETCONF XML configuration:

vrouter running network-stack# show config xml absolute
<config xmlns="urn:6wind:vrouter">
  <vrf>
    <name>vr1</name>
    <network-stack xmlns="urn:6wind:vrouter/system">
      <icmp/>
      <ipv4>
        <accept-redirects>false</accept-redirects>
      </ipv4>
      <ipv6>
        <accept-redirects>false</accept-redirects>
        <accept-router-advert>never</accept-router-advert>
        <use-temporary-addresses>never</use-temporary-addresses>
      </ipv6>
    </network-stack>
  </vrf>
</config>